Re: NSS, mail.local and unavailable LDAP

To: netbsd-users%netbsd.org@localhost
Subject: Re: NSS, mail.local and unavailable LDAP
From: manu%netbsd.org@localhost (Emmanuel Dreyfus)
Date: Sat, 26 Apr 2008 10:37:40 +0200

Emmanuel Dreyfus <manu%netbsd.org@localhost> wrote:

> Of course, all the LDAP servers should not go down at the same time, but
> that can happen. It would be nice if mail.local could just wait for LDAP
> servers to become available again, retrying periodically, instead of
> returning that the user does not exists.
> 
> How can this be acheived? nsswitch.conf does not allow retrying on the
> same source, and neither nss_ldap.conf does.

More on that topic: NSS handles correctly the situation where a LDAP
server goes down, becoming unreachanble (getpwnam() sets errno to
ETIMEOUT), or refusing connexions (errno set to EAGAIN). 

But mail.local does not cope with that. If getpwnam() returns NULL,
mail.local will immediatly exit with status code 0, regardless of errno.
That means that the message is dropped and sendmail think it was
delivered correctly. Worse, if mail.local was to deliver to multiple
recipients, a failure on a single user will cause the processing to
stop.

The fix: sendmail 8.14.2 has a mail.local that is able to query either
getpwnam, either LDAP. According to the sources, in case of LDAP
failure, it will return a temporary failure, which is the desired
behaviour.

pkgsrc seems to ignore sendmail's mail.local: it get built, but not
installed. Anyone had experience with it?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost

References:
- NSS, mail.local and unavailable LDAP
  - From: Emmanuel Dreyfus

Prev by Date: Strange time issue with NetBSD-4/i386
Next by Date: Call For Open Source Awards 2008 Nominations
Previous by Thread: Re: NSS, mail.local and unavailable LDAP
Next by Thread: uptime, where art thou ?
Indexes:

Home | Main Index | Thread Index | Old Index