NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: NSS, mail.local and unavailable LDAP

Emmanuel Dreyfus <> wrote:

> Of course, all the LDAP servers should not go down at the same time, but
> that can happen. It would be nice if mail.local could just wait for LDAP
> servers to become available again, retrying periodically, instead of
> returning that the user does not exists.
> How can this be acheived? nsswitch.conf does not allow retrying on the
> same source, and neither nss_ldap.conf does.

More on that topic: NSS handles correctly the situation where a LDAP
server goes down, becoming unreachanble (getpwnam() sets errno to
ETIMEOUT), or refusing connexions (errno set to EAGAIN). 

But mail.local does not cope with that. If getpwnam() returns NULL,
mail.local will immediatly exit with status code 0, regardless of errno.
That means that the message is dropped and sendmail think it was
delivered correctly. Worse, if mail.local was to deliver to multiple
recipients, a failure on a single user will cause the processing to

The fix: sendmail 8.14.2 has a mail.local that is able to query either
getpwnam, either LDAP. According to the sources, in case of LDAP
failure, it will return a temporary failure, which is the desired

pkgsrc seems to ignore sendmail's mail.local: it get built, but not
installed. Anyone had experience with it?

Emmanuel Dreyfus

Home | Main Index | Thread Index | Old Index