Emmanuel Dreyfus wrote:
On Wed, Aug 13, 2008 at 09:44:23AM +0200, Buchan Milne wrote:
Actually, if that were the case, I think a suitable timelimit in
nss_ldap's ldap.conf should prevent any problems, but it doesn't
due to nss_ldap's (IMHO) braindead defaults.
Such an approach leads to even worse problems with other
applications: sendmail performs NSS lookups for local delivery
(when looking for .forward),
and it does it with getpwnam().
getpwnam() does not set errno, the caller has no way of
distinguishing an inexesting entry or an unreachable NSS source. If
you use getpwnam_r(),
errno is set on failure and you can make the difference. But
sendmail uses getpwnam().
So if NSS returns no answer because of a bind or search tiemout,
sendmail
will consider the recipient does not exit and will bounce the
message.
This is off-topic, so if the reader is looking for a workaround in
the
sendmail config, (s)he should look for my post on comp.mail.sendmail
thi smorning. But that is not fully satisfying, and I am still
looking
for a really reliable setup.
If you haven't already, you may want to give nss-ldapd a look:
http://ch.tudelft.nl/~arthur/nss-ldapd/design.html
- Dan