[Date Prev][Date Next] [Chronological] [Thread] [Top]

reliability of LDAP lookups



Hi.

Sorry for cross-posting between sendmail and OpenLDAP, but I think
the issue could be of interest for both users, and good ideas may come
out
from both sides.

I use an OpenLDAP server to check whether or not a user can send mail
outside of the company. Actually, there are a set of replicas of the
main
server that are used for many different purposes, so it happens they are
very
busy, so sendmail hangs waiting for reply and eventually times out.
For those who are not familiar with LDAP API, a client can be configured

to use a static list of servers, which means if it is not able to
contact one server
it tries the following and so on. The problem here is more subtle,
because the
server can always be contacted, but it may take too long to get an
answer, so
the ldapmap_lookup fails with EX_TEMPFAIL after trying to access the
first
working server. A more reliable behavior, which cannot be implemented
only
at the API level, would be to try another server in the list in case of
timeout
instead of simply bailing out (at least leaving the sendmail
administrator the
possibility to do that).

This would require, in my opinion, to modify the LDAP API by adding the
possibility to deal with the server list (something like
ldap_open_next(LDAP *ld)
where `ld' is an open connection to a ldap server which should be
closed,
and reopened with the following server in the list, if any). On
sendmail's
side, the lookup should be repeated for a configurable number of times
in case
more than one server is available and the first search times out.

Any ideas/suggestions? I'd like to give my contribution, up to my
possibilities.

Pierangelo Masarati,
SysNet, Italy
<ando@sys-net.it>