[Date Prev][Date Next] [Chronological] [Thread] [Top]

reliability of LDAP lookups


Sorry for cross-posting between sendmail and OpenLDAP, but I think
the issue could be of interest for both users, and good ideas may come
from both sides.

I use an OpenLDAP server to check whether or not a user can send mail
outside of the company. Actually, there are a set of replicas of the
server that are used for many different purposes, so it happens they are
busy, so sendmail hangs waiting for reply and eventually times out.
For those who are not familiar with LDAP API, a client can be configured

to use a static list of servers, which means if it is not able to
contact one server
it tries the following and so on. The problem here is more subtle,
because the
server can always be contacted, but it may take too long to get an
answer, so
the ldapmap_lookup fails with EX_TEMPFAIL after trying to access the
working server. A more reliable behavior, which cannot be implemented
at the API level, would be to try another server in the list in case of
instead of simply bailing out (at least leaving the sendmail
administrator the
possibility to do that).

This would require, in my opinion, to modify the LDAP API by adding the
possibility to deal with the server list (something like
ldap_open_next(LDAP *ld)
where `ld' is an open connection to a ldap server which should be
and reopened with the following server in the list, if any). On
side, the lookup should be repeated for a configurable number of times
in case
more than one server is available and the first search times out.

Any ideas/suggestions? I'd like to give my contribution, up to my

Pierangelo Masarati,
SysNet, Italy