[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd breaks NSS, NSS breaks slapd

Emmanuel Dreyfus wrote:
On Wed, Aug 13, 2008 at 09:44:23AM +0200, Buchan Milne wrote:
Actually, if that were the case, I think a suitable timelimit in nss_ldap's ldap.conf should prevent any problems, but it doesn't due to nss_ldap's (IMHO) braindead defaults.

Such an approach leads to even worse problems with other applications: sendmail performs NSS lookups for local delivery (when looking for .forward),
and it does it with getpwnam().

getpwnam() does not set errno, the caller has no way of distinguishing an inexesting entry or an unreachable NSS source. If you use getpwnam_r(),
errno is set on failure and you can make the difference. But sendmail uses getpwnam().

So if NSS returns no answer because of a bind or search tiemout, sendmail
will consider the recipient does not exit and will bounce the message.

This is off-topic, so if the reader is looking for a workaround in the
sendmail config, (s)he should look for my post on comp.mail.sendmail
thi smorning. But that is not fully satisfying, and I am still looking
for a really reliable setup.

If you haven't already, you may want to give nss-ldapd a look:


- Dan