This thread has gone off-topic and is now closed. I suggest those
wanting to discuss NSS/LDAP and NSS/LDAPD take their discussions to
lists intended to support these software components, or take them to
the openldap-technical list which allows a broader range of topics
than this list. Thanks, your moderator.
-- Kurt
On Aug 13, 2008, at 6:33 AM, Dan White wrote:
Emmanuel Dreyfus wrote:
On Wed, Aug 13, 2008 at 09:44:23AM +0200, Buchan Milne wrote:
Actually, if that were the case, I think a suitable timelimit in
nss_ldap's ldap.conf should prevent any problems, but it doesn't
due to nss_ldap's (IMHO) braindead defaults.
Such an approach leads to even worse problems with other
applications: sendmail performs NSS lookups for local delivery
(when looking for .forward),
and it does it with getpwnam().
getpwnam() does not set errno, the caller has no way of
distinguishing an inexesting entry or an unreachable NSS source. If
you use getpwnam_r(),
errno is set on failure and you can make the difference. But
sendmail uses getpwnam().
So if NSS returns no answer because of a bind or search tiemout,
sendmail
will consider the recipient does not exit and will bounce the
message.
This is off-topic, so if the reader is looking for a workaround in
the
sendmail config, (s)he should look for my post on comp.mail.sendmail
thi smorning. But that is not fully satisfying, and I am still
looking
for a really reliable setup.
If you haven't already, you may want to give nss-ldapd a look:
http://ch.tudelft.nl/~arthur/nss-ldapd/design.html
- Dan
