[Exim] Using nis/ldap in a reliable fashion (i.e. without lo…

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Marc MERLIN
Dátum:  
Címzett: exim-users
Tárgy: [Exim] Using nis/ldap in a reliable fashion (i.e. without losing mail)
So, I already know that if I use NIS, exim isn't really wiser since it goes
through the C library and the getpwnam call gets routed by nsswitch.

Since getpwnam was never designed to be routed through NIS or LDAP, it
unfortunately returns NULL regardless of whether the entry was not found or
whether the connection to the NIS/ldap server failed.

Crutches to help with this problem are finduser_retries in exim, and nscd on
the unix side, however I have still lost a few Emails in the past because of
a NIS query at the extact time my NIS servers were being restarted.
I'm not very familiar with ldap yet though.

Is my understanding correct that unless exim implements ypbind functionality
internally to do NIS itself, I will never be able to use NIS for my password
database in a 100% reliable fashion?

Now, with ldap, exim supports constructing ldap queries for many types of
internal conditions.
Since exim does implement ldap client functionality, does it issue a differ
if the ldap server was unreachable or the query otherwise failed with
anything else than "query suceeded, no results" ?

If so, instead of looking up users with the C library, can exim use its
internal ldap support to do all queries? Does that include looking up unix
users (i.e. not using getpwnam)?

What happens if the ldap server(s) is/are down? Will exim think that the
query returned no results, or will it detect the failure and return a
temporary failure or defer the Email if the email has already been accepted?

Does exim cache ldap queries like postfix does?

Thanks
Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/   |   Finger marc_f@??? for PGP key