Re: [Exim] Using nis/ldap in a reliable fashion (i.e. withou…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Nico Erfurth
Datum:  
To: Marc MERLIN
CC: exim-users
Betreff: Re: [Exim] Using nis/ldap in a reliable fashion (i.e. without losing mail)
Marc MERLIN wrote:
> So, I already know that if I use NIS, exim isn't really wiser since it goes
> through the C library and the getpwnam call gets routed by nsswitch.
>
> Since getpwnam was never designed to be routed through NIS or LDAP, it
> unfortunately returns NULL regardless of whether the entry was not found or
> whether the connection to the NIS/ldap server failed.
>
> Crutches to help with this problem are finduser_retries in exim, and nscd on
> the unix side, however I have still lost a few Emails in the past because of
> a NIS query at the extact time my NIS servers were being restarted.
> I'm not very familiar with ldap yet though.

You could enforce a temp-reject with your last router, so the mail would
be resend
after some time.

> Is my understanding correct that unless exim implements ypbind functionality
> internally to do NIS itself, I will never be able to use NIS for my password
> database in a 100% reliable fashion?

Exim has nis-support built in (if you enable it).

> Now, with ldap, exim supports constructing ldap queries for many types of
> internal conditions.
> Since exim does implement ldap client functionality, does it issue a differ
> if the ldap server was unreachable or the query otherwise failed with
> anything else than "query suceeded, no results" ?

Yes it is, without tweaking exim would send a temp-reject if the
connection or the query to the LDAP-server fails, in the case of no
return-value it will do what you want ;)

> If so, instead of looking up users with the C library, can exim use its
> internal ldap support to do all queries? Does that include looking up unix
> users (i.e. not using getpwnam)?

Partly this would be possible, the only problem i would see, is that you
can't set the home_directory reliable for filters (i had this problem
some months ago)

> What happens if the ldap server(s) is/are down? Will exim think that the
> query returned no results, or will it detect the failure and return a
> temporary failure or defer the Email if the email has already been accepted?

it will detect the error and send a temp-reject

> Does exim cache ldap queries like postfix does?


<quote>
Exim caches the most recent lookup result on a per-file basis for
single-key lookup types, and keeps the relevant files open. In some
types of configuration this can lead to many files being kept open for
messages with many recipients. To avoid hitting the operating system
limit on the number of simultaneously open files, Exim closes the least
recently used file when it needs to open more files than its own
internal limit, which can be changed via the lookup_open_max option.

For query-style lookups, a single data cache per lookup type is kept.
The files are closed and the caches flushed at strategic points during
delivery - for example, after all routing is complete.
</quote>

Database/Ldap connections will be cached in the same way. (Don't know
about NIS)

ciao