Re: [Exim] Using nis/ldap in a reliable fashion (i.e. withou…

Góra strony
Delete this message
Reply to this message
Autor: Nico Erfurth
Data:  
Dla: Marc MERLIN
CC: exim-users
Temat: Re: [Exim] Using nis/ldap in a reliable fashion (i.e. without losing mail)
Marc MERLIN wrote:
> So, I already know that if I use NIS, exim isn't really wiser since it goes
> through the C library and the getpwnam call gets routed by nsswitch.
>
> Since getpwnam was never designed to be routed through NIS or LDAP, it
> unfortunately returns NULL regardless of whether the entry was not found or
> whether the connection to the NIS/ldap server failed.
>
> Crutches to help with this problem are finduser_retries in exim, and nscd on
> the unix side, however I have still lost a few Emails in the past because of
> a NIS query at the extact time my NIS servers were being restarted.
> I'm not very familiar with ldap yet though.
>
> Is my understanding correct that unless exim implements ypbind functionality
> internally to do NIS itself, I will never be able to use NIS for my password
> database in a 100% reliable fashion?


*SIGH* i did it again....

How about a router like this?
It must be added BEFORE any local router

check_nis:
driver = redirect
data = ${lookup {$local_part} nis {passwd}{}}

How it works?
If your nis-server is reachable, it will just decline (don't produce any
new address). If the nis-server is down, the router would defer, this
means, an incoming message would be temp-rejected (if you use receiver
verification), if a queue-message is going to be delivered, it would
requeue the message, because of the defer. This one should not be very
expensive in usage and it maybe warms up the nscd-cache for the user entry.

ciao