Re: [exim] Check if LDAP server can be reached

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Phil Pennock
Datum:  
To: Moritz Wilhelmy
CC: exim-users
Betreff: Re: [exim] Check if LDAP server can be reached
On 2012-04-04 at 18:53 +0200, Moritz Wilhelmy wrote:
> On my setup, LDAP lookups happen through NSS. If the LDAP server goes
> down, the lookup fails, and the mail gets permanently rejected. I'd like
> to either reject it only temporarily or accept all messages if the LDAP
> server is down/can't be reached and freeze them.
>
> I tried a simple lookup like this
> ${if eq{\
>     ${lookup ldap{ldaps:///ou=People,dc=bla?uid?sub?(uid=${quote_ldap:$local_part)}}}}\
>     {$local_part}\
>     {true}{false}}


You don't say where this query is.

The LDAP lookups always return temporary errors.

In a Router or Transport, you'll get a deferral, 4xx.

In an ACL, the condition is likely to fail. Careful construction of
your ACL rules, with "set acl_m_foo" will let you set a variable and
check for deferral, which will let you return a 4xx error from the ACL.

You can also set more than one server in ldap_default_servers which
helps with failover.

I'm guessing your expansion problem is in an ACL. If you need help
restructuring the ACL, post the relevant ACL here and people will help.

-Phil