On 2012-04-04 at 18:53 +0200, Moritz Wilhelmy wrote:
> On my setup, LDAP lookups happen through NSS. If the LDAP server goes
> down, the lookup fails, and the mail gets permanently rejected. I'd like
> to either reject it only temporarily or accept all messages if the LDAP
> server is down/can't be reached and freeze them.
>
> I tried a simple lookup like this
> ${if eq{\
> ${lookup ldap{ldaps:///ou=People,dc=bla?uid?sub?(uid=${quote_ldap:$local_part)}}}}\
> {$local_part}\
> {true}{false}}
You don't say where this query is.
The LDAP lookups always return temporary errors.
In a Router or Transport, you'll get a deferral, 4xx.
In an ACL, the condition is likely to fail. Careful construction of
your ACL rules, with "set acl_m_foo" will let you set a variable and
check for deferral, which will let you return a 4xx error from the ACL.
You can also set more than one server in ldap_default_servers which
helps with failover.
I'm guessing your expansion problem is in an ACL. If you need help
restructuring the ACL, post the relevant ACL here and people will help.
-Phil
