This thread has gone off-topic and is now closed. I suggest those wanting to discuss NSS/LDAP and NSS/LDAPD take their discussions to lists intended to support these software components, or take them to the openldap-technical list which allows a broader range of topics than this list. Thanks, your moderator.
-- Kurt
On Aug 13, 2008, at 6:33 AM, Dan White wrote:
Emmanuel Dreyfus wrote:
On Wed, Aug 13, 2008 at 09:44:23AM +0200, Buchan Milne wrote:
Actually, if that were the case, I think a suitable timelimit in nss_ldap's ldap.conf should prevent any problems, but it doesn't due to nss_ldap's (IMHO) braindead defaults.
Such an approach leads to even worse problems with other applications: sendmail performs NSS lookups for local delivery (when looking for .forward), and it does it with getpwnam().
getpwnam() does not set errno, the caller has no way of distinguishing an inexesting entry or an unreachable NSS source. If you use getpwnam_r(), errno is set on failure and you can make the difference. But sendmail uses getpwnam(). So if NSS returns no answer because of a bind or search tiemout, sendmail will consider the recipient does not exit and will bounce the message. This is off-topic, so if the reader is looking for a workaround in the sendmail config, (s)he should look for my post on comp.mail.sendmail thi smorning. But that is not fully satisfying, and I am still looking for a really reliable setup.
If you haven't already, you may want to give nss-ldapd a look:
http://ch.tudelft.nl/~arthur/nss-ldapd/design.html
- Dan