Emmanuel Dreyfus wrote:
On Wed, Aug 13, 2008 at 09:44:23AM +0200, Buchan Milne wrote:
Actually, if that were the case, I think a suitable timelimit in nss_ldap's ldap.conf should prevent any problems, but it doesn't due to nss_ldap's (IMHO) braindead defaults.
Such an approach leads to even worse problems with other applications: sendmail performs NSS lookups for local delivery (when looking for .forward), and it does it with getpwnam().
One more reason to disallow such an ancient forwarding mechanism and switch over to forwarding addresses directly stored in the directory.
This is a great example showing that backward compability is not always a good thing by itself. Especially when system architecture changes dramatically, e.g. by introducing a directory service.
Ciao, Michael.