NSS LDAP reliability

Hello

I have a sendmail setup with users stored in a LDAP directory. The
thing is not reliable when the LDAP server goes down. Here are my
goals:

- Query multiple LDAP servers (if first one is down, try the next...)
- Get temporary failures when all servers are down (and not bounces!)

Unfortunately, acheiving both goals is far from being easy. As far as
I can tell, there are three distinct problems to address:

1) Sendmail maps (aliases and friends)
How do I specify multiple LDAP servers? I tried the following:
ldap: -H ldap://localhost (...), ldap: -H ldap://ldap.example.net
(...)
ldap: -H ldap://localhost -H ldap://ldap.example.net (...)
ldap: -H "ldap://localhost ldap://ldap.example.net" (...)

But none seems to work: it will never query both servers if the first
one is down. What is the right syntax?

OTOH, the behavior when the LDAP server is down is satisfying: the
message goes back to the queue.

2) NSS lookups
Sendmail performs getpwnam() calls before delivery. This turns into a
NSS lookup to the LDAP server. Here it is easy to configure /etc/
nss_ldap.conf to use multiple servers.

The result when all server are down is scary, through: the sendmail
instance will insist forever on the request. If the LDAP server is
down for enough time, I will get dozens of sendmail instances stuck on
NSS lookups, and it will lead to chaos.

I can configure the nss_ldap library to return an error after a few
tries (using nss_ldap's undocumented nss_reconnect_maxtries in
nss_ldap.conf), but sendmail will not distinguish an error and an
inexistant user, therefore I will get a bounce.

I had a quick look at sendmail sources, and it seems it always uses
getpwnam(), and not getpwnam_r(). getpwnam() does not return errors,
whereas getpwnam_r() does. Therefore I think sendmail cannot know if
the lookup failed because the user does not exist or because there was
an error with a NSS source.

Does that mean it is impossible to have this working reliabily? Or is
there a way to prevent sendmail from performing any getpwnam() lookups
for local delivery?

3) local mailer behavior
Local mailer behavior is out of Sendmail's scope. The program has to
perform a NSS lookup to get the UID of the recipient's mailbox. If it
uses getpwnam_r() and return EX_TEMPFAIL on failures, everything is
okay. If it uses getpwnam(), then we are doomed.

I fixed my local mailer so that it returns EX_TEMPFAIL on NSS
failures, so this is okay.

--
Emmanuel Dreyfus
manu@netbsd.org

<arsene.lupin@espci.fr> wrote:

> Does that mean it is impossible to have this working reliabily? Or is
> there a way to prevent sendmail from performing any getpwnam() lookups
> for local delivery?

I made progress here: If I remove the w flag to Mlocal, then sendmail
does not do any NSS request anymore. It just hands the message to
mail.local, and mail.local nicely handle an unavailable LDAP server
(EX_TEMPFAIL): the message is queued on temporary failure.

But... doing so seems to break .forwards. I have to trade reliability
for functionnality.

--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org