-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Victor Duchovni wrote: |> It seems that postfix tries does not know what to do, as the system in the |> referral is not reachable (that is what might require second thoughts), but |> the firewall produces an immediate TCP reset, so 10.0.1.6 should, IMHO, be |> considered unreachable and 10.0.1.7 tried instead. |> |> Am I totally confused? Is this the intended flow? | | The LDAP library hands Postfix a connection, when Postfix fails | to bind it gives up. Thanks, Victor. As usual, you're right ;)
Once the LDAP library has been properly tamed, everything is working nicely. For the records, as it is OpenLDAP under the hood, adding NETWORK_TIMEOUT 2 REFERRALS off to /etc/openldap/ldap.conf (normal RHEL location, YMMV) made the trick. The timeout value is incidental, I have reduced it as directory servers are very close (same LAN segment) to Postfix servers and should respond almost immediately. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN - - A: Yes. | > Q: Are you sure ? |> >> A: Because it reverses the logical flow of conversation. |>> >>> Q: Why is top posting annoying in email ? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFMe+OWV6+mDjj1PTgRAh6DAKCUtOqEjsw46h9JqRG805C1M5XqiACgy+gf mahu0/1tEk7mei8zAJVmZC0= =w70H -----END PGP SIGNATURE-----
