On Apr 25, 2011, at 10:22 PM, William Ono wrote:
> Hello all,
>
> Yes, this again. I promise it's slightly different this time.
>
> I have users in LDAP and they're brought in as local users by
> libnss-ldapd. With local_recipient_maps set to use a LDAP map instead of
> unix:passwd.byname, smtpd correctly tempfails incoming mail when the
> LDAP service is unavailable. This is all working fine.
>
> However, for mail that originates on the mail host, e.g. by mail(1),
> when an LDAP outage causes local users to disappear (getent passwd
> username returns no results with exit code 2) local bounces the mail as
> user unknown. While this is not surprising behaviour, it is not the
> desired behaviour, either.
>
> I was hoping that setting mailbox_transport_maps to the same LDAP map as
> local_recipient_maps would cause local to tempfail rather than bounce in
> this case. It turns out that it does not.
>
> Digging into the code, in deliver_mailbox() I see a call to maps_find()
> that isn't followed by a check on dict_errno. I think this is a bug. If
> maps_find() sets dict_errno to DICT_ERR_RETRY, deliver_mailbox() should
> fail the delivery and expect a retry later. But my C is very rusty and
> this is not trivial code so I haven't gotten any further than that.
>
> local/mailbox.c:280 in deliver_mailbox():
>
> /* The -1 is a hint for the down-stream deliver_completed() function. */
> if (*var_mbox_transp_maps
> && (map_transport = maps_find(transp_maps, state.msg_attr.user,
> DICT_FLAG_NONE)) != 0) {
> state.msg_attr.rcpt.offset = -1L;
> *statusp = deliver_pass(MAIL_CLASS_PRIVATE, map_transport,
> state.request, &state.msg_attr.rcpt);
> return (YES);
> }
> if (*var_mailbox_transport) {
> ...
>
> Is there a better way to do what I'm trying to do, which is to tempfail
> instead of bounce when LDAP/NSS is not working correctly? (I appreciate
> that it's not Postfix's fault that NSS isn't distinguishing not found
> from an error, but that doesn't help me get this working.)
>
> If you're curious, nscd is not a complete solution here (though I am using
> it) because, after a cold start, it's likely that Postfix on one host will
> come up before the LDAP service on another host. They're both virtual
> machines on the same hardware. It's not ideal but this is too small of a
> shop to do anything bigger than that.
>
> Thanks.
>
greetings
for ldap transport I added an ldap attribute " mailHost " then did my transport
map based on the entry
transport_maps = ldap:/etc/postfix/primary_transport,
ldap:/etc/postfix/secondary_transport
server_host = 10.1.1.15
search_base = dc=myldapserver,dc=my,dc=domain,dc=com
query_filter = (mail=%s)
result_attribute = mailHost
result_filter = smtp:[%s]
bind = no
