Re: Postfix and LDAP connection management

Fri, 12 Oct 2012 15:22:29 -0700 

On Fri, Oct 12, 2012 at 03:13:20PM -0400, Wietse Venema wrote:

> > I am trying to resolve some LDAP issues, and I've been asked about
> > Postfix's connection management behavior.  How many concurrent
> > connections to a given LDAP server will proxymap(8) open?
> 
> One proxymap process should make zero or one LDAP connection per LDAP
> configuration file. By design it uses the same LDAP handle for all
> queries that resolve to the same LDAP configuration file.

There is often fewer than one connection per table, because LDAP
tables share connections that have the same connection properties.
(I contributed code to make this work in both Sendmail and Postfix,
so they behave similarly in this regard).

The set of properties which are connection properties is easiest
to describe by quoting the source (which has a very improbable
collision issue when using consecutive integers, as they don't get
a delimiter between their digits :-( ).

  #ifdef LDAP_API_FEATURE_X_OPENLDAP
      int     sslon = dict_ldap->start_tls || dict_ldap->ldap_ssl;

  #endif
      LDAP_CONN *conn;

  #define ADDSTR(vp, s) vstring_memcat((vp), (s), strlen((s))+1)
  #define ADDINT(vp, i) vstring_sprintf_append((vp), "%lu", (unsigned long)(i))

      ADDSTR(keybuf, dict_ldap->server_host);
      ADDINT(keybuf, dict_ldap->server_port);
      ADDINT(keybuf, dict_ldap->bind);
      ADDSTR(keybuf, DICT_LDAP_DO_BIND(dict_ldap) ? dict_ldap->bind_dn : "");
      ADDSTR(keybuf, DICT_LDAP_DO_BIND(dict_ldap) ? dict_ldap->bind_pw : "");
      ADDINT(keybuf, dict_ldap->dereference);
      ADDINT(keybuf, dict_ldap->chase_referrals);
      ADDINT(keybuf, dict_ldap->debuglevel);
      ADDINT(keybuf, dict_ldap->version);
  #ifdef LDAP_API_FEATURE_X_OPENLDAP
  #if defined(USE_LDAP_SASL)
      ADDSTR(keybuf, DICT_LDAP_DO_SASL(dict_ldap) ? dict_ldap->sasl_mechs : "");
      ADDSTR(keybuf, DICT_LDAP_DO_SASL(dict_ldap) ? dict_ldap->sasl_realm : "");
      ADDSTR(keybuf, DICT_LDAP_DO_SASL(dict_ldap) ? dict_ldap->sasl_authz : "");
      ADDINT(keybuf, DICT_LDAP_DO_SASL(dict_ldap) ? dict_ldap->sasl_minssf : 0);
  #endif
      ADDINT(keybuf, dict_ldap->ldap_ssl);
      ADDINT(keybuf, dict_ldap->start_tls);
      ADDINT(keybuf, sslon ? dict_ldap->tls_require_cert : 0);
      ADDSTR(keybuf, sslon ? dict_ldap->tls_ca_cert_file : "");
      ADDSTR(keybuf, sslon ? dict_ldap->tls_ca_cert_dir : "");
      ADDSTR(keybuf, sslon ? dict_ldap->tls_cert : "");
      ADDSTR(keybuf, sslon ? dict_ldap->tls_key : "");
      ADDSTR(keybuf, sslon ? dict_ldap->tls_random_file : "");
      ADDSTR(keybuf, sslon ? dict_ldap->tls_cipher_suite : "");
  #endif

So the ADDINT macro should use " %lu" rather than "%lu".

-- 
        Viktor.

Reply via email to