> Ram:
> > Jun 4 14:53:00 mmail postfix/smtpd[23565]: nss_ldap: reconnecting to
> > LDAP server (sleeping 4 seconds)...
>
> To make Postfix work while LDAP is down, put the Postfix-related
> users and groups in /etc/passwd, or remove LDAP from /etc/nsswitch.conf.
(and in /etc/group and /etc/shadow).
But this is not enough, even when postfix, root, etc. are completely
defined in local files.
Dan Burkland:
> One solution I found was to append "postfix" to the
> nss_initgroups_ignoreusers line in /etc/ldap.conf
This is needed, because it prevents "group" database enumeration
in the initgroups() system library function.
initgroups() looks up all entries in the group database, to find
out if a user is listed as a member of those groups. We don't
want that to happen for postfix or root when LDAP is down.
Postfix daemon processes invoke initgroups() when they change
priviliges to those of the $mail_owner account. initgroups() is
also used when you log into a UNIX system, or when you use the su
(or sudo) command.
Wietse
