William Ono:
> Hello all,
>
> Yes, this again. I promise it's slightly different this time.
>
> I have users in LDAP and they're brought in as local users by
> libnss-ldapd. With local_recipient_maps set to use a LDAP map instead of
> unix:passwd.byname, smtpd correctly tempfails incoming mail when the
> LDAP service is unavailable. This is all working fine.
That is because the POSTFIX LDAP client queries the LDAP server.
The POSTFIX LDAP client works correctly: when the LDAP server fails
to respond, the POSTFIX LDAP client returns a temporary error.
> However, for mail that originates on the mail host, e.g. by mail(1),
> when an LDAP outage causes local users to disappear (getent passwd
> username returns no results with exit code 2) local bounces the mail as
> user unknown. While this is not surprising behaviour, it is not the
> desired behaviour, either.
This is a bug in the SYSTEM NSS LDAP client. The SYSTEM NSS LDAP
client works incorrectly: when the LDAP server fails to respond,
the SYSTEM NSS LDAP client returns a NOTFOUND result.
Go file a bug report with your operating system vendor. This bug
has been around forever, and unless someone pulls the hands from
under their buttocks and fixes this, the bug will make life miserable
for generations of mail admins.
Wietse
