William Ono:
> On Tue, Apr 26, 2011 at 08:44:05AM -0400, Wietse Venema wrote:
> > That is because the POSTFIX LDAP client queries the LDAP server.
> > The POSTFIX LDAP client works correctly: when the LDAP server fails
> > to respond, the POSTFIX LDAP client returns a temporary error.
> >
> > > However, for mail that originates on the mail host, e.g. by mail(1),
> > > when an LDAP outage causes local users to disappear (getent passwd
> > > username returns no results with exit code 2) local bounces the mail as
> > > user unknown. While this is not surprising behaviour, it is not the
> > > desired behaviour, either.
> >
> > This is a bug in the SYSTEM NSS LDAP client. The SYSTEM NSS LDAP
> > client works incorrectly: when the LDAP server fails to respond,
> > the SYSTEM NSS LDAP client returns a NOTFOUND result.
>
> Yes, exactly so, as I acknowledged further down. However, continuing
> from my original email:
>
> > > I was hoping that setting mailbox_transport_maps to the same LDAP map as
> > > local_recipient_maps would cause local to tempfail rather than bounce in
> > > this case. It turns out that it does not.
>
> So, no, the local(8) LDAP client does NOT work correctly.
The LDAP client is OK, but the mailbox_transport_maps code is not.
Wietse
