On Wed, Apr 27, 2011 at 12:34:43AM +0300, Timo Sirainen wrote:
> > This is a bug in the SYSTEM NSS LDAP client. The SYSTEM NSS LDAP
> > client works incorrectly: when the LDAP server fails to respond,
> > the SYSTEM NSS LDAP client returns a NOTFOUND result.
>
> Just wondering: Is it really the nss-ldap code that is buggy or just
> the libc's getpwnam() call that is fundamentally broken? I recently
> changed Dovecot to use getpwnam_r() instead, since it allows proper
> error checking.
Most likely a combination of both. It is not, for example, clear which
error returns from getpwnam_r() indicate a transient error, and which
"entry not found". This is an API problem.
Given the API, with a transient error, the library must keep trying until
the lookup succeeds, since there is no way to report a transient error.
--
Viktor.
