Ganael Laplanche:
> Wietse> As explained later, the problem is not with LDAP lookup ERRORS,
> Wietse> it is with LDAP returning a "not found" response (i.e. NOT an error).
> Wietse>
> Wietse> That should not be a problem with the proposed configuration:
> Wietse>
> Wietse> virtual_alias_maps = ldap:..., hash:...
>
> Right, that configuration works and is enough for handling disappearing
> addresses. The problem is when LDAP becomes unavailable; while that situation
> is not normal and should be treated as a temporary error in most cases, we do
> not care in our precise case because everything needed is supposed to be
> present in further maps.
>
> As you noticed, I am trying to solve two problems at once :
>
> 1) address deletions by mistake (LDAP returning 'not found'); this is OK with
> the above configuration
>
> 2) as an "improvement" (if ignoring failures can be called that way) to speed
> up delivery, do not fail when LDAP is unavailable as we have everything neede
> in further hash map
It's not going to happen.
Instead, query the hash map BEFORE ldap, and dump ldap periodically
(hourly?) to hash. 'New' users will still be found most of the time.
Just do it carefully.
1) dump ldap > /etc/postfix/alias-from-ldap-new
2) if there are no errors
postmap hash:/etc/postfix/alias-from-ldap-new
3) if there are no errors
mv /etc/postfix/alias-from-ldap-new.db /etc/postfix/alias-from-ldap.db
4) optional: if there are no errors
postfix reload
This should be done woth cron and make. For 'make" examples, see
http://www.postfix.org/DATABASE_README.html#safe_db
Wietse
