On Thursday, January 21, 2021 5:15:49 PM CET Viktor Dukhovni wrote: Hello Viktor,
> Postfix already rebuilds LDAP connections on error and retries the > search: > [...] > > If there's more than one LDAP server, and the one being used crashes, > the new connection will use a different server. That can be useful to limit LDAP problems, thanks. > A hash map after LDAP sounds reasonable, as a means to limit the amount > of lost email (1 hour of new user accounts) should LDAP start lying by > reporting "not found" for accounts that should exist. For the real > LDAP use "proxy:" and configure multiple servers. Well, that was my original idea, and I think it could've been OK, *but*... ...we've shared all suggestions from this thread yesterday with my team. The main problem we are facing is that we're not willing to defer mail if LDAP is down ; and even with several LDAP servers, we can never be sure this won't happen. With that in mind, it seems the easiest way to have something similar to our original design would be to have two hash maps chained : the first being a LDAP dump made every hour or so, and the second one being made and checked every week. The only downside is that we will have a small lag, but that may be acceptable. Well, again, thanks to you all for sharing your ideas :) Best regards, -- Ganael Laplanche <ganael.laplan...@centralesupelec.fr> Unix Systems Engineer @CentraleSupelec Rennes
