[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LDAP patch, and questions

To: Jeff Warnica <jeffw@chebucto.ns.ca>
Subject: Re: LDAP patch, and questions
From: Matti Aarnio <mea@nic.funet.fi>
Date: Sun, 26 Oct 2003 13:13:39 +0200
Cc: zmailer@nic.funet.fi
In-Reply-To: <1066867444.23430.100.camel@ron>; from jeffw@chebucto.ns.ca on Wed, Oct 22, 2003 at 09:04:05PM -0300
Original-Recipient: rfc822;zmailer-log@nic.funet.fi
References: <1066867444.23430.100.camel@ron>
Sender: zmailer-owner@nic.funet.fi

On Wed, Oct 22, 2003 at 09:04:05PM -0300, Jeff Warnica wrote:
> Without fully understanding what I did (not being a C programmer), the
> following patch allows for LDAPv3 connections, as an option, in the ldap
> config file. (its from, I think, the last tarball, but I dont beleive
> much has changed in ldap.c) 

I did apply it (manually, though) to  router/libdb/ldap.c
.. and with slight twist:  If the value isn't given, system default
takes over, not LDAPv3 -- thus pre-existing LDAP configurations don't
need magic "protocol 2" line in them.

> While testing this with 'router -i' I notice that it isnt very falult
> tollerent. If the server goes away, then it gives up and dies, without
> any retries. Non-interactivly would this be different? Would that
> relation be broken for ever, or at least untill router restarted? Or
> would it only fail on that one address/message?

From  Lay Yiu Fai's  doc/guides/ldap.doc:

  In case of server or network error that the map failed to lookup,
  the mail message will be deferred and hold with DEFER_IO_ERROR.

That deferrence status is sort of parallelly set flag, which must
be tested to see, if such has happened during the failure in order
to separate failure to access database from 'key not found'.
(See  'man getpwnam'  for its failure processing.
 What a bloody awfull API..)

However how should the thing do a retry ?  I don't know.
Is there a need to do server close and reconnect ?

Ah..  With  openldap  package in my system, I see lots of possible
errors to be handled;  "man 3 ldap_error"

> Unless this is being worked on, I may get ambitious and fire up my
> copy/paste fingers a bit more :P

If you have a clue about how to do retries, I would write a function
  int  Z_ldap_search_s( LDAPMAP *ldap, char *filter, char *attrs[], 
                        int attrsonly, LDAPMessage **res )

to be used in place of  ldap_search_s()  in the code, which would
internally handle also result code analysis, and based on it, do
a limited number of retries.

For the 'server has gone away' class of problems, the connection to
the server will likely need to be rebound.  For that matter..
Mumblemumble...   For a very long time, the LDAP library appears
to have had some  rebind thingie in it.

Using my book library, and comparing some notes regarding UMICH
and Netscape LDAP SDKs, especially things related to ldap rebindings
(for referrals, I presume) are ... slightly different in them.
To add more confusion,  OpenLDAP is a mixture of NS and UMICH APIs.

-- 
/Matti Aarnio	<mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi

Follow-Ups:
- Re: LDAP patch, and questions
  - From: Jeff Warnica <jeffw@chebucto.ns.ca> (Tue, 28 Oct 2003 23:47:59 +0200)

References:
- LDAP patch, and questions
  - From: Jeff Warnica <jeffw@chebucto.ns.ca>

Prev by Date: Re: smtp ta problem? (was: Re: hotmail problem... again :-( )
Next by Date: smtp-policy and "_"-starting mailboxes
Prev by thread: LDAP patch, and questions
Next by thread: Re: LDAP patch, and questions
Index(es):
- Date
- Thread