DIsable connects to ldap
in [Postfix]
|
Prev: Local delivery rejected
Next: Postini, Has bad idea for adding ip numbers. This is sendmail example
From: Ram on 4 Jun 2010 06:04 On our postfix servers , we use a remote ldapserver for system-auth for some FM users. System users login via /etc/shadow .. FM users login via ldap. The MTA is not configured to use any ldap connection. Yet whenever postfix is being restarted , If the remote ldapserver is not available postfix refuses to start. I get errors like this Jun 4 14:53:00 mmail postfix/smtpd[23565]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)... Jun 4 14:53:04 mmail postfix/smtpd[23565]: nss_ldap: failed to bind to LDAP server ldap://XXXXXXXX: Can't contact LDAP server Jun 4 14:53:04 mmail postfix/smtpd[23565]: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)... Jun 4 14:53:12 mmail postfix/smtpd[23565]: nss_ldap: reconnected to LDAP server ldap://XXXXXXXXXX after 3 attempts How do I configure postfix , not to connect to ldap at all. Thanks Ram
From: postfix on 4 Jun 2010 06:37 Hi Ram apparently, its not postfix itself, which connects to LDAP, but the nss library, which brings up the following idea: postfix, when starting up, wants to verify the user it shall run under, which is done via the nss library. If this user is not a unix user, the nss library will try to contact the LDAP server according to /etc/nsswitch.conf suomi On 2010-06-04 12:04, Ram wrote: > On our postfix servers , we use a remote ldapserver for system-auth for > some FM users. System users login via /etc/shadow .. FM users login via > ldap. > > > > The MTA is not configured to use any ldap connection. > Yet whenever postfix is being restarted , If the remote ldapserver is > not available postfix refuses to start. > > I get errors like this > > > Jun 4 14:53:00 mmail postfix/smtpd[23565]: nss_ldap: reconnecting to > LDAP server (sleeping 4 seconds)... > Jun 4 14:53:04 mmail postfix/smtpd[23565]: nss_ldap: failed to bind to > LDAP server ldap://XXXXXXXX: Can't contact LDAP server > Jun 4 14:53:04 mmail postfix/smtpd[23565]: nss_ldap: reconnecting to > LDAP server (sleeping 8 seconds)... > Jun 4 14:53:12 mmail postfix/smtpd[23565]: nss_ldap: reconnected to > LDAP server ldap://XXXXXXXXXX after 3 attempts > > > > > > > > > How do I configure postfix , not to connect to ldap at all. > > > > > Thanks > Ram >
From: Wietse Venema on 4 Jun 2010 06:44 Ram: > Jun 4 14:53:00 mmail postfix/smtpd[23565]: nss_ldap: reconnecting to > LDAP server (sleeping 4 seconds)... To make Postfix work while LDAP is down, put the Postfix-related users and groups in /etc/passwd, or remove LDAP from /etc/nsswitch.conf. Wietse
From: Dan Burkland on 4 Jun 2010 09:03 -----Original Message----- From: owner-postfix-users(a)postfix.org [mailto:owner-postfix-users(a)postfix.org] On Behalf Of Wietse Venema Sent: Friday, June 04, 2010 5:44 AM To: Postfix users Subject: Re: DIsable connects to ldap Ram: > Jun 4 14:53:00 mmail postfix/smtpd[23565]: nss_ldap: reconnecting to > LDAP server (sleeping 4 seconds)... To make Postfix work while LDAP is down, put the Postfix-related users and groups in /etc/passwd, or remove LDAP from /etc/nsswitch.conf. Wietse ---------------------------------------------- One solution I found was to append "postfix" to the nss_initgroups_ignoreusers line in /etc/ldap.conf Regards, Dan
From: Wietse Venema on 4 Jun 2010 10:42 > Ram: > > Jun 4 14:53:00 mmail postfix/smtpd[23565]: nss_ldap: reconnecting to > > LDAP server (sleeping 4 seconds)... > > To make Postfix work while LDAP is down, put the Postfix-related > users and groups in /etc/passwd, or remove LDAP from /etc/nsswitch.conf. (and in /etc/group and /etc/shadow). But this is not enough, even when postfix, root, etc. are completely defined in local files. Dan Burkland: > One solution I found was to append "postfix" to the > nss_initgroups_ignoreusers line in /etc/ldap.conf This is needed, because it prevents "group" database enumeration in the initgroups() system library function. initgroups() looks up all entries in the group database, to find out if a user is listed as a member of those groups. We don't want that to happen for postfix or root when LDAP is down. Postfix daemon processes invoke initgroups() when they change priviliges to those of the $mail_owner account. initgroups() is also used when you log into a UNIX system, or when you use the su (or sudo) command. Wietse
|
Pages: 1 Prev: Local delivery rejected Next: Postini, Has bad idea for adding ip numbers. This is sendmail example |