>>>>> "Ganael" == Ganael Laplanche <ganael.laplan...@centralesupelec.fr> writes:
Ganael> Hmmmm... If we put the dump before, we will loose our 7-days Ganael> window to react. What could be done maybe is have 2 hash maps Ganael> and not use LDAP at all : 1 file generated every hour and our Ganael> 7-days old dump as a second choice. But this is not perfect Ganael> neither as we will have a 1-hour lag regarding new info coming Ganael> from LDAP. So why not populate a new OU from your master production OU, and use that for all lookups. The process would then be that when you delete from the primary OU, it's starts a 7 day count down on the secondary to finish the deletion. But other updates/changes would be immediately (or every five minutes or whatever) propagted to the aliases OU which you do the lookups against. So this would give you A) a way to keep email flowing for 7 days, and B) easy way to recover from accidents. All you would need to do is change which OU postfix works against. This lets you use LDAP replication, load sharing, scaling, etc. Without hacving to muck about with a completely seperate process on the postfix side to catch changes, because you need to watch you LDAP OU for new/changed entries and replicate them to the hash table reliably. And then the cleanup as well. Keep it all in LDAP if you can. John
