Przemyslaw Wegrzyn wrote:
> Which version of OpenLDAP you were using ?
> I wonder if there are still leakage issues with current version.
Test openldap first - install it, then write a little script to send
multiple queries to it - see if it works.
> Hmm, replicating whole database once can be accepted in this project.
Replicating the whole database is desirable for you - because you have
to search the entire database for mail delivery to succeed anyway.
> But, how about, for example, user changing his/her password ?
> Will this data be automaticaly propagated without problems ?
Yes - if you configured it to be propagated immediately (you don't have
to, but it's a good idea).
> Why ? is NSS so slow ? It's just libc pluggable module executing in
> address space of a porcess requesting the info.
> Well, the only source of significant overhead I see is spawning
> qmail-getpw (fork/exec costs)
NSS is likely to make far more and far complicated queries to the LDAP
server to ge the info qmail is looking for - but a lot of it is
unnecessary (group memberships for example, which are irrelevant). Qmail
LDAP on the other hand only asks for the information of interest to it -
ie your email address, and the directory it must deliver mail to.
The fewer queries made, the faster it is.
> > In-cluster deliveries work via qmqp. Qmqp is not smtp. It is something
> > like 30 times faster than smtp. "Clustering" is a bit of a misnomer for
> > qmail-ldap. It does mail routing based on mailhost attributes in ldap,
> > and it does it quite well.
>
> But it assigns particular accounts to particular servers, that's what I'm
> trying to avoid.
Exactly - so don't use it (just ignore it).
Simply configure every single one of your mailservers to be the same
config. They all mount the NFS drive in the same way. They all do the
same LDAP searches on the same tree (that is possibly replicated onto
each machine to speed things up).
Qmail just looks up the email address in one of the LDAP servers, and if
it is local, it tries to deliver the message locally to the (NFS)
directory specified by the mailMessageStore attribute. It doesn't try to
forward the message to another machine - there is no point. Any user can
deliver any mail to any machine, and it will Just Work. Any user can try
and fetch their mail from any machine, and it will Just Work.
Regards,
Graham
--
-----------------------------------------
[EMAIL PROTECTED] "There's a moon
over Bourbon Street
tonight..."
S/MIME Cryptographic Signature
