Messaging Gateway

 View Only

  • 1.  Ldap server / scanner preference

    Posted Feb 01, 2010 03:22 PM

    I'm setting up muliple scanners in remote locations and want to be able to point them to local instances of LDAP directories. Currently, I have several ldap servers defined to do Recipient Validation but trafic favors the top of the list and only falls down the list is there is a failure. I think I understand that the product doesn't really support any load balancing for the LDAP servers but I would still like to limit traffic from remote locations. We're using openldap so full syncs are also not an option with the product as it is currently.

    My inital thought was to setup manual host entries on the scanners (ie: /etc/hosts). Can this be done via command line? or is there another way to accomplish this task?

    Thanks

    Chris



  • 2.  RE: Ldap server / scanner preference
    Best Answer

    Posted Feb 01, 2010 03:59 PM
    Hi Chris,

    Since DNS servers can be configured per host (scanner), may be you can configure each scanner with its local DNS server and have the local DNS server resolve the LDAP source to an IP address that is local to the specific scanner.

    Another way could be to configure (using either the GUI or the CLI as admin) invalid routes to LDAP servers on specific scanners that you don't want those scanners to use.  If the scanners cannnot reach (due to invalid route) to those LDAP servers, they will use the ones from the list that can be reached.

    I have not tested these, but I don't readily see any reason they would not work.

    Hope this helps.

    Regards,

    Adnan


  • 3.  RE: Ldap server / scanner preference

    Posted Feb 01, 2010 05:08 PM
    I had thought about using static paths for this but not in the manner you mention. I like it! Though I've just given it a try and one of the side effects is that every lookup (for every message) generates two lines in the scanner logs as MTA errors.

    I wanted to avoid moving this configuration out into other services like DNS (our DNS is already too complex.)

    Is there a way to supress those error messages?


  • 4.  RE: Ldap server / scanner preference

    Posted Feb 01, 2010 05:35 PM
    May be having those logs is good thing and a reminder that something has been "hacked" or configured "in an unusual manner" so that later on if you decide to change things around, you don't get a surprise.

    You can control error logging only by setting the log level, other than that there is no way to suppress specific error messages.


  • 5.  RE: Ldap server / scanner preference

    Posted Feb 02, 2010 02:40 PM
    Ha, that's a nice spin on the errors.

    The other thing this adds is a pause at every message where the scaner waits for the bad routed ldap server to timeout. I don't think that will scale well under load. I'll look towards a DNS based solution, thanks.


  • 6.  RE: Ldap server / scanner preference

    Posted Feb 02, 2010 09:54 PM
    You are welcome.

    If you think, any of the suggestions can be considered a solution, can please mark it as such?

    Thanks

    Adnan