[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: " Email routing: ldap-support-on-sendmail"

To: Stuart Henderson <stuart@eclipse.net.uk>
Subject: Re: " Email routing: ldap-support-on-sendmail"
From: Kristina <kristina@fsas.fujitsu.co.jp>
Date: Wed, 24 Nov 1999 18:07:19 +0900
Cc: openldap-software@OpenLDAP.org, ldap@umich.edu
In-reply-to: <38354776.560EFA24@eclipse.net.uk>
References: <Your message of "Wed, 17 Nov 1999 17:21:05 +0900." <4.0.1-J.19991117170849.00e50170@mail.fsas.fujitsu.co.jp> <4.0.1-J.19991118084458.00e55c48@mail.fsas.fujitsu.co.jp> <4.0.1-J.19991119165216.01e52248@mail.fsas.fujitsu.co.jp>

Thanks Stuart for your very comprehensive explanation on using ldap on
sendmail.
According to your configuration details I tried to get sendmail on my mail hub
to bind with the
ldap server for email routing, but with no success!  Someone please help me 
out
here! The following
is what I did to the mail hub which also has the LDAP client installed and
configured correctly in
ldapd.conf even though I do not think it is necessary with the Kvirtuser
ldapx.....thing in sendmail.
***
Number 1) IFirst I successfully compiled sendmail with LDAP.
(vi /sendmail-8.9.3/BuildTools/OS/SunOS.5.7). The following modifications were
completed prior to compile.

define(`confMAPDEF', `-DNDBM -DNEWDB -DLDAPMAP')

define(`confINCDIRS', `-I/usr/local/bind/include -I/usr/local/include
-I/usr/loc
al/BerkeleyDB/include')

define(`confLIBDIRS', `-L/usr/local/bind/lib -L/usr/local/lib
-L/usr/local/Berke
leyDB/lib')

define(`confLIBS', `-lbind -lsocket -lnsl -lkstat -ldb -lldap -llber')

***
Number 2) After compile and generating the sendmail.cf file for general
configuration I added
the following to sendmail.cf manually after the "Kdequote quote" line,

Kvirtuser ldapx -b "o=fsas, c=JP" -h "ldaptest.domain1.co.jp" -k "(mail=%s)"
 -v

mailhost

and the domain name at Cw like this,

Cw localhost domain1.co.jp


***
While doing a manual ldapsearch on the mail hub using the ldap client instal
led
ldapsearch -L "mail=user1@domain1.co.jp"
returns an answer from the ldap server  meanwhile Kvirtuser.....in sendmail 
does not even attempt to connect to the ldap server.
***
Checking the bat book, it says that the following K switched can be used with
LDAPX:
-a, -f, -m, -N, -O, -o, -q
and the following special switches:
-b, -h, -l, -n, -p, -R, -s.

As you can see there is no mention of using the -k and -v switches with
LDAPX.  Is this a matter of concern??  What switches should I use?

Thanks in advance for any help,
Kristina




At 12:49 99/11/19 +0000, you wrote:
> >  This coming Sunday(Yes, Ldap is taking over my Sundays now too!),
> 
> Hopefully this will be the last Sunday you spend on this to
> get it up and running.
> 
> > Question 1) I can't locate the Virtuser table in sendmail.cf to position
the
> > Kvirtususer ldapx..................... line.  Can you please give me a key
w
> > ord which will take me to the right place in sendmail.cf using "find"?
> 
> I would put it with any other lines beginning with the
> letter K, but it doesn't really matter, so long as it's somewhere 
> in the main section, i.e. before the rulesets (starting S...)
> The comment I referred to is generated by the m4 macros, so it's
> probably different for your cf build system.
> 
> > Question 2)Is the domain defined in "Cw" or "Cd". The bat book says
> >  that "Cd" is where you put the domain and "Cw" the host name, whereas
> > you put the domain in "Cw"??
> 
> Cw defines the domain names the machine will accept mail for.
> Use of virtusertable on Sendmail requires that the domains are
> treated as local. I haven't defined a Cd macro in any of my
> sendmail installations.
> 
> Note that, if a lookup "user@domain" is not found in the
> virtual map, delivery will fallback to "user" on the local
> system or aliases before rejecting the mail. So, if you 
> have usernames that must work all the time, even when the 
> LDAP server is down (for example, maybe postmaster) it 
> may be wise to list them in aliases.
> 
> I hope this helps - once you have it working it will be a lot
> easier to understand how it ties together. I am currently using
> LDAP-based delivery for around 10000 mailboxes, it's been
> working pretty stable for a couple of months with Sendmail
> and about a month with Postfix. (I moved to Postfix since it
> has an excellent security architecture, runs deliveries in 
> parallel up to predefined per-destination concurrency limits
> which means it is extremely fast, and has excellent 
> anti-spam and address rewriting facilities).
> 
> What you will discover once you see it in operations is that
> the attribute names you choose for your schema will not matter
> too much. The schema is more for your benefit than the mail
> systems; all LDAP-based mailers I have used allow a good
> degree of flexibility in choosing your schema since this is 
> usually a local decision based more on the ldap server and
> desktop clients which need to access it (for example,
> Outlook or Netscape's address book). For ease of integration
> with many of these applications it is beneficial to use the 
> attribute "mail" as the email address, since in most cases
> that is the default. I changed my database to use "mail"
> rather than "mailalternateaddress" for this very reason.
> It is much easier to do that before the system is live :-)
> 
> Kind regards
> Stuart
> -- 
>   Stuart Henderson
>   Postmaster, Eclipse Networking Ltd.
>

References:
- How and where to write a search filter script??????
  - From: Kristina <kristina@fsas.fujitsu.co.jp>
- Re: How and where to write a search filter script??????
  - From: Kristina <kristina@fsas.fujitsu.co.jp>
- " Email routing: ldap-support-on-sendmail"
  - From: Kristina <kristina@fsas.fujitsu.co.jp>

Prev by Date: What is T.61 (Was: Chinese Character)
Next by Date: Please help: select appropriate LDBM
Index(es):
- Chronological
- Thread