[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: does sendmail work with ldap groups?

To: Jay Christner <jaymc@goshen.edu>
Subject: Re: does sendmail work with ldap groups?
From: Chris Winters <cwinters@intes.net>
Date: Thu, 14 Oct 1999 17:18:36 -0400
Cc: openldap-general@OpenLDAP.org
In-reply-to: <Pine.LNX.4.20.9910141527370.18562-100000@yavin.goshen.edu>; from jaymc@goshen.edu on Thu, Oct 14, 1999 at 03:48:11PM -0500
References: <Pine.LNX.4.20.9910141527370.18562-100000@yavin.goshen.edu>

Sendmail may support this in the future. See:

 http://www.stanford.edu/~bbense/Inst.html
 http://www.stanford.edu/~bbense/ldap/alias_issues

for people who have made the hack themselves.

Me, I was a little scared futzing around with Sendmail code in a
(for me) non-trivial way. So we worked around this problem by rolling
our own --  an admin can edit groups via a web interface and an entry
in  /etc/aliases for that group directs the mail to a perl script that
looks up the group in the LDAP server and sends the mail to the
necessary people on the list.

AFAIK, it's working okay. (I haven't received any panicked calls about
it *not* working :) I'd be happy to share, but there are likely issues
with doing this on a large scale that I haven't considered. This
solution works for 80 people in a central office and about a dozen
scattered around the Washington, D.C. area. Also, this doesn't do any
sort of authentication checking -- anyone can send a message to any group.


* Jay Christner (jaymc@goshen.edu) [991014 17:03]:
> Hi,
>   I'm in the process of migrating our userbase (~1500 users) from a
> Netscape Messaging/Directory setup running on WindowsNT to
> OpenLDAP/Sendmail/pop/IMAP/nss_ldap/pam_ldap running on RedHat Linux.  So
> far I've gotten everything to work perfectly.  I can send mail, check
> mail, etc with users only existing in the LDAP servers.  However one big
> thing I'm missing at this point is groups.  In our existing Netscape
> server we have lots of groupOfUniqueNames with uniquemembers in
> them.  Netscape's mail server can use these as email groups, and there (I
> think, though don't hold me on this) are restrictions you can put on
> these groups that only members in the group can email to the group,
> etc.  My questions is this: Will sendmail work with these groups (or
> anyother groups stored in LDAP?
>   
>  We are using the default sendmail (at this point anyways) that came with
> RedHat, in otherwords we have no special LDAP support compiled
> in.  Sendmail currently works with nss_ldap and pam_ldap so it seems to be
> working with LDAP just fine.  
> Does anybody have any experience with this or suggestions?
> 
> If we can't get sendmail to use group stored in LDAP for email groups and
> get some sort of access control on them, we'll be forced to use majordomo
> or something like that for lists (which won't be near as nice).
> 
> Also the current groups work for authentication web based services via the
> auth_ldap apache module, so the solution needs to work with that too.
> 
> Any thoughts?
> -jay
> 
> -----------------------------------------------------------------------------
> Jay Christner
> Information Technology Services
> Goshen College
> Goshen, IN 46526
> -----------------------------------------------------------------------------
> 

-- 
Chris Winters
Internet Developer    INTES Networking
cwinters@intes.net    http://www.intes.net/
Integrated hardware/software solutions to make the Internet work for you.

Follow-Ups:
- Re: does sendmail work with ldap groups?
  - From: Jay Christner <jaymc@goshen.edu>
- Re: does sendmail work with ldap groups?
  - From: Stuart Lynne <sl@fireplug.net>
- Re: does sendmail work with ldap groups?
  - From: "Kurt D. Zeilenga" <kurt@boolean.net>

References:
- does sendmail work with ldap groups?
  - From: Jay Christner <jaymc@goshen.edu>

Prev by Date: does sendmail work with ldap groups?
Next by Date: Re: does sendmail work with ldap groups?
Index(es):
- Chronological
- Thread