[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: does sendmail work with ldap groups?
On Thu, 14 Oct 1999, Chris Winters wrote:
> Sendmail may support this in the future. See:
>
> http://www.stanford.edu/~bbense/Inst.html
> http://www.stanford.edu/~bbense/ldap/alias_issues
>
> for people who have made the hack themselves.
>
> Me, I was a little scared futzing around with Sendmail code in a
> (for me) non-trivial way. So we worked around this problem by rolling
> our own -- an admin can edit groups via a web interface and an entry
> in /etc/aliases for that group directs the mail to a perl script that
> looks up the group in the LDAP server and sends the mail to the
> necessary people on the list.
>
> AFAIK, it's working okay. (I haven't received any panicked calls about
> it *not* working :) I'd be happy to share, but there are likely issues
> with doing this on a large scale that I haven't considered. This
> solution works for 80 people in a central office and about a dozen
> scattered around the Washington, D.C. area. Also, this doesn't do any
> sort of authentication checking -- anyone can send a message to any group.
>
Yeah, I was guessing it may have to come to something like this. All our
administration will be done over the web too (I'm currently writing the
whole thing with PHP.) I would be interested in seeing your perl
script. I definately don't want to go delving into sendmail, and they
won't release group support anytime soon, so it looks like I'm stuck
rolling my own (or combining parts of others' with my own.) I'll probably
hack your perl script to do some access list checking or something like
that, so I could send my revision back if you'd like.
-jay
> * Jay Christner (jaymc@goshen.edu) [991014 17:03]:
> > Hi,
> > I'm in the process of migrating our userbase (~1500 users) from a
> > Netscape Messaging/Directory setup running on WindowsNT to
> > OpenLDAP/Sendmail/pop/IMAP/nss_ldap/pam_ldap running on RedHat Linux. So
> > far I've gotten everything to work perfectly. I can send mail, check
> > mail, etc with users only existing in the LDAP servers. However one big
> > thing I'm missing at this point is groups. In our existing Netscape
> > server we have lots of groupOfUniqueNames with uniquemembers in
> > them. Netscape's mail server can use these as email groups, and there (I
> > think, though don't hold me on this) are restrictions you can put on
> > these groups that only members in the group can email to the group,
> > etc. My questions is this: Will sendmail work with these groups (or
> > anyother groups stored in LDAP?
> >
> > We are using the default sendmail (at this point anyways) that came with
> > RedHat, in otherwords we have no special LDAP support compiled
> > in. Sendmail currently works with nss_ldap and pam_ldap so it seems to be
> > working with LDAP just fine.
> > Does anybody have any experience with this or suggestions?
> >
> > If we can't get sendmail to use group stored in LDAP for email groups and
> > get some sort of access control on them, we'll be forced to use majordomo
> > or something like that for lists (which won't be near as nice).
> >
> > Also the current groups work for authentication web based services via the
> > auth_ldap apache module, so the solution needs to work with that too.
> >
> > Any thoughts?
> > -jay
> >
> > -----------------------------------------------------------------------------
> > Jay Christner
> > Information Technology Services
> > Goshen College
> > Goshen, IN 46526
> > -----------------------------------------------------------------------------
> >
>
> --
> Chris Winters
> Internet Developer INTES Networking
> cwinters@intes.net http://www.intes.net/
> Integrated hardware/software solutions to make the Internet work for you.
>
-----------------------------------------------------------------------------
Jay Christner
Information Technology Services
Goshen College
Goshen, IN 46526
-----------------------------------------------------------------------------