Re: does sendmail work with ldap groups?

[Stuart Lynne <sl@fireplug.net>]

Just a note that unlike other MTA's exim supports LDAP as a generic lookup
tool. Anywhere in the configuration file that you can specify a string you
can specify a lookup. And the lookup can be an LDAP search URL. 

This means that while exim doesn't directly support any particular mail routing
concept vis a vis LDAP or LDAP groups specifically. But both concepts can be
implemented and used in an exim installation with a little effort.

See www.exim.org for more info on exim.

On Thu, Oct 14, 1999 at 05:18:36PM -0400, Chris Winters wrote:
> Sendmail may support this in the future. See:
> 
>  http://www.stanford.edu/~bbense/Inst.html
>  http://www.stanford.edu/~bbense/ldap/alias_issues
> 
> for people who have made the hack themselves.
> 
> Me, I was a little scared futzing around with Sendmail code in a
> (for me) non-trivial way. So we worked around this problem by rolling
> our own --  an admin can edit groups via a web interface and an entry
> in  /etc/aliases for that group directs the mail to a perl script that
> looks up the group in the LDAP server and sends the mail to the
> necessary people on the list.
> 
> AFAIK, it's working okay. (I haven't received any panicked calls about
> it *not* working :) I'd be happy to share, but there are likely issues
> with doing this on a large scale that I haven't considered. This
> solution works for 80 people in a central office and about a dozen
> scattered around the Washington, D.C. area. Also, this doesn't do any
> sort of authentication checking -- anyone can send a message to any group.
 
 
> > Hi,
> >   I'm in the process of migrating our userbase (~1500 users) from a
> > Netscape Messaging/Directory setup running on WindowsNT to
> > OpenLDAP/Sendmail/pop/IMAP/nss_ldap/pam_ldap running on RedHat Linux.  So
> > far I've gotten everything to work perfectly.  I can send mail, check
> > mail, etc with users only existing in the LDAP servers.  However one big
> > thing I'm missing at this point is groups.  In our existing Netscape
> > server we have lots of groupOfUniqueNames with uniquemembers in
> > them.  Netscape's mail server can use these as email groups, and there (I
> > think, though don't hold me on this) are restrictions you can put on
> > these groups that only members in the group can email to the group,
> > etc.  My questions is this: Will sendmail work with these groups (or
> > anyother groups stored in LDAP?
> >   
> >  We are using the default sendmail (at this point anyways) that came with
> > RedHat, in otherwords we have no special LDAP support compiled
> > in.  Sendmail currently works with nss_ldap and pam_ldap so it seems to be
> > working with LDAP just fine.  
> > Does anybody have any experience with this or suggestions?
> > 
> > If we can't get sendmail to use group stored in LDAP for email groups and
> > get some sort of access control on them, we'll be forced to use majordomo
> > or something like that for lists (which won't be near as nice).
> > 
> > Also the current groups work for authentication web based services via the
> > auth_ldap apache module, so the solution needs to work with that too.

-- 
Stuart Lynne <sl@fireplug.net>                __O 
<http://edge.fireplug.net>                  _-\<,_               604-461-7532
PGP Fingerprint: 28 E2 A0 15 99 62 9A 00   (_)/ (_)   88 EC A3 EE 2D 1C 15 68