[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP/mail interaction

To: OpenLDAP-software@OpenLDAP.org
Subject: Re: LDAP/mail interaction
From: David J N Begley <david@avarice.nepean.uws.edu.au>
Date: Thu, 15 Jul 1999 20:55:00 +1000 (EST)
In-reply-to: <004f01bece0f$64aaa990$0db03f8b@triade.research.kpn.com>

On Wed, 14 Jul 1999, Wilbert de Graaf wrote:

> Isn't it true that if you change you're OS to use LDAP instead of
> /etc/passwd or NIS, SendMail automatically uses LDAP.

Errm.. kind of, but not exactly.  If you reconfigure your operating system's
naming/lookup service then yes Sendmail could automatically (does for
NSS-based systems like Solaris, Linux glibc2 and newer HP-UX) do lookups of
user information via LDAP - but for some other maps you need to configure
Sendmail especially to use LDAP (I think aliases is the primary one).  You
could use the "mail500" tool, or build LDAP support directly into Sendmail.

> The OS will verify username/password against LDAP and also the ~ will get
> from LDAP right ?

To verify login/password against a remote directory service (such as LDAP) you
need to have a configurable authentication system (such as PAM - pluggable
authentication modules);  Solaris (2.6 and 7), most modern Linux systems and
the latest HP-UX (11.0?) support PAM.  Digital/Compaq Tru64 UNIX has something
called SIA (?) that is an equivalent.

To redirect naming/lookup services you need (surprise, surprise) a
configurable naming service in your operating system.  Solaris, Linux's
glibc2 and the latest HP-UX support Sun's NSS (name service switch);  again,
Tru64 UNIX apparently has an equivalent (again, SIA?).  This way, tilde
expansion (~<login>) will use the remote directory service (eg., LDAP).

> I heard it's possible to do this on both Linix and Irix but didn't try it
> myself.

Definitely possible;  for an example of a project currently using PAM and NSS
with LDAP (in this case it's Solaris):

  http://www.nepean.uws.edu.au/users/david/qn99/

On Wed, 14 Jul 1999, Jeff Clowser wrote:

> First, I'm doing this to help a friend at a University -really no money to
> build this, so have to use existing hardware and free software. This ends up
> being Irix/SGI machines.

The above project is within a university - software chosen due (in large part)
to cost.  No additional hardware.  Free software abounds (PAM module, NSS
module - even OpenLDAP was used at one point!).

> I looked on PADL, and it only lists Linux and Solaris - if you or anyone has
> pointers to how to do it on IRIX or where to find info, that would be a
> great help.

The above project is using the PADL code on Solaris machines.  The PADL site
mentions IRIX here:

  http://www.padl.com/software.html

Presumably this means the LDAP C library is built into IRIX 6.5 (a la Solaris
7).  PADL's NSS source code includes references to IRIX 5.x and 6.x.

Cheers..

dave

References:
- Re: LDAP/mail interaction
  - From: Wilbert de Graaf <w.degraaf@hetnet.nl>

Prev by Date: Pulling LDAP data into ODBC data source (PS Enlist-like)
Next by Date: Re: LDAP/mail interaction
Index(es):
- Chronological
- Thread