[Date Prev][Date Next]
Re: " Email routing: ldap-support-on-sendmail"
Thanks Stuart for your very comprehensive explanation on using ldap on
According to your configuration details I tried to get sendmail on my mail hub
to bind with the
ldap server for email routing, but with no success! Someone please help me
here! The following
is what I did to the mail hub which also has the LDAP client installed and
configured correctly in
ldapd.conf even though I do not think it is necessary with the Kvirtuser
ldapx.....thing in sendmail.
Number 1) IFirst I successfully compiled sendmail with LDAP.
(vi /sendmail-8.9.3/BuildTools/OS/SunOS.5.7). The following modifications were
completed prior to compile.
define(`confMAPDEF', `-DNDBM -DNEWDB -DLDAPMAP')
define(`confINCDIRS', `-I/usr/local/bind/include -I/usr/local/include
define(`confLIBDIRS', `-L/usr/local/bind/lib -L/usr/local/lib
define(`confLIBS', `-lbind -lsocket -lnsl -lkstat -ldb -lldap -llber')
Number 2) After compile and generating the sendmail.cf file for general
configuration I added
the following to sendmail.cf manually after the "Kdequote quote" line,
Kvirtuser ldapx -b "o=fsas, c=JP" -h "ldaptest.domain1.co.jp" -k "(mail=%s)"
and the domain name at Cw like this,
Cw localhost domain1.co.jp
While doing a manual ldapsearch on the mail hub using the ldap client instal
ldapsearch -L "email@example.com"
returns an answer from the ldap server meanwhile Kvirtuser.....in sendmail
does not even attempt to connect to the ldap server.
Checking the bat book, it says that the following K switched can be used with
-a, -f, -m, -N, -O, -o, -q
and the following special switches:
-b, -h, -l, -n, -p, -R, -s.
As you can see there is no mention of using the -k and -v switches with
LDAPX. Is this a matter of concern?? What switches should I use?
Thanks in advance for any help,
At 12:49 99/11/19 +0000, you wrote:
> > This coming Sunday(Yes, Ldap is taking over my Sundays now too!),
> Hopefully this will be the last Sunday you spend on this to
> get it up and running.
> > Question 1) I can't locate the Virtuser table in sendmail.cf to position
> > Kvirtususer ldapx..................... line. Can you please give me a key
> > ord which will take me to the right place in sendmail.cf using "find"?
> I would put it with any other lines beginning with the
> letter K, but it doesn't really matter, so long as it's somewhere
> in the main section, i.e. before the rulesets (starting S...)
> The comment I referred to is generated by the m4 macros, so it's
> probably different for your cf build system.
> > Question 2)Is the domain defined in "Cw" or "Cd". The bat book says
> > that "Cd" is where you put the domain and "Cw" the host name, whereas
> > you put the domain in "Cw"??
> Cw defines the domain names the machine will accept mail for.
> Use of virtusertable on Sendmail requires that the domains are
> treated as local. I haven't defined a Cd macro in any of my
> sendmail installations.
> Note that, if a lookup "user@domain" is not found in the
> virtual map, delivery will fallback to "user" on the local
> system or aliases before rejecting the mail. So, if you
> have usernames that must work all the time, even when the
> LDAP server is down (for example, maybe postmaster) it
> may be wise to list them in aliases.
> I hope this helps - once you have it working it will be a lot
> easier to understand how it ties together. I am currently using
> LDAP-based delivery for around 10000 mailboxes, it's been
> working pretty stable for a couple of months with Sendmail
> and about a month with Postfix. (I moved to Postfix since it
> has an excellent security architecture, runs deliveries in
> parallel up to predefined per-destination concurrency limits
> which means it is extremely fast, and has excellent
> anti-spam and address rewriting facilities).
> What you will discover once you see it in operations is that
> the attribute names you choose for your schema will not matter
> too much. The schema is more for your benefit than the mail
> systems; all LDAP-based mailers I have used allow a good
> degree of flexibility in choosing your schema since this is
> usually a local decision based more on the ldap server and
> desktop clients which need to access it (for example,
> Outlook or Netscape's address book). For ease of integration
> with many of these applications it is beneficial to use the
> attribute "mail" as the email address, since in most cases
> that is the default. I changed my database to use "mail"
> rather than "mailalternateaddress" for this very reason.
> It is much easier to do that before the system is live :-)
> Kind regards
> Stuart Henderson
> Postmaster, Eclipse Networking Ltd.