[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: " Email routing: ldap-support-on-sendmail"

Thanks Stuart for your very comprehensive explanation on using ldap on
According to your configuration details I tried to get sendmail on my mail hub
to bind with the
ldap server for email routing, but with no success!  Someone please help me 
here! The following
is what I did to the mail hub which also has the LDAP client installed and
configured correctly in
ldapd.conf even though I do not think it is necessary with the Kvirtuser
ldapx.....thing in sendmail.
Number 1) IFirst I successfully compiled sendmail with LDAP.
(vi /sendmail-8.9.3/BuildTools/OS/SunOS.5.7). The following modifications were
completed prior to compile.


define(`confINCDIRS', `-I/usr/local/bind/include -I/usr/local/include

define(`confLIBDIRS', `-L/usr/local/bind/lib -L/usr/local/lib

define(`confLIBS', `-lbind -lsocket -lnsl -lkstat -ldb -lldap -llber')

Number 2) After compile and generating the sendmail.cf file for general
configuration I added
the following to sendmail.cf manually after the "Kdequote quote" line,

Kvirtuser ldapx -b "o=fsas, c=JP" -h "ldaptest.domain1.co.jp" -k "(mail=%s)"


and the domain name at Cw like this,

Cw localhost domain1.co.jp

While doing a manual ldapsearch on the mail hub using the ldap client instal
ldapsearch -L "mail=user1@domain1.co.jp"
returns an answer from the ldap server  meanwhile Kvirtuser.....in sendmail 
does not even attempt to connect to the ldap server.
Checking the bat book, it says that the following K switched can be used with
-a, -f, -m, -N, -O, -o, -q
and the following special switches:
-b, -h, -l, -n, -p, -R, -s.

As you can see there is no mention of using the -k and -v switches with
LDAPX.  Is this a matter of concern??  What switches should I use?

Thanks in advance for any help,

At 12:49 99/11/19 +0000, you wrote:
> >  This coming Sunday(Yes, Ldap is taking over my Sundays now too!),
> Hopefully this will be the last Sunday you spend on this to
> get it up and running.
> > Question 1) I can't locate the Virtuser table in sendmail.cf to position
> > Kvirtususer ldapx..................... line.  Can you please give me a key
> > ord which will take me to the right place in sendmail.cf using "find"?
> I would put it with any other lines beginning with the
> letter K, but it doesn't really matter, so long as it's somewhere 
> in the main section, i.e. before the rulesets (starting S...)
> The comment I referred to is generated by the m4 macros, so it's
> probably different for your cf build system.
> > Question 2)Is the domain defined in "Cw" or "Cd". The bat book says
> >  that "Cd" is where you put the domain and "Cw" the host name, whereas
> > you put the domain in "Cw"??
> Cw defines the domain names the machine will accept mail for.
> Use of virtusertable on Sendmail requires that the domains are
> treated as local. I haven't defined a Cd macro in any of my
> sendmail installations.
> Note that, if a lookup "user@domain" is not found in the
> virtual map, delivery will fallback to "user" on the local
> system or aliases before rejecting the mail. So, if you 
> have usernames that must work all the time, even when the 
> LDAP server is down (for example, maybe postmaster) it 
> may be wise to list them in aliases.
> I hope this helps - once you have it working it will be a lot
> easier to understand how it ties together. I am currently using
> LDAP-based delivery for around 10000 mailboxes, it's been
> working pretty stable for a couple of months with Sendmail
> and about a month with Postfix. (I moved to Postfix since it
> has an excellent security architecture, runs deliveries in 
> parallel up to predefined per-destination concurrency limits
> which means it is extremely fast, and has excellent 
> anti-spam and address rewriting facilities).
> What you will discover once you see it in operations is that
> the attribute names you choose for your schema will not matter
> too much. The schema is more for your benefit than the mail
> systems; all LDAP-based mailers I have used allow a good
> degree of flexibility in choosing your schema since this is 
> usually a local decision based more on the ldap server and
> desktop clients which need to access it (for example,
> Outlook or Netscape's address book). For ease of integration
> with many of these applications it is beneficial to use the 
> attribute "mail" as the email address, since in most cases
> that is the default. I changed my database to use "mail"
> rather than "mailalternateaddress" for this very reason.
> It is much easier to do that before the system is live :-)
> Kind regards
> Stuart
> -- 
>   Stuart Henderson
>   Postmaster, Eclipse Networking Ltd.