Sendmail LDAP routing
Sendmail LDAP routing is working on Karelia with the standard LDAP server.
On the LDAP side, we need the following added to the user object:
objectClass: mailrecipient
mail: user@example.edu
mailHost: mailserver.example.edu
mailRoutingAddress: user@example.edu
All our users already have the mail attribute, but this has to be set specifically for the test domain, as Sendmail will try to do a lookup with, among other things, the mail attribute set to the full domain name. You can have multiple mail attributes if you also have a mailRoutingAddress attribute to specify the canonical address — this way we can have one mail attribute of user@example.edu and another of User.Lastname@example.edu.
On the Sendmail side, I have the following defined in the MC file:
- define(`confLDAP_DEFAULT_SPEC’, `-h ldap.example.edu -b ou=People,dc=example,dc=edu -d uid=search,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot -P /etc/mail/ldappass’) — this defines how to contact LDAP, including the server and the special searching user. The file /etc/mail/ldappass contains the password for the searching DN and is given restrictive permissions.
- FEATURE(`ldap_routing’, `ldap -1 -T -v mailHost -k (&(objectClass=mailrecipient)(mail=%0))’,`ldap -1 -T -v mailRoutingAddress -k (&(objectClass=mailrecipient)(mail=%0))’,`reject’,`preserve’) — this defines how to verify users for LDAP routing. We search for users with the object class of mailrecipient (as above) with the mail attribute from the recipient address and ask for both the mailRoutingAddress and mailHost attributes. If we don’t find the recipient address this way, we reject the message (the alternative to reject would be passthru to fall back on to other local ways of determining the mailbox). The preserve directive tells Sendmail what to do with user+detail addresses — in this case, it preserves the +detail for appending to the mailbox part of the mailRoutingAddress value.
- LDAPROUTE_DOMAIN (`example.edu’)
I have not yet gotten to putting maps (aliases, access, etc.) into LDAP. That’s the next step. This just gets us the routing portions.
Posted by Rowan Littell at September 21, 2004 02:35 PM