Recipe 5.5 Reading the mailertable via LDAP

Previous page
Table of content
Next page

Problem

You have been asked to configure sendmail to read the mailertable from an LDAP server.

Solution

On the LDAP server, add support for the sendmail.schema file to the LDAP configuration. Recipe 1.3 shows an example of how this is done on a server running OpenLDAP.

On the LDAP server, create an LDIF file containing mailertable data formatted according to the sendmail schema sendmailMTAMap object class. Add the mailertable data to the LDAP database using ldapadd .

On the sendmail host, run the sendmail -bt -d0.1 command to check for the string LDAPMAP in the "Compiled with:" list. If it is there, sendmail includes LDAP support and is ready to run. If it is not listed there, recompile and reinstall sendmail as described in Recipe 1.3.

Create a sendmail configuration that includes the mailertable feature. Add the string LDAP to the mailertable FEATURE command to direct sendmail to read the mailertable from an LDAP server. Set the confLDAP_CLUSTER define to the same value used for the sendmailMTACluster attribute in the mailertable records. Here are sample configuration lines: 

 dnl Set the LDAP cluster value define(`confLDAP_CLUSTER', `wrotethebook.com') dnl Read the mailertable via LDAP FEATURE(`mailertable', `LDAP')

Build the sendmail.cf file, copy it to /etc/mail , and restart sendmail. Recipe 1.8 provides an example.

Discussion

The mailertable data is first entered into an LDIF file. This example adds one mailertable record from each of the databases used in Recipe 5.1 and Recipe 5.2 for a total of two data records: 

 #  cat > ldap-mailer   dn: sendmailMTAMapName=mailer, dc=wrotethebook, dc=com   objectClass: sendmailMTA   objectClass: sendmailMTAMap   sendmailMTACluster: wrotethebook.com   sendmailMTAMapName: mailer   dn: sendmailMTAKey=fakeu.edu, sendmailMTAMapName=mailer, dc=wrotethebook, dc=com   objectClass: sendmailMTA   objectClass: sendmailMTAMap   objectClass: sendmailMTAMapObject   sendmailMTAMapName: mailer   sendmailMTACluster: wrotethebook.com   sendmailMTAKey: fakeu.edu   sendmailMTAMapValue: smtp8:mail.fakeu.edu   dn: sendmailMTAKey=oldname.ora.com, sendmailMTAMapName=mailer, dc=wrotethebook, dc=com   objectClass: sendmailMTA   objectClass: sendmailMTAMap   objectClass: sendmailMTAMapObject   sendmailMTAMapName: mailer   sendmailMTACluster: wrotethebook.com   sendmailMTAKey: oldname.ora.com   sendmailMTAMapValue: error:5.7.1:550 oldname.ora.com is out of service   Ctrl-D  #  ldapadd -x -D "cn=Manager,dc=wrotethebook,dc=com" \   > -W -f ldap-mailer  Enter LDAP Password:  SecretLDAPpassword  adding new entry "sendmailMTAMapName=mailer, dc=wrotethebook, dc=com" adding new entry "sendmailMTAKey=fakeu.edu, sendmailMTAMapName=mailer,  dc=wrotethebook, dc=com" adding new entry "sendmailMTAKey=oldname.ora.com, sendmailMTAMapName=mailer,  dc=wrotethebook, dc=com"

Each LDAP mailertable record is formatted according to the sendmail schema. The internal sendmail.cf map name for the mailertable , which is mailer , is assigned to the sendmailMTAMapName attribute by the first LDAP record. After the map name is defined, data can be associated with that map name. The next two LDAP records contain the actual mailertable data. Both of those records define a mailertable key using the sendmailMTAKey attribute and the return value associated with that key using the sendmailMTAMapValue attribute. Thus, the: 

 fakeu.edu        smtp8:mail.fakeu.edu

mailertable entry from Recipe 5.1 becomes the following LDAP record: 

 dn: sendmailMTAKey=fakeu.edu, sendmailMTAMapName=mailer, dc=wrotethebook, dc=com objectClass: sendmailMTA objectClass: sendmailMTAMap objectClass: sendmailMTAMapObject sendmailMTAMapName: mailer sendmailMTACluster: wrotethebook.com sendmailMTAKey: fakeu.edu sendmailMTAMapValue: smtp8:mail.fakeu.edu

After running the ldapadd command to add the LDIF data to the LDAP database, use ldapsearch to examine the results: [4]

[4] If ldapsearch requires -h and -b values, those same values must be defined for sendmail using confLDAP_DEFAULT_SPEC , as shown in Recipe 5.9. 

 #  ldapsearch -LLL -x '(sendmailMTAMapName=mailer)' sendmailMTAMapValue  dn: sendmailMTAMapName=mailer, dc=wrotethebook, dc=com dn: sendmailMTAKey=fakeu.edu, sendmailMTAMapName=mailer, dc=wrotethebook, dc=com sendmailMTAMapValue: smtp8:mail.fakeu.edu dn: sendmailMTAKey=oldname.ora.com, sendmailMTAMapName=mailer, dc=wrotethebook,  dc=com sendmailMTAMapValue: error:5.7.1:550 oldname.ora.com is out of service

The LDAP database is ready. Now sendmail must be configured to use it.

The sendmail schema defines two attributes that specify the scope of an LDAP record. The scope of a record can be either a single host, as indicated by the presence of a sendmailMTAHost attribute, or a group of hosts called a cluster , as indicated by the use of a sendmailMTACluster attribute. The records in this recipe all use the sendmailMTACluster attribute. Use the confLDAP_CLUSTER define to tell sendmail the cluster name. If the confLDAP_CLUSTER define is not used, sendmail only retrieves LDAP records with a sendmailMTAHost attribute set to the fully qualified hostname of the sendmail host, which, in this case, would not match any of the LDAP records and thus would return no mailertable values. If the sendmailMTACluster attribute is used in the LDAP records that you need, you must use the confLDAP_CLUSTER define. If you don't intend to use the confLDAP_CLUSTER define, the LDAP records must use the sendmailMTAHost attribute.

The string LDAP in the mailertable FEATURE command tells sendmail to read the mailertable data from the LDAP server using the standard sendmail schema. Rerunning tests from earlier recipes show that the mailertable works the same whether it is read from a local database or an LDAP server. After completing this recipe, rerunning the test from Recipe Recipe 5.1 shows the same result as the original test: 

 #  sendmail -bv -Cgeneric-linux.cf jeff@fakeu.edu  jeff@fakeu.edu... deliverable: mailer esmtp, host fakeu.edu., user jeff@fakeu.edu #  sendmail -bv jeff@fakeu.edu  jeff@fakeu.edu... deliverable: mailer smtp8, host mail.fakeu.edu, user jeff@fakeu.edu

Rerunning the test from Recipe 5.2 also shows the correct result: 

 #  sendmail -bv richard@oldname.ora.com  richard@oldname.ora.com... oldname.ora.com is out of service

In fact, any record that can be entered into a local mailertable database can be entered into LDAP and retrieved from the LDAP server, and it will work exactly as expected.

See Also

Recipe 5.1 and Recipe 5.2 explain the mailertable records used in this recipe. Recipe 4.14 and Recipe 5.8 provide additional examples of using LDAP for sendmail databases. The cf/README file covers this topic in the Section Using LDAP for Aliases, Maps, and Classes . The sendmail book covers the mailertable in Section 4.8.24 and the confLDAP_CLUSTER define in Section 21.9.82.


Previous page
Table of content
Next page
Sendmail Cookbook
sendmail Cookbook
ISBN: 0596004710
EAN: 2147483647
Year: 2005
Pages: 178
Authors: Craig Hunt
BUY ON AMAZON
Beginning Cryptography with Java
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
Introduction to 80x86 Assembly Language and Computer Architecture
Information Dashboard Design: The Effective Visual Communication of Data
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy