ProblemYou have been asked to configure sendmail to read the mailertable from an LDAP server. SolutionOn the LDAP server, add support for the sendmail.schema file to the LDAP configuration. Recipe 1.3 shows an example of how this is done on a server running OpenLDAP. On the LDAP server, create an LDIF file containing mailertable data formatted according to the sendmail schema sendmailMTAMap object class. Add the mailertable data to the LDAP database using ldapadd . On the sendmail host, run the sendmail -bt -d0.1 command to check for the string LDAPMAP in the "Compiled with:" list. If it is there, sendmail includes LDAP support and is ready to run. If it is not listed there, recompile and reinstall sendmail as described in Recipe 1.3. Create a sendmail configuration that includes the mailertable feature. Add the string LDAP to the mailertable FEATURE command to direct sendmail to read the mailertable from an LDAP server. Set the confLDAP_CLUSTER define to the same value used for the sendmailMTACluster attribute in the mailertable records. Here are sample configuration lines: dnl Set the LDAP cluster value define(`confLDAP_CLUSTER', `wrotethebook.com') dnl Read the mailertable via LDAP FEATURE(`mailertable', `LDAP') Build the sendmail.cf file, copy it to /etc/mail , and restart sendmail. Recipe 1.8 provides an example. DiscussionThe mailertable data is first entered into an LDIF file. This example adds one mailertable record from each of the databases used in Recipe 5.1 and Recipe 5.2 for a total of two data records: # cat > ldap-mailer dn: sendmailMTAMapName=mailer, dc=wrotethebook, dc=com objectClass: sendmailMTA objectClass: sendmailMTAMap sendmailMTACluster: wrotethebook.com sendmailMTAMapName: mailer dn: sendmailMTAKey=fakeu.edu, sendmailMTAMapName=mailer, dc=wrotethebook, dc=com objectClass: sendmailMTA objectClass: sendmailMTAMap objectClass: sendmailMTAMapObject sendmailMTAMapName: mailer sendmailMTACluster: wrotethebook.com sendmailMTAKey: fakeu.edu sendmailMTAMapValue: smtp8:mail.fakeu.edu dn: sendmailMTAKey=oldname.ora.com, sendmailMTAMapName=mailer, dc=wrotethebook, dc=com objectClass: sendmailMTA objectClass: sendmailMTAMap objectClass: sendmailMTAMapObject sendmailMTAMapName: mailer sendmailMTACluster: wrotethebook.com sendmailMTAKey: oldname.ora.com sendmailMTAMapValue: error:5.7.1:550 oldname.ora.com is out of service Ctrl-D # ldapadd -x -D "cn=Manager,dc=wrotethebook,dc=com" \ > -W -f ldap-mailer Enter LDAP Password: SecretLDAPpassword adding new entry "sendmailMTAMapName=mailer, dc=wrotethebook, dc=com" adding new entry "sendmailMTAKey=fakeu.edu, sendmailMTAMapName=mailer, dc=wrotethebook, dc=com" adding new entry "sendmailMTAKey=oldname.ora.com, sendmailMTAMapName=mailer, dc=wrotethebook, dc=com" Each LDAP mailertable record is formatted according to the sendmail schema. The internal sendmail.cf map name for the mailertable , which is mailer , is assigned to the sendmailMTAMapName attribute by the first LDAP record. After the map name is defined, data can be associated with that map name. The next two LDAP records contain the actual mailertable data. Both of those records define a mailertable key using the sendmailMTAKey attribute and the return value associated with that key using the sendmailMTAMapValue attribute. Thus, the: fakeu.edu smtp8:mail.fakeu.edu mailertable entry from Recipe 5.1 becomes the following LDAP record: dn: sendmailMTAKey=fakeu.edu, sendmailMTAMapName=mailer, dc=wrotethebook, dc=com objectClass: sendmailMTA objectClass: sendmailMTAMap objectClass: sendmailMTAMapObject sendmailMTAMapName: mailer sendmailMTACluster: wrotethebook.com sendmailMTAKey: fakeu.edu sendmailMTAMapValue: smtp8:mail.fakeu.edu After running the ldapadd command to add the LDIF data to the LDAP database, use ldapsearch to examine the results: [4]
# ldapsearch -LLL -x '(sendmailMTAMapName=mailer)' sendmailMTAMapValue dn: sendmailMTAMapName=mailer, dc=wrotethebook, dc=com dn: sendmailMTAKey=fakeu.edu, sendmailMTAMapName=mailer, dc=wrotethebook, dc=com sendmailMTAMapValue: smtp8:mail.fakeu.edu dn: sendmailMTAKey=oldname.ora.com, sendmailMTAMapName=mailer, dc=wrotethebook, dc=com sendmailMTAMapValue: error:5.7.1:550 oldname.ora.com is out of service The LDAP database is ready. Now sendmail must be configured to use it. The sendmail schema defines two attributes that specify the scope of an LDAP record. The scope of a record can be either a single host, as indicated by the presence of a sendmailMTAHost attribute, or a group of hosts called a cluster , as indicated by the use of a sendmailMTACluster attribute. The records in this recipe all use the sendmailMTACluster attribute. Use the confLDAP_CLUSTER define to tell sendmail the cluster name. If the confLDAP_CLUSTER define is not used, sendmail only retrieves LDAP records with a sendmailMTAHost attribute set to the fully qualified hostname of the sendmail host, which, in this case, would not match any of the LDAP records and thus would return no mailertable values. If the sendmailMTACluster attribute is used in the LDAP records that you need, you must use the confLDAP_CLUSTER define. If you don't intend to use the confLDAP_CLUSTER define, the LDAP records must use the sendmailMTAHost attribute. The string LDAP in the mailertable FEATURE command tells sendmail to read the mailertable data from the LDAP server using the standard sendmail schema. Rerunning tests from earlier recipes show that the mailertable works the same whether it is read from a local database or an LDAP server. After completing this recipe, rerunning the test from Recipe Recipe 5.1 shows the same result as the original test: # sendmail -bv -Cgeneric-linux.cf jeff@fakeu.edu jeff@fakeu.edu... deliverable: mailer esmtp, host fakeu.edu., user jeff@fakeu.edu # sendmail -bv jeff@fakeu.edu jeff@fakeu.edu... deliverable: mailer smtp8, host mail.fakeu.edu, user jeff@fakeu.edu Rerunning the test from Recipe 5.2 also shows the correct result: # sendmail -bv richard@oldname.ora.com richard@oldname.ora.com... oldname.ora.com is out of service In fact, any record that can be entered into a local mailertable database can be entered into LDAP and retrieved from the LDAP server, and it will work exactly as expected. See AlsoRecipe 5.1 and Recipe 5.2 explain the mailertable records used in this recipe. Recipe 4.14 and Recipe 5.8 provide additional examples of using LDAP for sendmail databases. The cf/README file covers this topic in the Section Using LDAP for Aliases, Maps, and Classes . The sendmail book covers the mailertable in Section 4.8.24 and the confLDAP_CLUSTER define in Section 21.9.82. |