Sendmail LDAP verification questions
in [Sendmail]
|
Prev: Unable to receive mails on the solaris server
Next: how to restrict 500 messages not to go in mqueue
From: Andrzej Adam Filip on 12 Nov 2009 09:22 Erich Titl <erich.titl(a)think.ch> wrote: > Andrzej Adam Filip wrote: >> Erich Titl <erich.titl(a)think.ch> wrote: >>> Hi >>> >>> a tad late, but nevetheless.... >>> >>> Rich Gomes wrote: >>>> On Nov 5, 4:24 pm, Rich Gomes <richgo...(a)gmail.com> wrote: >>>>> I have been testing out the following Sendmail and Active Directory >>>>> verification configuration:http://www.shocknetwork.com/forum/post35.html >>>>> >>> I have not looked into that hack, so I don't know why it is needed at >>> all.... >>> >>>>> Works very well with two exceptions. Hoping someone can help. >>>>> >>>>> Queries against groups (with known SMTP addresses) fails with 'User >>>>> Unknown' (same as an invalid user) >>>>> How can I get it to query Groups as well as users? >>> Typically by modifying the ldap lookup. >>> >>> This here works for me.... >>> >>> # LDAP routing maps >>> Kldapmh null >>> >>> Kldapmra ldap -1 -T<TMPF> -v mail -k >>> (&(|(objectclass=user)(objectclass=group))(proxyAddresses=smtp:%0)) >> >> Do you mean the following >> define(`LDAPMRA',`ldap -1 -T<TMPF> -v mail -k (&(|(objectclass=user)(objectclass=group))(proxyAddresses=smtp:%0))') >> FEATURE(`ldap_routing', `null', LDAPMRA, `bounce') > > in m4speak, yes Do you expect most people asking/searching for help here to be highly `m4 literate'? I do not :-) -- [pl>en Andrew] Andrzej Adam Filip : anfi(a)onet.eu : Andrzej.Filip(a)gmail.com Open-Sendmail: http://open-sendmail.sourceforge.net/ Rumor travels faster, but it don't stay put as long as truth. -- Will Rogers (1879-1935)
From: Erich Titl on 12 Nov 2009 10:57 Andrzej Adam Filip wrote: > Erich Titl <erich.titl(a)think.ch> wrote: >> Andrzej Adam Filip wrote: >>> Erich Titl <erich.titl(a)think.ch> wrote: >>>> Hi >>>> >>>> a tad late, but nevetheless.... >>>> >>>> Rich Gomes wrote: >>>>> On Nov 5, 4:24 pm, Rich Gomes <richgo...(a)gmail.com> wrote: >>>>>> I have been testing out the following Sendmail and Active Directory >>>>>> verification configuration:http://www.shocknetwork.com/forum/post35.html >>>>>> >>>> I have not looked into that hack, so I don't know why it is needed at >>>> all.... >>>> >>>>>> Works very well with two exceptions. Hoping someone can help. >>>>>> >>>>>> Queries against groups (with known SMTP addresses) fails with 'User >>>>>> Unknown' (same as an invalid user) >>>>>> How can I get it to query Groups as well as users? >>>> Typically by modifying the ldap lookup. >>>> >>>> This here works for me.... >>>> >>>> # LDAP routing maps >>>> Kldapmh null >>>> >>>> Kldapmra ldap -1 -T<TMPF> -v mail -k >>>> (&(|(objectclass=user)(objectclass=group))(proxyAddresses=smtp:%0)) >>> Do you mean the following >>> define(`LDAPMRA',`ldap -1 -T<TMPF> -v mail -k (&(|(objectclass=user)(objectclass=group))(proxyAddresses=smtp:%0))') >>> FEATURE(`ldap_routing', `null', LDAPMRA, `bounce') >> in m4speak, yes > > Do you expect most people asking/searching for help here to be highly > `m4 literate'? I do not :-) > Naaahh ... so sorry
From: Rich Gomes on 19 Nov 2009 11:14 So I have added these two lines to the existing lines in sendmail.mc and compiled it: define(`LDAPMRA',`ldap -1 -T<TMPF> -v mail -k (&(|(objectclass=user) (objectclass=group))(proxyAddresses=smtp:%0))') FEATURE(`ldap_routing', `null', LDAPMRA, `bounce') Having the FEATURE line in there seems to disable any LDAP queries. Commenting it out works but the groups query still does not. The only addresses the query can find is the groups that have had their ExpansionServerhardcoded Should I be adding this in additino to exsting line or replacing existing lines? Thoughts?
From: Erich Titl on 23 Nov 2009 07:45 Hi Rich Gomes wrote: > So I have added these two lines to the existing lines in sendmail.mc > and compiled it: > > define(`LDAPMRA',`ldap -1 -T<TMPF> -v mail -k (&(|(objectclass=user) > (objectclass=group))(proxyAddresses=smtp:%0))') > FEATURE(`ldap_routing', `null', LDAPMRA, `bounce') > > Having the FEATURE line in there seems to disable any LDAP queries. > Commenting it out works but the groups query still does not. > The only addresses the query can find is the groups that have had > their ExpansionServerhardcoded > > Should I be adding this in additino to exsting line or replacing > existing lines? > > > Thoughts? Use ldapsearch to determine the correct syntax for your query. Then insert that syntax to your LDAPMRA definition in your .mc file somehow like below. dnl dnl LDAP Configuration dnl define(`confLDAP_DEFAULT_SPEC', `-h "mmmmm.yyy.dom.ain" -b "DC=COMPANY,DC=GROUP" -d "CN=mycommon,OU=ressourcen,DC=COMPANY,DC=GROUP" -MLDAP_AUTH_SIMPLE -P/etc/mail/ldap_pass')dnl dnl LDAPROUTE_DOMAIN_FILE(`/etc/mail/ldap_route_domains')dnl dnl FEATURE(`ldap_routing', `null', `ldap -1 -T<TMPF> -v mail -k (&(|(objectclass=user)(objectclass=group))(proxyAddresses=smtp:%0))', `bounce')dnl cheers Erich
From: Rich Gomes on 24 Nov 2009 10:56 On Nov 23, 7:45 am, Erich Titl <erich.t...(a)think.ch> wrote: > Hi > > > > Rich Gomes wrote: > > So I have added these two lines to the existing lines in sendmail.mc > > and compiled it: > > > define(`LDAPMRA',`ldap -1 -T<TMPF> -v mail -k (&(|(objectclass=user) > > (objectclass=group))(proxyAddresses=smtp:%0))') > > FEATURE(`ldap_routing', `null', LDAPMRA, `bounce') > > > Having the FEATURE line in there seems to disable any LDAP queries. > > Commenting it out works but the groups query still does not. > > The only addresses the query can find is the groups that have had > > their ExpansionServerhardcoded > > > Should I be adding this in additino to exsting line or replacing > > existing lines? > > > Thoughts? > > Use ldapsearch to determine the correct syntax for your query. Then > insert that syntax to your LDAPMRA definition in your .mc file somehow > like below. > > dnl > dnl LDAP Configuration > dnl > define(`confLDAP_DEFAULT_SPEC', `-h "mmmmm.yyy.dom.ain" -b > "DC=COMPANY,DC=GROUP" -d "CN=mycommon,OU=ressourcen,DC=COMPANY,DC=GROUP" > -MLDAP_AUTH_SIMPLE -P/etc/mail/ldap_pass')dnl > dnl > LDAPROUTE_DOMAIN_FILE(`/etc/mail/ldap_route_domains')dnl > dnl > FEATURE(`ldap_routing', `null', `ldap -1 -T<TMPF> -v mail -k > (&(|(objectclass=user)(objectclass=group))(proxyAddresses=smtp:%0))', > `bounce')dnl > > cheers > > Erich Ok, I am confused, I already had those lines in my sendmail.mc file, I only added the line mentioning the object class. For reference, here is how it looks currently (sanitized of course): LDAPROUTE_DOMAIN(`domain1.com')dnl # what domain to do ldap lookups for. LDAPROUTE_DOMAIN(`domain2.com')dnl # alternate domain to do ldap lookups for. LDAPROUTE_DOMAIN(`domain3.com')dnl # alternate domain to do ldap lookups for. LDAPROUTE_DOMAIN(`domain4.com')dnl # alternate domain to do ldap lookups for. define(`confLDAP_DEFAULT_SPEC',`-h server.domain1.com -M simple -d "cn=accountname, ou=serviceacountou, ou=administrationou, dc=domain1, dc=com" -P /etc/mail/ldap.passwd -p 389 -b "dc=domain1, dc=com"') dnl ###Added for Groups verification define(`LDAPMRA',`ldap -1 -T<TMPF> -v mail -k (&(|(objectclass=user) (objectclass=group))(proxyAddresses=smtp:%0))') dnl FEATURE(`ldap_routing', `null', LDAPMRA, `bounce') Thoughts?
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 5 Prev: Unable to receive mails on the solaris server Next: how to restrict 500 messages not to go in mqueue |