Sendmail LDAP verification questions
in [Sendmail]
|
Prev: Unable to receive mails on the solaris server
Next: how to restrict 500 messages not to go in mqueue
From: Andrzej Adam Filip on 24 Nov 2009 12:21 Rich Gomes <richgomes(a)gmail.com> wrote: > [...] > Ok, I am confused, I already had those lines in my sendmail.mc file, I > only added the line mentioning the object class. > For reference, here is how it looks currently (sanitized of course): > > LDAPROUTE_DOMAIN(`domain1.com')dnl # what domain to do ldap lookups for. > LDAPROUTE_DOMAIN(`domain2.com')dnl # alternate domain to do ldap lookups for. > LDAPROUTE_DOMAIN(`domain3.com')dnl # alternate domain to do ldap lookups for. > LDAPROUTE_DOMAIN(`domain4.com')dnl # alternate domain to do ldap lookups for. > define(`confLDAP_DEFAULT_SPEC',`-h server.domain1.com -M simple -d "cn=accountname, ou=serviceacountou, ou=administrationou, dc=domain1, dc=com" -P /etc/mail/ldap.passwd -p 389 -b "dc=domain1, dc=com"') > dnl ###Added for Groups verification > define(`LDAPMRA',`ldap -1 -T<TMPF> -v mail -k (&(|(objectclass=user)(objectclass=group))(proxyAddresses=smtp:%0))') > dnl FEATURE(`ldap_routing', `null', LDAPMRA, `bounce') > > Thoughts? "dnl" in m4 language means "comment to end of the line" => You have "commented out" the key FEATURE(`ldap_routing',...) -- [pl>en Andrew] Andrzej Adam Filip : anfi(a)onet.eu : Andrzej.Filip(a)gmail.com I have learned silence from the talkative, toleration from the intolerant, and kindness from the unkind. -- Kahlil Gibran
From: Rich Gomes on 24 Nov 2009 12:34 On Nov 24, 12:21 pm, Andrzej Adam Filip <a...(a)onet.eu> wrote: > Rich Gomes <richgo...(a)gmail.com> wrote: > > [...] > > Ok, I am confused, I already had those lines in my sendmail.mc file, I > > only added the line mentioning the object class. > > For reference, here is how it looks currently (sanitized of course): > > > LDAPROUTE_DOMAIN(`domain1.com')dnl # what domain to do ldap lookups for.. > > LDAPROUTE_DOMAIN(`domain2.com')dnl # alternate domain to do ldap lookups for. > > LDAPROUTE_DOMAIN(`domain3.com')dnl # alternate domain to do ldap lookups for. > > LDAPROUTE_DOMAIN(`domain4.com')dnl # alternate domain to do ldap lookups for. > > define(`confLDAP_DEFAULT_SPEC',`-h server.domain1.com -M simple -d "cn=accountname, ou=serviceacountou, ou=administrationou, dc=domain1, dc=com" -P /etc/mail/ldap.passwd -p 389 -b "dc=domain1, dc=com"') > > dnl ###Added for Groups verification > > define(`LDAPMRA',`ldap -1 -T<TMPF> -v mail -k (&(|(objectclass=user)(objectclass=group))(proxyAddresses=smtp:%0))') > > dnl FEATURE(`ldap_routing', `null', LDAPMRA, `bounce') > > > Thoughts? > > "dnl" in m4 language means "comment to end of the line" > => You have "commented out" the key FEATURE(`ldap_routing',...) > > -- > [pl>en Andrew] Andrzej Adam Filip : a...(a)onet.eu : Andrzej.Fi...(a)gmail.com > I have learned silence from the talkative, > toleration from the intolerant, and kindness from the unkind. > -- Kahlil Gibran See my previous post, having that line in there seems to disable the ldapqueries, thats why it was commented out
From: Erich Titl on 25 Nov 2009 02:28 Rich Rich Gomes wrote: > On Nov 23, 7:45 am, Erich Titl <erich.t...(a)think.ch> wrote: >> Hi >> >> >> >> Rich Gomes wrote: >>> So I have added these two lines to the existing lines in sendmail.mc >>> and compiled it: >>> define(`LDAPMRA',`ldap -1 -T<TMPF> -v mail -k (&(|(objectclass=user) >>> (objectclass=group))(proxyAddresses=smtp:%0))') >>> FEATURE(`ldap_routing', `null', LDAPMRA, `bounce') >>> Having the FEATURE line in there seems to disable any LDAP queries. >>> Commenting it out works but the groups query still does not. >>> The only addresses the query can find is the groups that have had >>> their ExpansionServerhardcoded >>> Should I be adding this in additino to exsting line or replacing >>> existing lines? >>> Thoughts? >> Use ldapsearch to determine the correct syntax for your query. Then >> insert that syntax to your LDAPMRA definition in your .mc file somehow >> like below. >> >> dnl >> dnl LDAP Configuration >> dnl >> define(`confLDAP_DEFAULT_SPEC', `-h "mmmmm.yyy.dom.ain" -b >> "DC=COMPANY,DC=GROUP" -d "CN=mycommon,OU=ressourcen,DC=COMPANY,DC=GROUP" >> -MLDAP_AUTH_SIMPLE -P/etc/mail/ldap_pass')dnl >> dnl >> LDAPROUTE_DOMAIN_FILE(`/etc/mail/ldap_route_domains')dnl >> dnl >> FEATURE(`ldap_routing', `null', `ldap -1 -T<TMPF> -v mail -k >> (&(|(objectclass=user)(objectclass=group))(proxyAddresses=smtp:%0))', >> `bounce')dnl >> >> cheers >> >> Erich > > Ok, I am confused, I already had those lines in my sendmail.mc file, I > only added the line mentioning the object class. > For reference, here is how it looks currently (sanitized of course): > > LDAPROUTE_DOMAIN(`domain1.com')dnl # what domain to do ldap lookups > for. > LDAPROUTE_DOMAIN(`domain2.com')dnl # alternate domain to do ldap > lookups for. > LDAPROUTE_DOMAIN(`domain3.com')dnl # alternate domain to do ldap > lookups for. > LDAPROUTE_DOMAIN(`domain4.com')dnl # alternate domain to do ldap > lookups for. > define(`confLDAP_DEFAULT_SPEC',`-h server.domain1.com -M simple -d > "cn=accountname, ou=serviceacountou, ou=administrationou, dc=domain1, > dc=com" -P /etc/mail/ldap.passwd -p 389 -b "dc=domain1, dc=com"') > dnl ###Added for Groups verification > define(`LDAPMRA',`ldap -1 -T<TMPF> -v mail -k (&(|(objectclass=user) > (objectclass=group))(proxyAddresses=smtp:%0))') > dnl FEATURE(`ldap_routing', `null', LDAPMRA, `bounce') > > Thoughts? You are using multiple LDAPROUTE_DOMAIN definitions. I am not sure if they are all consulted or if the last one just takes precedence. If you need to look up multiple domains I would suggest to use LDAPROUTE_DOMAIN_FILE instead. Look into your .cf file to see if each of the domains are looked up. Also you absolutely need the ldap routing feature, else nothing works. cheers Erich
From: Andrzej Adam Filip on 25 Nov 2009 02:58 Erich Titl <erich.titl(a)think.ch> wrote: > [...] > You are using multiple LDAPROUTE_DOMAIN definitions. I am not sure if > they are all consulted or if the last one just takes precedence. They add name(s) to $={LDAPRoute} class => They accumulate. <quote src="cf/m4/cfhead.m4"> define(`LDAPROUTE_DOMAIN', `PUSHDIVERT(5)C{LDAPRoute}$1 </quote> > If you need to look up multiple domains I would suggest to use > LDAPROUTE_DOMAIN_FILE instead. Look into your .cf file to see if each > of the domains are looked up. It is good idea anyway. > Also you absolutely need the ldap routing feature, else nothing works. AFAIR he uses modified FEATURE(`ldap_routing',...) converted into HACK file. -- [pl>en Andrew] Andrzej Adam Filip : anfi(a)onet.eu : Andrzej.Filip(a)gmail.com Open-Sendmail: http://open-sendmail.sourceforge.net/ A narcissist is someone better looking than you are. -- Gore Vidal
From: Erich Titl on 25 Nov 2009 04:34 Andrzej Adam Filip wrote: > Erich Titl <erich.titl(a)think.ch> wrote: >> [...] >> You are using multiple LDAPROUTE_DOMAIN definitions. I am not sure if >> they are all consulted or if the last one just takes precedence. > > They add name(s) to $={LDAPRoute} class => They accumulate. > > <quote src="cf/m4/cfhead.m4"> > define(`LDAPROUTE_DOMAIN', `PUSHDIVERT(5)C{LDAPRoute}$1 > </quote> > >> If you need to look up multiple domains I would suggest to use >> LDAPROUTE_DOMAIN_FILE instead. Look into your .cf file to see if each >> of the domains are looked up. > > It is good idea anyway. > >> Also you absolutely need the ldap routing feature, else nothing works. > > AFAIR he uses modified FEATURE(`ldap_routing',...) converted into HACK file. > Whoooo.... then why not call it a HACK, I vaguely recall having used this many years ago. http://www.sendmail.org/m4/hacks.html Erich
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 5 Prev: Unable to receive mails on the solaris server Next: how to restrict 500 messages not to go in mqueue |