The Lightweight Directory Access
Protocol (LDAP) enables servers
to share static information. Combining Sendmail and LDAP increases
the speed and efficiency at which network information is collected
and displayed.
Sendmail supports the use of the LDAP protocol to look up
addresses. The ldapx class, which is a database, is used to look up
items in the LDAP directory service. The Sendmail configuration file contains the syntax required
to enable the LDAP protocol to perform address lookups.
Enabling
Address Lookups Using LDAP |
 |
When you
enable LDAP support, LDAP will look up login names, then return
the e-mail address for that user. To enable this, you must modify the sendmail.cf file.
The following steps describe how to enable address lookup
using LDAP:
Open the sendmail.cf file.
Uncomment the following ruleset:
#R$+ < @ $+ > $: $: $(ldap $1 $: $1<@$2>$) ldap support |
Uncomment the following line:
Kldap dapx -k”uid=%s” -v”mail” -htest.india.hp.com” -b”organization, c=US” |
This enables the LDAP protocol to perform lookups. These lookups
are defined entirely by the switches specified. In the previous
example, -k and -v are the switch options.
The -k switch defines how the map takes its input value
and constructs the LDAP search. The -v switch is the value that replaces the original string
in the map. In most cases, this will be an e-mail address. The -b switch is the directory in the LDAP tree where
searching begins. The -h switch is the space-separated string of servers
that support LDAP at your site.
|
| |
|
 | NOTE: The LDAP-style options (-v and -h in the previous example) must be double quoted
and must follow immediately after the option. Do not leave spaces
between the option and the quote. |
|
| |
|
LDAP-Based
Routing |
|
You can use the LDAP protocol to
implement LDAP-based rerouting. This provides a method to reroute
addresses with a domain portion in class {LDAPRoute} to either a different mail host or a different
address.
You can use the /usr/newconfig/etc/mail/cf/cf/gen_cf script to enable the LDAP-based routing.
You can add the domains to the class {LDAPRoute}, as shown in the following examples. Ensure that
you set up a domain for LDAP routing. Assume that your domain is yyy.com. Add the following line in the sendmail.cf file:
or
F{LDAPRoute}/etc/mail/ldap-domain-file |
where /etc/mail/ldap-domain-file contains the domains.
The LDAPDefaultSpec option in the sendmail.cf file sets the default LDAP map specification. You
must set this up before defining LDAP maps. The settings are used
for all LDAP maps unless they are specified in the individual map
specification (K command). By default, it appears in the sendmail.cf file as follows:
O LDAPDefaultSpec=-h localhost |
localhost can be replaced by your LDAP server name.
Following are the switches commonly used by most applications:
-b - LDAP search base
Directory in the LDAP tree where the search begins.
For example:
-d - BindDN
The BindDN parameter used to specify the DN value for
the LDAP bind request. For example:
-d”cn=ldap://:389,dc=edat104,dc=atl,dc=hp,dc=com” |
-h - LDAP servers
Space-separated string of servers that support LDAP
at your site. For example:
-h “ldap1.hp.com ldap2.hp.com” |
-p - Port numbers
Port numbers where LDAP service is available. For example:
-k - LDAP search string (key)
String that defines how an LDAP map takes its input
value and initiates an LDAP search. For example:
-k (&(ObjectClass=mailrecipient) (mail=%0)) |
-v - LDAP attribute
Value that replaces the origin string in the map. In
most cases, this is the RFC822 e-mail address. For example:
The LDAP maps are defined in the configuration file as follows:
Kldap -1 -v mailHost -k (&(objectClass=inetLocalMailRecipient) (mailLocalAddress=%0)) |
Kldapmra ldap -1 -v mailRoutingAddress -k (&(objectClass=inetLocalMailRecipient) (mailLocalAddress=%0)) |
mailLocalAddress is the RFC 2822-compliant e-mail address of the recipient.
mailHost is the fully qualified host name of the MTA that
is the final SMTP destination of the message to the recipient.
mailRoutingAddress is the RFC 822 address to be used when routing messages
to the SMTP MTA of the recipient.
