Pages

Friday, January 24, 2014

Sendmail with LDAP support in Slackware

The sendmail package that comes with Slackware has no LDAP support. In case that you need it then this article might help. It covers the following topics:

1. Recompile and reinstall sendmail with LDAP support
2. Reconfigure OpenLDAP
3. Reconfigure sendmail and import aliases into LDAP

Before you try to use this description make sure that you know a little about OpenLDAP and sendmail itself! This article was tested on a Slackware environment but should also work for any other Unix/Linux (except for recompiling the sendmail package).

1. Recompile and reinstall sendmail with LDAP support

As mentioned before the sendmail package shipped with Slackware has no LDAP support:

# ldd /usr/sbin/sendmail
...

# sendmail -bt -d0.1
Version 8.14.5
 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
                NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2
                SCANF SOCKETMAP STARTTLS TCPWRAPPERS USERDB XDEBUG
...


To get a sendmail package with LDAP supoort you need to recompile the sendmail package. Grab the source from the DVD or any internet resource and copy it to eg. /usr/src. Then change into the directory and edit the SlackBuild-sendmail script that builds the sendmail package:

# cd /usr/src/sendmail
# vi SlackBuild-sendmail
...
# Add TLS support to the sendmail binary:
cat $CWD/site.config.m4 > devtools/Site/site.config.m4
echo "APPENDDEF(\`confMAPDEF', \`-DLDAPMAP')" >> devtools/Site/site.config.m4
echo "APPENDDEF(\`confLIBS', \`-lldap -llber')" >> devtools/Site/site.config.m4
...

The above two extra lines after TLS support will make sure that sendmail will be build with LDAP support. Run the build script to compile sendmail and to create a new sendmail package:

# ./SlackBuild-sendmail
...


After the new package has been created make sure that the sendmail binary is linked to the LDAP libraries:

# ldd /tmp/package-sendmail/usr/sbin/sendmail.new
...
        libldap-2.4.so.2 => /usr/lib64/libldap-2.4.so.2 (0x00007f14148f7000)
        liblber-2.4.so.2 => /usr/lib64/liblber-2.4.so.2 (0x00007f14146e9000)
...


Before you reinstall the new package make a backup of your current sendmail configuration files. Eg. I have my configuration files under /etc/mail/ and my m4 macro files under /usr/share/sendmail/cf/. In normal cases nothing happens when you reinstall the package. All changed configuration files won't get touched when reinstalling the sendmail package. But sometimes things just go horrible wrong...

# cp -r /etc/mail/ /usr/share/sendmail/cf/ /root/mail-bak/

Then remove the sendmail package:

# removepkg sendmail
...


And install the new one:

# installpkg /tmp/sendmail-8.14.5-x86_64-3.txz
...


Recheck the LDAP support with the following command and note the new LDAP entries:

# sendmail -bt -d0.1
Version 8.14.5
 Compiled with: DNSMAP LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8
                MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS
                PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS TCPWRAPPERS USERDB
                USE_LDAP_INIT XDEBUG
...


So far so good. Your sendmail installation has now LDAP supoort!

2. Reconfigure OpenLDAP

OpenLDAP needs an extra schema file to support sendmail. The schema file can be found in the sendmail sources, eg.:

# cp /tmp/sendmail-8.14.5/cf/sendmail.schema /etc/openldap/schema/

Configure slapd and add the new schema file:

# vi /etc/openldap/slapd.conf
...
include         /etc/openldap/schema/sendmail.schema


Then restart slapd:

# /etc/rc.d/rc.slapd restart
Starting slapd: /usr/libexec/slapd


And check that it is running:

# pgrep -fl slapd
6604 /usr/libexec/slapd -h ldap://127.0.0.1:389 ldap://192.168.1.23:389


At this point both (sendmail and slapd) are ready to work together!

3. Configure sendmail and import aliases into LDAP

First take a look at your current aliases:

# cat /etc/mail/aliases
...
sam.neill:   sneill


And check that it gets resolved:

# sendmail -bv sam.neill@karellen.local
sneill... deliverable: mailer local, user sneill

Next create a new sendmail m4 macro file. The following file is a very simple sendmail configuration file with LDAP support:

# vi /usr/share/sendmail/cf/cf/karellen.local.mc
OSTYPE(linux)dnl
DOMAIN(generic)dnl
define(`confLDAP_DEFAULT_SPEC', ` -h 192.168.1.23 -b ou=sendmail,dc=karellen,dc=local')dnl
define(`confLDAP_CLUSTER', `karellen.local')dnl
define(`ALIAS_FILE', `ldap:')dnl
MAILER(local)dnl
MAILER(smtp)dnl


Most important for LDAP support are the three lines that start with define:

define(`confLDAP_DEFAULT_SPEC', ` -h 192.168.1.23 -b ou=sendmail,dc=karellen,dc=local')dnl
This line defines the IP of the LDAP server and the organizational unit where to look for sendmail entries

define(`confLDAP_CLUSTER', `karellen.local')dnl
Eache sendmail object inside LDAP needs a LDAP cluster configuration

define(`ALIAS_FILE', `ldap:')dnl
Explicite definition to lookup for aliases in the prior defined LDAP server

Run m4 to translate the file:

# m4 ../m4/cf.m4 karellen.local.mc > karellen.local.cf

Copy the cf file (not the mc file) to /etc/mail/sendmail.cf and restart sendmail:

# cp karellen.local.cf /etc/mail/sendmail.cf
# /etc/rc.d/rc.sendmail restart
...


If you check for the users alias you will get an error:

# sendmail -bv sam.neill@karellen.local
sam.neill@karellen.local... User unknown


This is totally OK since sendmail uses the ldap connection to lookup for aliases. All prior defined aliases in /etc/mail/aliases will be ignored now. The next step is to import the alias(es) from /etc/mail/aliases into LDAP. First create a ldif file like the following:

# vi alias.ldif
dn: ou=sendmail,dc=karellen,dc=local
objectClass: top
objectClass: organizationalUnit
ou: Sendmail

dn: ou=aliases,ou=sendmail,dc=karellen,dc=local
objectClass: top
objectClass: organizationalUnit
ou: Aliases

dn: sendmailMTAKey=sam.neill,ou=aliases,ou=sendmail,dc=karellen,dc=local
objectClass: sendmailMTA
objectClass: sendmailMTAAlias
objectClass: sendmailMTAAliasObject
sendmailMTAAliasGrouping: aliases
sendmailMTACluster: karellen.local
sendmailMTAKey: sam.neill
sendmailMTAAliasValue: sneill


The first two entries will create two organizational units for storing the sendmail entries and the alias entries. The third entry is the real alias entry for sneill.
Now add the content of the lidf file to your LDAP:

# ldapadd -x -W -D 'cn=ldapadmin,dc=karellen,dc=local' -f alias.ldif
Enter LDAP Password:
adding new entry "ou=sendmail,dc=karellen,dc=local"
adding new entry "ou=aliases,ou=sendmail,dc=karellen,dc=local"
adding new entry "sendmailMTAKey=sam.neill,ou=aliases,ou=sendmail,dc=karellen,dc=local"


And a final test should bring the usual result when using aliases:

# sendmail -bv sam.neill@karellen.local
sneill... deliverable: mailer local, user sneill


In case that something does not work check your slapd log file and your sendmail log file.

No comments:

Post a Comment