The sendmail package that comes with Slackware has no LDAP support. In case that you need it then this article might help. It covers the following topics:
1. Recompile and reinstall sendmail with LDAP support
2. Reconfigure OpenLDAP
3. Reconfigure sendmail and import aliases into LDAP
Before you try to use this description make sure that you know a little about OpenLDAP and sendmail itself! This article was tested on a Slackware environment but should also work for any other Unix/Linux (except for recompiling the sendmail package).
1. Recompile and reinstall sendmail with LDAP support
As mentioned before the sendmail package shipped with Slackware has no LDAP support:
# ldd /usr/sbin/sendmail
...
# sendmail -bt -d0.1
Version 8.14.5
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2
SCANF SOCKETMAP STARTTLS TCPWRAPPERS USERDB XDEBUG
...
To get a sendmail package with LDAP supoort you need to recompile the sendmail package. Grab the source from the DVD or any internet resource and copy it to eg. /usr/src. Then change into the directory and edit the SlackBuild-sendmail script that builds the sendmail package:
# cd /usr/src/sendmail
# vi SlackBuild-sendmail
...
# Add TLS support to the sendmail binary:
cat $CWD/site.config.m4 > devtools/Site/site.config.m4
echo "APPENDDEF(\`confMAPDEF', \`-DLDAPMAP')" >> devtools/Site/site.config.m4
echo "APPENDDEF(\`confLIBS', \`-lldap -llber')" >> devtools/Site/site.config.m4
...
The above two extra lines after TLS support will make sure that sendmail will be build with LDAP support. Run the build script to compile sendmail and to create a new sendmail package:
# ./SlackBuild-sendmail
...
After the new package has been created make sure that the sendmail binary is linked to the LDAP libraries:
# ldd /tmp/package-sendmail/usr/sbin/sendmail.new
...
libldap-2.4.so.2 => /usr/lib64/libldap-2.4.so.2 (0x00007f14148f7000)
liblber-2.4.so.2 => /usr/lib64/liblber-2.4.so.2 (0x00007f14146e9000)
...
Before you reinstall the new package make a backup of your current sendmail configuration files. Eg. I have my configuration files under /etc/mail/ and my m4 macro files under /usr/share/sendmail/cf/. In normal cases nothing happens when you reinstall the package. All changed configuration files won't get touched when reinstalling the sendmail package. But sometimes things just go horrible wrong...
# cp -r /etc/mail/ /usr/share/sendmail/cf/ /root/mail-bak/
Then remove the sendmail package:
# removepkg sendmail
...
And install the new one:
# installpkg /tmp/sendmail-8.14.5-x86_64-3.txz
...
Recheck the LDAP support with the following command and note the new LDAP entries:
# sendmail -bt -d0.1
Version 8.14.5
Compiled with: DNSMAP LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8
MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS
PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS TCPWRAPPERS USERDB
USE_LDAP_INIT XDEBUG
...
So far so good. Your sendmail installation has now LDAP supoort!
2. Reconfigure OpenLDAP
OpenLDAP needs an extra schema file to support sendmail. The schema file can be found in the sendmail sources, eg.:
# cp /tmp/sendmail-8.14.5/cf/sendmail.schema /etc/openldap/schema/
Configure slapd and add the new schema file:
# vi /etc/openldap/slapd.conf
...
include /etc/openldap/schema/sendmail.schema
Then restart slapd:
# /etc/rc.d/rc.slapd restart
Starting slapd: /usr/libexec/slapd
And check that it is running:
# pgrep -fl slapd
6604 /usr/libexec/slapd -h ldap://127.0.0.1:389 ldap://192.168.1.23:389
At this point both (sendmail and slapd) are ready to work together!
3. Configure sendmail and import aliases into LDAP
First take a look at your current aliases:
# cat /etc/mail/aliases
...
sam.neill: sneill
And check that it gets resolved:
# sendmail -bv sam.neill@karellen.local
sneill... deliverable: mailer local, user sneill
Next create a new sendmail m4 macro file. The following file is a very simple sendmail configuration file with LDAP support:
# vi /usr/share/sendmail/cf/cf/karellen.local.mc
OSTYPE(linux)dnl
DOMAIN(generic)dnl
define(`confLDAP_DEFAULT_SPEC', ` -h 192.168.1.23 -b ou=sendmail,dc=karellen,dc=local')dnl
define(`confLDAP_CLUSTER', `karellen.local')dnl
define(`ALIAS_FILE', `ldap:')dnl
MAILER(local)dnl
MAILER(smtp)dnl
Most important for LDAP support are the three lines that start with define:
define(`confLDAP_DEFAULT_SPEC', ` -h 192.168.1.23 -b ou=sendmail,dc=karellen,dc=local')dnl
This line defines the IP of the LDAP server and the organizational unit where to look for sendmail entries
define(`confLDAP_CLUSTER', `karellen.local')dnl
Eache sendmail object inside LDAP needs a LDAP cluster configuration
define(`ALIAS_FILE', `ldap:')dnl
Explicite definition to lookup for aliases in the prior defined LDAP server
Run m4 to translate the file:
# m4 ../m4/cf.m4 karellen.local.mc > karellen.local.cf
Copy the cf file (not the mc file) to /etc/mail/sendmail.cf and restart sendmail:
# cp karellen.local.cf /etc/mail/sendmail.cf
# /etc/rc.d/rc.sendmail restart
...
If you check for the users alias you will get an error:
# sendmail -bv sam.neill@karellen.local
sam.neill@karellen.local... User unknown
This is totally OK since sendmail uses the ldap connection to lookup for aliases. All prior defined aliases in /etc/mail/aliases will be ignored now. The next step is to import the alias(es) from /etc/mail/aliases into LDAP. First create a ldif file like the following:
# vi alias.ldif
dn: ou=sendmail,dc=karellen,dc=local
objectClass: top
objectClass: organizationalUnit
ou: Sendmail
dn: ou=aliases,ou=sendmail,dc=karellen,dc=local
objectClass: top
objectClass: organizationalUnit
ou: Aliases
dn: sendmailMTAKey=sam.neill,ou=aliases,ou=sendmail,dc=karellen,dc=local
objectClass: sendmailMTA
objectClass: sendmailMTAAlias
objectClass: sendmailMTAAliasObject
sendmailMTAAliasGrouping: aliases
sendmailMTACluster: karellen.local
sendmailMTAKey: sam.neill
sendmailMTAAliasValue: sneill
The first two entries will create two organizational units for storing the sendmail entries and the alias entries. The third entry is the real alias entry for sneill.
Now add the content of the lidf file to your LDAP:
# ldapadd -x -W -D 'cn=ldapadmin,dc=karellen,dc=local' -f alias.ldif
Enter LDAP Password:
adding new entry "ou=sendmail,dc=karellen,dc=local"
adding new entry "ou=aliases,ou=sendmail,dc=karellen,dc=local"
adding new entry "sendmailMTAKey=sam.neill,ou=aliases,ou=sendmail,dc=karellen,dc=local"
And a final test should bring the usual result when using aliases:
# sendmail -bv sam.neill@karellen.local
sneill... deliverable: mailer local, user sneill
In case that something does not work check your slapd log file and your sendmail log file.
No comments:
Post a Comment