The ldap learning curve continues…
I have just gotten sendmail working with ldap. Had a bunch of problems, but mail is coming in.
I have two machines, ldapserver and mailserver. The mailserver machine has to look up accounts on the ldapserver machine. I had to add a couple of things to ldapserver.
# mail, people, ldapserver.uchicago.edu dn: uid=mail,ou=people,dc=ldapserver,dc=uchicago,dc=edu uid: mail cn: mail objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword:: {crypt}* loginShell: /sbin/nologin uidNumber: 8 gidNumber: 12 homeDirectory: /var/spool/mail gecos: mail # smmsp, people, ldapserver.uchicago.edu dn: uid=smmsp,ou=people,dc=ldapserver,dc=uchicago,dc=edu uid: smmsp cn: smmsp user for sendmail objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword:: {crypt}* uidNumber: 51 gidNumber: 51 homeDirectory: /dev/null gecos: smmsp user for sendmail # sendmail, people, ldapserver.uchicago.edu dn: uid=sendmail,ou=people,dc=ldapserver,dc=uchicago,dc=edu uid: sendmail cn: Mail Transfer Agent objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword:: {crypt}* loginShell: /bin/tcsh uidNumber: 101 gidNumber: 2 homeDirectory: /var/adm gecos: Mail Transfer Agent
I got this information from our current /etc/passwd file. I’m not sure if I needed all of these accounts, but to be sure, I put them all in.
I also had to create an ou called sendmail. I put it in the ou called dsa that was created for secure accounts.
# sendmail, dsa, ldapserver.uchicago.edu dn: ou=sendmail,ou=dsa,dc=ldapserver,dc=uchicago,dc=edu objectClass: organizationalUnit ou: sendmail
I also had to add some more info to the user account.
dn: uid=testuser1,ou=people,dc=ldapserver,dc=uchicago,dc=edu changetype: modify add: objectClass objectClass: inetLocalMailRecipient - add: mailLocalAddress mailLocalAddress: testuser1@mailserver.uchicago.edu - add: mailRoutingAddress mailRoutingAddress: testuser1@mailserver.uchicago.edu
Finally, I had to uncomment this line in /etc/openldap/slapd.conf.
allow bind_v2
This is because sendmail does use version 2 binds.
Those are all the changes I made on ldapserver.
On the mailserver, most of the changes were in /etc/mail/sendmail.mc. Here are the lines I added:
dnl # LDAP Settings dnl # basic definition of access_db using LDAP FEATURE(`access_db',`LDAP')dnl dnl # To use sendmail's default LDAP search parameters for aliases define(`ALIAS_FILE',`ldap:')dnl LDAPROUTE_DOMAIN(`mailserver.uchicago.edu')dnl FEATURE(`ldap_routing')dnl define(`confLDAP_DEFAULT_SPEC',`-h ldapserver.uchicago.edu')dnl
After I created the new sendmail.cf from this and restarted sendmail, I could receive mail to my user testuser1.
Now, I have to figure out how to configure dovecot to be able to authenticate to read mail.