Problem

sendmail must be compiled with the correct options in order to read data from an LDAP server. The LDAP server must also be properly configured to understand queries from sendmail.

Use the command sendmail -bt -d0.1 to check the sendmail compiler options. If the string LDAPMAP appears in the “Compiled with:” list, there is no need to recompile sendmail. If LDAPMAP does not appear in the “Compiled with:” list, recompile sendmail to add LDAP support.

To add LDAP support, set LDAP values in the site.config.m4 file and recompile sendmail as shown below:

  # cd /usr/local/src/sendmail-8.12.9/devtools/Site
  # cat >> site.config.m4
  APPENDDEF(`confMAPDEF', `-DLDAPMAP')
  APPENDDEF(`confLIBS', `-lldap -llber')
  Ctrl-D
  # cd /usr/local/src/sendmail-8.12.9
  # ./Build –c

After recompiling sendmail, reinstall it:

The LDAP server must also be configured to work with sendmail. Give the LDAP administrator a copy of the sendmail.schema file, which is found in the cf directory of the sendmail distribution. The LDAP administrator must store the sendmail.schema file in the appropriate directory on the LDAP server. For example, an LDAP server running OpenLDAP often stores schema files in the /etc/openldap/schema directory.

Next, the LDAP administrator must add the sendmail.schema file to the LDAP configuration. On a system running OpenLDAP, add the following include to the /etc/ openldap/slapd.conf file:

  include    /etc/openldap/schema/sendmail.schema

Restart LDAP on the LDAP server to ensure that the sendmail schema are included in the LDAP configuration. Here is an example from an LDAP server running OpenLDAP:

  # ps -ax | grep slapd
  1426  ?       S       0:00 /usr/sbin/slapd -u ldap
  # kill -TERM 1426
  # /usr/sbin/slapd -u ldap

Discussion

In this recipe, two APPENDDEF commands are added to the site.config.m4 file. The first APPENDDEF command adds -DLDAPMAP to the list of supported map types stored in the confMAPDEF define. The second APPENDDEF command adds -lldap and -llber to the list of libraries stored in the confLIBS define. -llber is required because this sample system uses OpenLDAP.

Build is then used to recompile sendmail. The -c option on the Build command line is needed to make sure that Build detects the changes made to the site.config.m4 file. After recompiling, sendmail is reinstalled.

Now, rerunning sendmail with the -d0.1 option would show LDAPMAP included in the “Compiled with:” list. sendmail is now ready to be configured to use LDAP. Of course, this doesn’t mean that LDAP is ready to work with sendmail.

The sendmail distribution comes with schema designed to work with LDAP. The LDAP server must be configured to include these schema in order to understand and properly process queries from sendmail. For OpenLDAP, this is done by adding an include command to the slapd.conf file that points to the sendmail schema, as shown in the Solution section. Once this is done, LDAP is ready to work with sendmail’s standard schema.

Recipes 1.2 and 1.4 through 1.7 provide other examples of compiling sendmail. Refer to other recipes in this book for specific examples of reading sendmail data from an LDAP server. For information on LDAP, see Understanding and Deploying LDAP Directory Services by Howes, Smith, and Good (Macmillan) and LDAP System Administration by Gerald Carter (O’Reilly). The cf/README file covers this topic in the Using LDAP for Aliases, Maps, and Classes section. The sendmail book covers compiling sendmail in section 2.2.