Re: An LDAP authentication howto for Debian?
On Sun, 6 May 2001 tps@unslept.com wrote:
> > a multi-user alias with multiple addresses.
>
> I think I tried all that. What attributes? All the ones I tried are being
> limitted to a single value.
Here's a portion of my LDAP entry:
mail: cowboy@vnet.ibm.com
mail: cowboy@us.ibm.com
mail: cowboy@raleigh.ibm.com
mail: cowboy@debian.org
mailLocalAddress: cowboy@badlands.lexington.ibm.com
mailRoutingAddress: cowboy@badlands.lexington.ibm.com
mailHost: badlands.lexington.ibm.com
What you do with sendmail depends upon which version you're running -
8.12.0 has nicely extended its LDAP support - Almost *ALL* of its
maps may now be kept via LDAP.
Using aliases as an example:
The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias
lookups. To use the default schema, simply use:
define(`ALIAS_FILE', `ldap:')
By doing so, you will use the default schema which expands to a map
declared as follows:
ldap -k (&(objectClass=sendmailMTAAliasObject)
(sendmailMTAAliasName=aliases)
(|(sendmailMTACluster=${sendmailMTACluster})
(sendmailMTAHost=$j))
(sendmailMTAKey=%0))
-v sendmailMTAAliasValue
[snip]
If you prefer not to use the default LDAP schema for your aliases, you can
specify the map parameters when setting ALIAS_FILE. For example:
define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v
mgrpRFC822MailMember')
Look in /usr/share/doc/sendmail-doc/cf.README.gz (after installing
sendmail-doc, of course).
--
Rick Nelson
This is the solution to Debian's problem .. and since the only real way
to create more relatives of developers is to have children, we need more
sex! It's a long term investment ... it's the work itself that is
satisfying!
-- Craig Brozefsky
Reply to: