We help IT Professionals succeed at work.
Get Started

Configuring sendmail to perform LDAP address lookups

Last Modified: 2013-12-19
In a nutshell I need to set up a sendmail server (running on CentOS linux) that will look up recipient addresses via LDAP and I'm not having much luck.  From what I've read we need to configure sendmail to use LDAP and it looks like I want to use the genericstable for LDAP queries but it doesn't look like its working for me.

Here are the gory details:  We have an environment where we have a fairly large LDAP database of users and their primary e-mail addresses.  We have a high-performance research cluster (and a second one being planned) that these users can log into and submit jobs for processing.  Right now any e-mail generated as a result of those jobs is getting lost because sendmail was never configured properly.  We need to set up sendmail to do a lookup in LDAP to determine a users primary e-mail address and use that as the delivery address.

To summarize our LDAP configuration, a typical entry contains the following fields (assuming myself) in ObjectClass=fooPerson:
cn: Bruce Pennypacker
uid: bpennypa (my login name on the servers)
mail: bruce.pennypacker@... (my primary e-mail address)

Assume the base DN for our LDAP setup is "dc=foo,dc=bar"

I know that LDAP lookups work properly from this particular server.  I wrote a quick little perl script to verify that it can query the LDAP server and it's working properly.

The first thing I did was build a custom version of sendmail, enabling the LDAPMAP option.  This is showing up in the sendmail output when I use -d so I'm sure it was built properly.  I then added the following to my sendmail .mc file:

define(`confLDAP_DEFAULT_SPEC', `-p 389 -h ldap.foobar.com -b dc=foo,dc=bar')dnl
FEATURE(`genericstable', `ldap:-k (&(objectClass=fooPerson)(uid=%0)) -v mail')dnl

I rebuilt sendmail.cf after doing the above and see the following in that file:

# default LDAP map specification
# need to set this now before any LDAP maps are defined
O LDAPDefaultSpec=-p 389 -h ldap.foobar.com -b dc=foo,dc=bar

# LDAP routing maps
Kldapmh ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient)(mailLocalAddress=%0))

Kldapmra ldap -1 -T<TMPF> -v mailRoutingAddress -k (&(objectClass=inetLocalMailRecipient)(mailLocalAddress=%0))

# Generics table (mapping outgoing addresses)
Kgenerics ldap:-k (&(objectClass=fooPerson)(uid=%0)) -v mail

But if I run sendmail -d -bv bpennypa to see if it'll do a lookup and convert the name it doesn't work.  I end up with a "user unknown" error.  The debug output doesn't seem to indicate any LDAP query occurring.  So what am I missing?
Watch Question
This problem has been solved!
Unlock 1 Answer and 3 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE