LDAP Rejection
Devon Harding
devonharding at gmail.com
Thu Sep 21 19:56:09 IST 2006
Is there a HowTo on this?
On 9/21/06, Daniel Maher <daniel.maher at ubisoft.com> wrote:
>
> Querying from your MTA to an Active Directory server isn't as
> straightforward as it should be. This is due to the fact that Active
> Directory does not use the same format as LDAP by default; there are both
> missing and extra fields that make them different.
>
> Unless your MTA allows for fairly advanced manipulations of both the query
> and result, you may need to set up an LDAP server (OpenLDAP, for example) to
> act as a proxy between your MTA and the AD server. The advantage here is
> that you can configure the LDAP proxy to cache results as well, which lowers
> load on your AD server.
>
> The LDAP proxy can (and should) be configured to deal with the pure LDAP
> requests coming from your MTA, forward them to the AD server, then sanitize
> and cache result before delivering it back to the MTA.
>
> In our environment, each of the incoming mail servers in our cluster has a
> local slapd (the OpenLDAP daemon) process running on it, which performs the
> functions outlined above.
>
> This is only one option of course. Another option is to pull down the
> entire contents of the Active Directory on a nightly basis, and build a
> static map out of it that your MTA can reference directly. This is likely
> less work infrastructurally, but is also not real-time, so there's a trade
> off there.
>
> In any case, I can forward the relevant portions of the slapd.conf to
> anybody who is interested - it's a bit of a pain to set up if you've never
> done it before. :P
>
> --
> _
> °v° Daniel Maher
> /(_)\ Administrateur Système Unix
> ^ ^ Unix System Administrator
>
> Sentio aliquos togatos contra me conspirare.
> > -----Original Message-----
> > From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> > bounces at lists.mailscanner.info] On Behalf Of Richard Frovarp
> > Sent: September 21, 2006 1:59 PM
> > To: MailScanner discussion
> > Subject: Re: LDAP Rejection
> >
> > I don't know. We use OpenLDAP. Does AD follow LDAP norms or not? If so,
> > it should work. LDAP should be LDAP, except certain companies can't be
> > trusted to always follow the norms.
> >
> > Devon Harding wrote:
> > > Yes, but does this 'LDAP Routing' feature extends to Active Directory?
> > >
> > > On 9/21/06, *Richard Frovarp* < Richard.Frovarp at sendit.nodak.edu
> > > <mailto:Richard.Frovarp at sendit.nodak.edu>> wrote:
> > >
> > > Glenn Steen wrote:
> > > > On 21/09/06, Devon Harding < devonharding at gmail.com
> > > <mailto:devonharding at gmail.com>> wrote:
> > > >> Using sendmail on FC5
> > > >>
> > > > Sendmail is not my forte, but as mentioned by Kevin, you could
> > > > probably use a milter for recipient verification.
> > > >
> > > > You should be able to use the access feature and a modified
> > > perl/shell
> > > > LDAP hack as outlined for Postfix, but... well, no one has ever
> > > > bothered documenting anything like that (probably because
> > > they're busy
> > > > using the mentioned milters:-).
> > > > It should acutally be pretty easy... Too bad I've not got (the
> > > > inklination to install) any sendmail around to play with...:)
> > > >
> > > Sendmail has support for LDAP right in it without using a milter.
> > Not
> > > familiar with the exact steps, but there is documentation out
> there
> > if
> > > you just google for sendmail and ldap.
> > >
> > > --
> > > MailScanner mailing list
> > > mailscanner at lists.mailscanner.info
> > > <mailto:mailscanner at lists.mailscanner.info>
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > > <http://wiki.mailscanner.info/posting>
> > >
> > > Support MailScanner development - buy the book off the website!
> > >
> > >
> > >
> > > --
> > > This message has been scanned for viruses and
> > > dangerous content by EduTech's *MailScanner*
> > > <http://www.mailscanner.info/> Vaccine4, and is
> > > believed to be clean.
> >
> >
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060921/f9fbd1d0/attachment.html
More information about the MailScanner
mailing list