INSTALL INSTRUCTIONS FOR USING LDAP / SENDMAIL IMPLEMENTATION by Kevin A. McGrail (kmcgrail@pccc.com) Maintained at: http://www.pccc.com/downloads/ Code written by Brian Landers & enhanced by Kevin A. McGrail This is a very simple yet elegant solution to implement LDAP on a sendmail server acting as a gateway server (such as a server running MIMEDefang in front of an Exchange Server). Here is the framework for use. While the document below is rough, the implementation is stable and has been in use for almost 2 months now as of 02/28/04. Small edits and rough-out continues 8/18/04. #Install Convert-ASN1 cd /files/ wget http://www.peregrinehw.com/downloads/ldap/Convert-ASN1-0.18.tar.gz cd /usr/src/ tar zxvf /files/Convert-ASN1-0.18.tar.gz cd Convert-ASN1-0.18 perl Makefile.PL make test && make install #Install Authen SASL cd /files wget http://www.peregrinehw.com/downloads/ldap/Authen-SASL-2.08.tar.gz cd /usr/src/ tar zxvf /files/Authen-SASL-2.08.tar.gz cd Authen-SASL-2.08 perl Makefile.PL make test && make install #Install Net::SSLeay *UNOFFICIAL RELEASE* http://www.fas.harvard.edu/~behrooz/Net_SSLeay.pm-1.26.tar.gz *OFFICIAL RELEASE* http://search.cpan.org/~flora/Net_SSLeay.pm-1.30/SSLeay.pm cd /files wget http://www.peregrinehw.com/downloads/ldap/Net_SSLeay.pm-1.30.tar.gz cd /usr/src/ tar zxvf /files/Net_SSLeay.pm-1.30.tar.gz cd Net_SSLeay.pm-1.30 perl Makefile.PL make test && make install #Install IO::Socket-SSL cd /files/ wget http://www.peregrinehw.com/downloads/ldap/IO-Socket-SSL-0.96.tar.gz cd /usr/src/ tar zxvf /files/IO-Socket-SSL-0.96.tar.gz cd IO-Socket-SSL-0.96 perl Makefile.PL make test && make install #Install Perl-LDAP cd /files wget http://www.peregrinehw.com/downloads/ldap/perl-ldap-0.31.tar.gz cd /usr/src/ tar zxvf /files/perl-ldap-0.31.tar.gz cd /usr/src/perl-ldap-0.31 perl Makefile.PL make test && make install #Modify adexport.pl to suit your LDAP installation. There are roughly 5 ldap constants that #will need to be tailored for your installation. #NOTE for Windows Server (at least 2000). The utility ADSI Edit from the Windows Support Tools #is invaluable in determining your LDAP connection parameters. #Install the scripts cd /usr/local/sbin/ wget http://www.peregrinehw.com/downloads/ldap/adexport.pl chmod 700 adexport.pl wget http://www.peregrinehw.com/downloads/ldap/genaccessdb.pl chmod 700 genaccessdb.pl #Setup a CronTab Entry mkdir /etc/cron.5min add this line to your crontab: 1,6,11,16,21,26,31,36,41,46,51,56 * * * * root run-parts /etc/cron.5min #Install a cron script cd /etc/cron.5min wget http://www.peregrinehw.com/downloads/ldap/update-ldap-access-cron.sh chmod +x update-ldap-access-cron.sh Using Windows 2000/2K3? Install the support tools for the OS. In 2000 run adsiedit.exe, in 2003, run mmc and add the snap-in for ADSI Edit (or run adsiedit.mmc?). Create a user with as little permissions as you can and add this person to have read access on the domain by right clicking in adsiedit on the domain and going to security. Using Windows Server 2K3? Might need to make this change. (Don't think so though!) Click Start->Run. Enter ldp. Click ok. Click on Connection->Connect and connect to your AD server ip Go to Connection->bind and connect with an admin-level password Go to Browse->Modify and enter a DN like: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=,DC= Enter dSHeuristics as the attribute and 0000002 as the value. Click Enter. Click Run. Click Close. Click View->Tree. Enter CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=,DC=. Confirm that dSHeuristics now has the correct value.