Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 745645

Summary: RFE: Support sendmail LDAP routing schema
Product: [Retired] 389 Reporter: Orion Poplawski <orion>
Component: SchemaAssignee: Rich Megginson <rmeggins>
Status: CLOSED UPSTREAM QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 1.2.9CC: benl, hotukdeals.com2
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: 389-ds-base-1.2.10.rc1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-07 16:10:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 690319    

Description Orion Poplawski 2011-10-12 21:51:46 UTC 
Description of problem:

sendmail supports using ldap routing: http://www.sendmail.org/m4/ldap_routing.html

This is the schema it expects: http://www.sendmail.org/m4/laser.txt

I'm not sure the draft is complete (it has [[TBD]] in the object class uid definition.

The 60inetmail.ldif is similar but different. I don't know if they are compatible or not.

Version-Release number of selected component (if applicable):
389-ds-base-1.2.9.9-1.el5
Comment 1 Orion Poplawski 2011-10-13 21:11:47 UTC 
This is what is in openldap.org's misc schema:

#
# Assorted definitions from several sources, including
# ''works in progress''.  Contents of this file are
# subject to change (including deletion) without notice.
#
# Not recommended for production use!
# Use with extreme caution!

#-----------------------------------------------------------
# draft-lachman-laser-ldap-mail-routing-02.txt !!!EXPIRED!!!
#       (a work in progress)
#
attributetype ( 2.16.840.1.113730.3.1.13
        NAME 'mailLocalAddress'
        DESC 'RFC822 email address of this recipient'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

attributetype ( 2.16.840.1.113730.3.1.18
        NAME 'mailHost'
        DESC 'FQDN of the SMTP/MTA of this recipient'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
        SINGLE-VALUE )

attributetype ( 2.16.840.1.113730.3.1.47
        NAME 'mailRoutingAddress'
        DESC 'RFC822 routing address of this recipient'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
        SINGLE-VALUE )

# I-D leaves this OID TBD.
# iPlanet uses 2.16.840.1.113.730.3.2.147 but that is an
# improperly delegated OID.  A typo is likely.
objectclass ( 2.16.840.1.113730.3.2.147
        NAME 'inetLocalMailRecipient'
        DESC 'Internet local mail recipient'
        SUP top AUXILIARY
        MAY     ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )



http://www.virtualmin.com/documentation/id,combining_virtualmin_and_ldap/ mentions changing AUXILIARY to STRUCTURAL, but that seems strange to me.
Comment 4 Orion Poplawski 2011-10-24 20:46:18 UTC 
I've tried to make my own schema file for this without success.  If one could be created that I could test with I'd be very grateful.
Comment 5 Rich Megginson 2011-10-26 16:44:58 UTC 
(In reply to comment #4)
> I've tried to make my own schema file for this without success.  If one could
> be created that I could test with I'd be very grateful.

What was the problem with your own schema file?
Comment 6 Orion Poplawski 2011-10-26 16:51:53 UTC 
I couldn't get the format correct.
Comment 7 Rich Megginson 2011-10-26 16:57:58 UTC 
(In reply to comment #6)
> I couldn't get the format correct.

Have you tried one of the scripts at http://directory.fedoraproject.org/wiki/Howto:OpenLDAPMigration to convert the openldap style schema to 389 format?
Comment 8 Orion Poplawski 2011-10-26 19:25:29 UTC 
I used the ol-migrate-schema.pl script to produce:

[root@earth dirsrv]# cat 98ldap-mail-routing.ldif 
#
################################################################################
#
dn: cn=schema
#
################################################################################
#
attributeTypes: (
  2.16.840.1.113730.3.1.13
  NAME 'mailLocalAddress'
  DESC 'RFC822 email address of this recipient'
  EQUALITY caseIgnoreIA5Match
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
  )
#
################################################################################
#
attributeTypes: (
  2.16.840.1.113730.3.1.18
  NAME 'mailHost'
  DESC 'FQDN of the SMTP/MTA of this recipient'
  EQUALITY caseIgnoreIA5Match
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
  SINGLE-VALUE
  )
#
################################################################################
#
attributeTypes: (
  2.16.840.1.113730.3.1.47
  NAME 'mailRoutingAddress'
  DESC 'RFC822 routing address of this recipient'
  EQUALITY caseIgnoreIA5Match
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
  SINGLE-VALUE
  )
#
################################################################################
#
objectClasses: (
  2.16.840.1.113730.3.2.147
  NAME 'inetLocalMailRecipient'
  DESC 'Internet local mail recipient'
  SUP top
  AUXILIARY
  MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress )
  )
#
################################################################################
#

Copied that to /etc/dirsrv/slapd-cora/schema/98ldap-mail-routing.ldif and restarted the server.  Got:

Starting dirsrv: 
    cora...[26/Oct/2011:13:20:42 -0600] dse - The entry cn=schema in file /etc/dirsrv/slapd-cora/schema/98ldap-mail-routing.ldif is invalid, error code 20 (Type or value exists) - attribute type mailLocalAddress: Does not match the OID "2.16.840.1.113730.3.1.13". Another attribute type is already using the name or OID.
[26/Oct/2011:13:20:42 -0600] dse - Please edit the file to correct the reported problems and then restart the server.
                                                           [FAILED]


In /etc/dirsrv/slapd-cora/schema/50ns-mail.ldif there is:

attributeTypes: ( 2.16.840.1.113730.3.1.13 NAME ( 'mailAlternateAddress' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Netscape Messaging Server 4.x' )

So, what's the best way to solve a conflicting OID like this?
Comment 9 Rich Megginson 2011-10-26 19:35:53 UTC 
I suppose you could try making mailAlternateAddress an alias of mailLocalAddress or vice versa:

attributeTypes: (
  2.16.840.1.113730.3.1.13
  NAME ( 'mailAlternateAddress' 'mailLocalAddress' )
  DESC 'RFC822 email address of this recipient'
  EQUALITY caseIgnoreIA5Match
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
  X-DEPRECATED 'mailAlternateAddress' )
Comment 10 Orion Poplawski 2011-10-26 19:49:42 UTC 
I changed my file to use that and got:

The entry cn=schema in file /etc/dirsrv/slapd-cora/schema/98ldap-mail-routing.ldif is invalid, error code 20 (Type or value exists) - attribute type mailRoutingAddress: Does not match the OID "2.16.840.1.113730.3.1.47". Another attribute type is already using the name or OID.

/etc/dirsrv/slapd-cora/schema/50ns-directory.ldif:attributeTypes: ( 2.16.840.1.113730.3.1.47 NAME 'ntGroupType' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )

Fixed in the same way.  Then:

The entry cn=schema in file /etc/dirsrv/slapd-cora/schema/98ldap-mail-routing.ldif is invalid, error code 21 (Invalid syntax) - object class inetLocalMailRecipient: Unknown allowed attribute type "mailLocalAddress"

So, I can't use the alias names in the inetLocalMailRecipient objectClass?  Or do I need to modify the 50ns-mail.ldif file as well?

Is Netscape Messaging Server still out there?
Comment 11 Rich Megginson 2011-10-26 19:59:23 UTC 
(In reply to comment #10)
> I changed my file to use that and got:
> 
> The entry cn=schema in file
> /etc/dirsrv/slapd-cora/schema/98ldap-mail-routing.ldif is invalid, error code
> 20 (Type or value exists) - attribute type mailRoutingAddress: Does not match
> the OID "2.16.840.1.113730.3.1.47". Another attribute type is already using the
> name or OID.
> 
> /etc/dirsrv/slapd-cora/schema/50ns-directory.ldif:attributeTypes: (
> 2.16.840.1.113730.3.1.47 NAME 'ntGroupType' DESC 'Netscape defined attribute
> type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT
> Synchronization' )
> 
> Fixed in the same way.  Then:
> 
> The entry cn=schema in file
> /etc/dirsrv/slapd-cora/schema/98ldap-mail-routing.ldif is invalid, error code
> 21 (Invalid syntax) - object class inetLocalMailRecipient: Unknown allowed
> attribute type "mailLocalAddress"
> 
> So, I can't use the alias names in the inetLocalMailRecipient objectClass?

Try changing the order of the aliases e.g.
  NAME ( 'mailLocalAddress' 'mailAlternateAddress' )

> Or
> do I need to modify the 50ns-mail.ldif file as well?

If the alias trick doesn't work, I'm afraid you'll have to edit or remove 50ns-mail.ldif

The duplicate OID for ntGroupType is very bad.  You'll have to use a bogus OID for mailRoutingAddress e.g. 2.16.840.1.113730.3.1.47.99999

> 
> Is Netscape Messaging Server still out there?

There's probably some iPlanet/Sun/Oracle email server that still uses these old attributes.
Comment 12 Orion Poplawski 2011-10-26 20:11:20 UTC 
(In reply to comment #11)
> 
> Try changing the order of the aliases e.g.
>   NAME ( 'mailLocalAddress' 'mailAlternateAddress' )

Doesn't like it:

 The entry cn=schema in file /etc/dirsrv/slapd-cora/schema/98ldap-mail-routing.ldif is invalid, error code 20 (Type or value exists) - attribute type mailLocalAddress: Does not match the OID "2.16.840.1.113730.3.1.13". Another attribute type is already using the name or OID.

> > Or
> > do I need to modify the 50ns-mail.ldif file as well?
> 
> If the alias trick doesn't work, I'm afraid you'll have to edit or remove
> 50ns-mail.ldif

Probably the thing for me to do to is remove it.

> The duplicate OID for ntGroupType is very bad.  You'll have to use a bogus OID
> for mailRoutingAddress e.g. 2.16.840.1.113730.3.1.47.99999
> 
> > 
> > Is Netscape Messaging Server still out there?
> 
> There's probably some iPlanet/Sun/Oracle email server that still uses these old
> attributes.

You're probably right.  So, what's the proper fix here?  This feels very kludgy to me.
Comment 13 Orion Poplawski 2011-10-26 20:13:47 UTC 
I also ended up removing 50ns-directory.ldif as it had:

attributeTypes: ( 2.16.840.1.113730.3.1.47 NAME 'ntGroupType' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )

as well.
Comment 14 Rich Megginson 2011-10-26 21:44:14 UTC 
(In reply to comment #13)
> I also ended up removing 50ns-directory.ldif as it had:
> 
> attributeTypes: ( 2.16.840.1.113730.3.1.47 NAME 'ntGroupType' DESC 'Netscape
> defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
> X-ORIGIN 'Netscape NT Synchronization' )
> 
> as well.

You can't do that.  You will likely break windows sync, and lots of other stuff that uses schema from 50ns-directory.ldif.  Instead, you'll have to use a bogus OID for mailRoutingAddress e.g. 2.16.840.1.113730.3.1.47.99999

The proper fix will be to get rid of the obsolete schema (e.g. 50ns-mail.ldif), replace it with the new schema, including the oid fix for mailRoutingAddress
Comment 15 Orion Poplawski 2011-10-26 21:48:11 UTC 
Okay, I used the bogus oid and just removed 50ns-mail.ldif and will try that.
Comment 16 Martin Kosek 2012-01-04 13:20:14 UTC 
Upstream ticket:
https://fedorahosted.org/389/ticket/22
Comment 17 Rich Megginson 2012-02-07 16:10:58 UTC 
Fixed in 389-ds-base-1.2.10.rc1 now in Fedora/EPEL Testing
Comment 18 RobertPattinson 2012-06-22 10:08:18 UTC 
I also ended up removing 50ns-directory.ldif as it had:

attributeTypes: ( 2.16.840.1.113730.3.1.47 NAME 'ntGroupType' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )

thanks

http://www.mantisbt.org/wiki/doku.php/mantisbt:wanted_topics [^]
http://rpmfusion.org/ReportingBugs [^]
http://rpmfusion.org/RobertPattinson [^]