Sendmail by default has an LDAP schema that (via its documentation) it wants people to use. Its native LDAP interface is quite clunky and we found it not worth pursuing.
Instead, we use an undocumented feature in Sendmail to have it use LDAP as an alias map for its lookups.
From our config files:
define(`ALIAS_FILE', `/etc/mail/aliases, sequence:ldapv3')
LOCAL_CONFIG
Kldapv3 ldap -h "ldap.stanford.edu" -b"cn=accounts,dc=stanford,dc=edu" -w 3 -Msasl -P"<ticket cache>" -k"suseassunetid=%s" -z, -v sumaildrop
suseassunetid and sumaildrop are custom attributes of ours in our account tree.
This allows one to easily use SASL as a bind mechanism to perform queries how you want to from inside Sendmail. It also means that if the server goes down, mail will queue instead of bounce.
NOTE: This requries patching sendmail to support the OpenLDAP libraries and SASL.
