New Uses for LDAP in sendmail
The following list describes changes in the use of the Lightweight Directory Access Protocol (LDAP) with sendmail.
-
As noted in the RELEASE NOTES that are part of the sendmail distribution available from ftp://ftp.sendmail.org, the LDAPX map has been renamed to LDAP. Use the following syntax for LDAP.
Kldap ldap options
-
The update supports the return of multiple values for a single LDAP lookup. Place the values to be returned in a comma-separated string with the -v option, as is shown.
Kldap ldap -v"mail,more_mail"
-
If no LDAP attributes are specified in an LDAP map declaration, all attributes that are found in the match are returned.
-
This version prevents commas in quoted key and value strings in the specifications of the LDAP alias file from breaking up a single entry into multiple entries.
-
Instead of using the %s token to parse an LDAP filter specification, you can use the new token, %0, to encode the key buffer. The %0 token applies a literal meaning to LDAP special characters.
The following example shows how these tokens differ for a lookup on “*.”
Table 21–17 Comparison of TokensLDAP Map Specification
Specification Equivalent
Result
-k"uid=%s"
-k"uid=*"
Matches any record with a user attribute
-k"uid=%0"
-k"uid=\2A"
Matches a user with the name “*”
The following table describes new LDAP map flags.
Table 21–18 New LDAP Map Flags|
Flag |
Description |
|---|---|
|
-1 |
Requires a single match to be returned. If more than one match is returned, the results are the equivalent of no records being found. |
|
-r never|always|search|find |
Sets the LDAP alias dereference option. |
|
-Z size |
Limits the number of matches to return. |
- © 2010, Oracle Corporation and/or its affiliates