The following list describes changes in the use of the Lightweight Directory Access Protocol (LDAP) with sendmail.
As noted in the RELEASE NOTES that are part of the sendmail distribution available from ftp://ftp.sendmail.org, the LDAPX map has been renamed to LDAP. Use the following syntax for LDAP.
Kldap ldap options |
The update supports the return of multiple values for a single LDAP lookup. Place the values to be returned in a comma-separated string with the -v option, as is shown.
Kldap ldap -v"mail,more_mail" |
If no LDAP attributes are specified in an LDAP map declaration, all attributes that are found in the match are returned.
This version prevents commas in quoted key and value strings in the specifications of the LDAP alias file from breaking up a single entry into multiple entries.
Instead of using the %s token to parse an LDAP filter specification, you can use the new token, %0, to encode the key buffer. The %0 token applies a literal meaning to LDAP special characters.
The following example shows how these tokens differ for a lookup on “*.”
Table 21–17 Comparison of Tokens
LDAP Map Specification |
Specification Equivalent |
Result |
---|---|---|
-k"uid=%s" |
-k"uid=*" |
Matches any record with a user attribute |
-k"uid=%0" |
-k"uid=\2A" |
Matches a user with the name “*” |
The following table describes new LDAP map flags.
Table 21–18 New LDAP Map Flags
Flag |
Description |
---|---|
-1 |
Requires a single match to be returned. If more than one match is returned, the results are the equivalent of no records being found. |
-r never|always|search|find |
Sets the LDAP alias dereference option. |
-Z size |
Limits the number of matches to return. |