The following list describes changes in the use of the Lightweight Directory Access Protocol (LDAP) with sendmail.
LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE() permit you to specify equivalent host names, which are replaced by the masquerade domain name for LDAP routing lookups. For more information, refer to /usr/lib/mail/README.
As noted in the Release Notes that are part of the sendmail distribution at ftp://ftp.sendmail.org, the LDAPX map has been renamed to LDAP. Use the following syntax for LDAP.
Kldap ldap options |
This release supports the return of multiple values for a single LDAP lookup. Place the values to be returned in a comma-separated string with the -v option, as is shown.
Kldap ldap -v"mail,more_mail" |
If no LDAP attributes are specified in an LDAP map declaration, all attributes that are found in the match are returned.
This version of sendmail prevents commas in quoted key and value strings in the specifications of the LDAP alias file from dividing a single entry into multiple entries.
This version of sendmail has a new option for LDAP maps. The option, –Vseparator enables you to specify a separator, so that a lookup can return both an attribute and a value that are separated by the relevant separator.
Instead of using the %s token to parse an LDAP filter specification, you can also use the new token, %0, to encode the key buffer. The %0 token applies a literal meaning to LDAP special characters.
The following example shows how these tokens differ for a “*” lookup.
Table 24–18 Comparison of Tokens
LDAP Map Specification |
Specification Equivalent |
Result |
---|---|---|
-k"uid=%s" |
-k"uid=*" |
Matches any record with a user attribute |
-k"uid=%0" |
-k"uid=\2A" |
Matches a user with the name “*” |
The following table describes new LDAP map flags.
Table 24–19 New LDAP Map Flags
Flag |
Description |
---|---|
-1 |
Requires a single match to be returned. If more than one match is returned, the results are the equivalent of no records being found. |
-r never|always|search|find |
Sets the LDAP alias dereference option. |
-Z size |
Limits the number of matches to return. |