ldap (was ldapx)
LDAP stands for Lightweight Directory Access Protocol and provides access to a new service based on X.500. Additional information about LDAP is available from http://www.ldapman.org/.
ldap database-map type is used to look up
items in that directory service. (Prior to V8.10, this was called
ldapx to reflect its experimental condition at the
time. That prior name still works but is deprecated.) The
ldap database-map type is declared like this:
Kname ldap switches
Lookups via LDAP are defined entirely by the switches specified. To illustrate, consider the following X.500 entry:
cn=Full Name, o=Organization, c=US sn=Name uid=yourname email@example.com objectclass=person objectclass=deptperson
To look up a login name in this database and have the official email address for that user returned, you might use a declaration such as this:
Kgetname ldap -k"uid=%s" -v"mail" -hldap_host -b"o=Organization, c=US"
Here we use only three switches:
-k switch is in the form of an
ldap_search(3) filter. Here, the
key will replace the
then the whole expression will be searched using the new
-b switch is necessary if you wish to specify
the base from which to search.
-h switch is required to specify the host to
contact to perform the lookup.
-v switches are mandatory.
You can omit selected switches from the
configuration command by defining them with the
LDAPDefaultSpec option (LDAPDefaultSpec). In general, this ...