ldap (was ldapx)
LDAP stands for Lightweight Directory Access Protocol and provides access to a new service based on X.500. Additional information about LDAP is available from http://www.ldapman.org/.
ldap database-map type is used to look up
items in that directory service. (Prior to V8.10, this was called
ldapx to reflect its experimental condition at the
time. That prior name still works but is deprecated.) The
ldap database-map type is declared like this:
Kname ldap switches
Lookups via LDAP are defined entirely by the switches specified. To illustrate, consider the following X.500 entry:
cn=Full Name, o=Organization, c=US sn=Name uid=yourname firstname.lastname@example.org objectclass=person objectclass=deptperson
To look up a login name in this database and have the official email address for that user returned, you might use a declaration such as this:
Kgetname ldap -k"uid=%s" -v"mail" -hldap_host -b"o=Organization, c=US"
Here we use only three switches:
-kswitch is in the form of an
ldap_search(3) filter. Here, the key will replace the
%sand then the whole expression will be searched using the new key.
-bswitch is necessary if you wish to specify the base from which to search.
-hswitch is required to specify the host to contact to perform the lookup.
-v switches are mandatory.
You can omit selected switches from the
configuration command by defining them with the
LDAPDefaultSpec option (LDAPDefaultSpec). In general, this ...