ldap (was ldapx)


LDAP stands for Lightweight Directory Access Protocol and provides access to a new service based on X.500. Additional information about LDAP is available from

The ldap database-map type is used to look up items in that directory service. (Prior to V8.10, this was called ldapx to reflect its experimental condition at the time. That prior name still works but is deprecated.) The ldap database-map type is declared like this:

Kname ldap  switches

Lookups via LDAP are defined entirely by the switches specified. To illustrate, consider the following X.500 entry:

cn=Full Name, o=Organization, c=US

To look up a login name in this database and have the official email address for that user returned, you might use a declaration such as this:

Kgetname ldap -k"uid=%s" -v"mail" -hldap_host -b"o=Organization, c=US"

Here we use only three switches:

  • The -k switch is in the form of an ldap_search(3) filter. Here, the key will replace the %s and then the whole expression will be searched using the new key.

  • The -b switch is necessary if you wish to specify the base from which to search.

  • The -h switch is required to specify the host to contact to perform the lookup.

The -k, -h, and -v switches are mandatory.

You can omit selected switches from the K configuration command by defining them with the LDAPDefaultSpec option (LDAPDefaultSpec). In general, this ...

Get Sendmail, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.