|
GNU Mailutils |
General-Purpose Mail Package |
Official GNU Software |
ldap Statementldap {
# Enable LDAP lookups.
enable bool;
# Set URL of the LDAP server.
url url;
# Base DN for LDAP lookups.
base string;
# DN for accessing LDAP database.
binddn string;
# Password for use with binddn.
passwd string;
# Use TLS encryption.
tls bool;
# Set LDAP debugging level.
debug number;
# Set a field-map for parsing LDAP replies.
field-map list;
# LDAP filter to use for getpwnam requests.
getpwnam string;
# LDAP filter to use for getpwuid requests.
getpwuid filter;
}
The ldap statement configures the use of LDAP for authentication.
Enables LDAP lookups. If absent, ‘enable On’ is assumed.
Sets the URL of the LDAP server.
Defines base DN for LDAP lookups.
Defines the DN for accessing LDAP database.
Password for use when binding to the database.
Enable the use of TLS when connecting to the server.
Set LDAP debug level. Please refer to the OpenLDAP documentation, for allowed number values and their meaning.
Defines a map for parsing LDAP replies. The map is a list of mappings1. Each mapping is ‘field=value’, where field denotes a piece of authentication information and value describes how to obtain it.
Valid values for field are:
User name.
User password.
UID of the user.
GID of the primary group.
Textual description of the user.
User’s home directory
User’s shell program.
If value starts with a latin alphabet letter, it is taken to be the name of an LDAP attribute whose value is to supply the piece of information in question. For example, the default mapping is:
("name=uid",
"passwd=userPassword",
"uid=uidNumber",
"gid=gidNumber",
"gecos=gecos",
"dir=homeDirectory",
"shell=loginShell")
If value does not begin with a letter, it is a immediate value that supplies the needed piece of information. Prior to use, such values undergo quote removal, variable expansion and command substitution. These operations are described in detail in Configuration Variables. Any name of field can be used as a variable, provided that it refers to an LDAP attribute.2
The following example shows a field map that declares dir and
mailbox fields as immediate value, that are computed using the
value of the name field obtained from LDAP attribute
uid:
field-map (
"name=uid",
"passwd=userPassword",
"uid=uidNumber",
"gid=gidNumber",
"gecos=gecos",
"dir=/usr/home/$name",
"shell=loginShell",
"mailbox=\"maildir:/var/spool/mail/$name\""
);
Defines the LDAP filter to use for ‘getpwnam’ requests. The default is:
(&(objectClass=posixAccount) (uid=$user))
Defines the LDAP filter to use for ‘getpwuid’ requests. The default filter is:
(&(objectClass=posixAccount) (uidNumber=$user))
For backward compatibility, map can be a string containing colon-delimited list of mappings. Such usage is, however, deprecated.
The expansion goes in two stages: first, any fields that refer to LDAP attributes are expanded, and then immediate values are processed.
This document was generated on December 11, 2025 using makeinfo.
Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.