LDAP Changes since 8.9
- Map renamed from
ldapx to ldap
- Can now search for multiple attributes
- Use multiple attributes on the -v option, separated by commas
- Can now return multiple values
- Returns first matching value unless -z flag given with a separator to
use
- Support LDAP Authentication
- "None", "Simple", or "Kerberos IV"
- Can use LDAP for aliases
O AliasFile=ldap:-k (&(objectClass=mailAlias)(uid=%0)) -v "uniqueMember,uniqueAlias"
define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailAlias)(uid=%0)) -v "uniqueMember,uniqueAlias"')
- Sets
-z, automatically so multiple values are return as a
comma separated string
- Performance improvements
- Keep connections to LDAP server open instead of opening and closing for
each lookup.
- Cache connections such that multiple maps which use the same host,
port, bind DN, and authentication will only result in a single connection
to that host.
- Use asynchronous LDAP searches to save memory and network resources.
- New maps flags
- New option LDAPDefaultSpec (confLDAP_DEFAULT_SPEC) for setting defaults
for all LDAP maps
O LDAPDefaultSpec=-h ldap.example.net -b dc=example,dc=net
define(`confLDAP_DEFAULT_SPEC', `-h ldap.example.net -b dc=example,dc=net')
- NOTE: Must be set before any maps are declared
Next
Prev