Ldap uid invalid chars MTA option

Direct LDAP attribute interpretation MTA options:  (list of integers)
This option specifies the ASCII positions of those characters which are not allowed to appear in a  or permanent identifier. (The MTA unconditionally disallows all characters below position 32, so this option specifies the list of additional characters to disallow.) The default is 32,33,34,35,36,37,38,40,41,42,43,44,47,58,49,60,61,62,63,65,91,92,93,96,123,125,126 which corresponds to the characters $ ~=#&#x2a;+%!@,{}/\&#x3c;&#x3e;;:"`&#x5b;&#x5d;&?

(space character and dollar character have been swapped for readability). Furthermore, note that the Message Store code further enforces a restriction that the leading character of the  may not be a hyphen,. (This is to avoid ambiguity with IMAP ACL syntax.) Prior to Messaging Server 7.0.5, The MTA does not enforce this restriction, however.

Note that the  (synonym for  ) LDAP attribute was defined in RFC 1274, The COSINE and Internet X.500 Schema, as a   of length at most 256 characters. As of Messaging Server 7.0-0.04, the MTA checks that the  value  (more precisely, the value of the attribute named by the   MTA option) is no more 128 octets, and a longer value will result in the user entry being considered invalid. (This check is performed because various lower layer libraries have hard buffer limits that preclude longer s.) In general, because with Messaging Server the   is used not only for  logging in (a "computer system login name" is how RFC 1274 discussed  ), but also, in hashed form, to specify part of the file path for where user messages are stored, then Messaging Server needs additional restrictions on the uid so that the file path constructed using the uid is good and safe.

See also:
 * Direct LDAP attribute interpretation MTA options
 * Direct LDAP usergroup lookup MTA options
 * ldap_uid MTA Option
 * error_text_unknown_user MTA Option