Ldap group dn2 Option

Introduced in release: 7.0.5.31

The  MTA option names an LDAP attribute in which to store a list of DNs, or other identifiers, for group members.

The  MTA option names an LDAP attribute which may be placed on a group entry in LDAP as a way of  identifying members of the group. The  MTA option has no default. The purpose of the  MTA option, and whatever LDAP attribute it names, is  primarily to allow alternate  approaches to identifying group members, beyond the identification-via-DN typically achieved via the    LDAP attribute (more precisely, whatever LDAP attribute is named by the    MTA option) being expanded via the URL template specified via the   MTA option.

While the LDAP attribute named by   may be used to store a DN (like the default use of the LDAP attribute named by  ), more typically it would be used to store some other means of identifying members of a group, with the    mapping table then being configured to make "appropriate" use of the value of the LDAP attribute named by. For instance, if  ldap_group_dn2=listID and a  mapping table is configured as  GROUP_TEMPLATES ! Normal use of ldap_group_dn attribute uniqueMember &#x2a;&#x7c;uniqueMember&#x7c;&#x2a; $Yldap:///$A?mail?sub?(mail=&#x2a;) ! Find users who have a memberOf attribute set to the value of the group&#x27;s ! memberID attribute &#x2a;&#x7c;listID&#x7c;&#x2a;     $Yldap:///baseDN-of-users??sub?(memberOf=$$A) then "traditional" groups with membership defined via values of the  LDAP attribute will continue to work as always, while also allowing groups to have membership defined as "all users who have a   attribute value matching the group&#x27;s    attribute value".

Multiple values of the LDAP attribute named by  are allowed on a group entry, e.g., continuing the example above multiple    values would be allowed, but only one attribute name  may be specified as. Allowing the capability to have two differently named LDAP attributes, potentially expanded via different URL templates, is the reason why  exists in addition to.

As of Messaging Server 7.0.5 any mapping specified by the   MTA option will also be applied to the results produced by the    and   attributes.

See also:
 * Direct LDAP attribute name MTA options
 * group_dn_template MTA Option
 * GROUP_TEMPLATES mapping table
 * ldap_group_dn MTA Option
 * ldap_url_result_mapping MTA Option
 * ldap_use_async MTA Option
 * Indirect or alternate criteria for list membership