Domain LDAP lookup rewrites

Domain LDAP lookup rewrites, $V, $Z
The  and   flags interpret the material following  (up to the first    or   character, or ,  ,  ,  , or  ) as a domain name to look up in the  LDAP directory; (in Schema 1, this would be a lookup in the DC tree within the directory; in Schema 2, domains are stored as part of the Organization tree so it is a lookup in the Organization tree). means succeed if the LDAP lookup of the domain succeeds (i.e., the domain is found, as a local/hosted/vanity domain). means succeed if the LDAP lookup of the domain fails (i.e., the domain is not a local/hosted/vanity  domain).

Note that the    utility, and in particular its   command, can be used to probe/check/list domain definitions stored in LDAP.

For instance, a typical Oracle Messaging Server MTA configuration will include a rewrite rule: $&#x2a;   $A$E$F$U%$H$V$H@local-channel-official-hostname where   corresponds to the value of. Note that this fundamental rewrite rule of Direct LDAP configuration makes use of the Initial match-all rule, [[Initial match-all rule#Initial_match-all_rule|Initial match-all rule, $&#x2a;]]#x2a;, so that it is the very first rewrite rule checked for any domain name appearing to the right of the  sign ($A control sequence) in an envelope To address  ($E and $F control sequences).

Note that in Unified Configuration, this same rewrite rule would typically be expressed using the    substitution, so appear as: msconfig&#x3e; show rewrite &#x2a; "$&#x2a;" role.rewrite.rule = $&#x2a; $A$E$F$U%$H$V$H@&/IMTA_HOST/ The LDAP server to query, as well as other basic LDAP query parameters relevant in domainMap lookups, are controlled by certain MTA options  and/or (in legacy configuration)   parameters; see  Basic configuration settings relevant to domain LDAP lookups. The MTA options, if explicitly set, take precedence over (override) their corresponding  configutil parameters.

+The  base option (Unified Configuration) or   parameter (legacy configuration) is a global default for all searches done  through the LDAP pool API, including those done by the MTA.

++The MTA option  defaults to the value of the   base option,  which in turn defaults, if not set, to the loopback interface.

Compare this Basic configuration settings relevant to domain LDAP lookups with Table of Basic configuration settings relevant to alias LDAP lookups.

The  and    MTA options further affect  domain lookups, with   potentially specifying an  additional lookup to look for vanity domains (which are not real  domains), and with   controlling things such as whether if  a subdomain is not found, the MTA then looks instead for the domain  "over" the subdomain.

If a   or   lookup attempt encounters an LDAP error condition (such  as the LDAP directory being temporarily inaccessible), then the MTA  option     specifies what the MTA will  take to be the rewriting process result. The default value for   means that LDAP error conditions will result in messages  being diverted to the reprocess channel  for additional subsequent  rewriting and lookup attempts.

The results of a domain name lookup due to a  and    flag will be cached;  that is, the MTA caches not only whether the domain name lookup  was successful, but also (in the case of a successful lookup) any  attribute values successfully returned. In its queries, the MTA can request that successful lookups return either all attributes for the  domain, or instead request an explicit list of "known to the MTA  attributes" (see the per-domain attributes in  Table of MTA LDAP attribute name options);  note  that for some directory setups, there may be an LDAP directory  performance difference between requesting all attributes or requesting  an explicit (even large explicit) list of attributes. Whether domain name lookup requests are for all attributes, or a list of known  attributes, is controlled by the    MTA option;  the default is to request the return of all  domain attributes. For control of domain name lookup result caching at the MTA-level, see the    and   MTA options; note that the underlying domain Map code also does its own caching, with timeout (when called by the MTA) controlled by the   MTA option.

See also:
 * test -domain_map utility
 * official_host_name Option
 * Overview of Direct LDAP configuration
 * Initial match-all rule
 * Host location-specific rewrites
 * Address direction and location-specific rewrites
 * Special symbolic names
 * ugldaphost Option
 * ldap_host MTA Option
 * ugldapport Option
 * ldap_port MTA Option
 * ldapsearchtimeout Option
 * ldap_timeout MTA Option
 * ugldapbinddn Option
 * ldap_username MTA Option
 * ugldapbindcred Option
 * ldap_password MTA Option
 * ugldapusessl Option
 * ldaprequiretls Option
 * ldap_max_connections MTA Option
 * defaultdomain Option
 * ldap_default_domain MTA Option
 * dcroot Option
 * ldap_domain_root MTA Option
 * ldap_schematag MTA Option
 * ldap_domain_filter_schema1 Option
 * ldap_domain_filter_schema2 Option
 * ldap_domain_known_attributes Option
 * domain_match_url MTA Option
 * domain_uplevel MTA Option
 * domain_failure MTA Option
 * ldap_domain_timeout Option
 * domain_match_cache_size MTA Option
 * domain_match_cache_timeout MTA Option
 * Process and reprocess channels
 * Rewrite rule template substitutions and control sequences