Ldap permid Base option

Direct LDAP attribute name Base options:  (LDAP attribute name)
The  base option names a user or group LDAP attribute that contains a permanent identifier for the user. The value of such an attribute will be used preferentially as the identifier for the user or group which is used for such purposes as:



 The unique name (or domain-qualified unique name) for the user in the message store. This includes delivery by ims_master or LMTP, as well as mailbox autocreation by popd, imapd or other store tools. 

 The canonical user name for authentication purposes. 

 The identifier associated with store access connections when using the  tool. 

 The identifier used when storing (but not when displaying or accessing) IMAP ACLs or shared folder user names. 

 May be part of the DN of the user&#x27;s entry in the LDAP directory. 



The use of the permanent identifier in constructing the user&#x27;s unique mailbox name in the message store means that attempting to change a user&#x27;s permanent identifier tends to be quite problematic (a change breaks access to the user&#x27;s old mailbox). So make every attempt to avoid changing the value of this attribute, value; use some other LDAP attribute for values subject to change (such as the user&#x27;s legal name, display name or login name) and leave the permanent identifier as an arbitrary, immutable identifier.

The attribute specified by the  option must be indexed in LDAP as it is used for canoncial user identity searches in LDAP.

In most cases, the value of the attribute named by the  MTA option will be used as the user or group permanent identifier if the attribute named by   is not present in the user or group entry. However, for canoncial identity search operations, such as those necessary for Cassandra store account auto-creation, the attribute named by  must be set for the correct LDAP entry to be found so autocreation can proceed.

See also:
 * ldap_uid MTA Option
 * ldap_extid Option
 * canonicalsearchfilter Option