Canonicalsearchfilter Option

Introduced in release: 7.0.5

Updated in release: 8.0.2

The   Auth option value  is used when locating a user in an LDAP domain using the user&#x27;s canonical identity. When a user authenticates, a translation is done from authentication identity to canonical identity. With default settings there is no difference between these two identities and the search filters are the same. However, if a site wishes to have users authenticate using an attribute other than, then these identities can be different and thus different search filters are needed for authentication user lookup and canonical user lookup. The syntax is the same as  (see schema guide).

For Messaging Server 8.0.2, the default was changed to use %P as the attribute name instead of &#x27;uid&#x27;. The %P substitution refers to the LDAP attribute name specified by the ldap_permid option. This means it is only necessary to change the  option to control the canonical user identity.

The default value is: (&(%P=%U)(objectclass=inetmailuser))

See also:
 * ldap_schematag MTA Option
 * searchfilter Option
 * Auth options
 * ldap_uid MTA Option
 * ldap_permid Option
 * ldap_extid Option