Alias file LDAP URL alias values

From Messaging Server Technical Reference Wiki
Jump to: navigation, search


An alias value (that is, the right hand side of an alias definition) may be specified either as an address directly, e.g., user@domain, or indirectly referencing an LDAP URL---specifically, an LDAP search URL---that returns one or more addresses. The format is

alias: <ldap-url

Note that this is just a special case of use of an LDAP URL for a mailing list definition, as mentioned in Alias file mailing list aliases: the LDAP query URL may be such as to return only one address rather than multiple addresses, and all of the optional mailing list parameters are omitted. Also note that if desiring to look up all incoming local channel addresses in an LDAP directory using some consistent addressing and URL format, it is generally simpler to configure such lookups globally using the alias_urlN options. However, the special case of looking up just a few individual local channel addresses in an LDAP directory via their own individual LDAP query URLs is of sufficient interest to warrant further discussion.

Standard LDAP URLs are used, typically with the host and port omitted; the host and part are instead typically specified with the ldap_host and ldap_port MTA options. (As of Messaging Server 7.0u4, the LDAP server host and port may instead be specified in the LDAP URL itself.) That is, the LDAP URL would typically be specified as


ldap:///dn[?attributes[?scope?filter]]

where the square bracket characters [ and ] shown above indicate optional portions of the URL. The dn is required and is a distinguished name specifying the search base. The optional attributes, scope, and filter portions of the URL further refine what information to return. For an alias, the desired attributes to specify returning would typically be the mail attribute (or some similar attribute). The scope may be any of base (the default), one, or sub. And the desired filter might be to request the return of any object that has the "objectclass=person" and "cn=John Smith" attribute-value pairs.

For instance, at a site domain.com with an LDAP server running on port 389 of the system ldap.domain.com, the MTA option file might have the lines


LDAP_HOST=ldap.domain.com 
LDAP_PORT=389 

set, and an alias file line might appear as:


John.Smith@domain.com: <ldap:///o=domain.com?mail?sub?(&(objectClass=person)(cn=John%20Smith)) 

The Unified Configuration equivalent would be:


msconfig> show ldap_host
role.mta.ldap_host = ldap.domain.com 
msconfig> show ldap_port
role.mta.ldap_port = 389
msconfig> set alias:John\.Smith@domain\.com.alias_entry '<ldap:///o=domain.com?mail?sub?(&(objectClass=person)(cn=John%20Smith)'
msconfig> show alias:John\.Smith@domain\.com
role.alias:John\.Smith@domain\.com.alias_entry = <ldap:///o=domain.com?mail?sub?(&(objectClass=person)(cn=John%20Smith))

Note that certain characters, such as for instance space characters, should be encoded in URLs according to the URL character encoding rules of RFC 1738.


See also: