GROUP_TEMPLATES mapping table

From Messaging Server Technical Reference Wiki
Jump to: navigation, search



The GROUP_TEMPLATES mapping table provides a way to support multiple ways of defining group membership: it extends the group_dn_template MTA option approach, allowing use of different "DN expansion templates" to combine with the values coming from the LDAP attributes named by the ldap_group_dn and ldap_group_dn2 MTA options.

The LDAP attributes named by the ldap_group_dn and ldap_group_dn2 MTA options are typically used to specify DNs, which are then expanded to find user entries using the URL template specified via the group_dn_template MTA option. By setting a different sort of value for the group_dn_template MTA option, a different sort of DN expansion approach could be used -- but it would then apply to all values of the LDAP attributes named by both ldap_group_dn and ldap_group_dn2. The GROUP_TEMPLATES mapping table, in contrast, can select alternate expansion approaches based on LDAP attribute name and value, thereby allowing support for multiple, different ways of expanding DNs to determine group membership.

When a GROUP_TEMPLATES mapping table exists, it will be probed each time a group has an LDAP attribute named by the ldap_group_dn or ldap_group_dn2 MTA option to expand. The probe form is:

object-classes|attribute-name|attribute-value

where object-classes is a plus-separated list of the object classes associated with the current LDAP entry, attribute-name is the name of the group "DN" attribute being expanded (i.e., the LDAP attribute name specified for either ldap_group_dn or ldap_group_dn2), and attribute-value is that attribute's current value.

If the mapping sets the $Y output flag, then the mapping output string will be used as the template for this attribute's expansion in place of using the value of group_dn_template as the template. If the mapping sets the $N output flag, then the attribute will be silently ignored.


See also: