GROUP_TEMPLATES mapping table
GROUP_TEMPLATES mapping table provides a way to support multiple ways of defining group membership: it extends the
group_dn_template MTA option approach, allowing use of different "DN expansion templates" to combine with the values coming from the LDAP attributes named by the
ldap_group_dn2 MTA options.
The LDAP attributes named by the
ldap_group_dn2 MTA options are typically used to specify DNs, which are then expanded to find user entries using the URL template specified via the
group_dn_template MTA option. By setting a different sort of value for the
group_dn_template MTA option, a different sort of DN expansion approach could be used -- but it would then apply to all values of the LDAP attributes named by both
GROUP_TEMPLATES mapping table, in contrast, can select alternate expansion approaches based on LDAP attribute name and value, thereby allowing support for multiple, different ways of expanding DNs to determine group membership.
object-classes is a plus-separated list of the object classes associated with the current LDAP entry,
attribute-name is the name of the group "DN" attribute being expanded (i.e., the LDAP attribute name specified for either
attribute-value is that attribute's current value.
If the mapping sets the
$Y output flag, then the mapping output string will be used as the template for this attribute's expansion in place of using the value of
group_dn_template as the template. If the mapping sets the
$N output flag, then the attribute will be silently ignored.