The following keywords configure LDAP lookups and replies.
When constructing a reply, join multiple occurrences of LDAP attribute with string. If this parameter is not defined, only first attribute will be returned.
Specifies LDAP filter. The pattern can use the usual variables (see expansion). For example:
database user ldap filter=(&(objectClass=posixAccount)(uid=$key))
There is no default for this option, so it is mandatory.
Replies are configured via the following three keywords:
Defines a positive reply string. It is used when the LDAP
lookup using the defined filter returned one or more objects. Only
the first returned object is used. The reply string can contain
smap variables ‘$db’, ‘$map’, and
‘$key’. It can also refer to values of any attribute from the
returned object using the variable notation. For example:
returns the string ‘OK’ followed by the value of the uid attribute.
The default positive reply string is ‘OK’.
Defines the negative reply string, which is used when the
LDAP lookup returns empy set of objects. The reply
string can contain the basic
smap variables ‘$db’,
‘$map’, and ‘$key’.
The default negative reply string is ‘NOTFOUND’.
Defines the string to be returned if the LDAP lookup fails.
The reply argument can contain the basic
variables ‘$db’, ‘$map’, and ‘$key’.
The default value is ‘NOTFOUND’.