A substitution of the form $]ldap-url[ is handled
specially. ldap-url is interpreted as an LDAP
query URL and the result of the LDAP query is substituted. Standard
LDAP URLs are used, with the host and port omitted; the host and port
are instead specified with the LDAP_HOST and LDAP_PORT PMDF options (see
Section 7.3.2 for further discussion of this option). That is, the LDAP
URL should be specified as
ldap:///dn[?attributes[?scope?filter]]where the square bracket characters
[ and
] shown above indicate optional portions of the
URL. The dn is required and is a distinguished
name specifying the search base. The optional
attributes, scope, and
filter portions of the URL further refine what
information to return. For a rewrite rule, the desired
attributes to specify returning might be a
mailRoutingSystem attribute (or some similar attribute).
The scope may be any of base (the
default), one, or sub. And the desired
filter might be to request the return of the
object whose mailDomain value matches the domain being
rewritten.
For instance, at a site acme.com with an LDAP server running on port 389 of the system ldap.acme.com, the PMDF option file might have the lines
LDAP_HOST=ldap.acme.com LDAP_PORT=389set, and if the LDAP directory schema includes attributes
mailRoutingSystem and mailDomain, then a
possible rewrite rule to determine to which system to route a given
sort of address might appear as:
.acme.com \
$U%$H$D@$]<ldap:///o=acme.com?mailRoutingSystem?sub?(mailDomain=$D)[
where here the LDAP URL substitution sequence $D is used
to substituted in the current domain name into the LDAP query
constructed; for ease in reading, the backslash character,
\, is used to continue the single logical rewrite rule
line onto a second physical line. See Table 3-1 for a full list of
the LDAP URL substitution sequences available.