• NAME
• SYNOPSIS
• DESCRIPTION
• OPTIONS
• EXAMPLE
• COPYRIGHT

---

NAME

pmx-ldap-sync - Create a flat file list or map from an LDAP service.

---

SYNOPSIS

    pmx-ldap-sync --base DN --query QUERY --result ATTRIBUTES
                  [--result-filter EXPR] [--host LDAPHOST[:PORT]]
                  [--result-rhs ATTRIBUTES [--result-rhs-filter EXPR]]
                  [--page-size INT]
                  [--async] [--verbose]
                  [--bind-dn DN] [--bind-password PASSWORD]
                  [--ldap-version 2|3] [--scope base|one|sub]
                  FILENAME

    pmx-ldap-sync --help

---

DESCRIPTION

The pmx-ldap-sync program synchronizes data from an LDAP directory service with a plain text file. This file can be used as a PureMessage list or map.

Once the sync is complete, the local file (FILENAME) specified is atomically replaced using rename(). Therefore, the local file can be the list or map name. pmx-ldap-sync can run uninterrupted, without prompting the user for input (for example, it can be used as a scheduled job).

OPTIONS

--async

Performs all LDAP operations asynchronously.

--base DN

The Distinguished Name of the entries that must be queried. This is a required option.

--query QUERY

Specifies the RFC 2254-compliant LDAP search filter expression. The QUERY is responsible for selecting the set of records used for building the results. This is a required option.

--result ATTRIBUTES

One or more LDAP attributes that are used to build the results from the set of records selected by the QUERY. If there is more than one attribute, they can be either comma separated, or passed as more than one --result option.

The result from each record is a separate list item. Multiple results from each record are space separated but still result in a single list item.

--result-filter EXPR

A perl expression that is evaluated in list context for every result value. The value is available as $_ for use in the expression. The result of the expression is used in place of the value when creating the output file.

--result-rhs ATTRIBUTES

This has the same behavior as --result, but instead of creating a list, the results are used as the right-hand side of a map.

--result-rhs-filter EXPR

This has the same behavior as --result-filter, but it applies to --result-rhs instead of --result.

--page-size INT

Controls the number of results we ask the LDAP server for in each page of results. Defaults to 1000 results per page for LDAPv3 queries. Pass a value of 0 to disable paged results processing.

LDAPv2 and older do not support this option.

--host LDAPHOST[:PORT]

The fully qualified name of the LDAP server, optionally followed by a port number. Defaults to localhost:389 if unspecified.

More than one --host option may be specified. Each is tried in order until a connection is made.

--port PORT

The port number where the LDAP directory service is contacted. Defaults to 389 if unspecified.

--bind-dn DN

--bind-password PASSWORD

Bind credentials used to establish a connection to the server.

--bind-dn specifies the identity (in the form of a Distinguished Name) of someone who is authorized to query the LDAP server. This option is required if --bind-password is specified.

If --bind-password is not specified, an anonymous bind is attempted.

--scope base | one | sub

The type of search performed to locate records matching the query.

--ldap-version 2|3

Specifies the LDAP protocol version that the client should announce to the server. It can be 2 or 3. If not specified it defaults to 3.

--verbose

The LDAP records selected by the query are printed to stdout.

EXAMPLE

Creating a valid-users list

The following example shows how to create a list of valid email addresses. Such a list can be used in a PureMessage policy test to silently discard mail sent to invalid users (a common nuisance due to dictionary attacks by spammers).

    pmx-ldap-sync --base 'o=yourorg,c=US' --query '(&(mail=*)(paid=true)' \
                  --result 'mail,awaymail' valid-users

Another usage for the pmx-ldap-sync utility is to set the --result-filter option to add content to the result. The following example uses the --result-filter option in a sendmail access file generator:

    pmx-ldap-sync --base 'o=yourorg,c=US' --query '(&(mail=*)(paid=true))' \
                  --result 'mail' --result-filter 's,\z,\tOK,;$_' \
                  valid-users

---

COPYRIGHT

Copyright (C) 2000-2008 Sophos Group. All rights reserved. Sophos and PureMessage are trademarks of Sophos Plc and Sophos Group.

=cut