Before modifying your LDAP directory, verify that changes will be compatible with other applications using the directory. You may prefer to modify the LDAP profile query and/or add new attributes than to modify existing structures that are used by other applications, in order to reduce the likelihood of disruption to other applications. For instructions on modifying schema or setting attribute values, consult the documentation for your specific LDAP server. |
Object type | Attribute | Value | Query result |
User Query Options | |||
User object classes such as inetOrgPerson, inetLocalMailRecipient, User, dominoPerson. | mail | A user’s email address. | Query compares the email address to the value of this attribute to find the matching user, and retrieve that user’s distinguished name (DN), which is the basis for most other LDAP profile queries. |
Group Query Options | |||
(Objects from User Query Options.) | gidNumber or memberOf | Varies by schema. Typically is either a group number or the distinguished name (DN) of the group. | Query retrieves the group name for any user defined by User Query Options. |
(Objects from User Query Options.) | mail | A user’s email address. | Query uses the DN retrieved from groupOwner to retrieve the email address of the user specified by that DN. |
User group object classes such as group or groupOfNames. | groupOwner | A user object’s DN. | Query retrieves the DN of a user object from the group defined in gidNumber or memberOf. |
User Authentication Options | |||
(Objects from User Query Options.) | userPassword | Any. | Query verifies user identity by binding with the user password for any user defined by User Query Options. |
User Alias Options | |||
Email alias object classes such as nisMailAlias, or user objects from User Query Options, depending on whether your schema resolves email aliases directly or indirectly, respectively. For details, see “Base DN”. | rfc822MailMember (for alias objects) or mail (for user objects) | Either the user name portion of an email address (e.g. user; for alias objects), or the entire email address (e.g. user@example.com; for user objects). | Query expands an alias to one or more user email addresses. If the alias is resolved directly, this query retrieves the email addresses from the alias object itself. If the alias is resolved indirectly, this query first queries the alias object for member attributes, then uses the DN of each member in a second query to retrieve the email addresses of those user objects. For details, see “Base DN”. |
User group object classes such as group or groupOfNames. User groups are not inherently associated with email aliases, but for some schemas, such as Microsoft ActiveDirectory, group objects play the role of email alias objects, and are used to indirectly resolve email aliases. For details, see “Base DN”. | member | A user object’s DN, or the DN of another alias object. | Query retrieves the DN of a user object that is a member of the group. This attribute is required only if aliases resolve to user email addresses indirectly. For details, see “Base DN”. |
Mail Routing Options | |||
(Objects from User Query Options.) | mailHost | A fully qualified domain name (FQDN) or IP address. | Query retrieves the fully qualified domain name (FQDN) or IP address of the mail server — sometimes also called the mail host — that stores email for any user defined by User Query Options. |
mailRoutingAddress | A user’s email address for a user account whose email is physically stored on mailHost. | Query retrieves the email address for a real account physically stored on mailHost for any user defined by User Query Options. | |
Scan Override Options | |||
(Objects from User Query Options.) | No default attribute name. | Varies by schema. May be: • TRUE, YES, 1, ENABLE or ENABLED (on) • FALSE, NO, 0, DISABLE, or DISABLED, or any other value not associated with “on” (off) | Query retrieves whether or not to perform antivirus processing for any user defined by User Query Options. |
No default attribute name. | Varies by schema. May be: • TRUE, YES, 1, ENABLE or ENABLED (on) • FALSE, NO, 0, DISABLE, or DISABLED, or any other value not associated with “on” (off) | Query retrieves whether or not to perform antispam processing for any user defined by User Query Options. | |
Address Mapping Options | |||
(Objects from User Query Options.) | No default attribute name. | A user’s internal email address. | Query retrieves the user’s internal email address |
No default attribute name. | A user’s external email address. | Query retrieves the user’s external email address. | |
Enable webmail password change | |||
(Objects from User Query Options.) | userPassword | Any. | Query, upon successful bind using the existing password, changes the password for any user defined by User Query Options. |