1LDAP_TABLE(5) File Formats Manual LDAP_TABLE(5)
2
6 ldap_table - Postfix LDAP client configuration
7
9 postmap -q "string" ldap:/etc/postfix/filename
10 postmap -q - ldap:/etc/postfix/filename <inputfile
12
14 The Postfix mail system uses optional tables for address rewriting or
15 mail routing. These tables are usually in dbm or db format.
16 Alternatively, lookup tables can be specified as LDAP databases.
18 In order to use LDAP lookups, define an LDAP source as a lookup table
20 in main.cf, for example:
21 alias_maps = ldap:/etc/postfix/ldap-aliases.cf
23 The file /etc/postfix/ldap-aliases.cf has the same format as the Post‐
25 fix main.cf file, and can specify the parameters described below. An
26 example is given at the end of this manual.
27 This configuration method is available with Postfix version 2.1 and
29 later. See the section "OBSOLETE MAIN.CF PARAMETERS" below for older
30 Postfix versions.
31 For details about LDAP SSL and STARTTLS, see the section on SSL and
33 STARTTLS below.
34
36 When using LDAP to store lists such as $mynetworks, $mydestination,
37 $relay_domains, $local_recipient_maps, etc., it is important to under‐
38 stand that the table must store each list member as a separate key. The
39 table lookup verifies the *existence* of the key. See "Postfix lists
40 versus tables" in the DATABASE_README document for a discussion.
41 Do NOT create tables that return the full list of domains in $mydesti‐
43 nation or $relay_domains etc., or IP addresses in $mynetworks.
44 DO create tables with each matching item as a key and with an arbitrary
46 value. With LDAP databases it is not uncommon to return the key itself.
47 For example, NEVER do this in a map defining $mydestination:
49 query_filter = domain=*
51 result_attribute = domain
52 Do this instead:
54 query_filter = domain=%s
56 result_attribute = domain
57
59 In the text below, default values are given in parentheses. Note:
60 don't use quotes in these variables; at least, not until the Postfix
61 configuration routines understand how to deal with quoted strings.
62 server_host (default: localhost)
64 The name of the host running the LDAP server, e.g.
65 server_host = ldap.example.com
67 Depending on the LDAP client library you're using, it should be
69 possible to specify multiple servers here, with the library try‐
70 ing them in order should the first one fail. It should also be
71 possible to give each server in the list a different port (over‐
72 riding server_port below), by naming them like
73 server_host = ldap.example.com:1444
75 With OpenLDAP, a (list of) LDAP URLs can be used to specify both
77 the hostname(s) and the port(s):
78 server_host = ldap://ldap.example.com:1444
80 ldap://ldap2.example.com:1444
81 All LDAP URLs accepted by the OpenLDAP library are supported,
83 including connections over UNIX domain sockets, and LDAP SSL
84 (the last one provided that OpenLDAP was compiled with support
85 for SSL):
86 server_host = ldapi://%2Fsome%2Fpath
88 ldaps://ldap.example.com:636
89 server_port (default: 389)
91 The port the LDAP server listens on, e.g.
92 server_port = 778
94 timeout (default: 10 seconds)
96 The number of seconds a search can take before timing out, e.g.
97 timeout = 5
99 search_base (No default; you must configure this)
101 The RFC2253 base DN at which to conduct the search, e.g.
102 search_base = dc=your, dc=com
104 With Postfix 2.2 and later this parameter supports the following
106 '%' expansions:
107 %% This is replaced by a literal '%' character.
109 %s This is replaced by the input key. RFC 2253 quoting is
111 used to make sure that the input key does not add unex‐
112 pected metacharacters.
113 %u When the input key is an address of the form user@domain,
115 %u is replaced by the (RFC 2253) quoted local part of the
116 address. Otherwise, %u is replaced by the entire search
117 string. If the localpart is empty, the search is sup‐
118 pressed and returns no results.
119 %d When the input key is an address of the form user@domain,
121 %d is replaced by the (RFC 2253) quoted domain part of
122 the address. Otherwise, the search is suppressed and re‐
123 turns no results.
124 %[SUD] For the search_base parameter, the upper-case equivalents
126 of the above expansions behave identically to their
127 lower-case counter-parts. With the result_format parame‐
128 ter (previously called result_filter see the OTHER OBSO‐
129 LETE FEATURES section and below), they expand to the cor‐
130 responding components of input key rather than the result
131 value.
132 %[1-9] The patterns %1, %2, ... %9 are replaced by the corre‐
134 sponding most significant component of the input key's
135 domain. If the input key is user@mail.example.com, then
136 %1 is com, %2 is example and %3 is mail. If the input key
137 is unqualified or does not have enough domain components
138 to satisfy all the specified patterns, the search is sup‐
139 pressed and returns no results.
140 query_filter (default: mailacceptinggeneralid=%s)
142 The RFC2254 filter used to search the directory, where %s is a
143 substitute for the address Postfix is trying to resolve, e.g.
144 query_filter = (&(mail=%s)(paid_up=true))
146 This parameter supports the following '%' expansions:
148 %% This is replaced by a literal '%' character. (Postfix 2.2
150 and later).
151 %s This is replaced by the input key. RFC 2254 quoting is
153 used to make sure that the input key does not add unex‐
154 pected metacharacters.
155 %u When the input key is an address of the form user@domain,
157 %u is replaced by the (RFC 2254) quoted local part of the
158 address. Otherwise, %u is replaced by the entire search
159 string. If the localpart is empty, the search is sup‐
160 pressed and returns no results.
161 %d When the input key is an address of the form user@domain,
163 %d is replaced by the (RFC 2254) quoted domain part of
164 the address. Otherwise, the search is suppressed and re‐
165 turns no results.
166 %[SUD] The upper-case equivalents of the above expansions behave
168 in the query_filter parameter identically to their
169 lower-case counter-parts. With the result_format parame‐
170 ter (previously called result_filter see the OTHER OBSO‐
171 LETE FEATURES section and below), they expand to the cor‐
172 responding components of input key rather than the result
173 value.
174 The above %S, %U and %D expansions are available with
176 Postfix 2.2 and later.
177 %[1-9] The patterns %1, %2, ... %9 are replaced by the corre‐
179 sponding most significant component of the input key's
180 domain. If the input key is user@mail.example.com, then
181 %1 is com, %2 is example and %3 is mail. If the input key
182 is unqualified or does not have enough domain components
183 to satisfy all the specified patterns, the search is sup‐
184 pressed and returns no results.
185 The above %1, ..., %9 expansions are available with Post‐
187 fix 2.2 and later.
188 The "domain" parameter described below limits the input keys to
190 addresses in matching domains. When the "domain" parameter is
191 non-empty, LDAP queries for unqualified addresses or addresses
192 in non-matching domains are suppressed and return no results.
193 NOTE: DO NOT put quotes around the query_filter parameter.
195 result_format (default: %s)
197 Called result_filter in Postfix releases prior to 2.2. Format
198 template applied to result attributes. Most commonly used to ap‐
199 pend (or prepend) text to the result. This parameter supports
200 the following '%' expansions:
201 %% This is replaced by a literal '%' character. (Postfix 2.2
203 and later).
204 %s This is replaced by the value of the result attribute.
206 When result is empty it is skipped.
207 %u When the result attribute value is an address of the form
209 user@domain, %u is replaced by the local part of the ad‐
210 dress. When the result has an empty localpart it is
211 skipped.
212 %d When a result attribute value is an address of the form
214 user@domain, %d is replaced by the domain part of the at‐
215 tribute value. When the result is unqualified it is
216 skipped.
217 %[SUD1-9]
219 The upper-case and decimal digit expansions interpolate
220 the parts of the input key rather than the result. Their
221 behavior is identical to that described with query_fil‐
222 ter, and in fact because the input key is known in ad‐
223 vance, lookups whose key does not contain all the infor‐
224 mation specified in the result template are suppressed
225 and return no results.
226 The above %S, %U, %D and %1, ..., %9 expansions are
228 available with Postfix 2.2 and later.
229 For example, using "result_format = smtp:[%s]" allows one to use
231 a mailHost attribute as the basis of a transport(5) table. After
232 applying the result format, multiple values are concatenated as
233 comma separated strings. The expansion_limit and size_limit pa‐
234 rameters explained below allow one to restrict the number of
235 values in the result, which is especially useful for maps that
236 should return a single value.
237 The default value %s specifies that each attribute value should
239 be used as is.
240 This parameter was called result_filter in Postfix releases
242 prior to 2.2. If no "result_format" is specified, the value of
243 "result_filter" will be used instead before resorting to the de‐
244 fault value. This provides compatibility with old configuration
245 files.
246 NOTE: DO NOT put quotes around the result format!
248 domain (default: no domain list)
250 This is a list of domain names, paths to files, or "type:table"
251 databases. When specified, only fully qualified search keys with
252 a *non-empty* localpart and a matching domain are eligible for
253 lookup: 'user' lookups, bare domain lookups and "@domain"
254 lookups are not performed. This can significantly reduce the
255 query load on the LDAP server.
256 domain = postfix.org, hash:/etc/postfix/searchdomains
258 It is best not to use LDAP to store the domains eligible for
260 LDAP lookups.
261 NOTE: DO NOT define this parameter for local(8) aliases.
263 This feature is available in Postfix 1.0 and later.
265 result_attribute (default: maildrop)
267 The attribute(s) Postfix will read from any directory entries
268 returned by the lookup, to be resolved to an email address.
269 result_attribute = mailbox, maildrop
271 Don't rely on the default value ("maildrop"). Set the result_at‐
273 tribute explicitly in all ldap table configuration files. This
274 is particularly relevant when no result_attribute is applicable,
275 e.g. cases in which leaf_result_attribute and/or terminal_re‐
276 sult_attribute are used instead. The default value is harmless
277 if "maildrop" is also listed as a leaf or terminal result attri‐
278 bute, but it is best to not leave this to chance.
279 special_result_attribute (default: empty)
281 The attribute(s) of directory entries that can contain DNs or
282 RFC 2255 LDAP URLs. If found, a recursive search is performed to
283 retrieve the entry referenced by the DN, or the entries matched
284 by the URL query.
285 special_result_attribute = memberdn
287 DN recursion retrieves the same result_attributes as the main
289 query, including the special attributes for further recursion.
290 URL processing retrieves only those attributes that are included
292 in both the URL definition and as result attributes (ordinary,
293 special, leaf or terminal) in the Postfix table definition. If
294 the URL lists any of the table's special result attributes,
295 these are retrieved and used recursively. A URL that does not
296 specify any attribute selection, is equivalent (RFC 2255) to a
297 URL that selects all attributes, in which case the selected at‐
298 tributes will be the full set of result attributes in the Post‐
299 fix table.
300 If an LDAP URL attribute-descriptor or the corresponding Postfix
302 LDAP table result attribute (but not both) uses RFC 2255
303 sub-type options ("attr;option"), the attribute requested from
304 the LDAP server will include the sub-type option. In all other
305 cases, the URL attribute and the table attribute must match ex‐
306 actly. Attributes with options in both the URL and the Postfix
307 table are requested only when the options are identical. LDAP
308 attribute-descriptor options are very rarely used, most LDAP
309 users will not need to concern themselves with this level of nu‐
310 anced detail.
311 terminal_result_attribute (default: empty)
313 When one or more terminal result attributes are found in an LDAP
314 entry, all other result attributes are ignored and only the ter‐
315 minal result attributes are returned. This is useful for dele‐
316 gating expansion of group members to a particular host, by using
317 an optional "maildrop" attribute on selected groups to route the
318 group to a specific host, where the group is expanded, possibly
319 via mailing-list manager or other special processing.
320 result_attribute =
322 terminal_result_attribute = maildrop
323 When using terminal and/or leaf result attributes, the re‐
325 sult_attribute is best set to an empty value when it is not
326 used, or else explicitly set to the desired value, even if it is
327 the default value "maildrop".
328 This feature is available with Postfix 2.4 or later.
330 leaf_result_attribute (default: empty)
332 When one or more special result attributes are found in a
333 non-terminal (see above) LDAP entry, leaf result attributes are
334 excluded from the expansion of that entry. This is useful when
335 expanding groups and the desired mail address attribute(s) of
336 the member objects obtained via DN or URI recursion are also
337 present in the group object. To only return the attribute values
338 from the leaf objects and not the containing group, add the at‐
339 tribute to the leaf_result_attribute list, and not the re‐
340 sult_attribute list, which is always expanded. Note, the default
341 value of "result_attribute" is not empty, you may want to set it
342 explicitly empty when using "leaf_result_attribute" to expand
343 the group to a list of member DN addresses. If groups have both
344 member DN references AND attributes that hold multiple string
345 valued rfc822 addresses, then the string attributes go in "re‐
346 sult_attribute". The attributes that represent the email ad‐
347 dresses of objects referenced via a DN (or LDAP URI) go in
348 "leaf_result_attribute".
349 result_attribute = memberaddr
351 special_result_attribute = memberdn
352 terminal_result_attribute = maildrop
353 leaf_result_attribute = mail
354 When using terminal and/or leaf result attributes, the re‐
356 sult_attribute is best set to an empty value when it is not
357 used, or else explicitly set to the desired value, even if it is
358 the default value "maildrop".
359 This feature is available with Postfix 2.4 or later.
361 scope (default: sub)
363 The LDAP search scope: sub, base, or one. These translate into
364 LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE, and LDAP_SCOPE_ONELEVEL.
365 bind (default: yes)
367 Whether or how to bind to the LDAP server. Newer LDAP implemen‐
368 tations don't require clients to bind, which saves time. Exam‐
369 ple:
370 # Don't bind
372 bind = no
373 # Use SIMPLE bind
374 bind = yes
375 # Use SASL bind
376 bind = sasl
377 Postfix versions prior to 2.8 only support "bind = no" which
379 means don't bind, and "bind = yes" which means do a SIMPLE bind.
380 Postfix 2.8 and later also supports "bind = SASL" when compiled
381 with LDAP SASL support as described in LDAP_README, it also adds
382 the synonyms "bind = none" and "bind = simple" for "bind = no"
383 and "bind = yes" respectively. See the SASL section below for
384 additional parameters available with "bind = sasl".
385 If you do need to bind, you might consider configuring Postfix
387 to connect to the local machine on a port that's an SSL tunnel
388 to your LDAP server. If your LDAP server doesn't natively sup‐
389 port SSL, put a tunnel (wrapper, proxy, whatever you want to
390 call it) on that system too. This should prevent the password
391 from traversing the network in the clear.
392 bind_dn (default: empty)
394 If you do have to bind, do it with this distinguished name. Ex‐
395 ample:
396 bind_dn = uid=postfix, dc=your, dc=com
398 With "bind = sasl" (see above) the DN may be optional for some
399 SASL mechanisms, don't specify a DN if not needed.
400 bind_pw (default: empty)
402 The password for the distinguished name above. If you have to
403 use this, you probably want to make the map configuration file
404 readable only by the Postfix user. When using the obsolete
405 ldap:ldapsource syntax, with map parameters in main.cf, it is
406 not possible to securely store the bind password. This is be‐
407 cause main.cf needs to be world readable to allow local accounts
408 to submit mail via the sendmail command. Example:
409 bind_pw = postfixpw
411 With "bind = sasl" (see above) the password may be optional for
412 some SASL mechanisms, don't specify a password if not needed.
413 cache (IGNORED with a warning)
415 cache_expiry (IGNORED with a warning)
417 cache_size (IGNORED with a warning)
419 The above parameters are NO LONGER SUPPORTED by Postfix. Cache
420 support has been dropped from OpenLDAP as of release 2.1.13.
421 recursion_limit (default: 1000)
423 A limit on the nesting depth of DN and URL special result attri‐
424 bute evaluation. The limit must be a non-zero positive number.
425 expansion_limit (default: 0)
427 A limit on the total number of result elements returned (as a
428 comma separated list) by a lookup against the map. A setting of
429 zero disables the limit. Lookups fail with a temporary error if
430 the limit is exceeded. Setting the limit to 1 ensures that
431 lookups do not return multiple values.
432 size_limit (default: $expansion_limit)
434 A limit on the number of LDAP entries returned by any single
435 LDAP search performed as part of the lookup. A setting of 0 dis‐
436 ables the limit. Expansion of DN and URL references involves
437 nested LDAP queries, each of which is separately subjected to
438 this limit.
439 Note: even a single LDAP entry can generate multiple lookup re‐
441 sults, via multiple result attributes and/or multi-valued result
442 attributes. This limit caps the per search resource utilization
443 on the LDAP server, not the final multiplicity of the lookup re‐
444 sult. It is analogous to the "-z" option of "ldapsearch".
445 dereference (default: 0)
447 When to dereference LDAP aliases. (Note that this has nothing do
448 with Postfix aliases.) The permitted values are those legal for
449 the OpenLDAP/UM LDAP implementations:
450 0 never
452 1 when searching
454 2 when locating the base object for the search
456 3 always
458 See ldap.h or the ldap_open(3) or ldapsearch(1) man pages for
460 more information. And if you're using an LDAP package that has
461 other possible values, please bring it to the attention of the
462 postfix-users@postfix.org mailing list.
463 chase_referrals (default: 0)
465 Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP version 3
466 support).
467 version (default: 2)
469 Specifies the LDAP protocol version to use.
470 debuglevel (default: 0)
472 What level to set for debugging in the OpenLDAP libraries.
473
475 If you're using the OpenLDAP libraries compiled with SASL support,
476 Postfix 2.8 and later built with LDAP SASL support as described in
477 LDAP_README can authenticate to LDAP servers via SASL.
478 This enables authentication to the LDAP server via mechanisms other
480 than a simple password. The added flexibility has a cost: it is no
481 longer practical to set an explicit timeout on the duration of an LDAP
482 bind operation. Under adverse conditions, whether a SASL bind times
483 out, or if it does, the duration of the timeout is determined by the
484 LDAP and SASL libraries.
485 It is best to use tables that use SASL binds via proxymap(8), this way
487 the requesting process can time-out the proxymap request. This also
488 lets you tailer the process environment by overriding the proxymap(8)
489 import_environment setting in master.cf(5). Special environment set‐
490 tings may be needed to configure GSSAPI credential caches or other SASL
491 mechanism specific options. The GSSAPI credentials used for LDAP
492 lookups may need to be different than say those used for the Postfix
493 SMTP client to authenticate to remote servers.
494 Using SASL mechanisms requires LDAP protocol version 3, the default
496 protocol version is 2 for backwards compatibility. You must set "ver‐
497 sion = 3" in addition to "bind = sasl".
498 The following parameters are relevant to using LDAP with SASL
500 sasl_mechs (default: empty)
502 Space separated list of SASL mechanism(s) to try.
503 sasl_realm (default: empty)
505 SASL Realm to use, if applicable.
506 sasl_authz_id (default: empty)
508 The SASL authorization identity to assert, if applicable.
509 sasl_minssf (default: 0)
511 The minimum required sasl security factor required to establish
512 a connection.
513
515 If you're using the OpenLDAP libraries compiled with SSL support, Post‐
516 fix can connect to LDAP SSL servers and can issue the STARTTLS command.
517 LDAP SSL service can be requested by using a LDAP SSL URL in the
519 server_host parameter:
520 server_host = ldaps://ldap.example.com:636
522 STARTTLS can be turned on with the start_tls parameter:
524 start_tls = yes
526 Both forms require LDAP protocol version 3, which has to be set explic‐
528 itly with:
529 version = 3
531 If any of the Postfix programs querying the map is configured in mas‐
533 ter.cf to run chrooted, all the certificates and keys involved have to
534 be copied to the chroot jail. Of course, the private keys should only
535 be readable by the user "postfix".
536 The following parameters are relevant to LDAP SSL and STARTTLS:
538 start_tls (default: no)
540 Whether or not to issue STARTTLS upon connection to the server.
541 Don't set this with LDAP SSL (the SSL session is setup automati‐
542 cally when the TCP connection is opened).
543 tls_ca_cert_dir (No default; set either this or tls_ca_cert_file)
545 Directory containing X509 Certification Authority certificates
546 in PEM format which are to be recognized by the client in
547 SSL/TLS connections. The files each contain one CA certificate.
548 The files are looked up by the CA subject name hash value, which
549 must hence be available. If more than one CA certificate with
550 the same name hash value exist, the extension must be different
551 (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search is performed in
552 the ordering of the extension number, regardless of other prop‐
553 erties of the certificates. Use the c_rehash utility (from the
554 OpenSSL distribution) to create the necessary links.
555 tls_ca_cert_file (No default; set either this or tls_ca_cert_dir)
557 File containing the X509 Certification Authority certificates in
558 PEM format which are to be recognized by the client in SSL/TLS
559 connections. This setting takes precedence over tls_ca_cert_dir.
560 tls_cert (No default; you must set this)
562 File containing client's X509 certificate to be used by the
563 client in SSL/ TLS connections.
564 tls_key (No default; you must set this)
566 File containing the private key corresponding to the above
567 tls_cert.
568 tls_require_cert (default: no)
570 Whether or not to request server's X509 certificate and check
571 its validity when establishing SSL/TLS connections. The sup‐
572 ported values are no and yes.
573 With no, the server certificate trust chain is not checked, but
575 with OpenLDAP prior to 2.1.13, the name in the server certifi‐
576 cate must still match the LDAP server name. With OpenLDAP 2.0.0
577 to 2.0.11 the server name is not necessarily what you specified,
578 rather it is determined (by reverse lookup) from the IP address
579 of the LDAP server connection. With OpenLDAP prior to 2.0.13,
580 subjectAlternativeName extensions in the LDAP server certificate
581 are ignored: the server name must match the subject CommonName.
582 The no setting corresponds to the never value of TLS_REQCERT in
583 LDAP client configuration files.
584 Don't use TLS with OpenLDAP 2.0.x (and especially with x <= 11)
586 if you can avoid it.
587 With yes, the server certificate must be issued by a trusted CA,
589 and not be expired. The LDAP server name must match one of the
590 name(s) found in the certificate (see above for OpenLDAP library
591 version dependent behavior). The yes setting corresponds to the
592 demand value of TLS_REQCERT in LDAP client configuration files.
593 The "try" and "allow" values of TLS_REQCERT have no equivalents
595 here. They are not available with OpenLDAP 2.0, and in any case
596 have questionable security properties. Either you want TLS veri‐
597 fied LDAP connections, or you don't.
598 The yes value only works correctly with Postfix 2.5 and later,
600 or with OpenLDAP 2.0. Earlier Postfix releases or later OpenLDAP
601 releases don't work together with this setting. Support for LDAP
602 over TLS was added to Postfix based on the OpenLDAP 2.0 API.
603 tls_random_file (No default)
605 Path of a file to obtain random bits from when /dev/[u]random is
606 not available, to be used by the client in SSL/TLS connections.
607 tls_cipher_suite (No default)
609 Cipher suite to use in SSL/TLS negotiations.
610
612 Here's a basic example for using LDAP to look up local(8) aliases. As‐
613 sume that in main.cf, you have:
614 alias_maps = hash:/etc/aliases,
616 ldap:/etc/postfix/ldap-aliases.cf
617 and in ldap:/etc/postfix/ldap-aliases.cf you have:
619 server_host = ldap.example.com
621 search_base = dc=example, dc=com
622 Upon receiving mail for a local address "ldapuser" that isn't found in
624 the /etc/aliases database, Postfix will search the LDAP server listen‐
625 ing at port 389 on ldap.example.com. It will bind anonymously, search
626 for any directory entries whose mailacceptinggeneralid attribute is
627 "ldapuser", read the "maildrop" attributes of those found, and build a
628 list of their maildrops, which will be treated as RFC822 addresses to
629 which the message will be delivered.
630
632 For backwards compatibility with Postfix version 2.0 and earlier, LDAP
633 parameters can also be defined in main.cf. Specify as LDAP source a
634 name that doesn't begin with a slash or a dot. The LDAP parameters
635 will then be accessible as the name you've given the source in its def‐
636 inition, an underscore, and the name of the parameter. For example, if
637 the map is specified as "ldap:ldapsource", the "server_host" parameter
638 below would be defined in main.cf as "ldapsource_server_host".
639 Note: with this form, the passwords for the LDAP sources are written in
641 main.cf, which is normally world-readable. Support for this form will
642 be removed in a future Postfix version.
643
645 For backwards compatibility with the pre 2.2 LDAP clients, result_fil‐
646 ter can for now be used instead of result_format, when the latter pa‐
647 rameter is not also set. The new name better reflects the function of
648 the parameter. This compatibility interface may be removed in a future
649 release.
650
652 postmap(1), Postfix lookup table manager
653 postconf(5), configuration parameters
654 mysql_table(5), MySQL lookup tables
655 pgsql_table(5), PostgreSQL lookup tables
656
658 Use "postconf readme_directory" or "postconf html_directory" to locate
659 this information.
660 DATABASE_README, Postfix lookup table overview
661 LDAP_README, Postfix LDAP client guide
662
664 The Secure Mailer license must be distributed with this software.
665
667 Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith Stevenson, LaM‐
668 ont Jones, Liviu Daia, Manuel Guesdon, Mike Mattice, Prabhat K Singh,
669 Sami Haahtinen, Samuel Tardieu, Victor Duchovni, and many others.
670 LDAP_TABLE(5)