You can use special variables in several places:
- namespace locations
- static userdb template string
- LDAP and SQL userdb query strings
- log prefix for imap/pop3 process
The variables are:
- %u - username
- %n - user part in user@domain, same as %u if there's no domain
- %d - domain part in user@domain, empty if user there's no domain
- %h - home directory
- %s - service (IMAP or POP3)
- %p - PID of the current process (login or imap/pop3 process)
- %l - local IP address
- %r - remote IP address
- %w - plaintext password from plaintext authentication mechanism
- %i - System UID of the user
You can apply a modifiers for each variable (eg. %Lp = pop3):
- %L - lowercase
- %U - uppercase
- %E - escape '"', "'" and '\' characters by inserting '\' before them.
- %R - reverse the string
- %H - take a 32bit hash of the variable and return it as hex. You can also limit the hash value. For example %256Hu gives values 0..ff. You might want padding also, so %2.256Hu gives 00..ff. This can be useful for example in dividing users automatically to multiple partitions. Note that if you're hashing usernames being in user@domain form, you probably want to reverse the string to get better hash value variety, eg. %3RHu.
- %M - return the string's MD5 sum
- %D - return "sub.domain.org" as "sub,dc=domain,dc=org" (for LDAP queries)
You can take a substring of the variable by giving optional offset followed by '.' and width after the '%' character. For example %2u gives first two characters of the username. %2.1u gives third character of the username.
If the offset is negative, it counts from the end, for example %-2.2i gives the UID mod 100 (last two characters of the UID printed in a string). If a positive offset points outside the value, empty string is returned, if a negative offset does then the string is taken from the start.
If the width is prefixed with zero, the string isn't truncated, but only padded with '0' character if the string is shorter. For example %04i may return "0001", "1000" and "12345". %1.04i for the same string would return "001", "000" and "2345".
For login_log_format_elements setting there are also these variables:
- %m - authentication method (eg. PLAIN)
- %c - SSL, TLS or empty