Re[2]: [Exim] Bug in quote_ldap?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
Mmichael at <-
MM 
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Peter A. Savitch
CC: Philip Hazel
Subject: Re[2]: [Exim] Bug in quote_ldap?
On Wed, 5 Jun 2002, Peter A. Savitch wrote: 

> 1. LDAP DN quoting and LDAP URL quoting are DIFFERENT things.
>    DN quoting is the "inner", URL is "outer" ones, Michael is right.

Well, that *sounds* like what I thought, but you sound as though you
disagree with me. So I'm still confused. Probably not enough vacation. :-)

I thought (a) you take your LDAP query and apply DN quoting. Then (b) you
apply URL quoting to that in order to include it in a URL. Here is an
extract from RFC 2255:

The next example illustrates the interaction between LDAP and URL
quoting mechanisms. 

     ldap://ldap.netscape.com/o=Babsco,c=US??(int=%5c00%5c00%5c00%5c04)


The filter in this example uses the LDAP escaping mechanism of \ to
encode three zero or null bytes in the value. In LDAP, the filter
would be written as (int=\00\00\00\04). Because the \ character must
be escaped in a URL, the \'s are escaped as %5c in the URL encoding.

That fits with the way I have always thought it should work.

There are certainly lots of sites using Exim with LDAP. Nobody has
previously raised this as an issue.

> 1. Is it possible (reasonable) to get the matched DN as a regular `dn'
> attribute from the result of lookup `ldap' instead of performing
> another `ldapdn' lookup ?

I don't know. I'd have to read the code, the LDAP manual, and think a
long time. It might be just as easy for you to do this. I am not an LDAP
person - most of the LDAP code has come from other people.

> 2. Philip, if You remember, I have sent You a message with some
> patching code regarding UNIX sockets for OpenLDAP2 (ldapi:// URL
> scheme). Have You read it?

No, I'm afraid it is still on my "incoming" list. I have been away a lot
and am still busy (course coming up, book being rewritten). It is
unlikely that I'll get to it for a while. I want to get 4.05
(maintenance release) out as soon as I can, and then in a month or so
put out a 4.10 maintenance release with an updated manual. *Then* I
might get round to looking at substantial new stuff. 

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Forged addresses from virus detectors[Exim] How to get Exim 4.04 to verify that a sender comes from our domain->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)