Autor: Brian Candler Fecha: A: Tony Earnshaw Cc: exim-users Asunto: Re: [Exim] Documentation error - quote_ldap example
On Mon, Aug 19, 2002 at 03:34:16PM +0200, Tony Earnshaw wrote: > But if I change the auth condition to:
>
> server_condition = ${if ldapauth \
> {user="mail=${quote_ldap:$2},\
> ou=people,ou=groups,dc=billy,dc=demon,dc=nl" pass="$3"\
> ldap:///}{yes}{no}}
>
> Which I don't want and never use, testing with 'exim -bt' for anyone
> present in the ldap database, either with a local address, mail routing
> address or alias address, seems to work just as well:
>
> 'exim -bt members@???' (group alias)
Hmm. Looks like your LDAP server does URL-dequoting of bind DNs passed to
it. i.e. send 'mail=members%40billy.demon.nl,...' and it converts it to
'mail=members@???,...'
I am using openldap-2.0.25 and it doesn't do that. Also, I don't believe it
should, if I understand the specs correctly. After all, '%' is a perfectly
valid character within a DN.
I think the point still stands: exim should implement the 'right' way to
escape a string which forms a DN component. If you do quoting wrongly it may
work for most inputs, but when you get presented with one of the fatal
characters then you suffer the consequences.