[exim-cvs] cvs commit: exim/exim-doc/doc-docbook spec.xfpt

Top Page
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: exim-cvs
Subject: [exim-cvs] cvs commit: exim/exim-doc/doc-docbook spec.xfpt
fanf2 2008/02/15 13:19:30 GMT

  Modified files:
    exim-doc/doc-docbook spec.xfpt 
  Log:
  Note an LDAP gotcha pointed out by Robert Bannocks.


  Revision  Changes    Path
  1.36      +12 -9     exim/exim-doc/doc-docbook/spec.xfpt


  Index: spec.xfpt
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-docbook/spec.xfpt,v
  retrieving revision 1.35
  retrieving revision 1.36
  diff -u -r1.35 -r1.36
  --- spec.xfpt    15 Feb 2008 13:13:43 -0000    1.35
  +++ spec.xfpt    15 Feb 2008 13:19:30 -0000    1.36
  @@ -1,4 +1,4 @@
  -. $Cambridge: exim/exim-doc/doc-docbook/spec.xfpt,v 1.35 2008/02/15 13:13:43 fanf2 Exp $
  +. $Cambridge: exim/exim-doc/doc-docbook/spec.xfpt,v 1.36 2008/02/15 13:19:30 fanf2 Exp $
   .
   . /////////////////////////////////////////////////////////////////////////////
   . This is the primary source of the Exim Manual. It is an xfpt document that is
  @@ -23571,17 +23571,20 @@
     driver = plaintext
     public_name = LOGIN
     server_prompts = Username:: : Password::
  -  server_condition = ${if ldapauth \
  -    {user="cn=${quote_ldap_dn:$auth1},ou=people,o=example.org" \
  -    pass=${quote:$auth2} \
  -    ldap://ldap.example.org/}}
  +  server_condition = ${if and{{
  +    !eq{}{$auth1} }{ \
  +    ldapauth{user="cn=${quote_ldap_dn:$auth1},ou=people,o=example.org" \
  +             pass=${quote:$auth2} \
  +             ldap://ldap.example.org/} }} }
     server_set_id = uid=$auth1,ou=people,o=example.org
   .endd
  -Note the use of the &%quote_ldap_dn%& operator to correctly quote the DN for
  -authentication. However, the basic &%quote%& operator, rather than any of the
  -LDAP quoting operators, is the correct one to use for the password, because
  -quoting is needed only to make the password conform to the Exim syntax. At the
  -LDAP level, the password is an uninterpreted string.
  +We have to check that the username is not empty before using it, because LDAP
  +does not permit empty DN components. We must also use the &%quote_ldap_dn%&
  +operator to correctly quote the DN for authentication. However, the basic
  +&%quote%& operator, rather than any of the LDAP quoting operators, is the
  +correct one to use for the password, because quoting is needed only to make
  +the password conform to the Exim syntax. At the LDAP level, the password is an
  +uninterpreted string.