Re: [exim-dev] LDAP multiline attribute oddity

Top Page
Delete this message
Reply to this message
Author: Graeme Fowler
Date:  
To: exim-dev
Subject: Re: [exim-dev] LDAP multiline attribute oddity
On Mon, 2016-01-18 at 18:22 +0000, Jeremy Harris wrote:
> Can you duplicate it with a two-line attribute (as opposed
> to "hundreds")?


I'll check. I'd assume that the answer is "yes", though.

> If it isn't giving Exim the data, hmm. I *assume* that attribute values
> in LDAP are allowed to have newlines in - but is there documentation
> anywhere saying one way or the other?


It's not that it's a multiline attribute per se, it's the LDIF format
response from ldapsearch that makes it appear that way - base64 encoded,
wrapped at 78 chars, CRLF-Space as the delimiter (a bit like SMTP
headers, in fact).

> You could rewrite that "ldap_get_values()" call, for which there's
> a "deprecated" note in my (Fedora 23) include file, with
> "ldap_get_values_len()" - which supports a binary interface for
> arbitrary byte-sequences. You'll need struct berval (lber.h)
> fore the pointer+length.


My brain hurts just reading that! I'll have a tinker though.

> What's your system type?


Oops, silly of me - CentOS 6 x86_64, openldap-devel-2.4.40.

EDIT: this *might* be a buffer length or string truncation problem. It
appears that anything below 256 chars works, but above that fails...

More later.

Graeme