On Mon, 2016-01-18 at 18:22 +0000, Jeremy Harris wrote: > Can you duplicate it with a two-line attribute (as opposed
> to "hundreds")?
I'll check. I'd assume that the answer is "yes", though.
> If it isn't giving Exim the data, hmm. I *assume* that attribute values
> in LDAP are allowed to have newlines in - but is there documentation
> anywhere saying one way or the other?
It's not that it's a multiline attribute per se, it's the LDIF format
response from ldapsearch that makes it appear that way - base64 encoded,
wrapped at 78 chars, CRLF-Space as the delimiter (a bit like SMTP
headers, in fact).
> You could rewrite that "ldap_get_values()" call, for which there's
> a "deprecated" note in my (Fedora 23) include file, with
> "ldap_get_values_len()" - which supports a binary interface for
> arbitrary byte-sequences. You'll need struct berval (lber.h)
> fore the pointer+length.
My brain hurts just reading that! I'll have a tinker though.
> What's your system type?
Oops, silly of me - CentOS 6 x86_64, openldap-devel-2.4.40.
EDIT: this *might* be a buffer length or string truncation problem. It
appears that anything below 256 chars works, but above that fails...