On 24/05/17 10:58, Daniel Betz wrote:
> i have an problem, which has to do with the change https://bugs.exim.org/show_bug.cgi?id=660
>
> My plan is to reduce LDAP queries and enable an admin password for mail accounts.
>
> The userPassword and adminPassword fields in ldap are base64 encoded sha512 crypt, which can include ","
> Problem is, that they get doubled by the patch above, although i have tried an other seperator like : LDAP_LOOKUP_USER_PLAIN = <\n ${lookup ldap.
> but the doubling of , is hardcoded into the source.
>
> Debug Log shows this:
>
> exim[13496]: 13506 LDAP value loop userPassword:{crypt}$6$,7_X.clF$OHzHUqADeV9ijFJn9EsB0LMp7iL7PYVNdjUtLblOvch9lGkv7G9jnvU.jUqWL61tg1352IMSVHtdJ0FUA1akT1
> exim[13496]: 13506 lookup yielded: id="4029359" objectClass="qmailUser,person" [...] userPassword="{crypt}$6$,,7_X.clF$OHzHUqADeV9ijFJn9EsB0LMp7iL7PYVNdjUtLblOvch9lGkv7G9jnvU.jUqWL61tg1352IMSVHtdJ0FUA1akT1"
>
> Here you can see the doubling of the ,, in the lookup. Therefore authentification with crypteq{} will fail.
http://exim.org/exim-html-current/doc/html/spec_html/ch-file_and_database_lookups.html#SECID71
"The listextract operator should be used to pick out individual values
of attributes, even when only a single value is expected."
--
Cheers,
Jeremy