On Apr 26, 2012, at 19.59, Wietse Venema wrote: > When the table is provided via other means such as NIS, LDAP or SQL, > the same lookups are done as for ordinary indexed files.
ok, thanks for the clarification. the impetus for this question - i was setting up check_ccert_access to use an ldap lookup, and was using an ldap attribute whose matching rules happened to be case sensitive. i'd copied/pasted the fingerprint from the log messages [uppercase] for the ldap attribute value. this introduced a bit of an incongruence in my testing with postmap, since i didn't then know that case was being folded. it also appears that case folding occurs during actual operation [e.g. not just with postmap]?: postfix log file: Apr 26 20:32:49 exo postfix/smtpd[10641]: unknown[50.33.151.70]: Trusted: subject_CN=msa.example.net, issuer=example corp, fingerprint=86:A5:5C:85:A3:98:2E:19:7A:54:57:99:76:9D:D5:A3:7E:46:85:C5 [...] Apr 26 20:32:49 exo postfix/smtpd[10641]: dict_ldap_lookup: /etc/postfix/tables/ccert_access.cf: Searching with filter (&?????(objectclass=mailserver)?????(certfingerprint=86:a5:5c:85:a3:98:2e:19:7a:54:57:99:76:9d:d5:a3:7e:46:85:c5)?????(memberof=cn=mail_relayers-hosts,ou=exo,ou=servers,ou=groups,dc=example,dc=net)????) slapd log file: Apr 26 20:19:32 exo slapd[8664]: conn=1107 op=2 SRCH base="ou=hosts,ou=mail,dc=example,dc=net" scope=2 deref=0 filter="(&(objectClass=mailServer)(certFingerprint=86:a5:5c:85:a3:98:2e:19:7a:54:57:99:76:9d:d5:a3:7e:46:85:c5)(memberOf=cn=mail_relayers-hosts,ou=exo,ou=servers,ou=groups,dc=example,dc=net))" in this particular case, i've accommodated for this on the ldap side, by modifying the attribute's matching rules to be case insensitive [and it makes more sense anyway for an attribute like this] - i'm wondering though if there might be value in not case folding ldap lookups. -ben
