Re: ldap_table and insignificant spaces

Wed, 06 Mar 2013 01:23:48 -0800 

On Wed, Mar 06, 2013 at 03:51:28AM +0000, Viktor Dukhovni wrote:
> On Fri, Mar 01, 2013 at 03:19:42PM +0100, Bastian Blank wrote:
> > - The ldap server sanitices the query to (mail=t...@example.com) as
> >   mandated by RFC 4717, 4.2.3; it removes the insignificant space.
> I see the "insignificant space handling" defined in 4518 (referenced
> from 4517).
>       https://tools.ietf.org/html/rfc4518#section-2.6.1

I forgot that, yes.

> It seems to suggest that exact string matches should take the form
>       attr=<SPACE>value<SPACE>
> where any spaces inside the value are encoded as <SPACE><SPACE>.

This stunt is done to support working substring matches. It does not
help here and you can't trick it by adding more spaces.

> Is this backwards compatible with older LDAP servers that are not
> UTF-8 based?

LDAPv3 was always UTF-8 based.

> An easy way to achieve this would be:
>       query_filter = (mail = %s )
> if such spaces are not removed at a higher level by the LDAP library.
> Does this help?

No, this won't help, as the syntax rules will sanitize also the
additional spaces.

> > Not sure if something should be done about it. At least it is a
> > surprising outcome for a simple question; while both parties works
> > perfectly fine.
> Another thing that could help is if Postfix would use the "external"
> form of the address:
>       " test"@example.com
> with the quotes as the query string.

I don't think this would be a good idea. It still includes a N-to-1
mapping of spaces.

I think in this case all queries including spaces should be ignored by
ldap_table, because of the way LDAP works with them.

>                                      I seem to recall that this is
> already the case with lookup keys in virtual_alias_maps, but it
> may not be the case with other tables.

This makes sense. In my tests such addresses where not rewritten as
expected.

>                                        Which Postfix "mumble_maps"
> parameter are you using with LDAP?

transport, virtual_alias, virtual_alias_domains, virtual_mailbox,
virtual_mailbox_domains, relay_recipient, relay_domains

Bastian

-- 
All your people must learn before you can reach for the stars.
                -- Kirk, "The Gamesters of Triskelion", stardate 3259.2

Reply via email to