-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I discovered some small problems in the LDAP 'driver'.
Nothing major, just some small nitpicking...
1. The ldap/README doesn't state that you have to start
spamd with the '--ldap-config -x' options. The manual
does, but frankly. Who read manuals!? :)
Oh, and the manual say 'only USEFUL with -x', leading
to the missunderstanding that it SHOULD be possible
to use '--ldap-config' without '-x' (which isn't the
case). I.e. it's not a REQUIRENMENT to use '-x'...
What should be done (if '-x' really is a REQUIRENMENT)
is that '-x' is set automaticly (in the code etc) if
'--ldap-config' is choosen...
2. lib/Mail/SpamAssassin/Conf/LDAP.pm
a. The code should only do a non-anonymous bind if
'$ldapuser' AND '$ldappass' is set. Latest OpenLDAP
does not do a anonymous bind if a bind DN is supplied
(you'll get a 'password missmatch' error returned).
By default (don't know WHERE, just that it's done)
'ldapuser' is set to 'user' or something even if
'user_scores_ldap_{username,password}' is not availible
in the config file (local.cf). Setting them to NULL
doesn't help either, because the code say:
----- s n i p -----
my $ldapuser = $main->{conf}->{user_scores_ldap_username};
my $ldappass = $main->{conf}->{user_scores_ldap_password};
[...]
if (!defined($ldapuser) || !defined($ldappass)) {
----- s n i p -----
Now, the two first lines MAKE the variables defined,
but empty, so the anonymous bind won't happen! It will
try to bind with a dummy DN (the 'user' above) but
no password. Both the DN and password here is wrong,
so there's an error when bind'ing...
b. The debug line for the 'filter' option is to soon. It
should be done AFTER the regexp to be really correct.
c. I'm almost certain that if the 'filter' variable contains
a space (or more), then it will have to be protected
with ".
I'm including a patch that fixes these two problems. Apply at
will :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 <http://mailcrypt.sourceforge.net/>
iD8DBQFAj2lZmlWzPKccHgARAod+AJ9IHZqGV0pVoznP32cDSfEfpHhungCdG1jT
GuNEfpA87lX1IhxrFZzCKvg=
=wr1x
-----END PGP SIGNATURE-----
diff -urN Mail-SpamAssassin-3.000000.orig/ldap/README Mail-SpamAssassin-3.000000/ldap/README
--- Mail-SpamAssassin-3.000000.orig/ldap/README Fri Mar 12 02:05:19 2004
+++ Mail-SpamAssassin-3.000000/ldap/README Tue Apr 27 10:28:02 2004
@@ -32,8 +32,8 @@
Examples:
- ldap://localhost:389/dc=koehntopp,dc=de?spamassassinconfig?sub?uid=__USERNAME__
- ldap://localhost:389/o=stooges?spamassassin?sub?uid=__USERNAME__
+ ldap://localhost:389/dc=koehntopp,dc=de?spamAssassin?sub?uid=__USERNAME__
+ ldap://localhost:389/o=stooges?spamAssassin?sub?uid=__USERNAME__
If the user_scores_dsn option does not exist, SpamAssassin will not attempt
@@ -44,9 +44,18 @@
Requirements
------------
-In order for SpamAssassin to work with your SQL database, you must have
+In order for SpamAssassin to work with your LDAP database, you must have
the perl Net::LDAP module installed. You'll also need the URI module.
+In order for spamd to use the LDAP driver, you will have to start spamd
+with the additional parameters '--ldap-config -x'.
+
+Each user that wants to utilise the spamassassin LDAP driver must add
+the 'spamAssassin' attribute in their object (either manually or via the
+web interface of your making/choice) like this (see the file sa_test.ldif
+in this directory for a full database example):
+
+ spamassassin: add_header all Foo LDAP read
Database Schema
---------------
@@ -61,7 +70,7 @@
# spamassassin
# see http://SpamAssassin.org/ .
attributetype ( 2.16.840.1.113730.3.1.217
- NAME 'spamassassin'
+ NAME 'spamAssassin'
DESC 'SpamAssassin user preferences settings'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
diff -urN Mail-SpamAssassin-3.000000.orig/lib/Mail/SpamAssassin/Conf/LDAP.pm Mail-SpamAssassin-3.000000/lib/Mail/SpamAssassin/Conf/LDAP.pm
--- Mail-SpamAssassin-3.000000.orig/lib/Mail/SpamAssassin/Conf/LDAP.pm Sat Apr 10 03:05:21 2004
+++ Mail-SpamAssassin-3.000000/lib/Mail/SpamAssassin/Conf/LDAP.pm Tue Apr 27 10:15:54 2004
@@ -112,26 +112,37 @@
my $scope = $uri->scope;
my $filter = $uri->filter;
my %extn = $uri->extensions; # unused
+
+ $filter =~ s/__USERNAME__/$username/g;
dbg("LDAP: host=$host, port=$port, base='$base', attr=${attr[0]}, scope=$scope, filter='$filter'");
my $main = $self->{main};
my $ldapuser = $main->{conf}->{user_scores_ldap_username};
my $ldappass = $main->{conf}->{user_scores_ldap_password};
- dbg("LDAP: user=".$main->{conf}->{user_scores_ldap_username});
- #dbg("LDAP: pass=".$main->{conf}->{user_scores_ldap_password});
+
+ if(!$ldapuser) {
+ undef($ldapuser);
+ } else {
+ dbg("LDAP: user='$ldapuser'");
+ }
+
+ if(!$ldappass) {
+ undef($ldappass);
+ } else {
+ dbg("LDAP: pass='$ldappass'");
+ }
my $f_attribute = $attr[0];
my $ldap = Net::LDAP->new ("$host:$port", onerror => "warn");
- if (!defined($ldapuser) || !defined($ldappass)) {
+ if (!defined($ldapuser) && !defined($ldappass)) {
$ldap->bind;
} else {
$ldap->bind($ldapuser, password => $ldappass);
}
- $filter =~ s/__USERNAME__/$username/g;
my $result = $ldap->search( base => $base,
- filter => $filter,
+ filter => "$filter",
scope => $scope,
attrs => [EMAIL PROTECTED]
);
