RE: stupid question on LDAP support

From: Murray S. Kucherawy <msk_at_cloudmark.com>
Date: Thu, 18 Feb 2010 14:42:32 -0800

What you're printing is the template, not the result of the expansion. Change the printf() to output the value of "filter" instead, which contains (or should contain) the expansion of $d.

Note that ldap_search_ext_s() receives "filter", not ldap->ldap_descr->lud_filter.
________________________________________
From: opendkim-dev-bounce_at_lists.opendkim.org [opendkim-dev-bounce_at_lists.opendkim.org] On Behalf Of Mike Markley [mike_at_markley.org]
Sent: Thursday, February 18, 2010 2:29 PM
To: opendkim-dev_at_lists.opendkim.org
Subject: Re: stupid question on LDAP support

Already found the issue. The scan for $d/$D is only being done on the
dn, not the filter. Murray, was that by design? I'd think (logically and
based on your email describing the feature) that at least $d should work
in filters, too.

On Thu, Feb 18, 2010 at 02:24:33PM -0800, Mike Markley <mike_at_markley.org> wrote:
> It doesn't look like $d is actually getting substituted correctly in
> dkimf_db_mkldapquery(). I set up an environment for LDAP testing (don't mind
> the cringeworthy top-level suffix; it's old):
>
> $ ldapsearch -x -h localhost -b 'ou=dkim,dc=loopted,dc=com,o=internet' -s sub '(&(objectClass=dkimSelector)(dkimDomain=loopted.com))'
> # extended LDIF
> #
> # LDAPv3
> # base <ou=dkim,dc=loopted,dc=com,o=internet> with scope subtree
> # filter: (&(objectClass=dkimSelector)(dkimDomain=loopted.com))
> # requesting: ALL
> #
>
> # loopted.com, dkim, loopted, com, internet
> dn: dkimDomain=loopted.com,ou=dkim,dc=loopted,dc=com,o=internet
> objectClass: top
> objectClass: dkimSelector
> dkimDomain: loopted.com
> dkimPrivateKey: MIICXgIBAAKBgQDYzxBeKD+FgzvApipGDFDy7d1PgM84CPafF70vC9Sf3aGY9i
> [...]
>
> But opendkim -Q keeps not matching it. I threw in a quick printf("%s\n",
> ldap->ldap_descr->lud_filter) right before ldap_search_ext(), and:
> > ldap://localhost/ou=dkim,dc=loopted,dc=com,o=internet?dkimPrivateKey?sub?(&(objectClass=dkimDomain)(dkimDomain=$d))
> lt-opendkim: enter `query/n' where `n' is number of fields to request
> > loopted.com/1
> (&(objectClass=dkimDomain)(dkimDomain=$d))
> lt-opendkim: dkimf_db_get(): record not found
>
> I'll keep poking at it, but someone whose C is less rusty may very well
> be able to spot a silly typo somewhere while I'm still trying to figure
> it out.

--
Mike Markley <mike_at_markley.org>
Women professionals do tend to over-compensate.
- Dr. Elizabeth Dehaver, "Where No Man Has Gone Before",
  stardate 1312.9.
Received on Thu Feb 18 2010 - 22:44:22 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:32:52 PST