Okay, that helps. Now what's getting printed is the search base, not an
LDAP filter:
ou=dkim,dc=loopted,dc=com,o=internet
It sort of looks to me like dkimf_db_mkldapquery() is just copying the
lud_dn over the query and doing the substitution along the way. I hope
I'm not completely misunderstanding this and clouding things further,
but a query that works from ldapsearch(1) isn't working in querytest
mode, so something's definitely up.
On Thu, Feb 18, 2010 at 02:42:32PM -0800, Murray S. Kucherawy <msk_at_cloudmark.com> wrote:
> What you're printing is the template, not the result of the expansion. Change the printf() to output the value of "filter" instead, which contains (or should contain) the expansion of $d.
>
> Note that ldap_search_ext_s() receives "filter", not ldap->ldap_descr->lud_filter.
> ________________________________________
> From: opendkim-dev-bounce_at_lists.opendkim.org [opendkim-dev-bounce_at_lists.opendkim.org] On Behalf Of Mike Markley [mike_at_markley.org]
> Sent: Thursday, February 18, 2010 2:29 PM
> To: opendkim-dev_at_lists.opendkim.org
> Subject: Re: stupid question on LDAP support
>
> Already found the issue. The scan for $d/$D is only being done on the
> dn, not the filter. Murray, was that by design? I'd think (logically and
> based on your email describing the feature) that at least $d should work
> in filters, too.
>
> On Thu, Feb 18, 2010 at 02:24:33PM -0800, Mike Markley <mike_at_markley.org> wrote:
> > It doesn't look like $d is actually getting substituted correctly in
> > dkimf_db_mkldapquery(). I set up an environment for LDAP testing (don't mind
> > the cringeworthy top-level suffix; it's old):
> >
> > $ ldapsearch -x -h localhost -b 'ou=dkim,dc=loopted,dc=com,o=internet' -s sub '(&(objectClass=dkimSelector)(dkimDomain=loopted.com))'
> > # extended LDIF
> > #
> > # LDAPv3
> > # base <ou=dkim,dc=loopted,dc=com,o=internet> with scope subtree
> > # filter: (&(objectClass=dkimSelector)(dkimDomain=loopted.com))
> > # requesting: ALL
> > #
> >
> > # loopted.com, dkim, loopted, com, internet
> > dn: dkimDomain=loopted.com,ou=dkim,dc=loopted,dc=com,o=internet
> > objectClass: top
> > objectClass: dkimSelector
> > dkimDomain: loopted.com
> > dkimPrivateKey: MIICXgIBAAKBgQDYzxBeKD+FgzvApipGDFDy7d1PgM84CPafF70vC9Sf3aGY9i
> > [...]
> >
> > But opendkim -Q keeps not matching it. I threw in a quick printf("%s\n",
> > ldap->ldap_descr->lud_filter) right before ldap_search_ext(), and:
> > > ldap://localhost/ou=dkim,dc=loopted,dc=com,o=internet?dkimPrivateKey?sub?(&(objectClass=dkimDomain)(dkimDomain=$d))
> > lt-opendkim: enter `query/n' where `n' is number of fields to request
> > > loopted.com/1
> > (&(objectClass=dkimDomain)(dkimDomain=$d))
> > lt-opendkim: dkimf_db_get(): record not found
> >
> > I'll keep poking at it, but someone whose C is less rusty may very well
> > be able to spot a silly typo somewhere while I'm still trying to figure
> > it out.
>
> --
> Mike Markley <mike_at_markley.org>
>
> Women professionals do tend to over-compensate.
> - Dr. Elizabeth Dehaver, "Where No Man Has Gone Before",
> stardate 1312.9.
>
>
--
Mike Markley <mike_at_markley.org>
You canna change the laws of physics, Captain; I've got to have thirty minutes!
Received on Thu Feb 18 2010 - 22:48:28 PST