RE: SigningTable and LDAP from Quanah Gibson-Mount on 2012-05-02 (OpenDKIM Users mailing list)

From: Quanah Gibson-Mount <quanah_at_zimbra.com>
Date: Wed, 02 May 2012 08:17:06 -0700

--On Wednesday, May 02, 2012 4:45 AM +0000 "Murray S. Kucherawy"
<msk_at_cloudmark.com> wrote:

>> -----Original Message-----
>> From: opendkim-users-bounce_at_lists.opendkim.org [mailto:opendkim-users-
>> bounce_at_lists.opendkim.org] On Behalf Of Quanah Gibson-Mount Sent:
>> Tuesday, May 01, 2012 9:13 PM
>> To: opendkim-users_at_lists.opendkim.org
>> Subject: SigningTable and LDAP
>>
>> Hi list,
>>
>> In looking at opendkim.conf(5) and the README file for using LDAP with
>> OpenDKIM, I'm not sure how you specify multiple LDAP URI's to the
>> SigningTable parameter.
>>
>> For example, most of our customers have multiple LDAP replicas. I
>> would want the SigningTable parameter to be able to reference any of
>> those replicas, for failover purposes.
>>
>> Do I specify SigningTable multiple times, once per ldap server? Or can
>> I provide the LDAP URI's multiple times with the SigningTable parameter?
>> Same goes for the KeyTable paramater.
>> [...]
>
> The latter. The code that parses the provided value splits them first on
> spaces and tabs, and what's between those delimiters is assumed to be an
> LDAP URI that it should use to contact a server. Order is preserved.
> They're all passed individually to ldap_is_ldap_url() first for a basic
> sanity check.
>
> One caveat is that we assume symmetry for the schemas for the various
> URIs provided. That is, we drop everything that's not part of the
> scheme://host:port and pass that list to ldap_initialize(); what's left
> is kept only from the first one and used to construct the actual queries
> when the time comes. Hopefully that's a sane assumption.
>> For example, would I want:
>>
>> SigningTable ldap://192.0.2.1/""?DKIMSelector?sub?(DKIMIdentity =$d)
>> ldap://192.0.2.2/""?DKIMSelector?sub?(DKIMIdentity=$d)
>>
>> or
>>
>> SigningTable ldap://192.0.2.1/""?DKIMSelector?sub?(DKIMIdentity=$d)
>> SigningTable ldap://192.0.2.2/""?DKIMSelector?sub?(DKIMIdentity=$d)
>
> The first one.

Perfect, thanks!

--Quanah

--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Received on Wed May 02 2012 - 15:17:27 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:39 PST