You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2004/05/15 04:37:56 UTC

svn commit: rev 10667 - in incubator/spamassassin/trunk: ldap lib/Mail/SpamAssassin/Conf

Author: jm
Date: Fri May 14 19:37:55 2004
New Revision: 10667

Modified:
   incubator/spamassassin/trunk/ldap/README
   incubator/spamassassin/trunk/ldap/README.testing
   incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Conf/LDAP.pm
Log:
bug 3322: fixed LDAP driver problems when there's no username/password, thanks to Turbo Fredriksson.  also updated ldap/README.testing for Debian unstable.

Modified: incubator/spamassassin/trunk/ldap/README
==============================================================================
--- incubator/spamassassin/trunk/ldap/README	(original)
+++ incubator/spamassassin/trunk/ldap/README	Fri May 14 19:37:55 2004
@@ -15,9 +15,9 @@
 SpamAssassin will check the global configuration file (ie. any file matching
 /etc/mail/spamassassin/*.cf) for the following settings:
 
-user_scores_dsn ldap://host:port/dc=basedn,dc=de?attr?scope?uid=__USERNAME__
-user_scores_ldap_username	bind dn
-user_scores_ldap_password	password
+  user_scores_dsn ldap://host:port/dc=basedn,dc=de?attr?scope?uid=__USERNAME__
+  user_scores_ldap_username	bind dn
+  user_scores_ldap_password	password
 
 The first option, user_scores_dsn, describes the data source name that will be
 used to create the connection to your LDAP server. You have to write the DSN as
@@ -32,7 +32,7 @@
 
 Examples:
 
-  ldap://localhost:389/dc=koehntopp,dc=de?spamassassinconfig?sub?uid=__USERNAME__
+  ldap://localhost:389/dc=koehntopp,dc=de?spamassassin?sub?uid=__USERNAME__
   ldap://localhost:389/o=stooges?spamassassin?sub?uid=__USERNAME__
 
 
@@ -44,9 +44,18 @@
 Requirements
 ------------
 
-In order for SpamAssassin to work with your SQL database, you must have
+In order for SpamAssassin to work with your LDAP database, you must have
 the perl Net::LDAP module installed. You'll also need the URI module.
 
+In order for spamd to use the LDAP driver, you will have to start spamd
+with the additional parameters '--ldap-config -x'.
+
+Each user that wants to utilise the SpamAssassin LDAP driver must add
+the 'spamassassin' attribute in their object (either manually or via the
+web interface of your making/choice) like this (see the file sa_test.ldif
+in this directory for a full database example):
+
+  spamassassin: add_header all Foo LDAP read
 
 Database Schema
 ---------------
@@ -58,7 +67,7 @@
 
 Here's an example for openldap's /etc/openldap/schema/inetorgperson.schema :
 
-  # spamassassin
+  # SpamAssassin
   # see http://SpamAssassin.org/ .
   attributetype ( 2.16.840.1.113730.3.1.217
           NAME 'spamassassin'

Modified: incubator/spamassassin/trunk/ldap/README.testing
==============================================================================
--- incubator/spamassassin/trunk/ldap/README.testing	(original)
+++ incubator/spamassassin/trunk/ldap/README.testing	Fri May 14 19:37:55 2004
@@ -1,7 +1,21 @@
 
-- install openldap server, using apt-get etc.
+How to enable the SpamAssassin LDAP self-test
+---------------------------------------------
 
-- Patch '/etc/openldap/schema/inetorgperson.schema' as follows:
+- install openldap server, using apt-get etc.   On Debian (unstable),
+  that's done as follows:
+
+    sudo apt-get install slapd ldap-utils
+
+  Then enter an admin password.
+
+
+- Patch the 'inetorgperson.schema' file, found in the following locations:
+
+        Fedora Core 1: /etc/openldap/schema/inetorgperson.schema
+        Debian: /etc/ldap/schema/inetorgperson.schema
+
+  as follows:
 
 --- /etc/openldap/schema/inetorgperson.schema.default   2003-10-23 07:26:01.000000000 -0700
 +++ /etc/openldap/schema/inetorgperson.schema   2004-02-05 22:07:01.000000000 -0800
@@ -28,28 +42,65 @@
         )
 
 
-- set up according to:
+- set up according to
+  http://yolinux.com/TUTORIALS/LinuxTutorialLDAP.html#TUTORIAL . To go into
+  some detail, here's what you need to do...
+ 
+
+- Edit the slapd.conf file, and add the "o=stooges" suffix, so that the LDIF
+  file we'll be using will be valid.
+
+  On Debian, this means changing the existing /etc/ldap/slapd.conf file
+  according to these substitutions:
+
+    s/"dc=jmason,dc=org"/"o=stooges"/g
+    s/"cn=admin,dc=jmason,dc=org"/"cn=StoogeAdmin,o=stooges"/g
 
-  http://yolinux.com/TUTORIALS/LinuxTutorialLDAP.html#TUTORIAL
+  Also, add these two lines to set the "root" password so the LDIF file
+  can be loaded (ONLY FOR TESTING! DO NOT DO THIS ON A LIVE SERVER!):
 
-  However, do not use "stooges.ldif"; use "sa_test.ldif" instead.
-  (This LDIF file adds a "spamassassin" line to the "curley" user.)
+    rootdn      "cn=StoogeAdmin,o=stooges"
+    rootpw      secret1
 
-  ldapadd -f sa_test.ldif -xv -D "cn=StoogeAdmin,o=stooges" \
+  On Fedora Core 1, you can use the file from
+  http://yolinux.com/TUTORIALS/OpenLDAP2.0-stooges-slapd.conf-sample.txt 
+  pretty much as-is.
+
+
+- Next, create the storage directories:
+
+    sudo mkdir /var/lib/ldap/stooges /var/lib/ldap/fraternity
+    sudo chown ldap.ldap /var/lib/ldap/stooges    [Fedora Core only]
+    sudo chown ldap.ldap /var/lib/ldap/fraternity [Fedora Core only]
+
+
+- And start the server:
+
+    sudo /etc/rc.d/init.d/ldap start              [Fedora Core only]
+    sudo /etc/init.d/slapd start                  [Debian only]
+
+
+- Now load the LDIF data for our testing: (this LDIF file adds a "spamassassin"
+  line to the "curley" user.)
+
+    ldapadd -f ldap/sa_test.ldif -xv -D "cn=StoogeAdmin,o=stooges" \
 		-h 127.0.0.1 -w secret1
 
 
 - install Net::LDAP using CPAN:
 
-  perl -MCPAN -e shell
-  install Net::LDAP
-  quit
+    perl -MCPAN -e shell
+    install Convert::ASN1
+    install Net::LDAP
+    quit
 
 
 - create the test flag file:
 
-  touch t/do_ldap
+    touch t/do_ldap
+
 
+- now "make test" will test against the LDAP server as well.  You can
+  also run "cd t; ./spamd_ldap.t" to run just that test directly.
 
-- now "make test" will test against the LDAP server as well.
 

Modified: incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Conf/LDAP.pm
==============================================================================
--- incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Conf/LDAP.pm	(original)
+++ incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Conf/LDAP.pm	Fri May 14 19:37:55 2004
@@ -112,24 +112,36 @@
   my $scope  = $uri->scope;
   my $filter = $uri->filter;
   my %extn   = $uri->extensions; # unused
+
+  $filter =~ s/__USERNAME__/$username/g;
   dbg("LDAP: host=$host, port=$port, base='$base', attr=${attr[0]}, scope=$scope, filter='$filter'");
 
   my $main = $self->{main};
   my $ldapuser = $main->{conf}->{user_scores_ldap_username};
   my $ldappass = $main->{conf}->{user_scores_ldap_password};
-  dbg("LDAP: user=".$main->{conf}->{user_scores_ldap_username});
-  #dbg("LDAP: pass=".$main->{conf}->{user_scores_ldap_password});
+
+  if(!$ldapuser) {
+      undef($ldapuser);
+  } else {
+      dbg("LDAP: user='$ldapuser'");
+  }
+
+  if(!$ldappass) {
+      undef($ldappass);
+  } else {
+      # don't log this to avoid leaking sensitive info
+      # dbg("LDAP: pass='$ldappass'");
+  }
 
   my $f_attribute = $attr[0];
 
   my $ldap = Net::LDAP->new ("$host:$port", onerror => "warn");
-  if (!defined($ldapuser) || !defined($ldappass)) {
+  if (!defined($ldapuser) && !defined($ldappass)) {
     $ldap->bind;
   } else {
     $ldap->bind($ldapuser, password => $ldappass);
   }
 
-  $filter =~ s/__USERNAME__/$username/g;
   my $result = $ldap->search( base => $base,
 			      filter => $filter,
 			      scope => $scope,