You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2004/05/15 04:37:56 UTC
svn commit: rev 10667 - in incubator/spamassassin/trunk: ldap lib/Mail/SpamAssassin/Conf
Author: jm
Date: Fri May 14 19:37:55 2004
New Revision: 10667
Modified:
incubator/spamassassin/trunk/ldap/README
incubator/spamassassin/trunk/ldap/README.testing
incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Conf/LDAP.pm
Log:
bug 3322: fixed LDAP driver problems when there's no username/password, thanks to Turbo Fredriksson. also updated ldap/README.testing for Debian unstable.
Modified: incubator/spamassassin/trunk/ldap/README
==============================================================================
--- incubator/spamassassin/trunk/ldap/README (original)
+++ incubator/spamassassin/trunk/ldap/README Fri May 14 19:37:55 2004
@@ -15,9 +15,9 @@
SpamAssassin will check the global configuration file (ie. any file matching
/etc/mail/spamassassin/*.cf) for the following settings:
-user_scores_dsn ldap://host:port/dc=basedn,dc=de?attr?scope?uid=__USERNAME__
-user_scores_ldap_username bind dn
-user_scores_ldap_password password
+ user_scores_dsn ldap://host:port/dc=basedn,dc=de?attr?scope?uid=__USERNAME__
+ user_scores_ldap_username bind dn
+ user_scores_ldap_password password
The first option, user_scores_dsn, describes the data source name that will be
used to create the connection to your LDAP server. You have to write the DSN as
@@ -32,7 +32,7 @@
Examples:
- ldap://localhost:389/dc=koehntopp,dc=de?spamassassinconfig?sub?uid=__USERNAME__
+ ldap://localhost:389/dc=koehntopp,dc=de?spamassassin?sub?uid=__USERNAME__
ldap://localhost:389/o=stooges?spamassassin?sub?uid=__USERNAME__
@@ -44,9 +44,18 @@
Requirements
------------
-In order for SpamAssassin to work with your SQL database, you must have
+In order for SpamAssassin to work with your LDAP database, you must have
the perl Net::LDAP module installed. You'll also need the URI module.
+In order for spamd to use the LDAP driver, you will have to start spamd
+with the additional parameters '--ldap-config -x'.
+
+Each user that wants to utilise the SpamAssassin LDAP driver must add
+the 'spamassassin' attribute in their object (either manually or via the
+web interface of your making/choice) like this (see the file sa_test.ldif
+in this directory for a full database example):
+
+ spamassassin: add_header all Foo LDAP read
Database Schema
---------------
@@ -58,7 +67,7 @@
Here's an example for openldap's /etc/openldap/schema/inetorgperson.schema :
- # spamassassin
+ # SpamAssassin
# see http://SpamAssassin.org/ .
attributetype ( 2.16.840.1.113730.3.1.217
NAME 'spamassassin'
Modified: incubator/spamassassin/trunk/ldap/README.testing
==============================================================================
--- incubator/spamassassin/trunk/ldap/README.testing (original)
+++ incubator/spamassassin/trunk/ldap/README.testing Fri May 14 19:37:55 2004
@@ -1,7 +1,21 @@
-- install openldap server, using apt-get etc.
+How to enable the SpamAssassin LDAP self-test
+---------------------------------------------
-- Patch '/etc/openldap/schema/inetorgperson.schema' as follows:
+- install openldap server, using apt-get etc. On Debian (unstable),
+ that's done as follows:
+
+ sudo apt-get install slapd ldap-utils
+
+ Then enter an admin password.
+
+
+- Patch the 'inetorgperson.schema' file, found in the following locations:
+
+ Fedora Core 1: /etc/openldap/schema/inetorgperson.schema
+ Debian: /etc/ldap/schema/inetorgperson.schema
+
+ as follows:
--- /etc/openldap/schema/inetorgperson.schema.default 2003-10-23 07:26:01.000000000 -0700
+++ /etc/openldap/schema/inetorgperson.schema 2004-02-05 22:07:01.000000000 -0800
@@ -28,28 +42,65 @@
)
-- set up according to:
+- set up according to
+ http://yolinux.com/TUTORIALS/LinuxTutorialLDAP.html#TUTORIAL . To go into
+ some detail, here's what you need to do...
+
+
+- Edit the slapd.conf file, and add the "o=stooges" suffix, so that the LDIF
+ file we'll be using will be valid.
+
+ On Debian, this means changing the existing /etc/ldap/slapd.conf file
+ according to these substitutions:
+
+ s/"dc=jmason,dc=org"/"o=stooges"/g
+ s/"cn=admin,dc=jmason,dc=org"/"cn=StoogeAdmin,o=stooges"/g
- http://yolinux.com/TUTORIALS/LinuxTutorialLDAP.html#TUTORIAL
+ Also, add these two lines to set the "root" password so the LDIF file
+ can be loaded (ONLY FOR TESTING! DO NOT DO THIS ON A LIVE SERVER!):
- However, do not use "stooges.ldif"; use "sa_test.ldif" instead.
- (This LDIF file adds a "spamassassin" line to the "curley" user.)
+ rootdn "cn=StoogeAdmin,o=stooges"
+ rootpw secret1
- ldapadd -f sa_test.ldif -xv -D "cn=StoogeAdmin,o=stooges" \
+ On Fedora Core 1, you can use the file from
+ http://yolinux.com/TUTORIALS/OpenLDAP2.0-stooges-slapd.conf-sample.txt
+ pretty much as-is.
+
+
+- Next, create the storage directories:
+
+ sudo mkdir /var/lib/ldap/stooges /var/lib/ldap/fraternity
+ sudo chown ldap.ldap /var/lib/ldap/stooges [Fedora Core only]
+ sudo chown ldap.ldap /var/lib/ldap/fraternity [Fedora Core only]
+
+
+- And start the server:
+
+ sudo /etc/rc.d/init.d/ldap start [Fedora Core only]
+ sudo /etc/init.d/slapd start [Debian only]
+
+
+- Now load the LDIF data for our testing: (this LDIF file adds a "spamassassin"
+ line to the "curley" user.)
+
+ ldapadd -f ldap/sa_test.ldif -xv -D "cn=StoogeAdmin,o=stooges" \
-h 127.0.0.1 -w secret1
- install Net::LDAP using CPAN:
- perl -MCPAN -e shell
- install Net::LDAP
- quit
+ perl -MCPAN -e shell
+ install Convert::ASN1
+ install Net::LDAP
+ quit
- create the test flag file:
- touch t/do_ldap
+ touch t/do_ldap
+
+- now "make test" will test against the LDAP server as well. You can
+ also run "cd t; ./spamd_ldap.t" to run just that test directly.
-- now "make test" will test against the LDAP server as well.
Modified: incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Conf/LDAP.pm
==============================================================================
--- incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Conf/LDAP.pm (original)
+++ incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Conf/LDAP.pm Fri May 14 19:37:55 2004
@@ -112,24 +112,36 @@
my $scope = $uri->scope;
my $filter = $uri->filter;
my %extn = $uri->extensions; # unused
+
+ $filter =~ s/__USERNAME__/$username/g;
dbg("LDAP: host=$host, port=$port, base='$base', attr=${attr[0]}, scope=$scope, filter='$filter'");
my $main = $self->{main};
my $ldapuser = $main->{conf}->{user_scores_ldap_username};
my $ldappass = $main->{conf}->{user_scores_ldap_password};
- dbg("LDAP: user=".$main->{conf}->{user_scores_ldap_username});
- #dbg("LDAP: pass=".$main->{conf}->{user_scores_ldap_password});
+
+ if(!$ldapuser) {
+ undef($ldapuser);
+ } else {
+ dbg("LDAP: user='$ldapuser'");
+ }
+
+ if(!$ldappass) {
+ undef($ldappass);
+ } else {
+ # don't log this to avoid leaking sensitive info
+ # dbg("LDAP: pass='$ldappass'");
+ }
my $f_attribute = $attr[0];
my $ldap = Net::LDAP->new ("$host:$port", onerror => "warn");
- if (!defined($ldapuser) || !defined($ldappass)) {
+ if (!defined($ldapuser) && !defined($ldappass)) {
$ldap->bind;
} else {
$ldap->bind($ldapuser, password => $ldappass);
}
- $filter =~ s/__USERNAME__/$username/g;
my $result = $ldap->search( base => $base,
filter => $filter,
scope => $scope,