You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by Turbo Fredriksson <tu...@bayour.com> on 2004/04/28 10:20:52 UTC

small nitpicking - LDAP 'driver'

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I discovered some small problems in the LDAP 'driver'.
Nothing major, just some small nitpicking...

1. The ldap/README doesn't state that you have to start
   spamd with the '--ldap-config -x' options. The manual
   does, but frankly. Who read manuals!? :)

   Oh, and the manual say 'only USEFUL with -x', leading
   to the missunderstanding that it SHOULD be possible
   to use '--ldap-config' without '-x' (which isn't the
   case). I.e. it's not a REQUIRENMENT to use '-x'...

   What should be done (if '-x' really is a REQUIRENMENT)
   is that '-x' is set automaticly (in the code etc) if
   '--ldap-config' is choosen...

2. lib/Mail/SpamAssassin/Conf/LDAP.pm
   a. The code should only do a non-anonymous bind if
      '$ldapuser' AND '$ldappass' is set. Latest OpenLDAP
      does not do a anonymous bind if a bind DN is supplied
      (you'll get a 'password missmatch' error returned).

      By default (don't know WHERE, just that it's done)
      'ldapuser' is set to 'user' or something even if
      'user_scores_ldap_{username,password}' is not availible
      in the config file (local.cf). Setting them to NULL
      doesn't help either, because the code say:

      ----- s n i p -----
      my $ldapuser = $main->{conf}->{user_scores_ldap_username};
      my $ldappass = $main->{conf}->{user_scores_ldap_password};
      [...]
      if (!defined($ldapuser) || !defined($ldappass)) {
      ----- s n i p -----

      Now, the two first lines MAKE the variables defined,
      but empty, so the anonymous bind won't happen! It will
      try to bind with a dummy DN (the 'user' above) but
      no password. Both the DN and password here is wrong,
      so there's an error when bind'ing...

   b. The debug line for the 'filter' option is to soon. It
      should be done AFTER the regexp to be really correct.

   c. I'm almost certain that if the 'filter' variable contains
      a space (or more), then it will have to be protected
      with ".

I'm including a patch that fixes these two problems. Apply at
will :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 <http://mailcrypt.sourceforge.net/>

iD8DBQFAj2lZmlWzPKccHgARAod+AJ9IHZqGV0pVoznP32cDSfEfpHhungCdG1jT
GuNEfpA87lX1IhxrFZzCKvg=
=wr1x
-----END PGP SIGNATURE-----

Re: small nitpicking - LDAP 'driver'

Posted by Daniel Quinlan <qu...@pathname.com>.

Please open a bug in bugzilla at bugzilla.spamassassin.org and attach
your patch there (using the "create a new attachment" link after the
bug has been opened).

Two separate bugs might make more sense since there are two problems
here.

Thanks!

-- 
Daniel Quinlan                     anti-spam (SpamAssassin), Linux,
http://www.pathname.com/~quinlan/    and open source consulting