Bug 4102

Summary: Extended LDAP search functionality
Product: Spamassassin Reporter: Jonathan Parkin <jonathanparkin>
Component: ToolsAssignee: SpamAssassin Developer Mailing List <dev>
Status: NEW ---    
Severity: enhancement    
Priority: P4    
Version: 3.0.2   
Target Milestone: Future   
Hardware: PC   
OS: Linux   
Whiteboard:
Attachments: Proposed patch for bug 4102

Description Jonathan Parkin 2005-01-25 06:59:49 UTC
This bug is similar to bug #3873

When a non-trivial number of domains/users with distinct SpamAssassin
preferences are held in LDAP doing an entire subtree search can be expensive,
especially if the users are not indexed by __USERNAME__.  A full subree search
on the attribute on __USERNAME__ is therefore undesirable is situations where
the full DN can be inferred from e.g. the email address of the recipient.

In order to enhance functionality there are two obvious methods:
1) Introduce more wildcards as per bug #3873.  We won't go into more information
here on this here.
2) Allow a full LDAP URL to be passed as the username.  This is the desired
result of this bug as it would allow the caller of spamc to determine the
relevant URL and then pass it as the user argument.
Comment 1 Jonathan Parkin 2005-01-25 07:08:16 UTC
Created attachment 2623 [details]
Proposed patch for bug 4102

This patch is one way to solve bug 4102.

Usage: 

1) Ensure spamd is being invoked with the --ldap-config and -x options
2) Define user_scores_dsn in your SpamAssassin configuration file.  This must
start 'ldap:' (without the quote marks).  I reccomend something obvious to
indicate this will be overidden, for example 'ldap:dynamic' or
'ldap:__USERNAME__'.  A better version of this patch would restrict this to a
given string.
3) Define user_scores_ldap_username and user_scores_ldap_password as normal.

When these changes are loaded this functionality can be made use of by using a
relevant LDAP URL (including host name), for example:

spamc -u
'ldap://ldap.example.org/dc=user1,dc=example,dc=org,o=myOrg?spamAssassinPrefs?base?(objectclass=top)'
< message
Comment 2 Jonathan Parkin 2005-01-25 07:09:48 UTC
> This patch is one way to solve bug 4102.

Sorry, forgot to mention that this should be applied to
Mail::SpamAssassin::Conf::LDAP.pm
Comment 3 Michael Parker 2005-01-25 09:17:10 UTC
Subject: Re:   New: Extended LDAP search functionality

> 2) Allow a full LDAP URL to be passed as the username.  This is the desired
> result of this bug as it would allow the caller of spamc to determine the
> relevant URL and then pass it as the user argument.

I'd have to look at this a littler closer, but there might be an
unwelcomed side effect of sending an LDAP URL as the username.  For
instance, how will bayes/AWL behave?  Both of those subsystems key on
the passed in username.

Michael