4102 – Extended LDAP search functionality

Bug 4102 - Extended LDAP search functionality

Summary: Extended LDAP search functionality

Status:	NEW

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Tools (show other bugs)
Version:	3.0.2
Hardware:	PC Linux

Importance:	P4 enhancement
Target Milestone:	Future
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-01-25 06:59 UTC by Jonathan Parkin
Modified:	2005-04-30 12:42 UTC (History)
CC List:	0 users

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Proposed patch for bug 4102	patch			None	Jonathan Parkin
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jonathan Parkin 2005-01-25 06:59:49 UTC

This bug is similar to bug #3873

When a non-trivial number of domains/users with distinct SpamAssassin
preferences are held in LDAP doing an entire subtree search can be expensive,
especially if the users are not indexed by __USERNAME__.  A full subree search
on the attribute on __USERNAME__ is therefore undesirable is situations where
the full DN can be inferred from e.g. the email address of the recipient.

In order to enhance functionality there are two obvious methods:
1) Introduce more wildcards as per bug #3873.  We won't go into more information
here on this here.
2) Allow a full LDAP URL to be passed as the username.  This is the desired
result of this bug as it would allow the caller of spamc to determine the
relevant URL and then pass it as the user argument.

Comment 1 Jonathan Parkin 2005-01-25 07:08:16 UTC

Created attachment 2623 [details]
Proposed patch for bug 4102

This patch is one way to solve bug 4102.

Usage: 

1) Ensure spamd is being invoked with the --ldap-config and -x options
2) Define user_scores_dsn in your SpamAssassin configuration file.  This must
start 'ldap:' (without the quote marks).  I reccomend something obvious to
indicate this will be overidden, for example 'ldap:dynamic' or
'ldap:__USERNAME__'.  A better version of this patch would restrict this to a
given string.
3) Define user_scores_ldap_username and user_scores_ldap_password as normal.

When these changes are loaded this functionality can be made use of by using a
relevant LDAP URL (including host name), for example:

spamc -u
'ldap://ldap.example.org/dc=user1,dc=example,dc=org,o=myOrg?spamAssassinPrefs?base?(objectclass=top)'
< message

Comment 2 Jonathan Parkin 2005-01-25 07:09:48 UTC

> This patch is one way to solve bug 4102.

Sorry, forgot to mention that this should be applied to
Mail::SpamAssassin::Conf::LDAP.pm

Comment 3 Michael Parker 2005-01-25 09:17:10 UTC

Subject: Re:   New: Extended LDAP search functionality

> 2) Allow a full LDAP URL to be passed as the username.  This is the desired
> result of this bug as it would allow the caller of spamc to determine the
> relevant URL and then pass it as the user argument.

I'd have to look at this a littler closer, but there might be an
unwelcomed side effect of sending an LDAP URL as the username.  For
instance, how will bayes/AWL behave?  Both of those subsystems key on
the passed in username.

Michael