SA Bugzilla – Bug 4102
Extended LDAP search functionality
Last modified: 2005-04-30 12:42:47 UTC
This bug is similar to bug #3873 When a non-trivial number of domains/users with distinct SpamAssassin preferences are held in LDAP doing an entire subtree search can be expensive, especially if the users are not indexed by __USERNAME__. A full subree search on the attribute on __USERNAME__ is therefore undesirable is situations where the full DN can be inferred from e.g. the email address of the recipient. In order to enhance functionality there are two obvious methods: 1) Introduce more wildcards as per bug #3873. We won't go into more information here on this here. 2) Allow a full LDAP URL to be passed as the username. This is the desired result of this bug as it would allow the caller of spamc to determine the relevant URL and then pass it as the user argument.
Created attachment 2623 [details] Proposed patch for bug 4102 This patch is one way to solve bug 4102. Usage: 1) Ensure spamd is being invoked with the --ldap-config and -x options 2) Define user_scores_dsn in your SpamAssassin configuration file. This must start 'ldap:' (without the quote marks). I reccomend something obvious to indicate this will be overidden, for example 'ldap:dynamic' or 'ldap:__USERNAME__'. A better version of this patch would restrict this to a given string. 3) Define user_scores_ldap_username and user_scores_ldap_password as normal. When these changes are loaded this functionality can be made use of by using a relevant LDAP URL (including host name), for example: spamc -u 'ldap://ldap.example.org/dc=user1,dc=example,dc=org,o=myOrg?spamAssassinPrefs?base?(objectclass=top)' < message
> This patch is one way to solve bug 4102. Sorry, forgot to mention that this should be applied to Mail::SpamAssassin::Conf::LDAP.pm
Subject: Re: New: Extended LDAP search functionality > 2) Allow a full LDAP URL to be passed as the username. This is the desired > result of this bug as it would allow the caller of spamc to determine the > relevant URL and then pass it as the user argument. I'd have to look at this a littler closer, but there might be an unwelcomed side effect of sending an LDAP URL as the username. For instance, how will bayes/AWL behave? Both of those subsystems key on the passed in username. Michael