Hi,
just a small update on the {ldap:*} variable expansion an the objectGUID
binary attribute from Active Directory:
Dovecot is using OpenLDAP (e.g have a look at
https://github.com/dovecot/core/blob/main/src/lib-ldap/ldap-search.c).
However, I was not able to find a syntax to retrieve a string
representation (e.g. base64 encoded) of the objectGUID to prevent
problems like this:
> user_attrs = =home=/var/vmail/example.com/%{ldap:objectGUID;binary}
results in
$ doveadm user uTesting
> [...]
home /var/vmail/example.com/D ��N�AA_ O��
I currently think that hashing is the only workaround to use the only
stable identifier available in Active Directory in the home path.
Does anybody know if there is some documentation about the available
hashes and their behavior regarding binary data / mode? I could not find
more information about this on
https://doc.dovecot.org/configuration_manual/config_file/config_variables/#modifiers
I am afraid of hidden pitfalls like MD5 on BSD (without concept of
binary input mode) vs. Linux (where a binary flag is available) or some
implicit encoding voodoo, resulting in different hashes if I use
something like the following
user_attrs = =home=/var/vmail/example.com/%M{ldap:objectGUID;binary}
user_attrs = =home=/var/vmail/example.com/%{md5:ldap:objectGUID;binary}
--
Regards,
Andreas
foundata GmbH
Steinhäuserstr. 20
76135 Karlsruhe
Sitz der Gesellschaft: Karlsruhe
Registergericht: Amtsgericht Mannheim, HRB 714807
Geschäftsführer: Andreas Haerter
USt-IdNr.: DE284122682
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
