Closed schoerg closed 3 years ago
Try using
\40
to specify an @ sign, in an authldaprc setting. LDAP search strings use backslashes for escapes.
Thanks, I forgot to mention, I also tried to use \@
with no effect. Tried \40
but same, the "@" is not being transmitted.
\40
using emailmap search: (|(uid=demo2\40realmuserexample.com)(mailalternateaddress=demo2\40realm
It should not be transmitted. \xx is an escape sequence for special characters that gets interpreted by the LDAP server. See "The String Representation of LDAP Filters" at https://ldap.com/ldap-filters/, namely:
Although not required, you may escape any other characters that you want in the assertion value (or substring component) of a filter. This may be accomplished by prefixing the hexadecimal representation of each byte of the UTF-8 encoding of the character to escape with a backslash character. For example, if you wanted to escape the character ñ you would represent it as “\c3\b1”.
Hence, I would expect a search sequence of \40
to match the @
character. It wouldn't be too much trouble to add something here to explicitly insert the @
character, but I do think that this should work already, as specified.
You are right, \40 did work, there was an extra "@" character in the string.
Hi,
I have a mailserver where users can login with either a uid or their mail address. The authentication backend is LDAP.
This is the LDAP filter:
LDAP_EMAILMAP (|(uid=@user@@realm@)(mail=@user@@realm@)(mailalternateaddress=@user@@realm@))
This will lead to a search string like this: User:
demo2@example.com
authdaemond: using emailmap search: (|(uid=demo2example.com)(mail=demo2example.com)(mailalternateaddress=demo2example.com))
Which obviously doesn't work as the "@" sign is missing.
If I change the filter to:
LDAP_EMAILMAP (|(uid=@user@@@realm@)(mail=@user@@@realm@)(mailalternateaddress=@user@@@realm@))
This will lead to:
emailmap search: (|(uid=demo2realmuserexample.com)(mailalternateaddress=demo2realm
The "@" is replaced by "realmuser". Which also leads to LDAP errors. Same for \@ or '@' in the search string.
Digging into the source of
authldaplib.cpp
the problem seems to be inemailmap_replace
which is responsible for replacing@user@
to the actual user. There is no macro for the "@" sign.Possible solutions:
Replace the
@user@
delimiter to something that isn't a valid email character, maybe something like "§".Add something like this to
authldaplib.cpp
:And then be able to use
@at@
in the config file to add a literal "@" sign.Or is there another way to send the correct search query to the LDAP server?