A NOTE has been added to this issue. ====================================================================== http://dbmail.org/mantis/view.php?id=785 ====================================================================== Reported By: doker Assigned To: ====================================================================== Project: DBMail Issue ID: 785 Category: Authentication layer Reproducibility: always Severity: minor Priority: normal Status: new target: ====================================================================== Date Submitted: 11-Jun-09 09:22 CEST Last Modified: 11-Jun-09 13:02 CEST ====================================================================== Summary: ignored QUERY_STRING parameter Description: MSLdap windows 2003 server , dbmail-2.3.5_2 ############ dbmail.conf [DBMAIL] authdriver=ldap [LDAP] PORT = 389 VERSION = 3 HOSTNAME = dc1.domen.ru BIND_DN = CN=dbmail,OU=Services,DC=domen,DC=ru BIND_PW = 1234567 SCOPE = SubTree BASE_DN = OU=Users,DC=domen,DC=ru QUERY_STRING=(memberOf=CN=GMU,CN=Users,DC=shipyard-yantar,DC=ru) USER_OBJECTCLASS = person FIELD_PASSWD = userPassword FIELD_UID = sAMAccountName FIELD_NID = uSNCreated FIELD_CID = gidNumber FIELD_MAIL = userPrincipalName FIELD_QUOTA = mailQuota ################### when I try to get userlist the QUERY_STRING parameter is being totally ignored ############################ debug.log dbmail/pop3d[45007]: [0x288202e0] Debug:[auth] __auth_get_config(+83): key "QUERY_STRING" section "LDAP" var _ldap_cfg.query_string value [(memberOf=CN=GMU,CN=Users,DC=domen,DC=ru)] ############# ======================================================================
---------------------------------------------------------------------- (0002822) doker (reporter) - 11-Jun-09 09:25 http://dbmail.org/mantis/view.php?id=785#c2822 ---------------------------------------------------------------------- * QUERY_STRING=(memberOf=CN=GMU,CN=Users,DC=domen,DC=ru) ---------------------------------------------------------------------- (0002823) paul (administrator) - 11-Jun-09 09:45 http://dbmail.org/mantis/view.php?id=785#c2823 ---------------------------------------------------------------------- This is not a bug, but a feature. The query_string parameter is not used for filtering the list of users/forwards. It's only used during delivery. In your case, if you want to limit email delivery to the group mentioned in the filter you should use something like: query_string=(&(userPrincipleName=%s)(memberOf=CN=GMU,CN=Users,DC=domen,DC=ru)) assuming userPrincipleName contains a valid email address ---------------------------------------------------------------------- (0002824) doker (reporter) - 11-Jun-09 10:31 http://dbmail.org/mantis/view.php?id=785#c2824 ---------------------------------------------------------------------- we have followed your recommendations, but invoking "dbmail-users -l" results in displaying the list of all users (no matter if user belongs to GMU group or not) and authorisation through e-mail client is always successful even after removal of that user from the GMU group for your information: there is truncated string in debug.log : dbmail/pop3d[8403]: [0x288202e0] Debug:[auth] __auth_get_config(+83): key "QUERY_STRING" section "LDAP" var _ldap_cfg.query_string val ue [(&(userPrincipleName=%s)(memberOf=CN=GMU,CN=Users,DC ---------------------------------------------------------------------- (0002825) paul (administrator) - 11-Jun-09 10:56 http://dbmail.org/mantis/view.php?id=785#c2825 ---------------------------------------------------------------------- They maybe able to authenticate, but they wont be able to receive email. Point is dbmail doesn't support what you are trying to achieve (yet). You will have to use a subtree for your dbmail users, or use a objectclass to distinguish them from the other users. ---------------------------------------------------------------------- (0002826) doker (reporter) - 11-Jun-09 13:02 http://dbmail.org/mantis/view.php?id=785#c2826 ---------------------------------------------------------------------- >Point is dbmail doesn't support what you are trying to achieve (yet). Is it already planned to add support for this (during authorisation stage)? And if it is planned then do you know the release version or date? Issue History Date Modified Username Field Change ====================================================================== 11-Jun-09 09:22 doker New Issue 11-Jun-09 09:23 doker Issue Monitored: doker 11-Jun-09 09:24 doker Issue End Monitor: doker 11-Jun-09 09:25 doker Note Added: 0002822 11-Jun-09 09:38 doker Issue Monitored: doker 11-Jun-09 09:45 paul Note Added: 0002823 11-Jun-09 10:31 doker Note Added: 0002824 11-Jun-09 10:56 paul Note Added: 0002825 11-Jun-09 13:02 doker Note Added: 0002826 ====================================================================== _______________________________________________ Dbmail-dev mailing list Dbmail-dev@dbmail.org http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev
