Your message dated Tue, 19 Aug 2025 14:15:08 -0700
with message-id <3757217.l52yBJDM9G@soren-desktop>
and subject line courier-authlib-ldap: OR condition between LDAP_MAIL and
LDAP_FILTER
has caused the Debian Bug report #522902,
regarding courier-authlib-ldap: OR condition between LDAP_MAIL and LDAP_FILTER
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
522902: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522902
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: courier-authlib-ldap
Version: 0.61.0-1+lenny1
Severity: wishlist
Hello,
I've noticed, that I cannot do search filter using OR condition. I got
some student:
# rokzaka, Students, ktu.lt
dn: uid=rokzaka,ou=Students,dc=ktu,dc=lt
uid: rokzaka
cn:: Um9rYXMgWmFrYXJldmnEjWl1cw==
givenName: Rokas
sn:: WmFrYXJldmnEjWl1cw==
mailOriginal: [email protected]
mailRoutingAddress: [email protected]
loginShell: /usr/lib/sftp-server
uidNumber: 60648
gidNumber: 100
asmensKodas: 38306290339
homeDirectory: /users2/rokzaka/./
mailDir: /var/mail/rokzaka
gecos: Rokas Zakarevicius
pazNumeris: 66945
objectClass: radiusprofile
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: localObject
mailLocalAddress: [email protected]
mail: [email protected]
pswKlausimas: Kokia Jusu mamos mergautine pavarde?
pswAtsakymas: Katauskyte
mailAlias: [email protected]
dialupAccess: TRUE
radiusTunnelPassword: 0xDBA4BCC2770500130FE4D8C7BF835019
userPassword:: e0NSWVBUfXBvNnJLbE9vRzJyUzI=
My task is to do, that user could authenticate using:
uid (rokzaka)
or
pazNumeris (66945)
So, my ldap search filter could be like this:
(|(uid=<what_user_provided>)(pazNumeris=<what_user_provided>))
Now I can see, that ldap query filter is constructed from LDAP_MAIL and
LDAP_FILTER with AND operation.
I think it would be useful to include AND,OR operations in LDAP_FILTER.
LDAP_MAIL uid
LDAP_FILTER |(pazNumeris=%s)
^^^^
Let's say %s - what I got from a client.
Then my filter would be:
(|(uid=rokzaka)(pazNumeris=rokzaka)) - when user provides uid (rokzaka).
(|(uid=66945)(pazNumeris=66945)) - when client provides pazNumeris
(66945).
Both of these search filters points to a unique user object.
And aditional, what we've got now:
LDAP_MAIL mail
LDAP_FILTER &(objectClass=CourierMailAccount)
Then filter would be as usual:
(&(objectClass=CourierMailAccount)(mail=<someAccount>))
And when you don't provide operation in front of a LDAP_FILTER, then by default
operation could be AND.
Is there a possibility to construct such ldap queries with existing ldap
authentication library?
If it is not possible to do that, maybe it could be implemented in future
versions?
In that way config lets more space for admin to create filter he needs for his
environment.
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.25-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages courier-authlib-ldap depends on:
pn courier-authlib <none> (no description available)
ii libc6 2.9-3 GNU C Library: Shared libraries
pn libldap2 <none> (no description available)
courier-authlib-ldap recommends no packages.
courier-authlib-ldap suggests no packages.
--- End Message ---
--- Begin Message ---
I am going to close this bug report as there was no response to my previous
email. Please feel free to reopen it if you are still having a problem.
--
Soren Stoutner
[email protected]
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
