On Tue, Aug 31, 2021 at 02:59:09PM -0400, post...@ptld.com wrote:
> >> With login mismatch you shouldn't be returning all of the aliases a
> >> user is allowed to use,
> >
> > See above. You have the wrong lookup key, and the wrong value syntax.
>
> Im sorry my usage of English is difficult for you to comprehend the
> meaning behind my words.
I responded to what you wrote. If you meant something other than what
you wrote, I am not a psychic.
> But I thought it was clear when i said the "query should include what
> it is looking for" meaning use %s and not just select * as I showed
> with an example query. And you "shouldn't be returning all of the
> aliases" because you should be returning the usernames (aka SASL login
> names).
The query should be returning any of the "aliases" (email addresses),
the result is a list of SASL logins.
With LDAP the query can match multiple entries, extracting the
(typically) UID attribute from each, and the LDAP table driver
will then combine them into a single comma separated list.
# Something like:
query_format = allowedSender=%s
result_attribute = uid
The above assumes that each SASL user's LDAP entry has a "uid" attribute
equal to the SASL login name, and an "allowedSender" multi-valued
attribute that lists all the addresses the user is allowed to
send as.
> > You have the wrong lookup key
>
> Are saying returning the allowed usernames, the allowed SASL login names
> is wrong?
Your response seemed to indicate that the SASL login as the lookup key,
and an email address as the result.
> I said "one" in that sentence because a user can only be logged in to
> one username and you want that username to be returned even if
> multiple usernames are returned with it.
Well, but the query has no access to the user name the user is logged
as, because that's not the lookup key. The lookup key is a the sender
address, and so there's no choice but to return them all.
> Maybe you are just speed reading these replies and not fully grasping
> what is being said?
No, in fact I do pay attention to detail, and expect that if you're
going to answer questions, you'll do likewise.
--
Viktor.
