Hi,
just a small update on the {ldap:*} variable expansion an the objectGUID binary attribute from Active Directory:
Dovecot is using OpenLDAP (e.g have a look at https://github.com/dovecot/core/blob/main/src/lib-ldap/ldap-search.c). However, I was not able to find a syntax to retrieve a string representation (e.g. base64 encoded) of the objectGUID to prevent problems like this:
user_attrs = =home=/var/vmail/example.com/%{ldap:objectGUID;binary}
results in
$ doveadm user uTesting [...] home /var/vmail/example.com/D ��N�AA_ O��
I currently think that hashing is the only workaround to use the only stable identifier available in Active Directory in the home path.
Does anybody know if there is some documentation about the available hashes and their behavior regarding binary data / mode? I could not find more information about this on https://doc.dovecot.org/configuration_manual/config_file/config_variables/#m...
I am afraid of hidden pitfalls like MD5 on BSD (without concept of binary input mode) vs. Linux (where a binary flag is available) or some implicit encoding voodoo, resulting in different hashes if I use something like the following
user_attrs = =home=/var/vmail/example.com/%M{ldap:objectGUID;binary} user_attrs = =home=/var/vmail/example.com/%{md5:ldap:objectGUID;binary}
Regards, Andreas
foundata GmbH Steinhäuserstr. 20 76135 Karlsruhe
Sitz der Gesellschaft: Karlsruhe Registergericht: Amtsgericht Mannheim, HRB 714807 Geschäftsführer: Andreas Haerter USt-IdNr.: DE284122682