From 80d7d7b2c3502a88207c50b22cbdb2c0db4da1d8 Mon Sep 17 00:00:00 2001 From: Philipp Takacs Date: Sun, 22 Mar 2026 20:58:11 +0100 Subject: [PATCH] use configured ldap attributes for check aldap doesn't parse a search result correct, when no attributes are given. --- table-ldap.5 | 4 ++++ table_ldap.c | 8 +------- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/table-ldap.5 b/table-ldap.5 index d2d687a..acf184e 100644 --- a/table-ldap.5 +++ b/table-ldap.5 @@ -234,3 +234,7 @@ The auth request is not supported so the password must be readable by the binddn and formatted for smtpd. .Pp Pagination is currently not supported. +.Pp +Requesting only the dn attribute causes a parse error and a reconnect. +This might also happen if your ldap server obmit the requested attributes +because the bind user has not the right to read the requested attributes. diff --git a/table_ldap.c b/table_ldap.c index 612f329..096f464 100644 --- a/table_ldap.c +++ b/table_ldap.c @@ -85,9 +85,6 @@ static struct dict requests; static struct aldap *aldap; static struct query queries[LDAP_MAX]; -static char *ldap_dn_attr[2] = { "dn", NULL }; - - static struct aldap * ldap_connect(const char *addr) { @@ -592,7 +589,6 @@ table_ldap_callback(struct request *req) char ldapid[sizeof(int)*2+1]; int ret; struct query *q = lookup_query(req->s); - char * const *attrs; int num; if (!q) { @@ -610,11 +606,9 @@ table_ldap_callback(struct request *req) table_api_free_request(req); return; case O_CHECK: - attrs = ldap_dn_attr; num = 1; break; case O_LOOKUP: - attrs = q->attrs; num = 100; break; default: @@ -625,7 +619,7 @@ table_ldap_callback(struct request *req) ctx.username = req->key; ctx.hostname = req->table; - ret = aldap_search(aldap, basedn, LDAP_SCOPE_SUBTREE, q->filter, &ctx, attrs, false, num, 0, NULL); + ret = aldap_search(aldap, basedn, LDAP_SCOPE_SUBTREE, q->filter, &ctx, q->attrs, false, num, 0, NULL); if (ret < 0) { table_api_error(req->id, req->o, "ldap error ... reconnecting"); ldap_open(); -- 2.52.0