[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP UTF8 values support

To: openldap-technical@openldap.org
Subject: Re: OpenLDAP UTF8 values support
From: André Rodier <andre@rodier.me>
Date: Sat, 24 Mar 2018 00:10:17 +0000
Authentication-results: smtpfr.rodier.me; dmarc=fail (p=reject dis=none) header.from=rodier.me
Content-language: en-GB
Dkim-filter: OpenDKIM Filter v2.9.2 smtpfr.rodier.me B8C8F245DE
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rodier.me; s=smtpuk; t=1521850217; bh=vOLPgJp+U+mkEd/nYeNiOiRAtgKOsnr2WVZrLynURX4=; h=From:Subject:To:References:Date:In-Reply-To:From; b=GblRoCDo//B2MlQAXLnrAgqMaT/jqo9vEdaluXiV80hwKr3v/trylRK2OLaTe20vQ j6Uo8n5In6LhZogqRslCLVCDHQm3rFdH8DTkZ8eks2buoW/N3IAPUhQ/0Karwb7iYf yHHfZXfagUEZ+htpzyhh4wQu/R78ZN2W6mRNg7AM=
In-reply-to: <424b67167c4b85d478b2bd027502e262@stroeder.com>
References: <bca770bcc9a54f2028ba6ff6bce515e0@imap.rodier.me> <424b67167c4b85d478b2bd027502e262@stroeder.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0

On 21/03/18 17:19, Michael Ströder wrote:
> On 2018-03-21 16:42, Andre Rodier wrote:
>> I want to use international characters for the "secondary" email
>> addresses but and OpenLDAP is complaining about it, as invalid syntax.
> 
> That's because attribute 'mail' is defined to be IA5String syntax
> which is more or less ASCII.
> 
>> Is there any limitation in OpenLDAP that would prevent some fields to
>> be stored in UTF8 directly?
> 
> No. But the attribute type has to be declared to use DirectoryString
> syntax.
> 
> That's why I proposed 'intlMailAddr' herein:
> https://tools.ietf.org/html/draft-stroeder-mailboxrelatedobject-07#section-2
> 
> 
> Note that this attribute only makes sense in case of non-ASCII local part
> and for use with SMTPUTF8 extensions. I currently only know of one SMTPUTF8
> implementation (postfix 3.x).
> 
> If the mail address' domain part is non-ASCII you should store it as
> IDNA encoding
> (e.g. my web2ldap supports auto-converting the user's input.)
> 
>> I have noticed that the givenName and
>> surname are automatically encoded in base64 when containing accents,
>> so is it a standard practice?
> 
> The attribute values are *not* base64-encoded via LDAP.
> What you're seeing as output of ldapsearch is LDIF representation
> which has to be ASCII-clean (see RFC 2849).
> 
> Ciao, Michael.
> 

Hello Michael,

Thank you for your schema, it is working perfectly.

I am adding the final LDIF file that works with OpenLDAP, so anyone can
use it for their projects:

> # The attribute type 'intlMailAddr' is defined for storing SMTPUTF8
> # compliant addresses [RFC6530]
> # https://tools.ietf.org/html/draft-stroeder-mailboxrelatedobject-07
> 
> dn: cn=intlMailAddr,cn=schema,cn=config
> objectClass: olcSchemaConfig
> cn: intlMailAddr
> olcAttributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.18
>   NAME 'intlMailAddr'
>   DESC 'Internationalized Email Address'
>   EQUALITY caseIgnoreMatch
>   SUBSTR caseIgnoreSubstringsMatch
>   SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> olcObjectClasses: ( 1.3.6.1.4.1.5427.1.389.6.9
>   NAME 'mailboxRelatedObject'
>   DESC 'Associated RFC 5321 mailbox for any entry'
>   AUXILIARY
>   MAY ( displayName $ mail $ intlMailAddr ) )

Tell me if I made a mistake, but so far it works perfectly. I have both
Dovecot and Postfix querying internationalised email addresses, and I
will have something stable enough soon.

Kind regards,
André

-- 
https://github.com/progmaticltd/homebox

References:
- OpenLDAP UTF8 values support
  - From: Andre Rodier <andre@rodier.me>
- Re: OpenLDAP UTF8 values support
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: OpenLDAP UTF8 values support
Next by Date: openLDAP: LDAP and LDAP over TLS support at same time
Index(es):
- Chronological
- Thread