dovecot - Mar 2018 - Accentuated email addresses stored in LDAP

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 19 Mar 2018, Andr? Rodier wrote:
> I had to use base64 encoding to store email addresses, because they are
> rejected otherwise, with an error message of illegal characters. I also
you are using the stock "mail" attribute in LDAP as:

olcAttributeTypes: ( 0.9.2342.19200300.100.1.3
   NAME ( 'mail' 'rfc822Mailbox' )
   DESC 'RFC1274: RFC822 Mailbox'
     EQUALITY caseIgnoreIA5Match
     SUBSTR caseIgnoreIA5SubstringsMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

http://www.oid-info.com/get/1.3.6.1.4.1.1466.115.121.1.26
https://en.wikipedia.org/wiki/IA5STRING
IA5 :- 7bit
> noticed that some of the fields, like 'dn' and 'cn' where
automatically
> encoded in base64 when stored when including accentuated chars.
you mean when you use ldapsearch or similiar tool to export data? LDIF 
traditionally encode all data in 7bit ASCII, which is noted by the double 
"::" after the LDAP attribute name. The data in LDAP is UTF8 and
binary
connections need not encode it either.

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBWq9lWMQnQQNheMxiAQL3ywgAtbWsT1U+PQgdK0D3StI9c44r8KgEG7dr
AXhIvFPowuD3U0KH0ZJ8VHc+/WN0DMqCONvuaUyueaGY8bgqx+cNw8z01zMC9hTF
xfs8x1lQsgikacyyjo3o9WehOJzgnlGvt33LLwjsI62WOLFE8PXnkZFXpkAWI1f4
yTWoTFOxPnAA90CDBS4aBHdBaFI0TwbiGP5oIyjGCvI1aHJSTy5lNKfwUkvTdI+L
tH4Z0JDkB3YBnRVIL6ST5W7p0VvBAQo+ia+UXpsZ4b1t3/xYCKtNV0ls9jIoqVzg
dEFeyUoKQe8k5N8k6/vVVElzwtW6fxzQUJQXj01u03udqVMmTqXhrw==8rp9
-----END PGP SIGNATURE-----

On 19/03/2018 07:23, Steffen Kaiser wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Mon, 19 Mar 2018, Andr? Rodier wrote:
> 
>> I had to use base64 encoding to store email addresses, because they 
>> are
>> rejected otherwise, with an error message of illegal characters. I 
>> also
> 
> you are using the stock "mail" attribute in LDAP as:
> 
> olcAttributeTypes: ( 0.9.2342.19200300.100.1.3
>   NAME ( 'mail' 'rfc822Mailbox' )
>   DESC 'RFC1274: RFC822 Mailbox'
>     EQUALITY caseIgnoreIA5Match
>     SUBSTR caseIgnoreIA5SubstringsMatch
>     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
> 
> http://www.oid-info.com/get/1.3.6.1.4.1.1466.115.121.1.26
> https://en.wikipedia.org/wiki/IA5STRING
> IA5 :- 7bit
> 
>> noticed that some of the fields, like 'dn' and 'cn'
where
>> automatically
>> encoded in base64 when stored when including accentuated chars.
> 
> you mean when you use ldapsearch or similiar tool to export data? LDIF
> traditionally encode all data in 7bit ASCII, which is noted by the
> double "::" after the LDAP attribute name. The data in LDAP is
UTF8
> and binary connections need not encode it either.
> 
> - -- Steffen Kaiser
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQEVAwUBWq9lWMQnQQNheMxiAQL3ywgAtbWsT1U+PQgdK0D3StI9c44r8KgEG7dr
> AXhIvFPowuD3U0KH0ZJ8VHc+/WN0DMqCONvuaUyueaGY8bgqx+cNw8z01zMC9hTF
> xfs8x1lQsgikacyyjo3o9WehOJzgnlGvt33LLwjsI62WOLFE8PXnkZFXpkAWI1f4
> yTWoTFOxPnAA90CDBS4aBHdBaFI0TwbiGP5oIyjGCvI1aHJSTy5lNKfwUkvTdI+L
> tH4Z0JDkB3YBnRVIL6ST5W7p0VvBAQo+ia+UXpsZ4b1t3/xYCKtNV0ls9jIoqVzg
> dEFeyUoKQe8k5N8k6/vVVElzwtW6fxzQUJQXj01u03udqVMmTqXhrw=> =8rp9
> -----END PGP SIGNATURE-----
Hello Steffen,

Thank you for your answer.

In fact, I am using the otherMailBox attribute, from the standard 
OpenLDAP distribution, which is also IA5String.

- Is there any way in Dovecot to encode the fields in base 64, to send 
queries? as the query is "eq", this would be enough, I think.
- Or is the LDAP server is supposed to store attributes as UTF8, and in 
this case, how to configure it that way?

Thanks!

# RFC1274: Cosine and Internet X.500 schema:
# 9.3.18.  Other Mailbox
#
#  The Other Mailbox attribute type specifies values for electronic
#  mailbox types other than X.400 and rfc822.
#
#    otherMailbox ATTRIBUTE
#        WITH ATTRIBUTE-SYNTAX
#            SEQUENCE {
#                    mailboxType PrintableString, -- e.g. Telemail
#                    mailbox IA5String  -- e.g. X378:Joe
#            }
#    ::= {pilotAttributeType 22}
#
  attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )




-- 
https://github.com/progmaticltd/homebox

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 19 Mar 2018, Andre Rodier wrote:
> In fact, I am using the otherMailBox attribute, from the standard OpenLDAP 
> distribution, which is also IA5String.
>
> - Is there any way in Dovecot to encode the fields in base 64, to send 
> queries? as the query is "eq", this would be enough, I think.
Check out: https://wiki2.dovecot.org/Variables?highlight=(base64)

However, I never used this modifier and Aki pointed out, that UTF8 
usernames are not (100%) supported, yet.
> - Or is the LDAP server is supposed to store attributes as UTF8, and in
this
> case, how to configure it that way?
To achieve this, you must/can extend the schema with your own attribute 
that uses:

https://www.ldap.com/understanding-ldap-schema

"Directory String

"The directory string syntax is basically a catch-all syntax for UTF-8 
strings. It allows values with this syntax to have any combination of one 
or more UTF-8 characters (empty directory string values are not allowed, 
although some directory servers ignore this constraint).

"The directory string syntax is defined in RFC 4517 section 3.3.6, and has 
an OID of "1.3.6.1.4.1.1466.115.121.1.15"."

Otherwise, you could _misuse_ an exiting attribute of this type unused in 
your directory otherwise.

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBWrC/hcQnQQNheMxiAQLV+wf+P/gzADRyNSIQtILNKoN7eHEVPNGt9iVd
TzHl5rka9XB89eUE2lsGjlURH3PIVqDKjtTEAl27CYiBr9OI66u+PvhE1o2lvY7R
YBG1Z/R3n8FWF58HpxwJGBbY4iiPQKSvvRM43/Q2mYnEveyIBvNZawNo0okTNMOM
bMSmpUhxGKsqmAeEoUQHOKrujAK0qfucZDI7nuSGjJeej7L2HXm3sEEKTEuYmUDQ
E2ox5fAyIMURA+NINzdmk7chXu30DfWuHNY8jwezM3SEds5xlAy4x6qD6EZ4f7qP
KnYEfxnYyISDqcXSy9AL20srIzn2OXiTA3/TiVOKFXpHrrst8kVCeg==+Me+
-----END PGP SIGNATURE-----