8:42 a.m.
Hello,
I have started a small project to build a mail server, and the
authentication / users list is based on OpenLDAP.
I want to use international characters for the "secondary" email
addresses but and OpenLDAP is complaining about it, as invalid syntax. I
use the field otherMailBox field. I found a make-shift by storing the
email address encoded in base64, but I therefore need to be sure any
client will be able to read these base64 encoded email addresses. So
far, Dovecot is fine, I am not sure yet about Postfix.
Is there any limitation in OpenLDAP that would prevent some fields to be
stored in UTF8 directly? I have noticed that the givenName and surname
are automatically encoded in base64 when containing accents, so is it a
standard practice?
Thanks for your advices.
https://github.com/progmaticltd/homebox
Kind regards,
André
10:19 a.m.
On 2018-03-21 16:42, Andre Rodier wrote:
I want to use international characters for the "secondary"
email
addresses but and OpenLDAP is complaining about it, as invalid syntax.
That's because attribute 'mail' is defined to be IA5String syntax
which is more or less ASCII.
Is there any limitation in OpenLDAP that would prevent some fields
to
be stored in UTF8 directly?
No. But the attribute type has to be declared to use DirectoryString
syntax.
That's why I proposed 'intlMailAddr' herein:
https://tools.ietf.org/html/draft-stroeder-mailboxrelatedobject-07#section-2
Note that this attribute only makes sense in case of non-ASCII local
part
and for use with SMTPUTF8 extensions. I currently only know of one
SMTPUTF8
implementation (postfix 3.x).
If the mail address' domain part is non-ASCII you should store it as
IDNA encoding
(e.g. my web2ldap supports auto-converting the user's input.)
I have noticed that the givenName and
surname are automatically encoded in base64 when containing accents,
so is it a standard practice?
The attribute values are *not* base64-encoded via LDAP.
What you're seeing as output of ldapsearch is LDIF representation
which has to be ASCII-clean (see RFC 2849).
Ciao, Michael.
12:35 p.m.
On 21/03/18 17:19, Michael Ströder wrote:
On 2018-03-21 16:42, Andre Rodier wrote:
> I want to use international characters for the "secondary" email
> addresses but and OpenLDAP is complaining about it, as invalid syntax.
That's because attribute 'mail' is defined to be IA5String syntax
which is more or less ASCII.
> Is there any limitation in OpenLDAP that would prevent some fields to
> be stored in UTF8 directly?
No. But the attribute type has to be declared to use DirectoryString
syntax.
That's why I proposed 'intlMailAddr' herein:
https://tools.ietf.org/html/draft-stroeder-mailboxrelatedobject-07#section-2
Note that this attribute only makes sense in case of non-ASCII local part
and for use with SMTPUTF8 extensions. I currently only know of one SMTPUTF8
implementation (postfix 3.x).
If the mail address' domain part is non-ASCII you should store it as
IDNA encoding
(e.g. my web2ldap supports auto-converting the user's input.)
> I have noticed that the givenName and
> surname are automatically encoded in base64 when containing accents,
> so is it a standard practice?
The attribute values are *not* base64-encoded via LDAP.
What you're seeing as output of ldapsearch is LDIF representation
which has to be ASCII-clean (see RFC 2849).
Ciao, Michael.
Thank you, Michael,
Thank you, this is very useful, you seem to have a very good knowledge
of LDAP.
I am using postfix 3 as well, with dovecot.
Kind regards,
André
2:50 a.m.
On Wed, Mar 21, 2018 at 07:35:34PM +0000, André Rodier wrote:
On 21/03/18 17:19, Michael Ströder wrote:
> That's why I proposed 'intlMailAddr' herein:
> https://tools.ietf.org/html/draft-stroeder-mailboxrelatedobject-07#section-2
>
> Note that this attribute only makes sense in case of non-ASCII local part
> and for use with SMTPUTF8 extensions. I currently only know of one SMTPUTF8
> implementation (postfix 3.x).
I am using postfix 3 as well, with dovecot.
So you can probably use that extension. However, most people cannot.
Therefore if you create mail accounts with non-ASCII characters in the
local part those accounts will not be able to exchange mail with 95%
of the world's population. (unless you install a translating gateway,
but then the address seen outside your system will not be the same as
the one inside and your users will get confused).
This is why the LDAP mail attribute is limited to IA5 (7-bit ASCII) syntax.
None of this prevents having UTF8 characters in the 'comment part', as you
do youself ("André" contains one character that cannot be represented in
IA5). This part is not stored in the LDAP mail attribute, which should
be just LHS(a)RHS.domain
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------
5:07 p.m.
On 21/03/18 17:19, Michael Ströder wrote:
On 2018-03-21 16:42, Andre Rodier wrote:
> I want to use international characters for the "secondary" email
> addresses but and OpenLDAP is complaining about it, as invalid syntax.
That's because attribute 'mail' is defined to be IA5String syntax
which is more or less ASCII.
> Is there any limitation in OpenLDAP that would prevent some fields to
> be stored in UTF8 directly?
No. But the attribute type has to be declared to use DirectoryString
syntax.
That's why I proposed 'intlMailAddr' herein:
https://tools.ietf.org/html/draft-stroeder-mailboxrelatedobject-07#section-2
Note that this attribute only makes sense in case of non-ASCII local part
and for use with SMTPUTF8 extensions. I currently only know of one SMTPUTF8
implementation (postfix 3.x).
If the mail address' domain part is non-ASCII you should store it as
IDNA encoding
(e.g. my web2ldap supports auto-converting the user's input.)
> I have noticed that the givenName and
> surname are automatically encoded in base64 when containing accents,
> so is it a standard practice?
The attribute values are *not* base64-encoded via LDAP.
What you're seeing as output of ldapsearch is LDIF representation
which has to be ASCII-clean (see RFC 2849).
Ciao, Michael.
Hello Michael,
Thank you for your schema, it is working perfectly.
I am attaching the final LDIF file to the email, so anyone can use it
for their projects.
Tell me if I made a mistake, but so far it works perfectly. I have both
Dovecot and Postfix querying internationalised email addresses, and I
will have something stable enough soon.
Kind regards,
André
--
https://github.com/progmaticltd/homebox
5:10 p.m.
On 21/03/18 17:19, Michael Ströder wrote:
On 2018-03-21 16:42, Andre Rodier wrote:
> I want to use international characters for the "secondary" email
> addresses but and OpenLDAP is complaining about it, as invalid syntax.
That's because attribute 'mail' is defined to be IA5String syntax
which is more or less ASCII.
> Is there any limitation in OpenLDAP that would prevent some fields to
> be stored in UTF8 directly?
No. But the attribute type has to be declared to use DirectoryString
syntax.
That's why I proposed 'intlMailAddr' herein:
https://tools.ietf.org/html/draft-stroeder-mailboxrelatedobject-07#section-2
Note that this attribute only makes sense in case of non-ASCII local part
and for use with SMTPUTF8 extensions. I currently only know of one SMTPUTF8
implementation (postfix 3.x).
If the mail address' domain part is non-ASCII you should store it as
IDNA encoding
(e.g. my web2ldap supports auto-converting the user's input.)
> I have noticed that the givenName and
> surname are automatically encoded in base64 when containing accents,
> so is it a standard practice?
The attribute values are *not* base64-encoded via LDAP.
What you're seeing as output of ldapsearch is LDIF representation
which has to be ASCII-clean (see RFC 2849).
Ciao, Michael.
Hello Michael,
Thank you for your schema, it is working perfectly.
I am adding the final LDIF file that works with OpenLDAP, so anyone can
use it for their projects:
# The attribute type 'intlMailAddr' is defined for storing
SMTPUTF8
# compliant addresses [RFC6530]
# https://tools.ietf.org/html/draft-stroeder-mailboxrelatedobject-07
dn: cn=intlMailAddr,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: intlMailAddr
olcAttributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.18
NAME 'intlMailAddr'
DESC 'Internationalized Email Address'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcObjectClasses: ( 1.3.6.1.4.1.5427.1.389.6.9
NAME 'mailboxRelatedObject'
DESC 'Associated RFC 5321 mailbox for any entry'
AUXILIARY
MAY ( displayName $ mail $ intlMailAddr ) )
Tell me if I made a mistake, but so far it works perfectly. I have both
Dovecot and Postfix querying internationalised email addresses, and I
will have something stable enough soon.
Kind regards,
André
--
https://github.com/progmaticltd/homebox
2084
days inactive
2087
days old
openldap-technical@openldap.org
5 comments
4 participants
participants (4)
-
Andre Rodier -
Andrew Findlay -
André Rodier
-
Michael Ströder