From 76b3e15f27cb2c3710e06f8cc74f95809d2a45ad Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem.moulin@fripost.org>
Date: Tue, 29 Jan 2013 02:40:23 +0100
Subject: Comment.

---
 ldap/fripost.ldif | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'ldap')

diff --git a/ldap/fripost.ldif b/ldap/fripost.ldif
index 2aa7bd0..e4b2413 100644
--- a/ldap/fripost.ldif
+++ b/ldap/fripost.ldif
@@ -52,6 +52,15 @@ olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.2 NAME 'fvl'
     SUBSTR caseIgnoreIA5SubstringsMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
 #
+# This is redundant since we always use DNs of the form
+#     fvl=localpart,fvd=domainpart.tld,...
+# (But Postfix doesn't allow the use of '%u' and '%d' from the query in
+# its 'result_format'.)
+# It is a priori insecure to allow arbitrary values here since users
+# will modify this value themselves, however our Postfix will only
+# accept well-formed values, enforced by a custom filter:
+#    query_filter = (&...(fripostLocalAlias=%u#%d))
+#    result_attribute = fripostLocalAlias
 olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.3 NAME 'fripostLocalAlias'
     DESC 'A local alias, typically localpart#domainpart.tld'
     EQUALITY caseIgnoreIA5Match
-- 
cgit v1.2.3