Description: <short summary of the patch>
 TODO: Put a short summary on the line above and replace this paragraph
 with a longer explanation of this change. Complete the meta-information
 with other relevant fields (see below for details). To make it easier, the
 information below has been extracted from the changelog. Adjust it or drop
 it.
 .
 postfix (3.5.25-0+deb11u1~sbp110+1) stable-email-dev; urgency=medium
 .
   * Stanford bullseye build.
Author: Lonlone Lee <lonlone@stanford.edu>

---
The information above should follow the Patch Tagging Guidelines, please
checkout https://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:

Origin: (upstream|backport|vendor|other), (<patch-url>|commit:<commit-id>)
Bug: <upstream-bugtracker-url>
Bug-Debian: https://bugs.debian.org/<bugnumber>
Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
Forwarded: (no|not-needed|<patch-forwarded-url>)
Applied-Upstream: <version>, (<commit-url>|commit:<commid-id>)
Reviewed-By: <name and email of someone who approved/reviewed the patch>
Last-Update: 2024-07-02

--- postfix-3.5.25.orig/src/global/dict_ldap.c
+++ postfix-3.5.25/src/global/dict_ldap.c
@@ -260,6 +260,46 @@ static const NAME_CODE bindopt_table[] =
     0, -1,
 };
 
+#ifdef STANFORD
+
+#ifdef STRCASECMP_IN_STRINGS_H
+#include <strings.h>
+#endif
+/* Strip all the non-alphanumeric characters from and reduce all the uppercase
+   letters to lower case in the string to make the suseassunetid alias lookup
+   canonical. */
+static char *sunetid_hash(char *str)
+{
+    char *p, *p_last;
+
+    p = strstr(str, "suseassunetid=");
+    if (p == NULL) return str;
+    p = p + strlen("suseassunetid=") + 1;
+    if (p == NULL) return str;
+    p_last = p;
+    while (*p != '\0' && *p != ')') {
+        if (islower(*p) || isdigit(*p)) {
+            *p_last = *p;
+            p_last++;
+        } else if (isupper(*p)) {
+            *p_last = tolower(*p);
+            p_last++;
+        }
+        p++;
+    }
+    if (*p == ')') {
+        while (*p != '\0') {
+            *p_last = *p;
+            p_last++;
+            p++;
+        }
+    }
+    if (*p_last != '\0')
+        *p_last = '\0';
+    return str;
+}
+#endif /* STANFORD */
+
 typedef struct {
     LDAP   *conn_ld;
     int     conn_refcount;
@@ -1459,12 +1499,21 @@ static const char *dict_ldap_lookup(DICT
      * On to the search.
      */
     if (msg_verbose)
+#ifdef STANFORD
+	msg_info("%s: %s: Searching with filter %s", myname,
+		 dict_ldap->parser->name, sunetid_hash(vstring_str(query)));
+
+    rc = search_st(dict_ldap->ld, vstring_str(base), dict_ldap->scope,
+         sunetid_hash(vstring_str(query)), dict_ldap->result_attributes->argv,
+         dict_ldap->timeout, &res);
+#else
 	msg_info("%s: %s: Searching with filter %s", myname,
 		 dict_ldap->parser->name, vstring_str(query));
 
     rc = search_st(dict_ldap->ld, vstring_str(base), dict_ldap->scope,
 		   vstring_str(query), dict_ldap->result_attributes->argv,
 		   dict_ldap->timeout, &res);
+#endif /* STANFORD */
 
     if (rc == LDAP_SERVER_DOWN) {
 	if (msg_verbose)
