Developers of Sympa

[John Douglass <address@concealed>]

Sympa-Dev,

I am running 3.3.4b and have configured LDAP as a data source for a list.

I noticed that when logged in as listmaster and I go to "Your 
Subscriptions" tab, there was a delay because wwsympa looks like it did 
an LDAP query on the one list that utilized LDAP.

For clarification, the "Inclusions timeout (ttl)" is the amount of time 
that the data can be "stagnant" before a requery occurs, but does not 
query again unless the list is utilized in some way yes? Is the listing 
of lists  considered a "utilization"?

If so, then it might be better to not query LDAP unless you go INTO the 
list or the list is utilized (mail etc.) Having the query on the 
displaying of the list of lists (and you have multiple LDAP pulls) could 
cause a potential timeout if the multiple queries it executes takes a 
long time.

Also, I moved all my Net::LDAP->new() calls to Net::LDAPS->new() 
(because we don't allow access to the password field unless it's over 
SSL and I'm using the auth.conf capabilities which are GREAT!!! Kudos!). 
A flag test from sympa.conf might be useful to others. (ldap_ssl=1)

Something like:

sympa.conf:

ldap_ssl = 1;
ldap_ssl_version = 'sslv3';
ldap_ssl_ciphers = 'MEDIUM:HIGH';

Anywhere that a new ldap object is created:

if ($Conf{'ldap_ssl'})
{
  $ldap=Net::LDAPS->new($host,timeout => $ldap->{'timeout'}, sslversion 
=> $Conf{'ldap_ssl_version'}, ciphers => $Conf{'ldap_ssl_ciphers'});
# at least 128-bit! :) 40-bit is so last season
}
else
{
  $ldap=Net::LDAP->new($host,timeout => $ldap->{'timeout'});
}

The other LDAP calls work just fine from the $ldap object.

Thanks Sympa team!
- John Douglass, Georgia Institute of Technology