Skip to Content.
Sympa Menu

devel - Re: [sympa-dev] LDAP queries

Subject: Developers of Sympa

List archive

Re: [sympa-dev] LDAP queries

Chronological Thread  
    < Chronological >       < Thread >
  • From: Olivier Salaun <address@concealed>
  • To: address@concealed
  • Cc: Sympa-dev <address@concealed>
  • Subject: Re: [sympa-dev] LDAP queries
  • Date: Wed, 17 Apr 2002 14:13:22 +0200
Hi John,

John Douglass wrote on March 27th:

> I am running 3.3.4b and have configured LDAP as a data source for a list.
>
> I noticed that when logged in as listmaster and I go to "Your
> Subscriptions" tab, there was a delay because wwsympa looks like it did
> an LDAP query on the one list that utilized LDAP.
>
> For clarification, the "Inclusions timeout (ttl)" is the amount of time
> that the data can be "stagnant" before a requery occurs, but does not
> query again unless the list is utilized in some way yes? Is the listing
> of lists considered a "utilization"?

Yes it is because the lists are shown depending on their visibility parameter
which is a scenario. To evaluate the scenario we need to know if the user
is a subscriber of the list.

In the future 'include'-type of lists will be refreshed by the task_manager
thereby not altering performances of other processes (wwsympa, sympa.pl,...).

The current behaviour though reduces the risks for wwsympa to update
lists cache itself ; it performs the cache refresh ONLY if ttl*2 is
over, whereas sympa.pl and other processes update the cache when ttl
is over. => To have avoid wwsympa from updating the cache, you can
plan a cronjob that makes sympa.pl do the job. Example :

echo "From: address@concealed\nSubject= WHICH"|sendmail
-f address@concealed address@concealed

> Also, I moved all my Net::LDAP->new() calls to Net::LDAPS->new()
> (because we don't allow access to the password field unless it's over
> SSL and I'm using the auth.conf capabilities which are GREAT!!! Kudos!).
> A flag test from sympa.conf might be useful to others. (ldap_ssl=1)
>
> Something like:
>
> sympa.conf:
>
> ldap_ssl = 1;
> ldap_ssl_version = 'sslv3';
> ldap_ssl_ciphers = 'MEDIUM:HIGH';

That is a very interresting feature (I did not know Net::LDAPS package).
But using LDAP over SSL will only work if the LDAP directory knows
about SSL. Sympa (auth, include_ldap, ldap filters) can query multiple
LDAP directories. Therefore we should rather introduce ssl-related
parameters to (each) auth.conf/include/filters entries.

--
Olivier Salaün
Comité Réseau des Universités

  • Re: [sympa-dev] LDAP queries, Olivier Salaun, 04/17/2002

Archive powered by MHonArc 2.6.19+.

Top of Page