Subject: The mailing list for listmasters using Sympa
List archive
[sympa-users] Re: LDAP Data Source Bind DN and TLS
- From: Stephen Braswell <address@concealed>
- To: address@concealed
- Cc: qt4x11 <address@concealed>
- Subject: [sympa-users] Re: LDAP Data Source Bind DN and TLS
- Date: Fri, 15 Dec 2006 18:51:22 -0500
Hello,
I think the perl-ldap (Net::LDAP) perl module requires the use of the 'start_tls' method to use TLS, which I don't believe Sympa can currently do.
See: http://search.cpan.org/~gbarr/perl-ldap-0.33/lib/Net/LDAP.pod#start_tls
Without this method, I believe using the ldaps:// URI just tried to do an LDAP over SSL connection.
-Stephen
-- On December 12, 2006 3:26:30 PM -0600, qt4x11 <address@concealed> wrote:
I've tried to set up a list with an LDAP Data source. It works when the
filter is simple.
LDAP query inclusion (include_ldap_query)
short name for this source : ldap
remote host : ldap.domain.com
remote password :
remote user :
suffix : dc=domain,dc=com
search scope : sub
connection timeout : 30 seconds
filter : (uid=xxx)
extracted attribute : mail
selection (if multiple) : all
If I try to use a filter that will return many results such as
(department=department1) I get an error in my logs
Dec 12 14:29:59 sympadev2 task_manager[1652]: Ldap search failed :
Sizelimit
exceeded (searching on server ldap.domain.com ; suffix dc=domain,dc=com ;
filter (department=department1) ; attrs: mail)
I have to bind with the server with a bind dn and password to get past the
result limit for queries set on this server.
This ldapsearch works with our TLS ldap server
ldapsearch -x -ZZ -h ldap.domain.com -D
"cn=sympa,ou=agents,dc=domain,dc=com" -w password "department=department1"
But when I try
LDAP query inclusion (include_ldap_query)
short name for this source : ldap
remote host : ldaps://ldap.domain.com
remote password : xxxxxxxx
remote user : cn=sympa,ou=agents,dc=domain,dc=com
suffix : dc=domain,dc=com
search scope : sub
connection timeout : 30 seconds
filter : (department=department1)
extracted attribute : mail
selection (if multiple) : all
I get an error
ERROR (edit_list) - Syntax errors with the following parameters : filter
Can anyone tell me if I'm doing this wrong? It seems like the filter
worked
the first time without the bind dn and ldaps://
-
[sympa-users] LDAP Data Source Bind DN and TLS,
qt4x11, 12/13/2006
- [sympa-users] Re: LDAP Data Source Bind DN and TLS, Olivier Salaün, 12/14/2006
- [sympa-users] Re: LDAP Data Source Bind DN and TLS, Stephen Braswell, 12/15/2006
Archive powered by MHonArc 2.6.19+.