The mailing list for listmasters using Sympa

[Warren G Anderson <address@concealed>]

Hi Again,

Our LDAP has makes use of the multivalued nature of the mail attribute
to store alternate email addresses for users. We would like to allow
users subscribed to a private list to have email accepted from any of
the email addresses listed in the mail attribute. We, of course, want
to be able to specify only one email address, our internal email address
for the user, for the list to send to.

Here is how I thought I would be able to do this, from my  
understanding of
the Sympa reference manual. To define list membership, I could use regex
selection applied to the mail attribute in the LDAP data source to  
select
the internal (mycompany.com) address that every user has. So each user
appears in the list only once with our internal email address, eg
address@concealed. Alternatively, I could make sure that this is the
first value in the mail attribute and set "selection=first" for the LDAP
data source. This seems to work well. I note, however, that even if I  
set
"selection=all", I still seem to only get the first value of the mail
attribute.

On the other hand, for authentication of incoming emails, I thought I
could configure auth.conf to have Sympa look for email attribute values
in the mail attribute of our LDAP and authenticate against them. I tried
the following:

---------------------- /home/sympa/etc/auth.conf  
------------------------
## Here is the default auth.conf
## It defines the authentication backends used by Sympa

generic_sso
        service_name       MyCompany.Com
        service_id         kerberos
        http_header_prefix REMOTE_USER
        email_http_header  REMOTE_USER

#cas
#       base_url                        https://yourhost.yourdomain:8443
#       auth_service_name               Your Domain
#       ldap_host                       ldap.yourdomain:389
#       ldap_get_email_by_uid_filter    (uid=[uid])
#       ldap_timeout                    7
#       ldap_suffix                     dc=yourdomain,dc=fr
#       ldap_scope                      sub
#       ldap_email_attribute            mail


ldap
        host                            ldap.mycompany.com:392
        timeout                         60
        suffix                          ou=people,dc=mycompany,dc=com
#        get_dn_by_uid_filter            (uid=[sender])
        get_dn_by_email_filter          (mail=[sender])
        email_attribute                 mail
        scope                           sub


user_table
        regexp                 .*


The generic sso is for kerberos authentication to wwsympa. That works
well (our kerb principals match our internal email address, which
simplified things a lot).

I wanted the ldap for email authentication, but it does not work. What I
thought would happen with this configuration is that when Sympa got an
email from address@concealed to a private list, it would bind to our LDAP
anonymously, and start a search for a dn below the suffix
ou=people,dc=mycompany,dc=com with the filter (address@concealed).
LDAP would return the dn for "My User". Sympa would then bind  
anonymously
again, and start a search below the dn returned for (mail=*), since that
is the value of email attribute. When it got a list of email addresses
back, it would search that list for an email address that matched
a subscriber. Since address@concealed would be in that list, and it
matches a subscriber, it should then authenticate address@concealed to  
the
list as address@concealed and allow the mail to be accepted without
moderation.

This does not seem to be the case. Am I misunderstanding the mechanics
of what happens with the ldap information in auth.conf? If so, is there
some other way to do what I want? Note that I could throw all secondary
email addresses into another multivalued attribute if that would make
the process work better.

Thanks,
Warren
+================[ WARREN G. ANDERSON ]====================+
| 15 Sierra Vista Terr. SW          (403) 212-1426 HOME    |
| Calgary AB, T3H-3C4, CANADA                              |
+----------------------------------------------------------+
| P.O. Box 413,                     (414) 559-5366 US CELL |
| Dept. of Physics                  (414) 229-3323 OFFICE  |
| Milwaukee WI, 53201, USA          (414) 229-5589 FAX     |
+==========================================================+

Attachment: smime.p7s
Description: S/MIME cryptographic signature