The mailing list for listmasters using Sympa

[David Verdin <address@concealed>]

Hi Simon,

If this query worked with your previous Sympa version, it should work 
now. We didn't change much in this part of Sympa.

Actually, you don't need to crop the "corp.com" part of the mail 
address. As you use the "get_dn_by_email_filter" argument, if users 
provide an email address, Sympa will look for it in the "mail" LDAP 
attribute of your directory.
As I understand it, the "address@concealed" email doesn't correspond to 
the "mail" LDAP attribute. Otherwise, the login would be successful. 
This email must be stored in another attribute.
The query can work if the email address is stored somewhere in the LDAP 
directory. If it is the case, you should extend the filter associated to 
this alternate email address. Something like : (| (mail = 
[sender])(alternate_email = [sender]) ) should do it (use the relevant 
name for the alternate email attribute).

Actually, the doc about LDAP authentication doesn't seem to be very easy 
to understand. I'll fix it ASAP.

Cheers,

Simon Gao a écrit :
> I've configured Sympa 5.4.6 and it works fine so far. However, I have one 
> question. 
>
> In the login section,  only user ID asked is his email address. This is fine. 
> However, Sympa 5.4.6 seems not able to strip the domain part of the email 
> address and get correct uid for LDAP authentication. 
>
> For example, if user Bob has address@concealed and types in his email address 
> and password, Sympa should figure out Bob's uid is "bob" from the email 
> address and use "bob" as uid. But instead Sympa sends "address@concealed"  as 
> uid which leads to authentication failure. If Bob jus types in "bob" for the 
> email address field, then ldap auth works fine. 
>
> Maybe this problem is caused by incorrect setup in auth.conf. Can anyone see 
> any issue with the following auth.conf?
>
> ldap
>         regexp                          corp\.com
>         host                            ldap1.corp.com:636
>         timeout                         20
>         suffix                          dc=corp,dc=com
>         get_dn_by_uid_filter            (uid=[sender])
>         get_dn_by_email_filter          (mail=[sender])
>         email_attribute                 mail
>         scope                           sub
>         use_ssl                         1
>         ssl_version                     sslv3
>         ssl_ciphers                     MEDIUM:HIGH
>
> Simon
>   

--
David Verdin
Comité réseau des universités