en - Re: [sympa-users] Scenario allowing AD (LDAP) group to create lists

Subject: The mailing list for listmasters using Sympa

List archive

Re: [sympa-users] Scenario allowing AD (LDAP) group to create lists

From: David Verdin <address@concealed>
To: address@concealed
Subject: Re: [sympa-users] Scenario allowing AD (LDAP) group to create lists
Date: Wed, 16 Mar 2011 14:29:51 +0100

Hi Remo, and sorry for this late answer.

Everything looks like Sympa can't parse tour named filter at all.
Actually, just a thought: could you remove the leading spaces in your paragraph? They're not supposed to have any impact but who knows? This could be a stupid parsing error.

Le 07/03/11 07:42, address@concealed a écrit :

address@concealed">

I'm having a devil of a time getting this configuration to work and I'm hoping
that someone on the list will be able to help.

I changed the "create_list" setting in /etc/sympa.conf to read
"ldaplistmaster".
/home/sympa/etc/scenari/create_list.ldaplistmaster contains:

title.gettext restricted to AD Listmasters group

is_listmaster([sender])                 md5,smime -> do_it
search(create_list.ldap)                smtp,smime,md5 -> do_it
true()                                  smtp,smime,md5 ->
reject(reason='create_list_listmaster')

/home/sympa/etc/search_filters/create_list.ldap contains:

        host        ad.hostname.domain.tld:389,ad.hostname2.domain.tld:389
        suffix      cn=Users,dc=COMPANY,dc=domain,dc=tld
        bind_dn     cn=adbinduser,cn=Users,dc=COMPANY,dc=domain,dc=tld
        bind_password   adbindpassword
        filter      "(&(mail=[sender])
(memberOf=cn=Listmasters,cn=Users,dc=COMPANY,dc=domain,dc=tld))"
        email_attribute  mail
        scope       sub

with these settings in place a user in the AD group "Listmasters" should be
allowed to create lists. Instead when a user of the group logs into the web
interface, they receive an authorization error. The sympa log shows:

Mar  6 22:17:12 hostname wwsympa[5277]: info WWSympa started
Mar  6 22:17:12 hostname wwsympa[5277]: err Ldap::load() Required field not
found : filter
Mar  6 22:17:12 hostname wwsympa[5277]: err Ldap::load() Required field not
found : suffix
Mar  6 22:17:12 hostname wwsympa[5277]: err Ldap::load() Required field not
found : host
Mar  6 22:17:12 hostname wwsympa[5277]: info Scenario::request_action() error
in search(create_list.ldap),md5,do_it
Mar  6 22:17:12 hostname wwsympa[5277]: info Scenario::request_action() Error
in  scenario, in list
Mar  6 22:17:12 hostname wwsympa[5277]: info [robot lists.domain.tld] [session
89807883315181] [client 123.456.789.010] main::do_login()
do_login(address@concealed)
Mar  6 22:17:13 hostname wwsympa[5277]: info [robot lists.domain.tld] [session
89807883315181] [client 123.456.789.010] [user address@concealed]
main::do_redirect()
do_redirect(http://lists.domain.tld/sympa/serveradmin/users)
Mar  6 22:17:13 hostname sympa[5244]: notice main::DoFile() Processing /var/
address@concealed ; sender: SYMPA
<address@concealed>  ; message-id:
Mar  6 22:17:13 hostname sympa[5244]: info main::DoSendMessage() Processing
web message for address@concealed
Mar  6 22:17:14 hostname sympa[5244]: info main::DoSendMessage() Message for
address@concealed sent
Mar  6 22:17:15 hostname wwsympa[5277]: err Ldap::load() Required field not
found : filter
Mar  6 22:17:15 hostname wwsympa[5277]: err Ldap::load() Required field not
found : suffix
Mar  6 22:17:15 hostname wwsympa[5277]: err Ldap::load() Required field not
found : host
Mar  6 22:17:15 hostname wwsympa[5277]: info Scenario::request_action() error
in search(create_list.ldap),md5,do_it
Mar  6 22:17:15 hostname wwsympa[5277]: info Scenario::request_action() Error
in  scenario, in list
Mar  6 22:17:15 hostname wwsympa[5277]: info [robot lists.domain.tld] [session
89807883315181] [client 123.456.789.010] [user address@concealed]
main::check_action_parameters() authorization failed, insufficient privileges
Mar  6 22:17:15 hostname wwsympa[5277]: err [robot lists.domain.tld] [session
89807883315181] [client 123.456.789.010] [user address@concealed]
missing required parameters for action 'serveradmin'
Mar  6 22:17:19 hostname sympa[5244]: notice main::DoFile() Processing /var/
address@concealed ; sender: SYMPA
<address@concealed>  ; message-id:
Mar  6 22:17:19 hostname sympa[5244]: info main::DoSendMessage() Processing
web message for address@concealed
Mar  6 22:17:20 hostname sympa[5244]: info main::DoSendMessage() Message for
address@concealed sent
Mar  6 22:17:21 hostname wwsympa[5277]: err Ldap::load() Required field not
found : filter
Mar  6 22:17:21 hostname wwsympa[5277]: err Ldap::load() Required field not
found : suffix
Mar  6 22:17:21 hostname wwsympa[5277]: err Ldap::load() Required field not
found : host
Mar  6 22:17:21 hostname wwsympa[5277]: info Scenario::request_action() error
in search(create_list.ldap),md5,do_it
Mar  6 22:17:21 hostname wwsympa[5277]: info Scenario::request_action() Error
in  scenario, in list
Mar  6 22:17:21 hostname wwsympa[5277]: info [robot lists.domain.tld] [session
85810371363739] [client 123.456.789.010] [user address@concealed]
main::do_logout() do_logout(address@concealed)
Mar  6 22:17:21 hostname wwsympa[5277]: info [robot lists.domain.tld] [session
85810371363739] [client 123.456.789.010] main::do_logout() do_logout: logout
performed
Mar  6 22:17:21 hostname wwsympa[5277]: err Ldap::load() Required field not
found : filter
Mar  6 22:17:21 hostname wwsympa[5277]: err Ldap::load() Required field not
found : suffix
Mar  6 22:17:21 hostname wwsympa[5277]: err Ldap::load() Required field not
found : host
Mar  6 22:17:21 hostname wwsympa[5277]: info Scenario::request_action() error
in search(create_list.ldap),md5,do_it
Mar  6 22:17:21 hostname wwsympa[5277]: info Scenario::request_action() Error
in  scenario, in list
Mar  6 22:17:22 hostname wwsympa[5277]: info [robot lists.domain.tld] [session
85810371363739] [client 123.456.789.010] main::do_home() do_home
Mar  6 22:17:25 hostname sympa[5244]: notice main::DoFile() Processing /var/
address@concealed ; sender: SYMPA
<address@concealed>  ; message-id:
Mar  6 22:17:25 hostname sympa[5244]: info main::DoSendMessage() Processing
web message for address@concealed
Mar  6 22:17:26 hostname sympa[5244]: info main::DoSendMessage() Message for
address@concealed sent
Mar  6 22:17:26 hostname sympa[5244]: notice main::DoFile() Processing /var/
address@concealed ; sender: SYMPA
<address@concealed>  ; message-id:
Mar  6 22:17:26 hostname sympa[5244]: info main::DoSendMessage() Processing
web message for address@concealed
Mar  6 22:17:26 hostname sympa[5244]: info main::DoSendMessage() Message for
address@concealed sent
Mar  6 22:18:01 hostname bounced[5265]: notice bounced exited normally due to
signal
Mar  6 22:18:03 hostname archived[5257]: notice archived exited normally due
to signal
Mar  6 22:18:03 hostname bulk[5250]: notice main::sigterm() signal TERM
received, still processing current task
Mar  6 22:18:03 hostname bulk[5250]: notice bulk.pl exited normally due to
signal
Mar  6 22:18:03 hostname sympa[5244]: notice main::sigterm() signal TERM
received, still processing current task
Mar  6 22:18:03 hostname sympa[5244]: notice Sympa exited normally due to
signal
Mar  6 22:18:03 hostname task_manager[5271]: notice task_manager exited
normally due to signal

Any ideas about what I'm missing??

--
David Verdin
Comité réseau des universités

Due to the limitations of human brain, I fail to remember all the mails.
So if you want your bug reports or feature requests for Sympa to be processed, please post them to the Sympa tracker

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[sympa-users] Scenario allowing AD (LDAP) group to create lists, remo.delbello, 03/07/2011
- Re: [sympa-users] Scenario allowing AD (LDAP) group to create lists, David Verdin, 03/16/2011
- <Possible follow-up(s)>
- Re: [sympa-users] Scenario allowing AD (LDAP) group to create lists, Remo Del Bello, 03/08/2011

List archive

Re: [sympa-users] Scenario allowing AD (LDAP) group to create lists