The mailing list for listmasters using Sympa

[Riccardo Veraldi <address@concealed>]

Problem resolved. It was due to lack of X509 LDAP server verification.
I added the proper sympa capath configuration to verify the LDAP server 
certificate and everything worked.

Rick


On 31/10/15 09:08, Riccardo Veraldi wrote:
> Hello,
> I migrated from sympa 6.1.7 to sympa 6.2.9
>
> the inclusion of members from LDAP query is not working anymore.
> The list configuration looks correct.
> The same query was working without problems on 6.1.7
>
> I cannot understand what's wrong since all parameter are present and 
> validated.
>
> here is the LDAP configuration working perfecttly on 6.1.7
>
> include_ldap_query
> attrs mail
> ssl_ciphers ALL
> filter L=cnaf
> name AAI
> host ds2.domain.com
> use_ssl yes
> passwd 328acd9f-cda9-4325-99e6-c998e29decce
> timeout 30
> suffix ou=people,dc=domain,dc=com
> user cn=lists.domain.com,ou=Services,dc=domain,dc=com
> ssl_version tlsv1
> scope sub
> select all
>
>
> The list inclusion fails and sympa send this message
>
> Failed to inlude members for list 'listname'
>
> there is a typo in the message SUBJECT "inlude" instead of "include". 
> this typo is propagated by email to listmasters and owners.
>
> anyway LDAP fails and here is the sympa log
>
>
> Oct 31 09:00:44 lists wwsympa[8700]: info main::do_edit_list() [robot 
> lists.domain.com] [session 43115630312056] [client 31.177.41.8] [user 
> address@concealed] [list ldap-test]
> Oct 31 09:00:45 lists wwsympa[8700]: notice 
> Sympa::List::on_the_fly_sync_include() Synchronizing list members...
> Oct 31 09:00:45 lists wwsympa[8700]: err main::#1635 > 
> main::do_edit_list#12542 > Sympa::List::on_the_fly_sync_include#8268 > 
> Sympa::List::sync_include#7963 > 
> Sympa::List::_load_list_members_from_include#7213 > 
> Sympa::List::_include_users_ldap#6484 > Sympa::Database::connect#151 > 
> (eval)#151 > Sympa::DatabaseDriver::LDAP::_connect#118 Unable to 
> connect to the LDAP server ldaps://ds2.domain.com
> Oct 31 09:00:45 lists wwsympa[8700]: err main::#1635 > 
> main::do_edit_list#12542 > Sympa::List::on_the_fly_sync_include#8268 > 
> Sympa::List::sync_include#7963 > 
> Sympa::List::_load_list_members_from_include#7213 > 
> Sympa::List::_include_users_ldap#6484 > Sympa::Database::connect#155 
> Can't connect to Database Sympa::DatabaseDriver::LDAP 
> <bind_dn=cn=lists.domain.com,ou=Services,dc=infn,dc=it;ca_file=/home/sympa/default/INFN-CA.pem;host=ldaps://ds2.domain.com;ssl_ciphers=ALL;ssl_version=tlsv1>
> Oct 31 09:00:45 lists wwsympa[8700]: err main::#1635 > 
> main::do_edit_list#12542 > Sympa::List::on_the_fly_sync_include#8268 > 
> Sympa::List::sync_include#7963 > 
> Sympa::List::_load_list_members_from_include#7213 > 
> Sympa::List::_include_users_ldap#6485 Unable to connect to the LDAP 
> server "ds2.domain.com"
>
>
> but this makes no sense because I can connect form the sympa host to 
> ds2.domain.com without problems even using ldapsearch or with a simple 
> perl script like this and it works
> and I get the attributes I need.
>
> #!/usr/bin/env perl
>     use strict;
>     use warnings;
>
>     use Net::LDAP;
>     my $server = "ds2.domain.com";
>     my $ldap = Net::LDAP->new( $server ) or die $@;
>     $ldap->bind;
>
>     my $result = $ldap->search(
>         base   => "ou=people,dc=domain,dc=com",
>         filter => "(L=cnaf)",
>     );
>
>     die $result->error if $result->code;
>
>     printf "COUNT: %s\n", $result->count;
>
>     foreach my $entry ($result->entries) {
>         $entry->dump;
>     }
>     print "===============================================\n";
>
>     $ldap->unbind;
>
>
>
>
> anyone has a hint ?
>
> thank you
>
>
> Rick