Skip to Content.
Sympa Menu

en - Re: [sympa-users] LDAP members inclusion not working on sympa 6.2.9

Subject: The mailing list for listmasters using Sympa

List archive

Chronological Thread  
  • From: Riccardo Veraldi <address@concealed>
  • To: "address@concealed" <address@concealed>
  • Subject: Re: [sympa-users] LDAP members inclusion not working on sympa 6.2.9
  • Date: Sat, 31 Oct 2015 22:11:31 +0100

Problem resolved. It was due to lack of X509 LDAP server verification.
I added the proper sympa capath configuration to verify the LDAP server certificate and everything worked.

Rick


On 31/10/15 09:08, Riccardo Veraldi wrote:
Hello,
I migrated from sympa 6.1.7 to sympa 6.2.9

the inclusion of members from LDAP query is not working anymore.
The list configuration looks correct.
The same query was working without problems on 6.1.7

I cannot understand what's wrong since all parameter are present and validated.

here is the LDAP configuration working perfecttly on 6.1.7

include_ldap_query
attrs mail
ssl_ciphers ALL
filter L=cnaf
name AAI
host ds2.domain.com
use_ssl yes
passwd 328acd9f-cda9-4325-99e6-c998e29decce
timeout 30
suffix ou=people,dc=domain,dc=com
user cn=lists.domain.com,ou=Services,dc=domain,dc=com
ssl_version tlsv1
scope sub
select all


The list inclusion fails and sympa send this message

Failed to inlude members for list 'listname'

there is a typo in the message SUBJECT "inlude" instead of "include". this typo is propagated by email to listmasters and owners.

anyway LDAP fails and here is the sympa log


Oct 31 09:00:44 lists wwsympa[8700]: info main::do_edit_list() [robot lists.domain.com] [session 43115630312056] [client 31.177.41.8] [user address@concealed] [list ldap-test]
Oct 31 09:00:45 lists wwsympa[8700]: notice Sympa::List::on_the_fly_sync_include() Synchronizing list members...
Oct 31 09:00:45 lists wwsympa[8700]: err main::#1635 > main::do_edit_list#12542 > Sympa::List::on_the_fly_sync_include#8268 > Sympa::List::sync_include#7963 > Sympa::List::_load_list_members_from_include#7213 > Sympa::List::_include_users_ldap#6484 > Sympa::Database::connect#151 > (eval)#151 > Sympa::DatabaseDriver::LDAP::_connect#118 Unable to connect to the LDAP server ldaps://ds2.domain.com
Oct 31 09:00:45 lists wwsympa[8700]: err main::#1635 > main::do_edit_list#12542 > Sympa::List::on_the_fly_sync_include#8268 > Sympa::List::sync_include#7963 > Sympa::List::_load_list_members_from_include#7213 > Sympa::List::_include_users_ldap#6484 > Sympa::Database::connect#155 Can't connect to Database Sympa::DatabaseDriver::LDAP <bind_dn=cn=lists.domain.com,ou=Services,dc=infn,dc=it;ca_file=/home/sympa/default/INFN-CA.pem;host=ldaps://ds2.domain.com;ssl_ciphers=ALL;ssl_version=tlsv1>
Oct 31 09:00:45 lists wwsympa[8700]: err main::#1635 > main::do_edit_list#12542 > Sympa::List::on_the_fly_sync_include#8268 > Sympa::List::sync_include#7963 > Sympa::List::_load_list_members_from_include#7213 > Sympa::List::_include_users_ldap#6485 Unable to connect to the LDAP server "ds2.domain.com"


but this makes no sense because I can connect form the sympa host to ds2.domain.com without problems even using ldapsearch or with a simple perl script like this and it works
and I get the attributes I need.

#!/usr/bin/env perl
use strict;
use warnings;

use Net::LDAP;
my $server = "ds2.domain.com";
my $ldap = Net::LDAP->new( $server ) or die $@;
$ldap->bind;

my $result = $ldap->search(
base => "ou=people,dc=domain,dc=com",
filter => "(L=cnaf)",
);

die $result->error if $result->code;

printf "COUNT: %s\n", $result->count;

foreach my $entry ($result->entries) {
$entry->dump;
}
print "===============================================\n";

$ldap->unbind;




anyone has a hint ?

thank you


Rick





Archive powered by MHonArc 2.6.19+.

Top of Page