The mailing list for listmasters using Sympa

[Steve Shipway <address@concealed>]

> >> the inclusion of members from LDAP query is not working anymore.
> >
> > Under v6.2, certificates are now verified, and the connection can fail
> > if they do not pass.  This tests not just expiry but also the
> > authorisation chain.  If your LDAP server uses a self-signed cert (as
> > ours does) you will need to remove the verify option:
> >
> >   ca_verify none
> >
>
> How do one set the "ca_verify" for a member include?
> Maybe I am missing something obvious but I cant find where to configure it.
> Its not a valid keyword in sympa.conf or in the list config file.

I've just checked with 6.2.9 here and this does seem to be the case.  Logs 
show that the LDAP include is failing to make the connection even with 
'ca_verify none' and the web interface doesn't seem to allow this to be set. 
Not sure why I had thought this was working previously, though (as you said) 
it *does* work in the auth.conf

Strangely, if using a .incl datasource where the .incl file uses LDAP and 
this 
option, there is not an error message in the web interface, but one appears 
about ca_verify in the log file.  It still doesn't work, though.

This would seem to be a bit of a problem that needs to be fixed :).   I don't 
have time to delve into the code myself though...

Steve

Steve Shipway
T: +64 9 3737 599 ext 86487
E: address@concealed

Attachment: smime.p7s
Description: S/MIME cryptographic signature