Subject: The mailing list for listmasters using Sympa
List archive
Re: [sympa-users] Strange things on LDAP quaries...
- From: Steve Shipway <address@concealed>
- To: Marco Gaiarin <address@concealed>, "Steve Shipway (via sympa-users Mailing List)" <address@concealed>
- Subject: Re: [sympa-users] Strange things on LDAP quaries...
- Date: Tue, 30 Aug 2016 09:31:16 +1200
|
From your logs, it seems that the LDAP library is rejecting the TLS mode you are specifying ('tls'). The LDAP manual tells me that it should be 'tlsv1' or 'tlsv1_2'. However, it also appears that Sympa is disallowing 'tlsv1' as an option to the 'ssl_version' directive, and only wants 'tls'. Checking the code for Sympa 6.2.16, it definitely supports 'tlsv1'. I think you probably have an older 6.1.x or 6.0.x version of Sympa, which doesn't correctly handle the tls option any more? If this is the case, then you have 2 options -- either upgrade Sympa, or patch the code (in lib/Conf.pm under 6.2 but probably elsewhere in 6.1) to allow 'tlsv1' as an option to the ssl_version directive. Steve On 30/08/16 01:01, Marco Gaiarin wrote:
Mandi! "Steve Shipway" (via sympa-users Mailing List) In chel di` si favelave... So, the problem is that the new LDAP does not support the same (less secure) list of protocols as the old one. Exactly. Sympa should have caught this more gracefully, but the problem is with your ssl_version tls The correct setting would be ssl_version tlsv1 This should fix things. Ahem, no. ;( a) there's no way to set 'ssl_version tlsv1' in web interface (only available options: sslv2, sslv3, tls); b) if i set it manually in list 'config', and increment the serial, nothing changed (and in web interface there's still sslv3). And obviously sync of the user fail. Thanks. --
Steve Shipway | Senior
Email Systems Administrator
|
begin:vcard fn:Steve Shipway n:Shipway;Steve org:SMX Ltd adr:;;Level 15, 19 Victoria Street West;Auckland;;1001;New Zealand email;internet:address@concealed title:Snr Email Systems Administrator tel;work: +64 9 302 0515 tel;fax:+64 9 302 0518 tel;cell:+64 21 753 189 url:http://smxemail.com/ version:2.1 end:vcard
Attachment:
signature.asc
Description: OpenPGP digital signature
-
[sympa-users] Strange things on LDAP quaries...,
Marco Gaiarin, 08/24/2016
- <Possible follow-up(s)>
-
[sympa-users] Strange things on LDAP quaries...,
Marco Gaiarin, 08/24/2016
-
Re: [sympa-users] Strange things on LDAP quaries...,
Steve Shipway, 08/24/2016
-
Message not available
- AW: [sympa-users] Strange things on LDAP quaries..., Lorenz, Sabine (SCC), 08/25/2016
-
Message not available
-
Re: [sympa-users] Strange things on LDAP quaries...,
Marco Gaiarin, 08/25/2016
-
Re: [sympa-users] Strange things on LDAP quaries...,
Steve Shipway, 08/25/2016
-
Re: [sympa-users] Strange things on LDAP quaries...,
Marco Gaiarin, 08/29/2016
-
Re: [sympa-users] Strange things on LDAP quaries...,
Steve Shipway, 08/29/2016
- Re: [sympa-users] Strange things on LDAP quaries..., Marco Gaiarin, 08/30/2016
- Re: [sympa-users] Strange things on LDAP quaries..., IKEDA Soji, 08/31/2016
-
Re: [sympa-users] Strange things on LDAP quaries...,
Steve Shipway, 08/29/2016
-
Re: [sympa-users] Strange things on LDAP quaries...,
Marco Gaiarin, 08/29/2016
-
Re: [sympa-users] Strange things on LDAP quaries...,
Steve Shipway, 08/25/2016
-
Re: [sympa-users] Strange things on LDAP quaries...,
Steve Shipway, 08/24/2016
Archive powered by MHonArc 2.6.19+.