The mailing list for listmasters using Sympa

["stefano.antonelli@cnaf" <address@concealed>]

Dear All,

we are testing a virtual host configuration on CentOS 7 with rpm Sympa 
6.2.33b.1

I'm trying to configure CAS/LDAP authentication using, at the moment, 
one auth.conf file for every virtual domain in /etc/sympa/auth.conf

But we are missing the "CAS" button (AAI-INFN friendly name) for the 
authentication from the header; we managed to do it some releases ago 
but, at the moment, I'm unable to understand where I'm wrong (screenshot 
attached).

thank you
cheers
stefano

############################
auth.conf file:

## Here is the default auth.conf
## It defines the authentication backends used by Sympa

#generic_sso
#        service_name       InQueue Federation
#        service_id         inqueue
#        http_header_prefix HTTP_SHIB
#        email_http_header  HTTP_SHIB_EMAIL_ADDRESS

cas
        base_url                        https://ourcas.ourdomain.it/cas
#       auth_service_friendly_name      Your authentication Server
        auth_service_name               AAI
        auth_service_friendly_name      AAI-INFN
        ldap_host                       ourldap.ourdomain.it:636
        ldap_get_email_by_uid_filter    (uid=[uid])
        ldap_timeout                    7
        ldap_suffix                     ou=People,dc=domain,dc=it
#       ldap_scope                      sub
        ldap_email_attribute            mail
        logout_path                     /logout
        scope                           sub
        use_tls                         ldaps
        ca_verify                       required
        ca_file                         /etc/pki/tls/certs/chain_of 
_CAs.crt
        non_blocking_redirection        off

#ldap
#        host                            ourldap.ourdomain.it:636
#        timeout                         20
#       bind_dn                         cn=daemon,dc=local,dc=domain,dc=it
#       bind_password                   *************************
#        suffix                          ou=People,dc=domain,dc=it
#        get_dn_by_uid_filter            (uid=[sender])
#        get_dn_by_email_filter 
(|(mail=[sender])(mailAlternateAddress=[sender]))
#        email_attribute                 mail
#        alternative_email_attribute     mailAlternateAddress
#        scope                           sub
##      use_ssl                         1
#        use_tls                         ldaps
##        ssl_version                     tlsv1_2
#        ca_verify                       required
#        ca_file                         /etc/pki/tls/certs/chain_of_CAs.crt

##ldap
##        host 
ldap1.yourdomain:392,ldap2.yourdomain:392
##        timeout                         20
##        suffix                          dc=yourOrg,dc=fr
##        get_dn_by_uid_filter            (uid=[sender])
##        get_dn_by_email_filter          (mail=[sender])
##        email_attribute                 mail
##        scope                           sub

user_table
        regexp                 .*

Attachment: Screenshot from 2018-05-17 09-13-19.png
Description: PNG image