Skip to Content.
Sympa Menu

en - Re: [sympa-users] Authenticating with different LDAP suffix

Subject: The mailing list for listmasters using Sympa

List archive

Re: [sympa-users] Authenticating with different LDAP suffix

Chronological Thread  
    < Chronological >       < Thread >
  • From: Steve Shipway <address@concealed>
  • To: address@concealed
  • Subject: Re: [sympa-users] Authenticating with different LDAP suffix
  • Date: Thu, 17 Jan 2019 16:21:27 +1300
Since you have 'scope sub', you could just set the suffix to 'dc=my,dc=net' and let Sympa work recursively; however this would also include ou=cleaners as well (if it exists...).   If you have groups defined in your organisation, and these are visible in the inetOrgPerson objects, then you could filter by group in the filter instead.

e.g.

ldap
  host ldap.my.net
  suffix  dc=my,dc=net
  scope  sub
  get_dn_by_email_filter  (&(mail=[sender])(objectClass=inetOrgPerson)(|(memberOf=sales)(memberOf=marketing)))

Another option is to have multiple authentication methods, each using a different OU.  Don't forget to leave a blank line between them.

e.g.

ldap
  host ldap.my.net
  suffix  ou=sales,dc=my,dc=net
  scope  one
  get_dn_by_email_filter  (&(mail=[sender])(objectClass=inetOrgPerson))

ldap
  host ldap.my.net
  suffix  ou=marketing,dc=my,dc=net
  scope  one
  get_dn_by_email_filter  (&(mail=[sender])(objectClass=inetOrgPerson))

Note that I've omitted the common lines for clarity


Steve


On Wed, 2019-01-02 at 12:15 -0600, dee heffem wrote:
Hello,
I have defined one LDAP server for authentication. I would like to add a
second OU to include (ou=marketing,dc=my,dc=net) for users to login to
the Sympa web interface.

I have tried duplicating the LDAP paragraph below in
`/etc/sympa/auth.conf` with only changing the `suffix` however I am not
able to authenticate users in the web interface this way. Is there
something I am missing?

Thank you


ldap
  host                       ldap.my.net
  timeout                    200
  use_ssl                    1
  ssl_ciphers                MEDIUM:HIGH
  suffix                     ou=sales,dc=my,dc=net

  get_dn_by_email_filter     (&(mail=[sender])(objectClass=inetOrgPerson))

  email_attribute            mail
  scope                      sub
--
Steve Shipway | Senior Email Systems Administrator 
Phone: +64 9 302 0515 Fax: +64 9 302 0518 
Freephone: 0800 SMX SMX (769 769) 
SMX Limited: Level 10, 19 Victoria Street West, Auckland, New Zealand 
Web: http://smxemail.com 

This email has been filtered by SMX. For more information visit smxemail.com.

Archive powered by MHonArc 2.6.19+.

Top of Page