The mailing list for listmasters using Sympa

[Gerard Ranke <address@concealed>]

On 08-08-2020 17:16, Sebastian Wagner wrote:
> Dear sympa community,
> 
> after a sympa upgrade to 6.2.16 (from 6.1.23~dfsg-2+deb8u3 I think) as
> part of a distribution upgrade (debian jessie to stretch), the LDAP
> authentication in the webinterface does not work anymore. I am sure that
> the password is correct and there have been no changes at the LDAP server.
> 
> The logs with -d parameter show for the failed login:
> 
>> Aug  8 16:17:28 mail1207 wwsympa[1509]: info main::do_login(sebastian)
> [robot fstph.at] [session 52702446127302] [client 10.20.30.3]
>> Aug  8 16:17:28 mail1207 wwsympa[1509]: err main::#1663 >
> main::do_login#3406 > Sympa::Auth::check_auth#81 Incorrect LDAP password
>> Aug  8 16:17:28 mail1207 wwsympa[1509]: notice main::do_login()
> Authentication failed
>> Aug  8 16:17:28 mail1207 wwsympa[1509]: info
> main::do_renewpasswd(sebastian) [robot fstph.at] [session
> 52702446127302] [client 10.20.30.3]
>> Aug  8 16:17:28 mail1207 wwsympa[1509]: info main::do_renewpasswd()
> [robot fstph.at] [session 52702446127302] [client 10.20.30.3] Incorrect
> email "sebastian"
> 
> While the webinterface says:
> 
>> ERROR () - Provided password is incorrect
>> ERROR (renewpasswd) - Address "sebastian" is incorrect
> 
> /etc/sympa/auth.conf:
> 
>> ldap
>>    email_attribute mail
>>    get_dn_by_email_filter (|(mail=[sender])(mailalternateaddress=[sender]))
>>    get_dn_by_uid_filter (uid=[sender])
>>    host ldap:389
>>    regexp fstph\.at
>>    suffix dc=fstph,dc=at
>>    timeout 30
>>    scope sub
>>

If you use 'sebastian' to login, I would only enable the
get_dn_by_uid_filter and remove the get_dn_by_email_filter, and vice
versa in case you use your email.
Best,

gerard