The mailing list for listmasters using Sympa

[Gerard Ranke <address@concealed>]

On 03-10-2020 17:51, Sebastian Wagner wrote:
> Dear Gerard,
> 
> I also tried it with the IP address, but the login seems to not trigger
> any LDAP connection. I used wireshark to get more insight in that and
> there - while I see LDAP traffic for other activity from this host - I
> have none with the username I'm using for the login. I tried both the
> login with username (receiving the 'Incorrect email "testuser94"' error)
> and with emailadress (receiving 'Incorrect password for user
> address@concealed').
> 
> I have no idea how I could get the interface working again, except for
> doing a completely new setup. So any hints (also on further analysis)
> are appreciated.
> 
> best regards
> Sebastian
> 
> On 8/17/20 10:01 AM, Gerard Ranke (via sympa-users Mailing List) wrote:
>> On 15-08-2020 22:13, Sebastian Wagner wrote:
>>> Dear Gerard,
>>>
>>> On 8/8/20 5:36 PM, Gerard Ranke (via sympa-users Mailing List) wrote:
>>>> If you use 'sebastian' to login, I would only enable the
>>>> get_dn_by_uid_filter and remove the get_dn_by_email_filter, and vice
>>>> versa in case you use your email.
>>> Thank you for your suggestion, however I wasn't successful, I get the
>>> same errors in both cases.
>>>
>>> But I found out that the LDAP server does not receive any query at all
>>> (other queries get logged). Using ldapsearch from the host works - and
>>> the query gets logged as well. Therefore I suspect that sympa never
>>> (successfully) connects to the LDAP server at all.
>>>
>> Hi Sebastian,
>>
>> I took another look at your auth.conf, and I noticed:
>>
>> host ldap:389
>>
>> Could you try with the ip-address of the ldap server instead of ldap?
>> Best,
>>
>> gerard
> 

Hi Sebastian,

So, if your ldap server doesn't register any connection from your sympa
host, I would first make sure basic networking is ok. To start with the
really basic:

1) try to ping your ldap server from your sympa host. If fi pinging the
ip address works, but your ldap servers fqdn doesn't,  you might have
dns troubles. If pinging outright doesn't work, you might have routing
problems.
2) From your sympa host, try to: telnet <your ldapserver> 389
If that doesn't work, make sure the ldapserver is up and listening on
the right ports. There also might be firewalls in the way.
3) From your sympa host, try: openssl s_client -connect -CApath <path to
your ca certs dir> <your ldapserver>:636
to see if all certificate are in order
4 Finally, from your sympa host, try to do a basic ldapsearch on the
ldapserver, and if that works, try the searchfilter that your sympa
install uses.
Good hunting!

gerard

Attachment: signature.asc
Description: OpenPGP digital signature