The mailing list for listmasters using Sympa

[David Carter <address@concealed>]

The following:

  https://sympa-community.github.io/manual/customize/data-sources.html

documents a way of using a Microsoft Active Directory LDAP server as a 
data source, thanks to Steve Shipway.

This works nicely, but is rather inefficient as you have to run a 
separate LDAP query for each member of the list in order to convert each 
member DN into an email address. I'm not sure what happens if you try to 
construct an "all-staff" or "all-students" lists in this way.

A bit of trial and error reveals that a ldapsearch query of the 
following form work in a single pass:

ldapsearch -H ldaps://ldaps.blue.cam.ac.uk \
  -x -D address@concealed -W -b dc=blue,dc=cam,dc=ac,dc=uk \
  
"(&(objectClass=person)(memberOf=CN=UIS-Hermes.Migration-access,OU=Groups,OU=UIS,OU=Inst,DC=blue,DC=cam,DC=ac,DC=uk))" 
\
  -s sub mail
Enter LDAP Password:
...
mail: address@concealed
...

However you need to know the full DN of the Active Directory group in 
order for this to work.

I can also convert an AD groupname (CN=UIS-Hermes.Migration-access) into 
a full LDAP DN using a single LDAP query:

ldapsearch -x -W -H ldaps://blue.cam.ac.uk \
  -D address@concealed -b DC=blue,DC=cam,DC=ac,DC=uk \
  "(&(CN=UIS-Hermes.Migration-access)(objectClass=group))" DN
Enter LDAP Password:
...
dn: 
CN=UIS-Hermes.Migration-access,OU=Groups,OU=UIS,OU=Inst,DC=blue,DC=cam,DC=ac.uk
..

(my AD admins tell me that the CN part is guaranteed to be unique, at 
least in our environment.)

However I don't seem to be able to turn this into a 
include_ldap_2level_query in order to convert a simple group name of the 
form "UIS-Hermes.Migration-access" into a list of email addresses. I 
don't suppose anyone else has had any luck achieving this?

We can obviously use the full DNs of the group in a single level 
include_ldap_query, they are just rather verbose and unwieldy.

Thanks,
David