The mailing list for listmasters using Sympa

["Stefan Hornburg (Racke)" <address@concealed>]

On 2/12/21 3:41 PM, Silvers, Tim wrote:
> Apologies for the delay. Here is the auth.conf, with custom values redacted 
> “<>” accordingly.
> 
>  
> 
> ## Here is the default auth.conf
> 
> ## It defines the authentication backends used by Sympa
> 
>  
> 
> #generic_sso
> 
> #        service_name       InQueue Federation
> 
> #        service_id         inqueue
> 
> #        http_header_prefix HTTP_SHIB
> 
> #        email_http_header  HTTP_SHIB_EMAIL_ADDRESS
> 
>  
> 
> cas
> 
>         base_url                        https://<snip>/cas
> 
>         auth_service_friendly_name      <name>
> 
>         auth_service_name               <name>
> 
>         ldap_host                       <ldap_host>
> 
>         ldap_get_email_by_uid_filter    (cn=[uid])
> 
>         ldap_bind_dn                    <CN>
> 
>         ldap_bind_password              <password>
> 
>         ldap_timeout                    10
> 
>         ldap_suffix                     <suffic>
> 
>         ldap_scope                      one
> 
>         ldap_email_attribute            mail
> 
>         use_tls                         ldaps
> 
>  
> 
> #ldap
> 
> #        host                            
> ldap1.yourdomain:392,ldap2.yourdomain:392
> 
> #        timeout                         20
> 
> #        suffix                          dc=yourOrg,dc=fr
> 
> #        get_dn_by_uid_filter            (uid=[sender])
> 
> #        get_dn_by_email_filter          (mail=[sender])
> 
> #        email_attribute                 mail
> 
> #        scope                           sub
> 
>  
> 
>  
> 
> user_table
> 
>         regexp                 .*
> 
> * *
> 
> Tim
> 

Hello Tim,

I found by looking at the template for the user preferences 
(default/web_tt2/pref.tt2) that the password
is indeed hidden:

   [% UNLESS use_sso %]
        <h4>[%|loc%]Changing your password[%END%]</h4>

        <form action="[% path_cgi %]" method="post">
            <fieldset>
                <label for="newpasswd1">[%|loc%]New password:[%END%]  </label>
                <input type="password" name="newpasswd1" id="newpasswd1" 
size="25" />
                <label for="newpasswd2">[%|loc%]Re-enter your new 
password:[%END%]  </label>
                <input type="password" name="newpasswd2" id="newpasswd2" 
size="25" />
                <input class="MainMenuLinks" type="submit" 
name="action_setpasswd" value="[%|loc%]Submit[%END%]" />
            </fieldset>
        </form>
    [% END %]

Regardless of the fact that the "local" user is not logged in by SSO.
This looks like a bug to me.

Regards
         Racke

>  
> 
>  
> 
> *From: *<address@concealed> on behalf of "Stefan 
> Hornburg (Racke)" <address@concealed>
> *Reply-To: *"Stefan Hornburg (Racke)" <address@concealed>
> *Date: *Monday, February 8, 2021 at 10:45 AM
> *To: *<address@concealed>
> *Subject: *Re: [sympa-users] [External] Re: Change local login password
> 
>  
> 
> On 2/8/21 3:38 PM, Silvers, Tim wrote:
> 
>     The User Preferences documentation states there is a means to change 
> the local login password under ‘My preferences’
> 
>     that we don’t see. I looked at edit_list.conf but I don’t see an option 
> that seems to match. I thought it might be
> 
>     ‘account’ but changing it from ‘hidden’ had no effect.**
> 
>      
> 
>     * *
> 
>      
> 
>     Tim
> 
>      
> 
>  
> 
> Hello Tim,
> 
>  
> 
> how does your auth.conf looks like (with private / sensitive information 
> redacted ?
> 
>  
> 
> Regards
> 
>           Racke
> 
>  
> 
>      
> 
>      
> 
>      
> 
>      
> 
>     *From: *<address@concealed 
> <mailto:address@concealed>> on behalf of
>     Undisclosed Recipients <address@concealed <mailto:address@concealed>>
> 
>     *Reply-To: *Undisclosed Recipients <address@concealed 
> <mailto:address@concealed>>
> 
>     *Date: *Thursday, February 4, 2021 at 5:12 AM
> 
>     *To: *"Stefan Hornburg (Racke)" <address@concealed 
> <mailto:address@concealed>>, "address@concealed
>     <mailto:address@concealed>" <address@concealed 
> <mailto:address@concealed>>
> 
>     *Subject: *Re: [sympa-users] [External] Re: Change local login password
> 
>      
> 
>      
> 
>      
> 
>     Racke,
> 
>      
> 
>      
> 
>      
> 
>     We provide SSO/LDAP for our university users and a local login option 
> for others. Sympa then saves these local logins
> 
>     (email address, password, last login date, etc.) in the database. So, 
> they use the ‘First Login?’ option to create a
> 
>     password with Sympa. A link is mailed to them and they click it to 
> provide a password for their email address. However,
> 
>     as I mentioned, I don’t see a means for a user to change it; nothing 
> under the ‘My preferences’ menu or elsewhere and
> 
>     nothing mentioned in the Sympa online documentation. So, I’d like to 
> know if I’m missing it or is the ‘Lost password?’
> 
>     option a user would choose to reset a local password?
> 
>      
> 
>     * *
> 
>      
> 
>     * *
> 
>      
> 
>     Thanks,
> 
>      
> 
>      
> 
>      
> 
>     Tim
> 
>      
> 
>      
> 
>      
> 
>     *From: *<address@concealed 
> <mailto:address@concealed>> on behalf of "Stefan
>     Hornburg (Racke)" <address@concealed <mailto:address@concealed>>
> 
>     *Reply-To: *"Stefan Hornburg (Racke)" <address@concealed 
> <mailto:address@concealed>>
> 
>     *Date: *Thursday, February 4, 2021 at 1:32 AM
> 
>     *To: *"address@concealed 
> <mailto:address@concealed>" <address@concealed
>     <mailto:address@concealed>>
> 
>     *Subject: *[External] Re: [sympa-users] Change local login password
> 
>      
> 
>      
> 
>      
> 
>     On 2/3/21 8:37 PM, Silvers, Tim wrote:
> 
>      
> 
>          Hi. We are running version 6.2.60 and there doesn’t appear to be 
> an option for users logging in locally to
>     change their
> 
>      
> 
>          passwords. There isn’t an option under ‘My preferences’ and I 
> don’t see anything in the FAQs or Documentation
>     regarding
> 
>      
> 
>          changing passwords for local logins. Is the only alternative to 
> select ‘Lost password?’ and choose a new one?
> 
>      
> 
>      
> 
>      
> 
>      
> 
>      
> 
>      
> 
>      
> 
>     Hello Tim,
> 
>      
> 
>      
> 
>      
> 
>     what do you mean with "local logins"? How did your configure the web 
> authentication for your Sympa instance?
> 
>      
> 
>      
> 
>      
> 
>     Regards
> 
>      
> 
>             Racke
> 
>      
> 
>      
> 
>      
> 
>      
> 
>      
> 
>          Thanks,
> 
>      
> 
>      
> 
>      
> 
>      
> 
>      
> 
>      
> 
>      
> 
>          Tim
> 
>      
> 
>      
> 
>      
> 
>      
> 
>      
> 
>      
> 
>      
> 
>      
> 
>      
> 
>      
> 
>      
> 
>     -- 
> 
>      
> 
>     Ecommerce and Linux consulting + Perl and web application programming.
> 
>      
> 
>     Debian and Sympa administration. Provisioning with Ansible.
> 
>      
> 
>      
> 
>      
> 
>      
> 
>      
> 
>  
> 
>  
> 
> -- 
> 
> Ecommerce and Linux consulting + Perl and web application programming.
> 
> Debian and Sympa administration. Provisioning with Ansible.
> 
>  
> 
>  
> 


-- 
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.

Attachment: OpenPGP_signature
Description: OpenPGP digital signature