The mailing list for listmasters using Sympa

[Warren G Anderson <address@concealed>]

Hi,

We have a sympa 6.1.23 instance for which we use LDAP to do the following:

1) subscriber data sources for lists via the list configs

2) moderator data sources using .incl files in /etc/sympa/data_sources

3) scenarios using search filters in /etc/sympa/search_filters

For the first two, we can use TLS to secure the LDAP binds using the configuration syntax:

use_ssl yes

ssl_version tlsv1

For the search filters, we have not been able to figure out how to do a bind over TLS. An example of a search_filter file we are using is:

host            ldap.example.org:389

suffix          ou=people,dc=example,dc=org

filter          (&(|(mail = [sender])(mailAlternateAddress = [sender])(mailForwardingAddress = [sender]))(isMemberOf=GroupOfExampleOrgUsers))

scope           sub

The obvious thing to try was to switch the port to 636 in the host line in hopes that that would use SSL, but the bind failed. Adding the config lines use_ssl yes​ and ssl_version tlsv1​ also did not result in a successful bind. We cannot find in the docs an example of a search_filter that uses TLS for LDAP binds. Is it possible?

Warren

Warren G Anderson, Ph.D.

Leonard E Parker Center for Gravitation, Cosmology and Astrophysics