Subject: The mailing list for listmasters using Sympa
List archive
- From: "Stefan Hornburg (Racke)" <address@concealed>
- To: address@concealed
- Subject: Re: [sympa-users] LDAP useing startTLS or SSL
- Date: Sat, 7 Aug 2021 08:26:02 +0200
On 04/08/2021 23:01, Warren G Anderson wrote:
Hi,
We have a sympa 6.1.23 instance for which we use LDAP to do the following:
1) subscriber data sources for lists via the list configs
2) moderator data sources using .incl files in /etc/sympa/data_sources
3) scenarios using search filters in /etc/sympa/search_filters
For the first two, we can use TLS to secure the LDAP binds using the
configuration syntax:
use_ssl yes
ssl_version tlsv1
For the search filters, we have not been able to figure out how to do a bind
over TLS. An example of a search_filter file we are using is:
host ldap.example.org:389
suffix ou=people,dc=example,dc=org
filter (&(|(mail = [sender])(mailAlternateAddress =
[sender])(mailForwardingAddress = [sender]))(isMemberOf=GroupOfExampleOrgUsers))
scope sub
The obvious thing to try was to switch the port to 636 in the host line in
hopes that that would use SSL, but the bind failed. Adding the config
lines|use_ssl yes| and|ssl_version tlsv1| also did not result in a
successful bind. We cannot find in the docs an example of a search_filter
that uses TLS for LDAP binds. Is it possible?
Warren
Warren G Anderson, Ph.D.
Leonard E Parker Center for Gravitation, Cosmology and Astrophysics
Hello Warren,
in current Sympa versions the search filter is loaded by the
_load_ldap_configuration function in Sympa::Scenario.
There you find valid and required options for the search_filter file:
my @valid_options = qw(host suffix filter scope bind_dn bind_password
use_tls ssl_version ssl_ciphers ssl_cert ssl_key
ca_verify ca_path ca_file);
my @required_options = qw(host suffix filter);
Check your Sympa source code about the available options.
If you need help to upgrade to a more modern version of Sympa, let me know
:-).
Regards
Racke
--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration.
-
[sympa-users] LDAP useing startTLS or SSL,
Warren G Anderson, 08/04/2021
- Re: [sympa-users] LDAP useing startTLS or SSL, Stefan Hornburg (Racke), 08/07/2021
Archive powered by MHonArc 2.6.19+.