Skip to Content.
Sympa Menu

en - Re: [en@sympa] Issue with LDAP email lookup using generic_sso

Subject: The mailing list for listmasters using Sympa

List archive

Re: [en@sympa] Issue with LDAP email lookup using generic_sso

Chronological Thread  
    < Chronological >       < Thread >
  • From: Olivier Salaün <address@concealed>
  • To: address@concealed
  • Subject: Re: [en@sympa] Issue with LDAP email lookup using generic_sso
  • Date: Thu, 11 May 2023 13:02:07 +0200
Hi Mark,

You forgot to mention your previous and new Sympa versions.

Did you ensure the Sympa server can contact the LDAP server ?

Try telnet authorise.is.ed.ac.uk 636

Looking at <https://www.sympa.community/gpldoc/man/auth.conf.5.html> and <https://github.com/sympa-community/sympa/blob/2312ee726bd2af4e4ee15e4055ddd4eca25bae48/src/lib/Sympa/WWW/Auth.pm#L314> it seems that the email retrieval from LDAP it not performed if internal_email_by_netid conf parameter is enabled. Try disabling internal_email_by_netid

Le 11/05/2023 à 12:32, Mark Cairney a écrit :
Hi,

We're in the process of building a new Sympa server to replace our
existing, old server however the user authentication doesn't appear to
be working as expected.

We've got Cosign authentication set up on the web root which uses the
REMOTE_USER environment variable. After login, if I then hit the 'Sympa
login' button I get the following error:

The Sympa Mailing list service has encountered a problem with your
login. Please contact address@concealed.

Our /etc/sympa/auth.conf is currently:

generic_sso
        service_name                    Random Crap Login
        service_id                      cosign
        http_header_list                REMOTE_USER
        netid_http_header               REMOTE_USER
        ldap_host                       authorise.is.ed.ac.uk:636
        ldap_suffix ou=people,ou=central,dc=authorise,dc=ed,dc=ac,dc=uk
        ldap_scope                      sub
        ldap_get_email_by_uid_filter    (uid=[REMOTE_USER])
        ldap_email_attribute            mail
        ldap_timeout                    20
        ldap_use_tls                    ldaps
        ldap_ssl_version                tlsv1_2
        ldap_ca_verify                  none
        internal_email_by_netid         1
        force_email_verify              1

user_table
        regexp                 .*

Based on our auth.conf config which is largely identical to our previous
server I'd expect Sympa to perform an LDAP query to retrieve the user's
email address but I don't see any hits on our LDAP server.

Is there something obvious I'm missing? This is running on Rocky 8 using
sympa 6.2.70 from RPM

Kind regards,

Mark

P.S. The debug log from Sympa is shown below:


May 11 11:20:37 mlist-dev wwsympa[2540]: debug3 Sympa::search_fullpath()
Name: topics_visibility.noconceal; file
/usr/share/sympa/default/scenari/topics_visibility.noconceal
May 11 11:20:37 mlist-dev wwsympa[2540]: debug2
Sympa::Scenario::authz(Sympa::Scenario
<topics_visibility.noconceal;/usr/share/sympa/default/scenari/topics_visibility.noconceal>,
md5, HASH, ...)
May 11 11:20:37 mlist-dev wwsympa[2540]: debug2
Sympa::Scenario::new(Sympa::Scenario, mlist-dev.is.ed.ac.uk,
topics_visibility, ...)
May 11 11:20:37 mlist-dev wwsympa[2540]: debug3
Sympa::search_fullpath(mlist-dev.is.ed.ac.uk,
topics_visibility.noconceal, subdir)
May 11 11:20:37 mlist-dev wwsympa[2540]: debug3
Sympa::get_search_path(mlist-dev.is.ed.ac.uk, subdir, scenari)
May 11 11:20:37 mlist-dev wwsympa[2540]: debug3 Sympa::search_fullpath()
Name: topics_visibility.noconceal; file
/usr/share/sympa/default/scenari/topics_visibility.noconceal
May 11 11:20:37 mlist-dev wwsympa[2540]: debug2
Sympa::Scenario::authz(Sympa::Scenario
<topics_visibility.noconceal;/usr/share/sympa/default/scenari/topics_visibility.noconceal>,
md5, HASH, ...)
May 11 11:20:37 mlist-dev wwsympa[2540]: info main::do_sso_login(cosign)
[robot mlist-dev.is.ed.ac.uk] [session 27273199795695] [client
192.168.152.33]
May 11 11:20:37 mlist-dev wwsympa[2540]: debug main::do_sso_login()
[robot mlist-dev.is.ed.ac.uk] [session 27273199795695] [client
192.168.152.33] Lookup email internal: cosign
May 11 11:20:37 mlist-dev wwsympa[2540]: debug
Sympa::WWW::Auth::get_email_by_net_id(mlist-dev.is.ed.ac.uk, HASH, HASH)
May 11 11:20:37 mlist-dev wwsympa[2540]: debug
Sympa::Robot::get_netidtoemail_db(mcairney, cosign)
May 11 11:20:37 mlist-dev wwsympa[2540]: debug3
Sympa::Database::do_prepared_query() Will perform query "SELECT
email_netidmap FROM netidmap_table WHERE netid_netidmap = ? and
serviceid_netidmap = ? and robot_netidmap = ?"
May 11 11:20:37 mlist-dev wwsympa[2540]: info main::do_sso_login()
[robot mlist-dev.is.ed.ac.uk] [session 27273199795695] [client
192.168.152.33] Return request email
May 11 11:20:37 mlist-dev wwsympa[2540]: debug2 main::check_param_out()
[robot mlist-dev.is.ed.ac.uk] [session 27273199795695] [client
192.168.152.33]
May 11 11:20:37 mlist-dev wwsympa[2540]: debug Sympa::WWW::Session::store()
May 11 11:20:37 mlist-dev wwsympa[2540]: debug3
Sympa::Database::do_prepared_query() Will perform query "SELECT
id_session FROM session_table WHERE prev_id_session = ?"
May 11 11:20:37 mlist-dev wwsympa[2540]: debug3
Sympa::Database::do_prepared_query() Will perform query "UPDATE
session_table SET date_session = ?, remote_addr_session = ?,
robot_session = ?, email_session = ?, start_date_session = ?,
hit_session = ?, data_session = ? WHERE id_session = ? AND
prev_id_session IS NOT NULL OR prev_id_session = ?"
May 11 11:20:37 mlist-dev wwsympa[2540]: debug
Sympa::WWW::Session::set_cookie(Sympa::WWW::Session, localhost, , 1)
May 11 11:20:37 mlist-dev wwsympa[2540]: debug3
Sympa::search_fullpath(mlist-dev.is.ed.ac.uk, css.tt2, subdir)
May 11 11:20:37 mlist-dev wwsympa[2540]: debug3
Sympa::get_search_path(mlist-dev.is.ed.ac.uk, subdir, web_tt2)
May 11 11:20:37 mlist-dev wwsympa[2540]: debug3 Sympa::search_fullpath()
Name: css.tt2; file /usr/share/sympa/default/web_tt2/css.tt2
May 11 11:20:37 mlist-dev wwsympa[2540]: debug3
Sympa::search_fullpath(mlist-dev.is.ed.ac.uk, css.tt2, subdir)
May 11 11:20:37 mlist-dev wwsympa[2540]: debug3
Sympa::get_search_path(mlist-dev.is.ed.ac.uk, subdir, web_tt2)
May 11 11:20:37 mlist-dev wwsympa[2540]: debug3
Sympa::get_search_path(mlist-dev.is.ed.ac.uk, context,
mlist-dev.is.ed.ac.uk)

The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. Is e buidheann carthannais a th’ ann an Oilthigh Dhùn Èideann, clàraichte an Alba, àireamh clàraidh SC005336.

--
Olivier Salaün
DSI / pôle SI / équipe SNUM
Tel : 02 23 23 74 54


Archive powered by MHonArc 2.6.19+.

Top of Page