Package: sympa Version: 4.1.5-7 Severity: important
When using the cas policy in /etc/sympa/auth.conf with a ldap_bind_dn and a ldap_bind_password (which means a NOT anonymous bind), WWsympa though try to bind anonymously, ignoring configuration variables. This is due to an error in the Auth.pm class. The bind_dn and bind_password stand for the ldap policy whereas you need to use ldap_bind_dn and ldap_bind_password for the cas policy. See my patch enclosed. Thx. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15 Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1) Versions of packages sympa depends on: ii adduser 3.80 Add and remove users and groups ii debconf [debconf-2.0] 1.4.67 Debian configuration management sy ii libarchive-zip-perl 1.16-1 Module for manipulation of ZIP arc ii libc6 2.3.5-8.1 GNU C Library: Shared libraries an ii libcgi-fast-perl 5.8.7-10 CGI::Fast Perl module ii libcrypt-ciphersaber-perl 0.61-4 Perl module implementing CipherSab ii libdbd-mysql-perl 3.0002-2 A Perl5 database interface to the ii libdbd-pg-perl 1.43-1 a PostgreSQL interface for Perl 5 ii libdbi-perl 1.48-2 Perl5 database interface by Tim Bu ii libfcgi-perl 0.67-2 FastCGI Perl module ii libio-stringy-perl 2.110-1 Perl5 modules for IO from scalars ii libmailtools-perl 1.62-1 Manipulate email in perl programs ii libmd5-perl 2.03-1 backwards-compatible wrapper for D ii libmime-perl 5.418-1 Perl5 modules for MIME-compliant m ii libmsgcat-perl 1.03-3 Locale::Msgcat perl module ii libnet-ldap-perl 1:0.33-2 A Client interface to LDAP servers ii mhonarc 2.6.15-1 Mail to HTML converter ii perl [libmime-base64-perl] 5.8.7-10 Larry Wall's Practical Extraction ii perl-suid 5.8.7-10 Runs setuid Perl scripts ii postfix [mail-transport-agent 2.2.4-1 A high-performance mail transport ii sysklogd [system-log-daemon] 1.4.1-17 System Logging Daemon Versions of packages sympa recommends: pn doc-base <none> (no description available) ii logrotate 3.7.1-2 Log rotation utility -- debconf information excluded -- Pierre Pattard
--- /usr/lib/sympa/bin/Auth.pm.orig 2006-01-25 20:16:49.000000000 +0100 +++ /usr/lib/sympa/bin/Auth.pm 2006-01-25 20:23:30.000000000 +0100 @@ -391,7 +391,7 @@ my $cnx; ## Not always anonymous... - if (defined ($ldap->{'bind_dn'}) && defined ($ldap->{'bind_password'})) { + if (defined ($ldap->{'ldap_bind_dn'}) && defined ($ldap->{'ldap_bind_password'})) { $cnx = $ldap_anonymous->bind($ldap->{'ldap_bind_dn'}, password =>$ldap->{'ldap_bind_password'}); }else { $cnx = $ldap_anonymous->bind; @@ -414,7 +414,7 @@ my $count = $emails->count(); if ($emails->count() == 0) { - do_log('notice',"No entry in the Ldap Directory Tree of %s,$host"); + do_log('notice',"No entry in the Ldap Directory Tree of %s",$host); $ldap_anonymous->unbind; last; }