sympa_ldap accept-new

3 weeks ago · 0033cf0fb1
3 changed files with 13 additions and 11 deletions
--- a/sympa/doc/migration.md
+++ b/sympa/doc/migration.md
@ -3,8 +3,7 @@ Migration
 ```
 From:       debian9,  sympa 6.2.16
 To:         debian12, sympa 6.2.70
 Future:     debian13, sympa 6.2.76
 To:         debian13, sympa 6.2.76
 ```
 ## Documentation
@ -59,4 +58,5 @@ Future:     debian13, sympa 6.2.76
 ## miaou-install-from-import-sympa
 * CONTAINER=sympa3
 * miaou-create $CONTAINER
 * miaou/miaou-install-from-import-sympa $CONTAINER ~/Downloads/listes.artcode.re-2025-11-14.sympa
--- a/sympa/recipe/sympa_ldap_auth_remote.recipe
+++ b/sympa/recipe/sympa_ldap_auth_remote.recipe
@ -2,6 +2,7 @@
 # CONSTANTS
 JUMP_HOST=51.75.85.81 # public ip of listes.artcode.re
 LDAP_SERVER=192.168.1.254
 LOCAL_PORT=3890
@ -10,6 +11,7 @@ LOCAL_PORT=3890
 function tweak_sympa_auth {
 	if grep -q ".*host $LDAP_SERVER.*" /etc/sympa/auth.conf; then
 		/opt/miaou-bash/tools/append_or_replace ".*host $LDAP_SERVER:389.*" "\thost 127.0.0.1:$LOCAL_PORT" /etc/sympa/auth.conf
 		systemctl restart wwsympa.socket
 		echo "sympa auth from LDAP local 127.0.0.1:$LOCAL_PORT is now active"
 	else
 		echo "sympa auth from LDAP local 127.0.0.1:$LOCAL_PORT already enabled"
@ -18,12 +20,8 @@ function tweak_sympa_auth {
 function ssh_port_translation {
 	if ! ss -tln | grep -q 127.0.0.1:$LOCAL_PORT; then
 		local sympa_domain=$(grep ^domain /etc/sympa/sympa/sympa.conf | cut -f2)
 		ssh -fN $sympa_domain -L $LOCAL_PORT:$LDAP_SERVER:389
 		ssh -o StrictHostKeyChecking=accept-new -fN $JUMP_HOST -L $LOCAL_PORT:$LDAP_SERVER:389
 		echo "SSH port translation $LOCAL_PORT is now listening!"
 		systemctl restart wwsympa.socket
 	else
 		echo 'SSH listener already enabled!'
 	fi
--- a/sympa/resources/tools/sympa_import.bash
+++ b/sympa/resources/tools/sympa_import.bash
@ -58,6 +58,7 @@ function import_files_etc_sympa {
 	mv etc/sympa/data_structure.version /etc/sympa/
 	replace_conf_entry_from_export domain
 	replace_conf_entry_from_export wwsympa_url
 	replace_conf_entry_from_export listmaster
 	replace_conf_entry_from_export lang
 }
@ -94,6 +95,9 @@ function import_files {
 }
 function import_certbot {
 	local sympa_domain=$(grep '^domain' /etc/sympa/sympa/sympa.conf | cut -f2)
 	if [[ -f "$export_tmp/certbot.tar" ]]; then
 		echo -n "import certbot..."
 		rm -rf /etc/letsencrypt
@ -151,11 +155,11 @@ server {
 }
 server {
    listen 443;
    server_name _;
    listen 443 ssl;
    server_name $sympa_domain;
    ssl_certificate     /etc/letsencrypt/live/\$host/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/\$host/privkey.pem;  
    ssl_certificate     /etc/letsencrypt/live/$sympa_domain/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/$sympa_domain/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;