251 lines
7.6 KiB
HTML
251 lines
7.6 KiB
HTML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
|
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
|
<head>
|
|
<meta name="generator" content=
|
|
"HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" />
|
|
|
|
<title>Lemonldap::NG documentation: 5-Appli-Sympa.html</title>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
|
<style type="text/css">
|
|
/*<![CDATA[*/
|
|
body{
|
|
background: #ddd;
|
|
font-family: sans-serif;
|
|
font-size: 11pt;
|
|
padding: 0 50px;
|
|
}
|
|
div.main-content{
|
|
padding: 10px;
|
|
background: #fff;
|
|
border: 2px #ccc solid;
|
|
}
|
|
a{
|
|
text-decoration: none;
|
|
}
|
|
p.footer{
|
|
text-align: center;
|
|
margin: 5px 0 0 0;
|
|
}
|
|
.heading-1{
|
|
text-align: center;
|
|
color: orange;
|
|
font-variant: small-caps;
|
|
font-size: 20pt;
|
|
}
|
|
.heading-1-1{
|
|
color: orange;
|
|
font-size: 14pt;
|
|
border-bottom: 2px #ccc solid;
|
|
}
|
|
pre{
|
|
background: #eee;
|
|
border: 2px #ccc solid;
|
|
padding: 5px;
|
|
border-left: 10px #ccc solid;
|
|
}
|
|
ul.star li{
|
|
list-style-type: square;
|
|
}
|
|
/*]]>*/
|
|
</style>
|
|
<style type="text/css">
|
|
/*<![CDATA[*/
|
|
span.c1 {text-decoration: underline}
|
|
/*]]>*/
|
|
</style>
|
|
</head>
|
|
|
|
<body>
|
|
<div class="main-content">
|
|
<h2 class="heading-1"><span id="HSympa">Sympa</span></h2>
|
|
|
|
<p class="paragraph"></p>
|
|
|
|
<ul>
|
|
<li><a href="#HPresentation">Presentation</a></li>
|
|
|
|
<li>
|
|
<a href="#HIntegrationwithLemonLDAP3A3ANG">Integration with
|
|
LemonLDAP::NG</a>
|
|
|
|
<ul>
|
|
<li><a href="#HPresentation-1">Presentation</a></li>
|
|
|
|
<li><a href="#HSympaconfiguration">Sympa configuration</a></li>
|
|
|
|
<li><a href="#HApacheconfiguration">Apache configuration</a></li>
|
|
|
|
<li><a href="#HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG
|
|
configuration</a></li>
|
|
|
|
<li><a href="#HSympaautologin28version3E3D09429">Sympa auto-login
|
|
(version >=0.9.4)</a></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
|
|
<h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3>
|
|
|
|
<p class="paragraph"></p>Sympa is a mailing list manager. See <span class=
|
|
"wikiexternallink"><a href=
|
|
"http://www.sympa.org">http://www.sympa.org</a></span> for more
|
|
informations.
|
|
|
|
<h3 class="heading-1-1"><span id=
|
|
"HIntegrationwithLemonLDAP3A3ANG">Integration with
|
|
LemonLDAP::NG</span></h3>
|
|
|
|
<h4 class="heading-1-1-1"><span id=
|
|
"HPresentation">Presentation</span></h4>
|
|
|
|
<p class="paragraph"></p>Sympa provides a magic authentication mecanism,
|
|
which display a special button on the interface. When the user click on
|
|
it, if he has already an SSO session, he is directly authenticated.
|
|
|
|
<p class="paragraph"></p>This works for CAS, Shibboleth and LemonLDAP::NG.
|
|
|
|
<p class="paragraph"></p>For Lemonldap::NG you an also add the "sympa
|
|
auto-login" feature (since 0.9.4) so users are automatically authenticated
|
|
into Sympa.
|
|
|
|
<h4 class="heading-1-1-1"><span id="HSympaconfiguration">Sympa
|
|
configuration</span></h4><br />
|
|
<br />
|
|
Edit the file "auth.conf", for example:<br />
|
|
<br />
|
|
|
|
<div class="code">
|
|
<pre>
|
|
# vi /etc/sympa/auth.conf
|
|
</pre>
|
|
</div><br />
|
|
<br />
|
|
And fill it (replace all "example" elements):
|
|
|
|
<div class="code">
|
|
<pre>
|
|
generic_sso
|
|
service_name LemonLDAP::NG
|
|
service_id lemonldapng
|
|
email_http_header HTTP_MAIL
|
|
netid_http_header HTTP_AUTH_USER
|
|
internal_email_by_netid 1
|
|
logout_url <span class="nobr"><a href=
|
|
"http://sympa.example.com/wws/logout">http://sympa.example.com/wws/logout</a></span>
|
|
</pre>
|
|
|
|
<ol>
|
|
<li>Additional authentication schemes can be set but they will be
|
|
ignored with Lemonldap::NG auto-login feature</li>
|
|
</ol>
|
|
</div>
|
|
|
|
<h4 class="heading-1-1-1"><span id="HApacheconfiguration">Apache
|
|
configuration</span></h4>
|
|
|
|
<p class="paragraph"></p>We recommend to create a virtualhost for
|
|
Sympa(eg. <span class="nobr"><a href=
|
|
"http://sympa.example.com">http://sympa.example.com</a></span>). Then
|
|
configure this virtualhost in your existing Apache configuration:
|
|
|
|
<p class="paragraph"></p>
|
|
|
|
<div class="code">
|
|
<pre>
|
|
# The following lines must be set once <span class=
|
|
"java-keyword">for</span> all virtualhosts
|
|
NameVirtualHost *<br /><br />PerlRequire /<span class=
|
|
"java-keyword">var</span>/lib/lemonldap-ng/handler/MyHandler.pm
|
|
PerlOptions +GlobalRequest
|
|
<Files ~ <span class="java-quote">".(pl)$"</span>>
|
|
SetHandler perl-script
|
|
PerlHandler ModPerl::Registry
|
|
PerlSendHeader On
|
|
</Files><br /><br /># Define here all <span class=
|
|
"java-keyword">protected</span> virtualhosts
|
|
<VirtualHost *>
|
|
ServerName sympa.example.com<br /><br /> # WebSSO protection :<br /><br /> # * with auto-login
|
|
PerlHeaderParserHandler Handler<br /><br /> # * without auto-login
|
|
#<Location /wws/sso_login/lemonldapng>
|
|
# PerlHeaderParserHandler Handler
|
|
#</Location>
|
|
#<br /><br /> # Optional : reload mechanism (see doc <span class=
|
|
"java-keyword">for</span> more)
|
|
<Location /reload>
|
|
PerlHeaderParserHandler Handler->reload
|
|
</Location><br /><br /> # Sympa normal configuration (example)
|
|
RedirectMatch ^/$ /wws
|
|
Alias /wwsicons /usr/share/sympa/icons
|
|
ScriptAlias /wws /usr/lib/cgi-bin/sympa/wwsympa.fcgi<br /><br /> # Logging
|
|
LogLevel warn
|
|
ErrorLog /<span class=
|
|
"java-keyword">var</span>/log/apache2/sympa-error.log
|
|
CustomLog /<span class=
|
|
"java-keyword">var</span>/log/apache2/sympa-access.log combined
|
|
</VirtualHost>
|
|
</pre>
|
|
</div>
|
|
|
|
<h4 class="heading-1-1-1"><span id=
|
|
"HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG configuration</span></h4>
|
|
|
|
<p class="paragraph"></p>Go to the manager and create a new virtual host:
|
|
|
|
<div class="code">
|
|
<pre>
|
|
sympa.example.com
|
|
</pre>
|
|
</div><br />
|
|
<br />
|
|
Then create the access rule. Example:
|
|
|
|
<div class="code">
|
|
<pre>
|
|
<span class="java-keyword">default</span> => accept
|
|
</pre>
|
|
</div><br />
|
|
<br />
|
|
And set the correct HTTP headers:
|
|
|
|
<div class="code">
|
|
<pre>
|
|
Auth-User => $uid
|
|
mail => $mail
|
|
</pre>
|
|
</div>
|
|
|
|
<h4 class="heading-1-1-1"><span id=
|
|
"HSympaautologin28version3E3D09429">Sympa auto-login (version
|
|
>=0.9.4)</span></h4>
|
|
|
|
<p class="paragraph"></p>To avoid that users need to click on the
|
|
"authenticate" button, you can use Lemonldap::NG::Handler::SympaAutoLogin
|
|
instead of Lemonldap::NG::Handler::SharedConf :
|
|
|
|
<ul class="star">
|
|
<li>edit the file /var/lib/lemonldap-ng/handler/MyHandler.pm and replace
|
|
"SharedConf" by "SympaAutoLogin"</li>
|
|
|
|
<li>store the Sympa secret in /etc/lemonldap-ng/sympa.secret (parameter
|
|
"cookie" from sympa.conf)</li>
|
|
|
|
<li>change the rights of /etc/lemonldap-ng/sympa.secret to 600 (can be
|
|
owned by root because it's read at Apache startup only)</li>
|
|
|
|
<li>restart Apache</li>
|
|
</ul><strong class="strong">Warning</strong> : you must have and header
|
|
named "mail" and containing the good user's mail value (the one used by
|
|
Sympa).
|
|
|
|
<p class="paragraph"></p><strong class="strong">Note</strong> : this
|
|
configuration <span class="c1">enforces</span> your sympa security, as the
|
|
sympa auth cookie is neither visible nor editable by users.
|
|
</div>
|
|
|
|
<p class="footer"><a href="index.html">Index</a></p>
|
|
</body>
|
|
</html>
|