dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f23172c711
lemonldap-ng/build/lemonldap-ng/doc/5-Appli-Sympa.html
Clément Oudot 34ea9bacd1 Doc: add DBI
2010-03-22 14:41:35 +00:00

251 lines
7.6 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" />
<title>Lemonldap::NG documentation: 5-Appli-Sympa.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
<style type="text/css">
/*<![CDATA[*/
span.c1 {text-decoration: underline}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HSympa">Sympa</span></h2>
<p class="paragraph"></p>
<ul>
<li><a href="#HPresentation">Presentation</a></li>
<li>
<a href="#HIntegrationwithLemonLDAP3A3ANG">Integration with
LemonLDAP::NG</a>
<ul>
<li><a href="#HPresentation-1">Presentation</a></li>
<li><a href="#HSympaconfiguration">Sympa configuration</a></li>
<li><a href="#HApacheconfiguration">Apache configuration</a></li>
<li><a href="#HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG
configuration</a></li>
<li><a href="#HSympaautologin28version3E3D09429">Sympa auto-login
(version &gt;=0.9.4)</a></li>
</ul>
</li>
</ul>
<h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3>
<p class="paragraph"></p>Sympa is a mailing list manager. See <span class=
"wikiexternallink"><a href=
"http://www.sympa.org">http://www.sympa.org</a></span> for more
informations.
<h3 class="heading-1-1"><span id=
"HIntegrationwithLemonLDAP3A3ANG">Integration with
LemonLDAP::NG</span></h3>
<h4 class="heading-1-1-1"><span id=
"HPresentation">Presentation</span></h4>
<p class="paragraph"></p>Sympa provides a magic authentication mecanism,
which display a special button on the interface. When the user click on
it, if he has already an SSO session, he is directly authenticated.
<p class="paragraph"></p>This works for CAS, Shibboleth and LemonLDAP::NG.
<p class="paragraph"></p>For Lemonldap::NG you an also add the "sympa
auto-login" feature (since 0.9.4) so users are automatically authenticated
into Sympa.
<h4 class="heading-1-1-1"><span id="HSympaconfiguration">Sympa
configuration</span></h4><br />
<br />
Edit the file "auth.conf", for example:<br />
<br />
<div class="code">
<pre>
# vi /etc/sympa/auth.conf
</pre>
</div><br />
<br />
And fill it (replace all "example" elements):
<div class="code">
<pre>
generic_sso
service_name LemonLDAP::NG
service_id lemonldapng
email_http_header HTTP_MAIL
netid_http_header HTTP_AUTH_USER
internal_email_by_netid 1
logout_url <span class="nobr"><a href=
"http://sympa.example.com/wws/logout">http://sympa.example.com/wws/logout</a></span>
</pre>
<ol>
<li>Additional authentication schemes can be set but they will be
ignored with Lemonldap::NG auto-login feature</li>
</ol>
</div>
<h4 class="heading-1-1-1"><span id="HApacheconfiguration">Apache
configuration</span></h4>
<p class="paragraph"></p>We recommend to create a virtualhost for
Sympa(eg. <span class="nobr"><a href=
"http://sympa.example.com">http://sympa.example.com</a></span>). Then
configure this virtualhost in your existing Apache configuration:
<p class="paragraph"></p>
<div class="code">
<pre>
# The following lines must be set once <span class=
"java-keyword">for</span> all virtualhosts
NameVirtualHost *<br /><br />PerlRequire /<span class=
"java-keyword">var</span>/lib/lemonldap-ng/handler/MyHandler.pm
PerlOptions +GlobalRequest
&lt;Files ~ <span class="java-quote">".(pl)$"</span>&gt;
SetHandler perl-script
PerlHandler ModPerl::Registry
PerlSendHeader On
&lt;/Files&gt;<br /><br /># Define here all <span class=
"java-keyword">protected</span> virtualhosts
&lt;VirtualHost *&gt;
ServerName sympa.example.com<br /><br /> # WebSSO protection :<br /><br /> # * with auto-login
PerlHeaderParserHandler Handler<br /><br /> # * without auto-login
#&lt;Location /wws/sso_login/lemonldapng&gt;
# PerlHeaderParserHandler Handler
#&lt;/Location&gt;
#<br /><br /> # Optional : reload mechanism (see doc <span class=
"java-keyword">for</span> more)
&lt;Location /reload&gt;
PerlHeaderParserHandler Handler-&gt;reload
&lt;/Location&gt;<br /><br /> # Sympa normal configuration (example)
RedirectMatch ^/$ /wws
Alias /wwsicons /usr/share/sympa/icons
ScriptAlias /wws /usr/lib/cgi-bin/sympa/wwsympa.fcgi<br /><br /> # Logging
LogLevel warn
ErrorLog /<span class=
"java-keyword">var</span>/log/apache2/sympa-error.log
CustomLog /<span class=
"java-keyword">var</span>/log/apache2/sympa-access.log combined
&lt;/VirtualHost&gt;
</pre>
</div>
<h4 class="heading-1-1-1"><span id=
"HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG configuration</span></h4>
<p class="paragraph"></p>Go to the manager and create a new virtual host:
<div class="code">
<pre>
sympa.example.com
</pre>
</div><br />
<br />
Then create the access rule. Example:
<div class="code">
<pre>
<span class="java-keyword">default</span> =&gt; accept
</pre>
</div><br />
<br />
And set the correct HTTP headers:
<div class="code">
<pre>
Auth-User =&gt; $uid
mail =&gt; $mail
</pre>
</div>
<h4 class="heading-1-1-1"><span id=
"HSympaautologin28version3E3D09429">Sympa auto-login (version
&gt;=0.9.4)</span></h4>
<p class="paragraph"></p>To avoid that users need to click on the
"authenticate" button, you can use Lemonldap::NG::Handler::SympaAutoLogin
instead of Lemonldap::NG::Handler::SharedConf :
<ul class="star">
<li>edit the file /var/lib/lemonldap-ng/handler/MyHandler.pm and replace
"SharedConf" by "SympaAutoLogin"</li>
<li>store the Sympa secret in /etc/lemonldap-ng/sympa.secret (parameter
"cookie" from sympa.conf)</li>
<li>change the rights of /etc/lemonldap-ng/sympa.secret to 600 (can be
owned by root because it's read at Apache startup only)</li>
<li>restart Apache</li>
</ul><strong class="strong">Warning</strong> : you must have and header
named "mail" and containing the good user's mail value (the one used by
Sympa).
<p class="paragraph"></p><strong class="strong">Note</strong> : this
configuration <span class="c1">enforces</span> your sympa security, as the
sympa auth cookie is neither visible nor editable by users.
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink