Sympa
Presentation
Sympa is a mailing list manager. See http://www.sympa.org for more informations.Integration with LemonLDAP::NG
Presentation
Sympa provide a magic authentication mecanism, which display a special button on the interface. When the user click on it, if he has already an SSO session, he is directly authenticated. This works for CAS, Shibboleth and LemonLDAP::NG.Sympa configuration
Edit the file "auth.conf", for example:
# vi /etc/sympa/auth.conf
And fill it (replace all "example" elements):
generic_sso service_name LemonLDAP::NG service_id lemonldapng http_header_prefix HTTP email_http_header HTTP_EMAIL netid_http_header HTTP_AUTH-USER internal_email_by_netid 1 logout_url http://sympa.example.com/wws/logout
ldap host localhost:389 timeout 20 bind_dn cn=admin,dc=example,dc=com bind_password secret suffix dc=example,dc=com get_dn_by_uid_filter (uid=[sender]) get_dn_by_email_filter (|(mail=[sender])(n2atraliasmail=[sender])) alternative_email_attribute n2atrmaildrop email_attribute mail scope sub authentication_info_url http://sympa.example.com
Apache configuration
We recommend to create a virtualhost for Sympa(eg. http://sympa.example.com). Then configure this virtualhost in your existing Apache configuration:# The following lines must be set once for all virtualhosts NameVirtualHost *
PerlRequire /opt/lemonldap-ng/handler/Handler.pm PerlOptions +GlobalRequest <Files ~ ".(pl)$"> SetHandler perl-script PerlHandler ModPerl::Registry PerlSendHeader On </Files>
# Define here all protected virtualhosts <VirtualHost *> ServerName sympa.example.com
# WebSSO protection <Location /wws/sso_login/lemonldapng> PerlHeaderParserHandler Handler </Location>
<Location /reload> PerlHeaderParserHandler Handler->reload </Location>
RedirectMatch ^/$ /wws Alias /wwsicons /usr/share/sympa/icons ScriptAlias /wws /usr/lib/cgi-bin/sympa/wwsympa.fcgi
LogLevel warn ErrorLog /var/log/apache2/sympa-error.log CustomLog /var/log/apache2/sympa-access.log combined </VirtualHost>
LemonLDAP::NG configuration
Go to the manager and create a new virtual host:pla.example.com
Then create the access rule:
default => accept
And set the correct HTTP headers:
Auth-User => $uid email => $email