Sympa

Presentation

Sympa is a mailing list manager. See http://www.sympa.org for more informations.

Integration with LemonLDAP::NG

Presentation

Sympa provide a magic authentication mecanism, which display a special button on the interface. When the user click on it, if he has already an SSO session, he is directly authenticated.

This works for CAS, Shibboleth and LemonLDAP::NG.

Sympa configuration



Edit the file "auth.conf", for example:

# vi /etc/sympa/auth.conf


And fill it (replace all "example" elements):
generic_sso
        service_name                    LemonLDAP::NG
        service_id                      lemonldapng
        http_header_prefix              HTTP
        email_http_header               HTTP_EMAIL
        netid_http_header               HTTP_AUTH-USER
        internal_email_by_netid         1
        logout_url                      http://sympa.example.com/wws/logout

ldap host localhost:389 timeout 20 bind_dn cn=admin,dc=example,dc=com bind_password secret suffix dc=example,dc=com get_dn_by_uid_filter (uid=[sender]) get_dn_by_email_filter (|(mail=[sender])(n2atraliasmail=[sender])) alternative_email_attribute n2atrmaildrop email_attribute mail scope sub authentication_info_url http://sympa.example.com

Apache configuration

We recommend to create a virtualhost for Sympa(eg. http://sympa.example.com). Then configure this virtualhost in your existing Apache configuration:

# The following lines must be set once for all virtualhosts 
NameVirtualHost *

PerlRequire /opt/lemonldap-ng/handler/Handler.pm PerlOptions +GlobalRequest <Files ~ ".(pl)$"> SetHandler perl-script PerlHandler ModPerl::Registry PerlSendHeader On </Files>

# Define here all protected virtualhosts <VirtualHost *> ServerName sympa.example.com

# WebSSO protection <Location /wws/sso_login/lemonldapng> PerlHeaderParserHandler Handler </Location>

<Location /reload> PerlHeaderParserHandler Handler->reload </Location>

RedirectMatch ^/$ /wws Alias /wwsicons /usr/share/sympa/icons ScriptAlias /wws /usr/lib/cgi-bin/sympa/wwsympa.fcgi

LogLevel warn ErrorLog /var/log/apache2/sympa-error.log CustomLog /var/log/apache2/sympa-access.log combined </VirtualHost>

LemonLDAP::NG configuration

Go to the manager and create a new virtual host:
pla.example.com


Then create the access rule:
default => accept


And set the correct HTTP headers:
Auth-User => $uid
email => $email