<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"> <head> <meta name="generator" content= "HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" /> <title>Lemonldap::NG documentation: 5-Appli-Sympa.html</title> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" /> <style type="text/css"> /*<![CDATA[*/ body{ background: #ddd; font-family: sans-serif; font-size: 11pt; padding: 0 50px; } div.main-content{ padding: 10px; background: #fff; border: 2px #ccc solid; } a{ text-decoration: none; } p.footer{ text-align: center; margin: 5px 0 0 0; } .heading-1{ text-align: center; color: orange; font-variant: small-caps; font-size: 20pt; } .heading-1-1{ color: orange; font-size: 14pt; border-bottom: 2px #ccc solid; } pre{ background: #eee; border: 2px #ccc solid; padding: 5px; border-left: 10px #ccc solid; } ul.star li{ list-style-type: square; } /*]]>*/ </style> <style type="text/css"> /*<![CDATA[*/ span.c1 {text-decoration: underline} /*]]>*/ </style> </head> <body> <div class="main-content"> <h2 class="heading-1"><span id="HSympa">Sympa</span></h2> <p class="paragraph"></p> <ul> <li><a href="#HPresentation">Presentation</a></li> <li> <a href="#HIntegrationwithLemonLDAP3A3ANG">Integration with LemonLDAP::NG</a> <ul> <li><a href="#HPresentation-1">Presentation</a></li> <li><a href="#HSympaconfiguration">Sympa configuration</a></li> <li><a href="#HApacheconfiguration">Apache configuration</a></li> <li><a href="#HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG configuration</a></li> <li><a href="#HSympaautologin28version3E3D09429">Sympa auto-login (version >=0.9.4)</a></li> </ul> </li> </ul> <h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3> <p class="paragraph"></p>Sympa is a mailing list manager. See <span class= "wikiexternallink"><a href= "http://www.sympa.org">http://www.sympa.org</a></span> for more informations. <h3 class="heading-1-1"><span id= "HIntegrationwithLemonLDAP3A3ANG">Integration with LemonLDAP::NG</span></h3> <h4 class="heading-1-1-1"><span id= "HPresentation">Presentation</span></h4> <p class="paragraph"></p>Sympa provides a magic authentication mecanism, which display a special button on the interface. When the user click on it, if he has already an SSO session, he is directly authenticated. <p class="paragraph"></p>This works for CAS, Shibboleth and LemonLDAP::NG. <p class="paragraph"></p>For Lemonldap::NG you an also add the "sympa auto-login" feature (since 0.9.4) so users are automatically authenticated into Sympa. <h4 class="heading-1-1-1"><span id="HSympaconfiguration">Sympa configuration</span></h4><br /> <br /> Edit the file "auth.conf", for example:<br /> <br /> <div class="code"> <pre> # vi /etc/sympa/auth.conf </pre> </div><br /> <br /> And fill it (replace all "example" elements): <div class="code"> <pre> generic_sso service_name LemonLDAP::NG service_id lemonldapng email_http_header HTTP_MAIL netid_http_header HTTP_AUTH_USER internal_email_by_netid 1 logout_url <span class="nobr"><a href= "http://sympa.example.com/wws/logout">http://sympa.example.com/wws/logout</a></span> </pre> <ol> <li>Additional authentication schemes can be set but they will be ignored with Lemonldap::NG auto-login feature</li> </ol> </div> <h4 class="heading-1-1-1"><span id="HApacheconfiguration">Apache configuration</span></h4> <p class="paragraph"></p>We recommend to create a virtualhost for Sympa(eg. <span class="nobr"><a href= "http://sympa.example.com">http://sympa.example.com</a></span>). Then configure this virtualhost in your existing Apache configuration: <p class="paragraph"></p> <div class="code"> <pre> # The following lines must be set once <span class= "java-keyword">for</span> all virtualhosts NameVirtualHost *<br /><br />PerlRequire /<span class= "java-keyword">var</span>/lib/lemonldap-ng/handler/MyHandler.pm PerlOptions +GlobalRequest <Files ~ <span class="java-quote">".(pl)$"</span>> SetHandler perl-script PerlHandler ModPerl::Registry PerlSendHeader On </Files><br /><br /># Define here all <span class= "java-keyword">protected</span> virtualhosts <VirtualHost *> ServerName sympa.example.com<br /><br /> # WebSSO protection :<br /><br /> # * with auto-login PerlHeaderParserHandler Handler<br /><br /> # * without auto-login #<Location /wws/sso_login/lemonldapng> # PerlHeaderParserHandler Handler #</Location> #<br /><br /> # Optional : reload mechanism (see doc <span class= "java-keyword">for</span> more) <Location /reload> PerlHeaderParserHandler Handler->reload </Location><br /><br /> # Sympa normal configuration (example) RedirectMatch ^/$ /wws Alias /wwsicons /usr/share/sympa/icons ScriptAlias /wws /usr/lib/cgi-bin/sympa/wwsympa.fcgi<br /><br /> # Logging LogLevel warn ErrorLog /<span class= "java-keyword">var</span>/log/apache2/sympa-error.log CustomLog /<span class= "java-keyword">var</span>/log/apache2/sympa-access.log combined </VirtualHost> </pre> </div> <h4 class="heading-1-1-1"><span id= "HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG configuration</span></h4> <p class="paragraph"></p>Go to the manager and create a new virtual host: <div class="code"> <pre> sympa.example.com </pre> </div><br /> <br /> Then create the access rule. Example: <div class="code"> <pre> <span class="java-keyword">default</span> => accept </pre> </div><br /> <br /> And set the correct HTTP headers: <div class="code"> <pre> Auth-User => $uid mail => $mail </pre> </div> <h4 class="heading-1-1-1"><span id= "HSympaautologin28version3E3D09429">Sympa auto-login (version >=0.9.4)</span></h4> <p class="paragraph"></p>To avoid that users need to click on the "authenticate" button, you can use Lemonldap::NG::Handler::SympaAutoLogin instead of Lemonldap::NG::Handler::SharedConf : <ul class="star"> <li>edit the file /var/lib/lemonldap-ng/handler/MyHandler.pm and replace "SharedConf" by "SympaAutoLogin"</li> <li>store the Sympa secret in /etc/lemonldap-ng/sympa.secret (parameter "cookie" from sympa.conf)</li> <li>change the rights of /etc/lemonldap-ng/sympa.secret to 600 (can be owned by root because it's read at Apache startup only)</li> <li>restart Apache</li> </ul><strong class="strong">Warning</strong> : you must have and header named "mail" and containing the good user's mail value (the one used by Sympa). <p class="paragraph"></p><strong class="strong">Note</strong> : this configuration <span class="c1">enforces</span> your sympa security, as the sympa auth cookie is neither visible nor editable by users. </div> <p class="footer"><a href="index.html">Index</a></p> </body> </html>