Sophie

Sophie

distrib > Mandriva > cooker > x86_64 > by-pkgid > a100f0997407ff82957e996a98fb9db2 > files > 219

lemonldap-ng-1.0-0.3.rc1mdv2011.0.noarch.rpm

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
  <meta name="generator" content=
  "HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" />

  <title>Lemonldap::NG documentation: 5-Appli-Sympa.html</title>
  <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
  <style type="text/css">
/*<![CDATA[*/
    body{
      background: #ddd;
      font-family: sans-serif;
      font-size: 11pt;
      padding: 0 50px;
    }
    div.main-content{
      padding: 10px;
      background: #fff;
      border: 2px #ccc solid;
    }
    a{
      text-decoration: none;
    }
    p.footer{
      text-align: center;
      margin: 5px 0 0 0;
    }
    .heading-1{
      text-align: center;
      color: orange;
      font-variant: small-caps;
      font-size: 20pt;
    }
    .heading-1-1{
      color: orange;
      font-size: 14pt;
      border-bottom: 2px #ccc solid;
    }
    pre{
      background: #eee;
      border: 2px #ccc solid;
      padding: 5px;
      border-left: 10px #ccc solid;
    }
    ul.star li{
      list-style-type: square;
    }
  /*]]>*/
  </style>
  <style type="text/css">
/*<![CDATA[*/
  span.c1 {text-decoration: underline}
  /*]]>*/
  </style>
</head>

<body>
  <div class="main-content">
    <h2 class="heading-1"><span id="HSympa">Sympa</span></h2>

    <p class="paragraph"></p>

    <ul>
      <li><a href="#HPresentation">Presentation</a></li>

      <li>
        <a href="#HIntegrationwithLemonLDAP3A3ANG">Integration with
        LemonLDAP::NG</a>

        <ul>
          <li><a href="#HPresentation-1">Presentation</a></li>

          <li><a href="#HSympaconfiguration">Sympa configuration</a></li>

          <li><a href="#HApacheconfiguration">Apache configuration</a></li>

          <li><a href="#HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG
          configuration</a></li>

          <li><a href="#HSympaautologin28version3E3D09429">Sympa auto-login
          (version &gt;=0.9.4)</a></li>
        </ul>
      </li>
    </ul>

    <h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3>

    <p class="paragraph"></p>Sympa is a mailing list manager. See <span class=
    "wikiexternallink"><a href=
    "http://www.sympa.org">http://www.sympa.org</a></span> for more
    informations.

    <h3 class="heading-1-1"><span id=
    "HIntegrationwithLemonLDAP3A3ANG">Integration with
    LemonLDAP::NG</span></h3>

    <h4 class="heading-1-1-1"><span id=
    "HPresentation">Presentation</span></h4>

    <p class="paragraph"></p>Sympa provides a magic authentication mecanism,
    which display a special button on the interface. When the user click on
    it, if he has already an SSO session, he is directly authenticated.

    <p class="paragraph"></p>This works for CAS, Shibboleth and LemonLDAP::NG.

    <p class="paragraph"></p>For Lemonldap::NG you an also add the "sympa
    auto-login" feature (since 0.9.4) so users are automatically authenticated
    into Sympa.

    <h4 class="heading-1-1-1"><span id="HSympaconfiguration">Sympa
    configuration</span></h4><br />
    <br />
    Edit the file "auth.conf", for example:<br />
    <br />

    <div class="code">
      <pre>
# vi /etc/sympa/auth.conf
</pre>
    </div><br />
    <br />
    And fill it (replace all "example" elements):

    <div class="code">
      <pre>
generic_sso
        service_name                    LemonLDAP::NG
        service_id                      lemonldapng
        email_http_header               HTTP_MAIL
        netid_http_header               HTTP_AUTH_USER
        internal_email_by_netid         1
        logout_url                      <span class="nobr"><a href=
"http://sympa.example.com/wws/logout">http://sympa.example.com/wws/logout</a></span>
</pre>

      <ol>
        <li>Additional authentication schemes can be set but they will be
        ignored with Lemonldap::NG auto-login feature</li>
      </ol>
    </div>

    <h4 class="heading-1-1-1"><span id="HApacheconfiguration">Apache
    configuration</span></h4>

    <p class="paragraph"></p>We recommend to create a virtualhost for
    Sympa(eg. <span class="nobr"><a href=
    "http://sympa.example.com">http://sympa.example.com</a></span>). Then
    configure this virtualhost in your existing Apache configuration:

    <p class="paragraph"></p>

    <div class="code">
      <pre>
# The following lines must be set once <span class=
"java-keyword">for</span> all virtualhosts 
NameVirtualHost *<br /><br />PerlRequire /<span class=
"java-keyword">var</span>/lib/lemonldap-ng/handler/MyHandler.pm
PerlOptions +GlobalRequest
&lt;Files ~ <span class="java-quote">".(pl)$"</span>&gt;
        SetHandler      perl-script
        PerlHandler     ModPerl::Registry
        PerlSendHeader  On
&lt;/Files&gt;<br /><br /># Define here all <span class=
"java-keyword">protected</span> virtualhosts
&lt;VirtualHost *&gt;
    ServerName sympa.example.com<br /><br />    # WebSSO protection :<br /><br />    #  * with auto-login
    PerlHeaderParserHandler Handler<br /><br />    #  * without auto-login
    #&lt;Location /wws/sso_login/lemonldapng&gt;
    #  PerlHeaderParserHandler Handler
    #&lt;/Location&gt;
    #<br /><br />    # Optional : reload mechanism (see doc <span class=
"java-keyword">for</span> more)
    &lt;Location /reload&gt;
      PerlHeaderParserHandler Handler-&gt;reload
    &lt;/Location&gt;<br /><br />    # Sympa normal configuration (example)
    RedirectMatch ^/$ /wws
    Alias /wwsicons /usr/share/sympa/icons
    ScriptAlias /wws /usr/lib/cgi-bin/sympa/wwsympa.fcgi<br /><br />    # Logging
    LogLevel warn
    ErrorLog /<span class=
"java-keyword">var</span>/log/apache2/sympa-error.log
    CustomLog /<span class=
"java-keyword">var</span>/log/apache2/sympa-access.log combined
&lt;/VirtualHost&gt;
</pre>
    </div>

    <h4 class="heading-1-1-1"><span id=
    "HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG configuration</span></h4>

    <p class="paragraph"></p>Go to the manager and create a new virtual host:

    <div class="code">
      <pre>
sympa.example.com
</pre>
    </div><br />
    <br />
    Then create the access rule. Example:

    <div class="code">
      <pre>
<span class="java-keyword">default</span> =&gt; accept
</pre>
    </div><br />
    <br />
    And set the correct HTTP headers:

    <div class="code">
      <pre>
Auth-User =&gt; $uid
mail =&gt; $mail
</pre>
    </div>

    <h4 class="heading-1-1-1"><span id=
    "HSympaautologin28version3E3D09429">Sympa auto-login (version
    &gt;=0.9.4)</span></h4>

    <p class="paragraph"></p>To avoid that users need to click on the
    "authenticate" button, you can use Lemonldap::NG::Handler::SympaAutoLogin
    instead of Lemonldap::NG::Handler::SharedConf :

    <ul class="star">
      <li>edit the file /var/lib/lemonldap-ng/handler/MyHandler.pm and replace
      "SharedConf" by "SympaAutoLogin"</li>

      <li>store the Sympa secret in /etc/lemonldap-ng/sympa.secret (parameter
      "cookie" from sympa.conf)</li>

      <li>change the rights of /etc/lemonldap-ng/sympa.secret to 600 (can be
      owned by root because it's read at Apache startup only)</li>

      <li>restart Apache</li>
    </ul><strong class="strong">Warning</strong> : you must have and header
    named "mail" and containing the good user's mail value (the one used by
    Sympa).

    <p class="paragraph"></p><strong class="strong">Note</strong> : this
    configuration <span class="c1">enforces</span> your sympa security, as the
    sympa auth cookie is neither visible nor editable by users.
  </div>

  <p class="footer"><a href="index.html">Index</a></p>
</body>
</html>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional