Sympa

Presentation

Sympa is a mailing list manager. See http://www.sympa.org for more informations.

Integration with LemonLDAP::NG

Presentation

Sympa provide a magic authentication mecanism, which display a special button on the interface. When the user click on it, if he has already an SSO session, he is directly authenticated.

This works for CAS, Shibboleth and LemonLDAP::NG.

Sympa configuration

Edit the file "auth.conf", for example:

# vi /etc/sympa/auth.conf

And fill it (replace all "example" elements): 

generic_sso
        service_name                    LemonLDAP::NG
        service_id                      lemonldapng
        http_header_prefix              HTTP
        email_http_header               HTTP_EMAIL
        netid_http_header               HTTP_AUTH-USER
        internal_email_by_netid         1
        logout_url                      http://sympa.example.com/wws/logout
ldap
        host                            localhost:389
        timeout                         20
        bind_dn                         cn=admin,dc=example,dc=com
        bind_password                   secret
        suffix                          dc=example,dc=com
        get_dn_by_uid_filter            (uid=[sender])
        get_dn_by_email_filter          (|(mail=[sender])(n2atraliasmail=[sender]))
        alternative_email_attribute     n2atrmaildrop
        email_attribute                 mail
        scope                           sub
        authentication_info_url         http://sympa.example.com

Apache configuration

We recommend to create a virtualhost for Sympa(eg. http://sympa.example.com). Then configure this virtualhost in your existing Apache configuration:

# The following lines must be set once for all virtualhosts 
NameVirtualHost *
PerlRequire /opt/lemonldap-ng/handler/Handler.pm
PerlOptions +GlobalRequest
<Files ~ ".(pl)$">
        SetHandler      perl-script
        PerlHandler     ModPerl::Registry
        PerlSendHeader  On
</Files>
# Define here all protected virtualhosts
<VirtualHost *>
    ServerName sympa.example.com
    # WebSSO protection
    <Location /wws/sso_login/lemonldapng>
    PerlHeaderParserHandler Handler
    </Location>
    <Location /reload>
    PerlHeaderParserHandler Handler->reload
    </Location>
    RedirectMatch ^/$ /wws
    Alias /wwsicons /usr/share/sympa/icons
    ScriptAlias /wws /usr/lib/cgi-bin/sympa/wwsympa.fcgi
    LogLevel warn
    ErrorLog /var/log/apache2/sympa-error.log
    CustomLog /var/log/apache2/sympa-access.log combined
</VirtualHost>

LemonLDAP::NG configuration

Go to the manager and create a new virtual host: 

pla.example.com

Then create the access rule: 

default => accept

And set the correct HTTP headers: 

Auth-User => $uid
email => $email