Table of Contents

Sympa

Presentation

Sympa is a mailing list manager.

To configure SSO with Sympa, use Magic authentication: a special SSO URL is protected by LL::NG, Sympa will display a button for users who wants to use this feature.

Since version 1.9 of LLNG, old Auto-Login feature has been removed since it works only with Sympa-5 which has been deprecated

Configuration

Sympa configuration

Edit the file “auth.conf”, for example: 

vi /etc/sympa/auth.conf

And fill it: 

generic_sso
        service_name                   Centralized auth service
        service_id                          lemonldapng
        email_http_header            HTTP_MAIL
        netid_http_header             HTTP_AUTH_USER
        internal_email_by_netid    1
        logout_url                          http://sympa.example.com/wws/logout
You can also disable internal Sympa authentication to keep only LemonLDAP::NG by removing user_table paragraph

Note that if you use FastCGI, you must restart Apache to enable changes.

You can also use <portal>?logout=1 as logout_url to remove LemonLDAP::NG session when “disconnect” is chosen.

Sympa virtual host

Configure Sympa virtual host like other protected virtual host but protect only magic authentication URL.

The location URL end is based on the service_id defined in Sympa apache configuration.
  • For Apache:
<VirtualHost *:80>
       ServerName sympa.example.com
 
       <Location /wws/sso_login/lemonldapng>
       PerlHeaderParserHandler Lemonldap::NG::Handler
       </Location>
 
       ...
 
</VirtualHost>
  • For Nginx:
server {
  listen 80;
  server_name sympa.example.com;
  root /path/to/application;
  # Internal authentication request
  location = /lmauth {
    internal;
    include /etc/nginx/fastcgi_params;
    fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
    # Drop post datas
    fastcgi_pass_request_body  off;
    fastcgi_param CONTENT_LENGTH "";
    # Keep original hostname
    fastcgi_param HOST $http_host;
    # Keep original request (LLNG server will received /llauth)
    fastcgi_param X_ORIGINAL_URI  $request_uri;
  } 
 
  # Client requests
  location /wws/sso_login/lemonldapng {
    auth_request /lmauth;
    auth_request_set $lmremote_user $upstream_http_lm_remote_user;
    auth_request_set $lmlocation $upstream_http_location;
    error_page 401 $lmlocation;
    try_files $uri $uri/ =404;
 
    ...
 
    include /etc/lemonldap-ng/nginx-lua-headers.conf;
  }
  location / {
    try_files $uri $uri/ =404;
  }
}

Sympa virtual host in Manager

Go to the Manager and create a new virtual host for Sympa.

Configure the access rules and define the following headers:

  • Auth-User
  • Mail