Sympa¶
Presentation¶
Sympa is a mailing list manager.
- To configure SSO with Sympa, you have the choice between:
CAS
Magic authentication: a special SSO URL is protected by LL::NG, Sympa will display a button for users who wants to use this feature.
We recommend to use CAS.
CAS¶
Sympa configuration¶
Edit the file “auth.conf”, for example:
vi /etc/sympa/auth.conf
And fill it:
cas
base_url https://auth.example.com/cas
non_blocking_redirection on
auth_service_name SSO
ldap_host ldap.example.com:389
ldap_get_email_by_uid_filter (uid=[uid])
ldap_timeout 7
ldap_suffix dc=example,dc=com
ldap_scope sub
ldap_email_attribute mail
Restart services:
service sympa restart
service apache2 restart
See also official documentation
LemonLDAP::NG configuration¶
Declare CAS application in the configuration, register the service URL.
No attributes are needed.
Magic authentication¶
Tip
Since LL::NG 1.9, old Auto-Login feature has been removed since it works only with Sympa-5 which has been deprecated
Sympa configuration¶
Edit the file “auth.conf”, for example:
vi /etc/sympa/auth.conf
And fill it:
generic_sso
service_name Centralized auth service
service_id lemonldapng
email_http_header HTTP_MAIL
netid_http_header HTTP_AUTH_USER
internal_email_by_netid 1
logout_url http://sympa.example.com/wws/logout
Tip
You can also disable internal Sympa authentication to keep only LemonLDAP::NG by removing user_table paragraph
Note that if you use FastCGI, you must restart Apache to enable changes.
You can also use <portal>?logout=1 as logout_url to remove LemonLDAP::NG session when “disconnect” is chosen.
Sympa virtual host¶
Configure Sympa virtual host like other protected virtual host but protect only magic authentication URL.
Tip
The location URL end is based on the service_id
defined in
Sympa apache configuration.
For Apache:
<VirtualHost *:80>
ServerName sympa.example.com
<Location /wws/sso_login/lemonldapng>
PerlHeaderParserHandler Lemonldap::NG::Handler
</Location>
...
</VirtualHost>
For Nginx:
server {
listen 80;
server_name sympa.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post data
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH "";
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LL::NG server will receive /lmauth)
fastcgi_param X_ORIGINAL_URI $original_uri;
}
# Client requests
location /wws/sso_login/lemonldapng {
auth_request /lmauth;
set $original_uri $uri$is_args$args;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
...
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}
Sympa virtual host in Manager¶
Go to the Manager and create a new virtual host for Sympa.
Configure the access rules and define the following headers:
Auth-User
Mail