Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:latest:applications:sympa [2016/07/19 12:10] (current)
Line 1: Line 1:
 +====== Sympa ======
 +
 +{{ :​applications:​sympa_logo.png |}}
 +
 +===== Presentation =====
 +
 +[[http://​www.sympa.org|Sympa]] is a mailing list manager.
 +
 +To configure SSO with Sympa, use **Magic authentication**:​ a special SSO URL is protected by LL::NG, Sympa will display a button for users who wants to use this feature.
 +
 +<note tip>
 +Since version 1.9 of LLNG, old Auto-Login feature has been removed since it works only with Sympa-5 which has been deprecated
 +</​note>​
 +
 +===== Configuration =====
 +
 +==== Sympa configuration ====
 +
 +Edit the file "​auth.conf",​ for example:
 +<​code>​
 +vi /​etc/​sympa/​auth.conf
 +</​code>​
 +
 +And fill it:
 +<​file>​
 +generic_sso
 +        service_name ​                  ​Centralized auth service
 +        service_id ​                         lemonldapng
 +        email_http_header ​           HTTP_MAIL
 +        netid_http_header ​            ​HTTP_AUTH_USER
 +        internal_email_by_netid ​   1
 +        logout_url ​                         http://​sympa.example.com/​wws/​logout
 +</​file>​
 +
 +<note tip>
 +You can also disable internal Sympa authentication to keep only LemonLDAP::​NG by removing user_table paragraph
 +
 +Note that if you use FastCGI, you must restart Apache to enable changes.
 +</​note>​
 +
 +You can also use <​portal>?​logout=1 as logout_url to remove LemonLDAP::​NG session when "​disconnect"​ is chosen.
 +
 +==== Sympa virtual host ====
 +
 +Configure Sympa virtual host like other [[..configvhost|protected virtual host]] but protect only magic authentication URL.
 +
 +<note tip>The location URL end is based on the ''​service_id''​ defined in Sympa apache configuration.</​note>​
 +
 +  * For Apache:
 +<file apache>
 +<​VirtualHost *:80>
 +       ​ServerName sympa.example.com
 +
 +       <​Location /​wws/​sso_login/​lemonldapng>​
 +       ​PerlHeaderParserHandler Lemonldap::​NG::​Handler
 +       </​Location>​
 +       
 +       ...
 +       
 +</​VirtualHost>​
 +</​file>​
 +
 +  * For Nginx:
 +<file nginx>
 +server {
 +  listen 80;
 +  server_name sympa.example.com;​
 +  root /​path/​to/​application;​
 +  # Internal authentication request
 +  location = /lmauth {
 +    internal;
 +    include /​etc/​nginx/​fastcgi_params;​
 +    fastcgi_pass unix:/​var/​run/​llng-fastcgi-server/​llng-fastcgi.sock;​
 +    # Drop post datas
 +    fastcgi_pass_request_body ​ off;
 +    fastcgi_param CONTENT_LENGTH "";​
 +    # Keep original hostname
 +    fastcgi_param HOST $http_host;
 +    # Keep original request (LLNG server will received /llauth)
 +    fastcgi_param X_ORIGINAL_URI ​ $request_uri;​
 +  } 
 + 
 +  # Client requests
 +  location /​wws/​sso_login/​lemonldapng {
 +    auth_request /lmauth;
 +    auth_request_set $lmremote_user $upstream_http_lm_remote_user;​
 +    auth_request_set $lmlocation $upstream_http_location;​
 +    error_page 401 $lmlocation;​
 +    try_files $uri $uri/ =404;
 +    ​
 +    ...
 +     
 +    include /​etc/​lemonldap-ng/​nginx-lua-headers.conf;​
 +  }
 +  location / {
 +    try_files $uri $uri/ =404;
 +  }
 +}
 +</​file>​
 +
 +==== Sympa virtual host in Manager ====
 +
 +Go to the Manager and [[..configvhost#​lemonldapng_configuration|create a new virtual host]] for Sympa.
 +
 +Configure the [[..writingrulesand_headers#​rules|access rules]] ​ and define the following [[..writingrulesand_headers#​headers|headers]]:​
 +  * Auth-User
 +  * Mail