Skip to Content.
Sympa Menu

Documentation for Sympa

NAME

auth.conf - Configuration of authentication mechanisms for web interface of Sympa

DESCRIPTION

The auth.conf configuration file defines authentication mechanisms for web interface of Sympa.

auth.conf structure

Each paragraph starts with one of the names user_table, ldap, generic_sso, cas or cgi.

The auth.conf file contains directives in the following format:

name
keyword value
keyword value
...

name
keyword value
keyword value
...

Comments start with the # character at the beginning of a line.

Empty lines are also considered as comments and are ignored at the beginning. After the first paragraph, they are considered as paragraph separators. There should only be one directive per line, but their order in the paragraph is of no importance.

Succeeding subsections describe available parameters in each paragraph.

user_table paragraph

This paragraph is related to Sympa internal authentication by email and password. Information of users are stored in user_table database table. This is the simplest one.

ldap paragraph

This paragraph allows one to login to Sympa using data taken from an LDAP directory. Login is done in two steps:

Here is how to configure the LDAP authentication:

TLS parameters

Following parameters are used to provide LDAPS (LDAP over TLS/SSL):

generic_sso paragraph

netID mapping parameters

The following parameters define how Sympa can check the user email address, either provided by the SSO or by the user themselves:

LDAP parameters for generic SSO

The following parameters define how Sympa can retrieve the user email address; these are useful only in case the email_http_header entry was not defined:

TLS parameters

To support LDAPS (LDAP over SSL/TLS), corresponding parameters in ldap paragraph may also be used for generic_sso.

cas paragraph

Note that Sympa will act as a CAS client to validate CAS tickets. During this exchange, Sympa will check the CAS server X.509 certificate. Therefore you should ensure that the certificate authority of the CAS server is known by Sympa ; this should be configured through the cafile or capath sympa.conf configuration parameter.

LDAP parameters for CAS

TLS parameters

To support LDAPS (LDAP over SSL/TLS), corresponding parameters in ldap paragraph may also be used for cas.

cgi paragraph

This paragraph allows Sympa to receive authentication information from the external authentication mechanism through Common Gateway Interface (CGI). By this, Sympa may use authentication methods not supported by Sympa itself.

FILES

SEE ALSO

wwsympa(8), sympa_soap_server(8).

Sympa::Auth.

HISTORY

Descriptions of parameters were originally taken from the chapter “Authentication” in Sympa, Mailing List Management Software - Reference manual, written by Serge Aumont, Soji Ikeda, Olivier Salaün and David Verdin.

cgi paragraph was introduced on Sympa 6.2.71b.

Top of Page