Skip to Content.
Sympa Menu

en - Re: [sympa-users] email address validation and LDAP authentication.

Subject: The mailing list for listmasters using Sympa

List archive

Re: [sympa-users] email address validation and LDAP authentication.

Chronological Thread  
    < Chronological >       < Thread >
  • From: Olivier Salaün - CRU <address@concealed>
  • To: address@concealed
  • Cc: address@concealed
  • Subject: Re: [sympa-users] email address validation and LDAP authentication.
  • Date: Fri, 04 Feb 2005 18:03:04 +0100
address@concealed wrote: 
-- The md5 authentication seems working beutifully for me as a tested but I would like to lock it down to intranet domain users.  The service is provided by both intranet users and outsiders.  However, we would like to allow logging onto the site to intranet users only, in other words, the list owners must add the user whose email addresses are not ended with local domain the list manually.
You can create a piece of scenario that will apply to all lists as follows :
/home/sympa/etc/scenari/include.subscribe.header
true()                                             smtp -> request_auth
! match([sender],/your_domain$/)     md5 -> owner
This way any subscription request requires authentication AND requests from outsiders are "moderated" by the listowner
1. Having said that is that possible to validate the email address on the login and send me a password pages to make sure that the requests are from the intranet forks only?
Why would you want to have a different authentication behavior for intranet and outsiders ? Isn't the authorization enough ?
Unless you use separate authentication backends ; check the 'regexp' and 'negative_regexp' entries of auth.conf :
http://www.sympa.org/doc/html/node12.html#SECTION001250000000000000000
-- I planned to use LDAP for authentication.  Unfortunately the LDAP server of our div (it's actually AD) does not have email address attribute added.  Another div has a LDAP server in place.  All email addresses of students and staffs are added there and Studen/Staff ID is the key control and they are on both LDAP.

Is there a way to configure the ML server to use the first ldap for authentication and second ldap to extract the email address since the key control is on both?
Currently you can only use a single LDAP host for authentication and email address fetch.
But this feature request has already arised and we might add it. PLease fill our "bug/feature request form" for this feature :
http://listes.cru.fr/mantis/

-- 
Olivier Salaün
Comité Réseau des Universités
-------------------------------------------
Validation signature / Trusting  signature: --> http://igc.cru.fr/trust.html
-------------------------------------------

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


Archive powered by MHonArc 2.6.19+.

Top of Page