The mailing list for listmasters using Sympa

[Philip Crandall <address@concealed>]

Chris,
Sympa 5.x uses the alternative_email_attribute option in a way that isn't
readily apparent.  It doesn't do authorization in the send scenarios (i.e.
sending with a FROM: address@concealed won't authorize if the list is
moderated).  What it does do is allow you to login with the same password
for both addresses (it considers each of them canonically different for
subscription/ownership) using the LDAP password.  Hence, if you want to
manage lists you own / are subscribed to with address@concealed, you would login
with that address and your LDAP password.  If you wanted to manage lists you
own / are subscribed to with address@concealed, you would login with that
address and your LDAP password.

You can also manage both from one login.  You can switch to another
alternate address within the same session by going to "Your Preferences" and
authenticating the other address (if using alternative_email_attribute, the
password for an alternate would be the same as for the primary).  However,
the alternate address won't survive logout.

I know that there are significant changes in Sympa 6.x to unify multiple
e-mail addresses.  I haven't taken a look at exactly how it works.

In Sympa 5.x, the only way I can think of to authorize alternate addresses
would be to write a custom condition package
(http://www.sympa.org/manual/authorization-scenarios#custom_perl_package_con
ditions) and use the Net::LDAP perl module to perform a search using the
sender's address.  You would then need to modify the appropriate send
scenarios with something like:
CustomCondition::isSubscriber([sender],[list->name])  smtp,smime,md5 ->
do_it

The package isSubscriber should return true if any aliases (retrieved from
LDAP using Net::LDAP) are a subscriber for the list.  You would make 3
packages: one for subscriber, one for owner, and one for moderator.

If you're interested in doing it this way, I could possibly give you some
code that might help (I've attempted to create a similar package for use
when messages are addressed to a list's alias and I want to check and see if
it is BCC'd).

Philip Crandall
University of Chicago


-----Original Message-----
From: Chris Pax [mailto:address@concealed] 
Sent: Wednesday, April 08, 2009 12:08 PM
To: address@concealed
Subject: [sympa-users] Alternative LDAP Mail addresses

Many of our students and faculty have a mail address and and a mail
alternative
address, the ldap attribute names are mail and mailAlternateAddress.

My authentication is configure to use ldap.

lets say i give owner privileges to a staff member, and they a have the
ability
to add moderators/editors. They need to use their mail attribute in order
for
that person to be able to administer (or moderate) the list.

i have tested the alternative_email_attribute option in the authentication
configuration file, with no success. I did this test by using the different
emails for one person to be admin on different list. and when that person
login, they only see the one that uses the mail attribute.

this is my configuration:
ldap
        host                            --censored--:389
        timeout                         20
        suffix                          -- censored --
        get_dn_by_uid_filter           
(|(uid=[sender])(mail=[sender])(mailAlternateAddress=[sender]))
        get_dn_by_email_filter         
(|(uid=[sender])(mail=[sender])(mailAlternateAddress=[sender]))
        email_attribute                 mail
        alternative_email_attribute     mailAlternateAddress
        scope                           sub

Attachment: smime.p7s
Description: S/MIME cryptographic signature