The mailing list for listmasters using Sympa

[Mark London <address@concealed>]

Steve  - Thanks for the info.   I am trying to avoid using LDAP, because 
Sympa itself is already based on a database, and I would like to have a 
self contained site.  Plus, I've spent decades hating LDAP. :)

Regarding the 2nd option that you used, i.e. "Let everyone access the 
Sympa website, but the visibility scenario all say they must be on the 
list.  Therefore they see nothing until they have logged in with a valid 
identity", and "this allowed us to have a small number of public lists 
but most require login to access or see."

If understand this correctly, it appears that most of your mailing lists 
were set to be invisible, unless the person was subscribed to that 
list.   Wouldn't that require me having to manually subscribe people to 
those lists?   I'm trying to avoid doing this.   I want to restrict 
access to my site, but I want people with login access,  to be able to 
easily subscribe or unsubscribe themselves to my mailing list, without 
my intervention.

So it looks like what I want to do, isn't something that wasn't already 
there.   I wasn't sure about that, so thanks for confirming that for me.

I spent the day looking at the Sympa code, and it appears I can add a 
short routine that checks subscription to my main "private" list, and 
then to use that routine, to be my login authentication method.   So I 
think I'll use that method. - Mark

On 5/4/2018 5:06 PM, Steve Shipway wrote:
> > On 05 May 2018 at 06:43 Mark London <address@concealed> wrote:
> > Hi - I want to restrict my Sympa website,  to only people who are
> > subscribed to a private Sympa mailing list, that only the listmanager
> > controls.   In other words, I don't want anybody to access, or even
> > request access, to my site, unless their email address is in the private
> > Sympa mailing list.    Has anybody done anything like that?  Thanks. - Mark
> You're going to have to let people at least log in, else Sympa won't be able 
> to check their access.  So you have a few options -
>
> * Central authentication (certificate, LDAP, SAML) managed by web server.
> This lets you restrict login to only accounts that exist at webserver level.  
> Then, inside Sympa, you can have various scenari set so that all lists are 
> only visible to people on a certain list.
>
> * Empty web interface
> Let everyone access the Sympa website, but the visibility scenari all say 
> they must be on the list.  Therefore they see nothing until they have logged 
> in with a valid identity.
>
> The second is the one we used at my last place; this allowed us to have a 
> small number of public lists but most required login to access or see.
>
> Restricting login to a mailing list is a sympa-level option, so can't be done 
> in your web server.  However the webserver can restrict by other criteria, 
> such as LDAP group.  So, if your special list is tied to an LDAP group then 
> you could use this to restrict login at web server level, and then let sympa 
> take the identity from the web server.
>
> Steve
> _____________________________________________________________________________
>
> This email has been filtered by SMX. For more info visit http://smxemail.com
> _____________________________________________________________________________