Some basic steps on running sympa on Ubuntu 12.04 and using Active Directories Global Directory to auto-populate groups.
Ubuntu Notes
- apt-get install sympa will give you a ‘mostly’ working version
- Chown -R /var/lib/sympa sympa
- The suid wrapper does not work on 12.04. You will need to create a sudo wrapper instead:
- set use_fast_cgi 1 in /etc/sympa/wwsympa.conf
- /usr/lib/cgi-bin/sympa/wwsympa_sudo_wrapper.fcgi
-
#!/usr/bin/perl exec '/usr/bin/sudo', '-E', '-u', 'sympa', '/usr/lib/cgi-bin/sympa/wwsympa.fcgi';
- In apache/conf.d/sympa, change:
ScriptAlias /wws /usr/lib/cgi-bin/sympa/wwsympa_sudo_wrapper.pl
- add the following line to your sudoers file:
www-data ALL = (sympa) SETENV: NOPASSWD: /usr/lib/cgi-bin/sympa/wwsympa.fcgi
- References:
LDAP/AD Bound Lists
- If you only have one domain, then you can just use the following and point at one of your domain controllers.
- If you want to use forest-wide groups, you have two options for accessing those groups.
- This will work this either security or distribution groups, however will NOT include nested membership.
- In the ldap config for the group, point at the dc the group resides in. CHange suffix, host and user as appropriate, set use_ssl to yes, drop the :3268
- Make the group universal and use the global directory (route I chose)
- LDAP Configuration
include_ldap_query attrs mail filter memberof=Some Group,OU=...,OU=...,DC=research,DC=domain,DC=org ssl_ciphers ALL name any_name host dc1.mydomain.org:3268 use_ssl no passwd your_password timeout 30 suffix DC=domain,DC=org user CN=Read Account,OU=...,DC=domain,DC=org ssl_version sslv2 scope sub select first ssl_version tls
- References