Commit 50b0c517 authored by salaun's avatar salaun
Browse files

New feature: support for a generic SSO system, compatible with Shibboleth. New...

New feature: support for a generic SSO system, compatible with Shibboleth. New 'generic_sso' auth.conf paragraphs. Sympa delegates the authentication process to the SSO and is also able to use provided user attributes within authorization scenarios.
***** New 'user_attributes' field in the 'subscriber_table'
***** If you are using MySQL, Sympa.pl will change the database structure
***** at startup. If using Pg, Oracle or Sybase you should ALTER the table
***** structure according to the provided create_db.x scripts.


git-svn-id: https://subversion.renater.fr/sympa/trunk@2042 05aa8bb8-cd2b-0410-b1d7-8918dfa770ce
parent 68b29d53
This diff is collapsed.
This diff is collapsed.
......@@ -29,31 +29,31 @@ original version by: Nikos Drakos, CBLU, University of Leeds
<BODY TEXT="#000000" BGCOLOR="#ffffff">
<!--Navigation Panel-->
<A NAME="tex2html871"
<A NAME="tex2html880"
HREF="node11.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
<A NAME="tex2html865"
<A NAME="tex2html874"
HREF="sympa.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
<A NAME="tex2html859"
<A NAME="tex2html868"
HREF="node9.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
<A NAME="tex2html867"
<A NAME="tex2html876"
HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<A NAME="tex2html869"
<A NAME="tex2html878"
HREF="node22.html">
<IMG WIDTH="43" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="index" SRC="index.png"></A>
<BR>
<B> Next:</B> <A NAME="tex2html872"
<B> Next:</B> <A NAME="tex2html881"
HREF="node11.html">10. Virtual robot</A>
<B> Up:</B> <A NAME="tex2html866"
<B> Up:</B> <A NAME="tex2html875"
HREF="sympa.html">Sympa Mailing Lists Management Software version</A>
<B> Previous:</B> <A NAME="tex2html860"
<B> Previous:</B> <A NAME="tex2html869"
HREF="node9.html">8. Authentication</A>
&nbsp <B> <A NAME="tex2html868"
&nbsp <B> <A NAME="tex2html877"
HREF="node1.html">Contents</A></B>
&nbsp <B> <A NAME="tex2html870"
&nbsp <B> <A NAME="tex2html879"
HREF="node22.html">Index</A></B>
<BR>
<BR>
......@@ -62,38 +62,38 @@ original version by: Nikos Drakos, CBLU, University of Leeds
<A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
<UL>
<LI><A NAME="tex2html873"
<LI><A NAME="tex2html882"
HREF="node10.html#SECTION001010000000000000000">9.1 rules specifications</A>
<LI><A NAME="tex2html874"
<LI><A NAME="tex2html883"
HREF="node10.html#SECTION001020000000000000000">9.2 LDAP Named Filters</A>
<UL>
<LI><A NAME="tex2html875"
<LI><A NAME="tex2html884"
HREF="node10.html#SECTION001021000000000000000">9.2.1 Definition</A>
<LI><A NAME="tex2html876"
<LI><A NAME="tex2html885"
HREF="node10.html#SECTION001022000000000000000">9.2.2 Search Condition</A>
</UL>
<BR>
<LI><A NAME="tex2html877"
<LI><A NAME="tex2html886"
HREF="node10.html#SECTION001030000000000000000">9.3 scenario inclusion</A>
<LI><A NAME="tex2html878"
<LI><A NAME="tex2html887"
HREF="node10.html#SECTION001040000000000000000">9.4 Sample scenario rules</A>
</UL>
<!--End of Table of Child-Links-->
<HR>
<H1><A NAME="SECTION001000000000000000000"></A>
<A NAME="scenarios"></A><A NAME="1426"></A>
<A NAME="scenarios"></A><A NAME="1455"></A>
<BR>
9. Authorization scenarios
</H1>
<P>
List parameters controlling the behavior of commands are linked to different authorization scenarios.
For example : the <A NAME="5951"></A><TT>send private</TT> parameter is related to the send.private scenario.
For example : the <A NAME="5982"></A><TT>send private</TT> parameter is related to the send.private scenario.
There are four possible locations for a authorization scenario. When <I>Sympa</I> seeks to apply an authorization scenario, it
looks first in the related list directory <A NAME="5967"></A><TT>/home/sympa/expl/<TT>&lt;</TT>list<TT>&gt;</TT>/scenari</TT>. If it
does not find the file there, it scans the current robot configuration directory <A NAME="5976"></A><TT>/home/sympa/etc/my.domain.org/scenari</TT>, then the site's configuration directory <A NAME="5979"></A><TT>/home/sympa/etc/scenari</TT>,
and finally <A NAME="5982"></A><TT>/home/sympa/bin/etc/scenari</TT>, which is the directory installed by the Makefile.
looks first in the related list directory <A NAME="5998"></A><TT>/home/sympa/expl/<TT>&lt;</TT>list<TT>&gt;</TT>/scenari</TT>. If it
does not find the file there, it scans the current robot configuration directory <A NAME="6007"></A><TT>/home/sympa/etc/my.domain.org/scenari</TT>, then the site's configuration directory <A NAME="6010"></A><TT>/home/sympa/etc/scenari</TT>,
and finally <A NAME="6013"></A><TT>/home/sympa/bin/etc/scenari</TT>, which is the directory installed by the Makefile.
<P>
An authorization scenario is a small configuration language to describe who
......@@ -120,11 +120,11 @@ Each authorization scenario rule contains :
SRC="img2.png"
ALT="$]$"> for the listname etc.
</LI>
<LI>an authentication method. The authentication method can be <A NAME="5986"></A><TT>smtp</TT>,
<A NAME="5989"></A><TT>md5</TT> or <A NAME="5992"></A><TT>smime</TT>. The rule is applied by <I>Sympa</I> if both condition
and authentication method match the runtime context. <A NAME="5996"></A><TT>smtp</TT> is used if
<I>Sympa</I> use the SMTP <A NAME="6000"></A><TT>from:</TT> header , <A NAME="6003"></A><TT>md5</TT> is used if a unique
md5 key as been returned by the requestor to validate her message, <A NAME="6006"></A><TT>smime</TT>
<LI>an authentication method. The authentication method can be <A NAME="6017"></A><TT>smtp</TT>,
<A NAME="6020"></A><TT>md5</TT> or <A NAME="6023"></A><TT>smime</TT>. The rule is applied by <I>Sympa</I> if both condition
and authentication method match the runtime context. <A NAME="6027"></A><TT>smtp</TT> is used if
<I>Sympa</I> use the SMTP <A NAME="6031"></A><TT>from:</TT> header , <A NAME="6034"></A><TT>md5</TT> is used if a unique
md5 key as been returned by the requestor to validate her message, <A NAME="6037"></A><TT>smime</TT>
is used for signed messages (see <A HREF="node20.html#smimeforsign">19.4.3</A>, page&nbsp;<A HREF="node20.html#smimeforsign"><IMG ALIGN="BOTTOM" BORDER="1" ALT="[*]" SRC="crossref.png"></A>).
</LI>
<LI>a returned atomic action that will be executed by <I>Sympa</I> if the rule matches
......@@ -152,8 +152,10 @@ title.es eliminaci
<P>
<H1><A NAME="SECTION001010000000000000000">
9.1 rules specifications</A>
<H1><A NAME="SECTION001010000000000000000"></A>
<A NAME="rules"></A>
<BR>
9.1 rules specifications
</H1>
<P>
......@@ -173,10 +175,10 @@ Rules are defined as follows :<PRE>
| older (&lt;date&gt;, &lt;date&gt;) # true if first date is anterior to the second date
| newer (&lt;date&gt;, &lt;date&gt;) # true if first date is posterior to the second date
&lt;var&gt; ::= [email] | [sender] | [user-&gt;&lt;user_key_word&gt;] | [previous_email]
| [remote_host] | [remote_addr]
| [remote_host] | [remote_addr] | [user_attributes-&gt;&lt;user_attributes_keyword&gt;]
| [subscriber-&gt;&lt;subscriber_key_word&gt;] | [list-&gt;&lt;list_key_word&gt;]
| [conf-&gt;&lt;conf_key_word&gt;] | [msg_header-&gt;&lt;smtp_key_word&gt;] | [msg_body]
| [msg_part-&gt;type] | [msg_part-&gt;body] | [is_bcc] | [current_date] | &lt;string&gt;
| [msg_part-&gt;type] | [msg_part-&gt;body] | [msg_encrypted] | [is_bcc] | [current_date] | &lt;string&gt;
[is_bcc] ::= set to 1 if the list is neither in To: nor Cc:
......@@ -184,6 +186,8 @@ Rules are defined as follows :<PRE>
[previous_email] ::= old email when changing subscribtion email in preference page.
[msg_encrypted] ::= set to 'smime' if the message was S/MIME encrypted
&lt;date&gt; ::= '&lt;date_element&gt; [ +|- &lt;date_element&gt;]'
&lt;date_element&gt; ::= &lt;epoch_date&gt; | &lt;var&gt; | &lt;date_expr&gt;
......@@ -211,6 +215,8 @@ Rules are defined as follows :<PRE>
&lt;user_key_word&gt; ::= email | gecos | lang | password | cookie_delay_user
| &lt;additional_user_fields&gt;
&lt;user_attributes_key_word&gt; ::= one of the user attributes provided by the SSO system via environment variables. The [user_attributes] structure is available only if user authenticated with a generic_sso.
&lt;subscriber_key_word&gt; ::= email | gecos | bounce | reception
| visibility | date | update_date
| &lt;additional_subscriber_fields&gt;
......@@ -240,19 +246,19 @@ probably create authorization scenarios for your own need. In this case, don't f
and wwsympa because authorization scenarios are not reloaded dynamicaly.
<P>
These standard authorization scenarios are located in the <A NAME="6012"></A><TT>/home/sympa/bin/etc/scenari/</TT>
These standard authorization scenarios are located in the <A NAME="6043"></A><TT>/home/sympa/bin/etc/scenari/</TT>
directory. Default scenarios are named <TT>&lt;</TT>command<TT>&gt;</TT>.default.
<P>
You may also define and name your own authorization scenarios. Store them in the
<A NAME="6015"></A><TT>/home/sympa/etc/scenari</TT> directory. They will not be overwritten by Sympa release.
Scenarios can also be defined for a particular virtual robot (using directory <A NAME="6030"></A><TT>/home/sympa/etc/<TT>&lt;</TT>robot<TT>&gt;</TT>/scenari</TT>) or for a list ( <A NAME="6057"></A><TT>/home/sympa/expl/<TT>&lt;</TT>robot<TT>&gt;</TT>/<TT>&lt;</TT>list<TT>&gt;</TT>/scenari</TT> ).
<A NAME="6046"></A><TT>/home/sympa/etc/scenari</TT> directory. They will not be overwritten by Sympa release.
Scenarios can also be defined for a particular virtual robot (using directory <A NAME="6061"></A><TT>/home/sympa/etc/<TT>&lt;</TT>robot<TT>&gt;</TT>/scenari</TT>) or for a list ( <A NAME="6088"></A><TT>/home/sympa/expl/<TT>&lt;</TT>robot<TT>&gt;</TT>/<TT>&lt;</TT>list<TT>&gt;</TT>/scenari</TT> ).
<P>
Example:
<P>
Copy the previous scenario to <A NAME="6072"></A><TT>scenari/subscribe.rennes1</TT> :
Copy the previous scenario to <A NAME="6103"></A><TT>scenari/subscribe.rennes1</TT> :
<P><PRE>
equal([sender], 'userxxx@univ-rennes1.fr') smtp,smime -&gt; reject
......@@ -279,7 +285,7 @@ subscribe rennes1
At the moment Named Filters are only used in authorization scenarios. They enable to select a category of people who will be authorized or not to realise some actions.
<P>
As a consequence, you can grant privileges in a list to people belonging to an <A NAME="1481"></A> directory thanks to an authorization scenario.
As a consequence, you can grant privileges in a list to people belonging to an <A NAME="1511"></A> directory thanks to an authorization scenario.
<P>
......@@ -288,7 +294,7 @@ As a consequence, you can grant privileges in a list to people belonging to an <
</H2>
<P>
People are selected through an <A NAME="1483"></A> defined in a configuration file. This file must have the extension '.ldap'.It is stored in <A NAME="6075"></A><TT>[ETCDIR]/search_filters/</TT>.
People are selected through an <A NAME="1513"></A> defined in a configuration file. This file must have the extension '.ldap'.It is stored in <A NAME="6106"></A><TT>/home/sympa/etc/search_filters/</TT>.
<P>
You must give several informations in order to create a Named Filter:
......@@ -305,7 +311,6 @@ A list of host:port LDAP directories (replicates) entries.
Defines the naming space covered by the search (optional, depending on the LDAP server).
<P>
[STOPPARSE]
</LI>
<LI>filter
<BR>
......@@ -372,10 +377,13 @@ The variables used by 'search' are :
<BR></LI>
<LI>the [sender]
<BR>
That is to say the sender email.
That is to say the sender email address.
</LI>
</UL>
<P>
Note that <I>Sympa</I> processes maintain a cache of processed search conditions to limit access to the LDAP directory ; each entry has a lifetime of 1 hour in the cache.
<P>
The method of authentication does not change.
......@@ -428,36 +436,36 @@ a complex date format.
<P>
<HR>
<!--Navigation Panel-->
<A NAME="tex2html871"
<A NAME="tex2html880"
HREF="node11.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
<A NAME="tex2html865"
<A NAME="tex2html874"
HREF="sympa.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
<A NAME="tex2html859"
<A NAME="tex2html868"
HREF="node9.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
<A NAME="tex2html867"
<A NAME="tex2html876"
HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<A NAME="tex2html869"
<A NAME="tex2html878"
HREF="node22.html">
<IMG WIDTH="43" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="index" SRC="index.png"></A>
<BR>
<B> Next:</B> <A NAME="tex2html872"
<B> Next:</B> <A NAME="tex2html881"
HREF="node11.html">10. Virtual robot</A>
<B> Up:</B> <A NAME="tex2html866"
<B> Up:</B> <A NAME="tex2html875"
HREF="sympa.html">Sympa Mailing Lists Management Software version</A>
<B> Previous:</B> <A NAME="tex2html860"
<B> Previous:</B> <A NAME="tex2html869"
HREF="node9.html">8. Authentication</A>
&nbsp <B> <A NAME="tex2html868"
&nbsp <B> <A NAME="tex2html877"
HREF="node1.html">Contents</A></B>
&nbsp <B> <A NAME="tex2html870"
&nbsp <B> <A NAME="tex2html879"
HREF="node22.html">Index</A></B>
<!--End of Navigation Panel-->
<ADDRESS>
root
2003-09-12
2003-10-15
</ADDRESS>
</BODY>
</HTML>
......@@ -29,31 +29,31 @@ original version by: Nikos Drakos, CBLU, University of Leeds
<BODY TEXT="#000000" BGCOLOR="#ffffff">
<!--Navigation Panel-->
<A NAME="tex2html891"
<A NAME="tex2html900"
HREF="node12.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
<A NAME="tex2html885"
<A NAME="tex2html894"
HREF="sympa.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
<A NAME="tex2html879"
<A NAME="tex2html888"
HREF="node10.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
<A NAME="tex2html887"
<A NAME="tex2html896"
HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<A NAME="tex2html889"
<A NAME="tex2html898"
HREF="node22.html">
<IMG WIDTH="43" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="index" SRC="index.png"></A>
<BR>
<B> Next:</B> <A NAME="tex2html892"
<B> Next:</B> <A NAME="tex2html901"
HREF="node12.html">11. Customizing Sympa/WWSympa</A>
<B> Up:</B> <A NAME="tex2html886"
<B> Up:</B> <A NAME="tex2html895"
HREF="sympa.html">Sympa Mailing Lists Management Software version</A>
<B> Previous:</B> <A NAME="tex2html880"
<B> Previous:</B> <A NAME="tex2html889"
HREF="node10.html">9. Authorization scenarios</A>
&nbsp <B> <A NAME="tex2html888"
&nbsp <B> <A NAME="tex2html897"
HREF="node1.html">Contents</A></B>
&nbsp <B> <A NAME="tex2html890"
&nbsp <B> <A NAME="tex2html899"
HREF="node22.html">Index</A></B>
<BR>
<BR>
......@@ -62,12 +62,12 @@ original version by: Nikos Drakos, CBLU, University of Leeds
<A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
<UL>
<LI><A NAME="tex2html893"
<LI><A NAME="tex2html902"
HREF="node11.html#SECTION001110000000000000000">10.1 How to create a virtual robot</A>
<LI><A NAME="tex2html894"
<LI><A NAME="tex2html903"
HREF="node11.html#SECTION001120000000000000000">10.2 robot.conf</A>
<UL>
<LI><A NAME="tex2html895"
<LI><A NAME="tex2html904"
HREF="node11.html#SECTION001121000000000000000">10.2.1 Robot customization</A>
</UL></UL>
<!--End of Table of Child-Links-->
......@@ -103,7 +103,7 @@ to the Internet domaine of the Virtual robot.
</H1>
<P>
You don't need to install several Sympa servers. A single <A NAME="6080"></A><TT>sympa.pl</TT> daemon
You don't need to install several Sympa servers. A single <A NAME="6112"></A><TT>sympa.pl</TT> daemon
and one or more fastcgi servers can serve all virtual robot. Just configure the
server environment in order to accept the new domain definition.
......@@ -147,7 +147,7 @@ FastCgiServer /home/sympa/bin/wwsympa.fcgi -processes 3 -idle-timeout 120
<P>
</LI>
<LI>Create a <A NAME="6083"></A><TT>robot.conf</TT> for the virtual robot (current web interface does
<LI>Create a <A NAME="6115"></A><TT>robot.conf</TT> for the virtual robot (current web interface does
not provide Virtual robot creation yet).
<P>
......@@ -160,15 +160,15 @@ not provide Virtual robot creation yet).
10.2 robot.conf</A>
</H1>
A robot is named by its domain, let's say my.domain.organd defined by a directory
<A NAME="6086"></A><TT>/home/sympa/etc/my.domain.org</TT>. This directory must contain at least a
<A NAME="6089"></A><TT>robot.conf</TT> file. This files has the same format as <A NAME="6092"></A><TT>/etc/sympa.conf</TT>
<A NAME="6118"></A><TT>/home/sympa/etc/my.domain.org</TT>. This directory must contain at least a
<A NAME="6121"></A><TT>robot.conf</TT> file. This files has the same format as <A NAME="6124"></A><TT>/etc/sympa.conf</TT>
(have a look at robot.conf in the sample dir).
Only the following parameters can be redefined for a particular robot :
<P>
<UL>
<LI><A NAME="6095"></A><TT>http_host</TT>
<LI><A NAME="6127"></A><TT>http_host</TT>
<BR>
This hostname will be compared with 'SERVER_NAME' environment variable in wwsympa.fcgi
to determine the current Virtual Robot. You can a path at the end of this parameter if
......@@ -180,55 +180,55 @@ This hostname will be compared with 'SERVER_NAME' environment variable in wwsymp
<P>
</LI>
<LI><A NAME="6098"></A><TT>wwsympa_url</TT>
<LI><A NAME="6130"></A><TT>wwsympa_url</TT>
<BR>
The base URL of WWSympa
<P>
</LI>
<LI><A NAME="6101"></A><TT>cookie_domain</TT>
<LI><A NAME="6133"></A><TT>cookie_domain</TT>
<P>
</LI>
<LI><A NAME="6104"></A><TT>email</TT>
<LI><A NAME="6136"></A><TT>email</TT>
<P>
</LI>
<LI><A NAME="6107"></A><TT>title</TT>
<LI><A NAME="6139"></A><TT>title</TT>
<P>
</LI>
<LI><A NAME="6110"></A><TT>default_home</TT>
<LI><A NAME="6142"></A><TT>default_home</TT>
<P>
</LI>
<LI><A NAME="6113"></A><TT>create_list</TT>
<LI><A NAME="6145"></A><TT>create_list</TT>
<P>
</LI>
<LI><A NAME="6116"></A><TT>lang</TT>
<LI><A NAME="6148"></A><TT>lang</TT>
<P>
</LI>
<LI><A NAME="6119"></A><TT>log_smtp</TT>
<LI><A NAME="6151"></A><TT>log_smtp</TT>
<P>
</LI>
<LI><A NAME="6122"></A><TT>listmaster</TT>
<LI><A NAME="6154"></A><TT>listmaster</TT>
<P>
</LI>
<LI><A NAME="6125"></A><TT>max_size</TT>
<LI><A NAME="6157"></A><TT>max_size</TT>
<P>
</LI>
<LI><A NAME="6128"></A><TT>dark_color</TT>, <A NAME="6131"></A><TT>light_color</TT>, <A NAME="6134"></A><TT>text_color</TT>, <A NAME="6137"></A><TT>bg_color</TT>, <A NAME="6140"></A><TT>error_color</TT>, <A NAME="6143"></A><TT>selected_color</TT>, <A NAME="6146"></A><TT>shaded_color</TT>
<LI><A NAME="6160"></A><TT>dark_color</TT>, <A NAME="6163"></A><TT>light_color</TT>, <A NAME="6166"></A><TT>text_color</TT>, <A NAME="6169"></A><TT>bg_color</TT>, <A NAME="6172"></A><TT>error_color</TT>, <A NAME="6175"></A><TT>selected_color</TT>, <A NAME="6178"></A><TT>shaded_color</TT>
</LI>
</UL>
<P>
These settings overwrite the equivalent global parameter defined in <A NAME="6149"></A><TT>/etc/sympa.conf</TT>
for my.domain.orgrobot ; the main <A NAME="6152"></A><TT>listmaster</TT> still has privileges on Virtual
These settings overwrite the equivalent global parameter defined in <A NAME="6181"></A><TT>/etc/sympa.conf</TT>
for my.domain.orgrobot ; the main <A NAME="6184"></A><TT>listmaster</TT> still has privileges on Virtual
Robots though. The http_host parameter is compared by wwsympa with the SERVER_NAME
environment variable to recognize which robot is in used.
......@@ -242,45 +242,45 @@ environment variable to recognize which robot is in used.
If needed, you can customize each virtual robot using its set of templates and authorization scenarios.
<P>
<A NAME="6155"></A><TT>/home/sympa/etc/my.domain.org/wws_templates/</TT>,
<A NAME="6158"></A><TT>/home/sympa/etc/my.domain.org/templates/</TT>,
<A NAME="6161"></A><TT>/home/sympa/etc/my.domain.org/scenari/</TT> directories are searched when
loading templates or scenari before searching into <A NAME="6164"></A><TT>/home/sympa/etc</TT> and <A NAME="6167"></A><TT>/home/sympa/bin/etc</TT>. This allows to define different privileges and a different GUI for a Virtual Robot.
<A NAME="6187"></A><TT>/home/sympa/etc/my.domain.org/wws_templates/</TT>,
<A NAME="6190"></A><TT>/home/sympa/etc/my.domain.org/templates/</TT>,
<A NAME="6193"></A><TT>/home/sympa/etc/my.domain.org/scenari/</TT> directories are searched when
loading templates or scenari before searching into <A NAME="6196"></A><TT>/home/sympa/etc</TT> and <A NAME="6199"></A><TT>/home/sympa/bin/etc</TT>. This allows to define different privileges and a different GUI for a Virtual Robot.
<P>
<HR>
<!--Navigation Panel-->
<A NAME="tex2html891"
<A NAME="tex2html900"
HREF="node12.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
<A NAME="tex2html885"
<A NAME="tex2html894"
HREF="sympa.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
<A NAME="tex2html879"
<A NAME="tex2html888"
HREF="node10.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
<A NAME="tex2html887"
<A NAME="tex2html896"
HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<A NAME="tex2html889"
<A NAME="tex2html898"
HREF="node22.html">
<IMG WIDTH="43" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="index" SRC="index.png"></A>
<BR>
<B> Next:</B> <A NAME="tex2html892"
<B> Next:</B> <A NAME="tex2html901"
HREF="node12.html">11. Customizing Sympa/WWSympa</A>
<B> Up:</B> <A NAME="tex2html886"
<B> Up:</B> <A NAME="tex2html895"
HREF="sympa.html">Sympa Mailing Lists Management Software version</A>
<B> Previous:</B> <A NAME="tex2html880"
<B> Previous:</B> <A NAME="tex2html889"
HREF="node10.html">9. Authorization scenarios</A>
&nbsp <B> <A NAME="tex2html888"
&nbsp <B> <A NAME="tex2html897"
HREF="node1.html">Contents</A></B>
&nbsp <B> <A NAME="tex2html890"
&nbsp <B> <A NAME="tex2html899"
HREF="node22.html">Index</A></B>
<!--End of Navigation Panel-->
<ADDRESS>
root
2003-09-12
2003-10-15
</ADDRESS>
</BODY>
</HTML>
This diff is collapsed.
This diff is collapsed.
......@@ -29,31 +29,31 @@ original version by: Nikos Drakos, CBLU, University of Leeds
<BODY TEXT="#000000" BGCOLOR="#ffffff">
<!--Navigation Panel-->
<A NAME="tex2html984"
<A NAME="tex2html993"
HREF="node15.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
<A NAME="tex2html978"
<A NAME="tex2html987"
HREF="sympa.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
<A NAME="tex2html972"
<A NAME="tex2html981"
HREF="node13.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
<A NAME="tex2html980"
<A NAME="tex2html989"
HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<A NAME="tex2html982"
<A NAME="tex2html991"
HREF="node22.html">
<IMG WIDTH="43" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="index" SRC="index.png"></A>
<BR>
<B> Next:</B> <A NAME="tex2html985"
<B> Next:</B> <A NAME="tex2html994"
HREF="node15.html">14. List configuration parameters</A>
<B> Up:</B> <A NAME="tex2html979"
<B> Up:</B> <A NAME="tex2html988"
HREF="sympa.html">Sympa Mailing Lists Management Software version</A>
<B> Previous:</B> <A NAME="tex2html973"
<B> Previous:</B> <A NAME="tex2html982"
HREF="node13.html">12. Mailing list definition</A>
&nbsp <B> <A NAME="tex2html981"
&nbsp <B> <A NAME="tex2html990"
HREF="node1.html">Contents</A></B>
&nbsp <B> <A NAME="tex2html983"
&nbsp <B> <A NAME="tex2html992"
HREF="node22.html">Index</A></B>
<BR>
<BR>
......@@ -62,16 +62,16 @@ original version by: Nikos Drakos, CBLU, University of Leeds
<A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
<UL>
<LI><A NAME="tex2html986"
<LI><A NAME="tex2html995"
HREF="node14.html#SECTION001410000000000000000">13.1 List creation</A>
<UL>
<LI><A NAME="tex2html987"
<LI><A NAME="tex2html996"
HREF="node14.html#SECTION001411000000000000000">13.1.1 Who can create lists</A>
<LI><A NAME="tex2html988"
<LI><A NAME="tex2html997"
HREF="node14.html#SECTION001412000000000000000">13.1.2 typical list profile</A>
</UL>
<BR>
<LI><A NAME="tex2html989"
<LI><A NAME="tex2html998"
HREF="node14.html#SECTION001420000000000000000">13.2 List edition</A>
</UL>
<!--End of Table of Child-Links-->
......@@ -105,16 +105,16 @@ in the documentation.
<P>
Listmasters have all privileges. Currently the listmaster
is defined in <A NAME="6833"></A><TT>sympa.conf</TT> but in the future, it might be possible to
is defined in <A NAME="6865"></A><TT>sympa.conf</TT> but in the future, it might be possible to
define one listmaster per virtual robot. By default, newly created
lists must be activated by the listmaster. List creation is possible for all intranet users
(i.e. : users with an e-mail address within the same domain as Sympa).
This is controlled by the <A NAME="6836"></A><TT>create_list</TT> authorization scenario.
This is controlled by the <A NAME="6868"></A><TT>create_list</TT> authorization scenario.
<P>
List creation request message and list creation notification message are both
templates that you can customize (<A NAME="6839"></A><TT>create_list_request.tpl</TT> and
<A NAME="6842"></A><TT>list_created.tpl</TT>).
templates that you can customize (<A NAME="6871"></A><TT>create_list_request.tpl</TT> and
<A NAME="6874"></A><TT>list_created.tpl</TT>).
<P>
......@@ -123,22 +123,22 @@ templates that you can customize (<A NAME="6839"></A><TT>create_list_request.tpl
</H2>
<P>
This is defined by the <A NAME="6845"></A><TT>create_list</TT> sympa.conf parameter (see <A HREF="node6.html#create-list">5.1.9</A>,
This is defined by the <A NAME="6877"></A><TT>create_list</TT> sympa.conf parameter (see <A HREF="node6.html#create-list">5.1.9</A>,
page&nbsp;<A HREF="node6.html#create-list"><IMG ALIGN="BOTTOM" BORDER="1" ALT="[*]" SRC="crossref.png"></A>). This parameter refers to a <B>create_list</B> authorization scenario.
It will determine if the <I>create list</I> button is displayed and if it requires
a listmaster confirmation.
<P>
The authorization scenario can accept any condition concerning the [sender]
(i.e. WWSympa user), and it returns <A NAME="6848"></A><TT>reject</TT>, <A NAME="6851"></A><TT>do_it</TT>
or <A NAME="6854"></A><TT>listmaster</TT> as an action.
(i.e. WWSympa user), and it returns <A NAME="6880"></A><TT>reject</TT>, <A NAME="6883"></A><TT>do_it</TT>
or <A NAME="6886"></A><TT>listmaster</TT> as an action.
<P>
Only in cases where a user is authorized by the create_list authorization scenario
will the "create" button be available in the main menu.
If the scenario returns <A NAME="6857"></A><TT>do_it</TT>, the list will be created and installed.
If the scenario returns <A NAME="6889"></A><TT>do_it</TT>, the list will be created and installed.
If the scenario returns "listmaster", the user is allowed to create a list, but
the list is created with the <A NAME="6860"></A><TT>pending</TT> status,
the list is created with the <A NAME="6892"></A><TT>pending</TT> status,
which means that only the list owner may view or use it.
The listmaster will need to open the list of pending lists
using the "pending list" button in the "server admin"
......@@ -159,10 +159,10 @@ the list creator simply to choose a profile for the list, and to fill in
the owner's e-mail and the list subject together with a short description.
<P>
List profiles can be stored in <A NAME="6864"></A><TT>/home/sympa/etc/create_list_templates</TT> or
<A NAME="6867"></A><TT>/home/sympa/bin/etc/create_list_templates</TT>, which are part of the Sympa
List profiles can be stored in <A NAME="6896"></A><TT>/home/sympa/etc/create_list_templates</TT> or
<A NAME="6899"></A><TT>/home/sympa/bin/etc/create_list_templates</TT>, which are part of the Sympa
distribution and should not be modified.
<A NAME="6870"></A><TT>/home/sympa/etc/create_list_templates</TT>, which will not be
<A NAME="6902"></A><TT>/home/sympa/etc/create_list_templates</TT>, which will not be
overwritten by make install, is intended to contain site customizations.
<P>
......@@ -174,15 +174,15 @@ templates by modifying existing ones. Contributions to the distribution are welc
<P>