Patches item #871062, was opened at 2004-01-05 17:09 Message generated for change (Comment added) made by the_olo You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=300103&aid=871062&group_id=103 Category: list administration Group: Mailman 2.1 Status: Open Resolution: None Priority: 5 Submitted By: K. A. Krueger (fubarobfusco) Assigned to: Nobody/Anonymous (nobody) Summary: A MemberAdaptor for LDAP-based membership Initial Comment: This is a module, LDAPMemberships, which extends MemberAdaptor to support membership lists based on a search in an enterprise LDAP directory. With this module, you can make mailing lists which, rather than having a list of member addresses stored in the list, query your LDAP server for member addresses whenever necessary. For instance, if you wish to have a mailing list of all the Vice Presidents in your company, you can express this as an LDAP search: "(title=Vice President*)" and create a mailing list which performs this search and delivers mail to the resulting user accounts when a message is sent to it. This way, rather than manually adding new Vice Presidents to the mailing list, you can simply have Human Resources update the LDAP records, and the change will immediately take effect for the mailing list. Mailman lists with LDAP-based membership can still have moderators, list policies, and the other usual features of Mailman lists. There are a few missing features; notably: 1. There is no bounce processing. 2. There are no per-user preferences. 3. The Web interface still allows you to try setting user preferences, but if you do you will get a stack thrown at you. (Only the "readable" interface of MemberAdaptor is implemented.) 4. The LDAP settings of a list (e.g. LDAP server and search string) are only administrable by editing its "extend.py" file, not over the Web. 5. There is no digest mode. To use this module, you must have the "ldap" Python module installed (aka "python-ldap"). Then just put LDAPMemberships.py in the "Mailman" directory (~mailman/Mailman), create a new list, and write an "extend.py" file in the list directory like so: ##### from Mailman.LDAPMemberships import LDAPMemberships def extend(list): ldap = LDAPMemberships(list) ldap.ldapsearch = "(title=Vice President*)" # members search string ldap.ldapserver = "ldap.example.net" # your enterprise LDAP server ldap.ldapbasedn = "dc=Example dc=net" # your LDAP base DN ldap.ldapbinddn = '' # a bind DN which can read people's 'mail' field ldap.ldappasswd = '' # the password for the bind DN list._memberadaptor = ldap ##### This module has been tested at my site and is in production on a Mailman 2.1.2 installation. ---------------------------------------------------------------------- Comment By: Aleksander Adamowski (the_olo) Date: 2004-04-05 13:47 Message: Logged In: YES user_id=244001 I suggest this patch to allow senders use any source address they might have set in LDAP (the 'mail' attribute can have multiple values!) --- LDAPMemberships.py.orig 2004-04-01 12:31:54.000000000 +0200 +++ LDAPMemberships.py 2004-04-05 15:40:03.000000000 +0200 @@ -115,7 +115,9 @@ # mail is unique mail = attrs['mail'][0].strip() self.__members.append(mail) - self.__member_map[mail] = mail + # mail can have multiple values + for secondarymail in attrs['mail']: + self.__member_map[secondarymail.strip()] = mail if attrs.has_key('mailalternateaddress'): malts = attrs['mailalternateaddress'] for malt in malts: ---------------------------------------------------------------------- Comment By: K. A. Krueger (fubarobfusco) Date: 2004-03-31 03:59 Message: Logged In: YES user_id=944208 Well, Mailman does a lot more than just keep track of who's subscribed -- for instance, restricted posters, list moderation, archiving. LDAPMemberships is not meant to be useful for Internet mailing lists with people signing up for them, but rather for institutional or enterprise lists. These have a lot of the same requirements (moderation etc.) as Internet lists, but don't need subscription/unsubscription -- since employees are usually required to be on them. My workplace is using this (well, actually a later version than the one I've uploaded here) as a replacement for an LDAP mailing-list feature in Netscape SuiteSpot now that we have migrated away from that system. We -also- use LDAP-based aliases (in Postfix, not Sendmail, actually) -- but for some things we need the moderation and other facilities that Mailman has. For instance, we have an announcements list that goes to all regular employees. A simple alias would allow anyone to send stuff to it, and certain senior scientists would love to send big PDFs to everyone. A Mailman list with LDAPMemberships can have sender restrictions so that only our IT Director and our mail systems admin can approve posts to it. Archiving is also quite useful for announcements lists. ---------------------------------------------------------------------- Comment By: Chris Drumgoole (cdrum) Date: 2004-03-31 03:38 Message: Logged In: YES user_id=429400 why use this when you can just use Sendmail's LDAP -> Alias functions? No need for a mailing list program like mailman.. right? ---------------------------------------------------------------------- Comment By: K. A. Krueger (fubarobfusco) Date: 2004-01-26 20:35 Message: Logged In: YES user_id=944208 Yet another new version (0.3) of LDAPMemberships.py. This one fixes some ambiguities with LDAP record handling, particularly for users with multiple "cn" values, and those who send mail as their "mailalternateaddress" field address rather than their "mail" field. If anyone is actually using this, please email me and let me know :) ---------------------------------------------------------------------- Comment By: K. A. Krueger (fubarobfusco) Date: 2004-01-20 16:53 Message: Logged In: YES user_id=944208 I've uploaded a new version (0.2) of LDAPMemberships.py. This one is some ungodly number of times faster, as it does not do redundant LDAP queries in a single load. ---------------------------------------------------------------------- Comment By: K. A. Krueger (fubarobfusco) Date: 2004-01-05 17:18 Message: Logged In: YES user_id=944208 Er. SF ate the indentation on my "extend.py" example in the patch description. All of the lines after "def extend(list):" are meant to be indented once. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=300103&aid=871062&group_id=103