web interface for sync_members redux
I see that people have requested in the past a web interface to the syn_members functionality, and found at least two patches to modify the current web interface to do this. At this early stage of the game with Mailman, I'm not willing to be doing things like patching Mailman, so I was wondering if anyone has solved this problem with a stand-alone CGI script that handles the required list owner authentication?
Lacking that, is there a way that I could confirm a list's password from the command line so I could roll my own CGI script to expose a transaction service for a select group of my list owners? (Along with the authentication requirement I would also limit its use to only certain lists.)
- Using Mailman version: 2.1.20
- Python 2.4.3 (#1, Oct 23 2012, 22:02:41)
- Red Hat Enterprise Linux Server release 5.11 (Tikanga)
-- Cordially, the UNH Mailing List System Admins Bill Costa, senior admin (603) 862-3056
On 02/11/2016 11:58 AM, The Mailing List System Admin wrote:
I thought about and may still make a skeleton CGI that could do the list admin authentication and allow for calling mailman command line scripts. There is an issue with this however. See below.
See the FAQ at <http://wiki.list.org/x/4030648> and the members.c program attached to that FAQ. It would be fairly easy to modify members.c to do what you want except for the authentication requirement.
The issue with the members.c approach is it has no good way to do the authentication and neither does the calling CGI or PHP script. Thus the first idea about a skeleton CGI which does authentication and then whatever you add to it to do such as running sync_members. The underlying issue is that whatever is doing this must run as a member of Mailman's group. Thus, members.c is compiled, executable code in a file with Mailman's group and SETGID. Likewise, All Mailman's CGIs are invoked by compiled executable wrappers that are in files with Mailman's group and SETGID.
So the stumbling block here is that members.c can't properly authenticate the user as a list admin, and the skeleton CGI that I might create needs a new wrapper. This latter is not difficult if you have a Mailman source distribution, but if you are reluctant to patch Mailman, this may be an issue for you.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro <mark@msapiro.net> recently wrote, in part...
See the FAQ at <http://wiki.list.org/x/4030648> and the members.c program attached...
Thanks for the reference.
The issue with the members.c approach is it has no good way to do the authentication and neither does the calling CGI or PHP script.
I see your point. Perhaps I can approach this from a different angle. It would be easy for me to authenticate the owner against our LDAP. I just have to tie the LDAP account to the list, and I can do that by email address. And of course I need to make it clear to the owner that they are using their local UNH account credentials, not their Mailman credentials. This seems doable given the tools I have on hand and members.c program as a launching pad.
Once again, thanks for your help!
-- Cordially, the UNH Mailing List System Admins Bill Costa, senior admin (603) 862-3056
On 02/11/2016 11:58 AM, The Mailing List System Admin wrote:
I thought about and may still make a skeleton CGI that could do the list admin authentication and allow for calling mailman command line scripts. There is an issue with this however. See below.
See the FAQ at <http://wiki.list.org/x/4030648> and the members.c program attached to that FAQ. It would be fairly easy to modify members.c to do what you want except for the authentication requirement.
The issue with the members.c approach is it has no good way to do the authentication and neither does the calling CGI or PHP script. Thus the first idea about a skeleton CGI which does authentication and then whatever you add to it to do such as running sync_members. The underlying issue is that whatever is doing this must run as a member of Mailman's group. Thus, members.c is compiled, executable code in a file with Mailman's group and SETGID. Likewise, All Mailman's CGIs are invoked by compiled executable wrappers that are in files with Mailman's group and SETGID.
So the stumbling block here is that members.c can't properly authenticate the user as a list admin, and the skeleton CGI that I might create needs a new wrapper. This latter is not difficult if you have a Mailman source distribution, but if you are reluctant to patch Mailman, this may be an issue for you.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro <mark@msapiro.net> recently wrote, in part...
See the FAQ at <http://wiki.list.org/x/4030648> and the members.c program attached...
Thanks for the reference.
The issue with the members.c approach is it has no good way to do the authentication and neither does the calling CGI or PHP script.
I see your point. Perhaps I can approach this from a different angle. It would be easy for me to authenticate the owner against our LDAP. I just have to tie the LDAP account to the list, and I can do that by email address. And of course I need to make it clear to the owner that they are using their local UNH account credentials, not their Mailman credentials. This seems doable given the tools I have on hand and members.c program as a launching pad.
Once again, thanks for your help!
-- Cordially, the UNH Mailing List System Admins Bill Costa, senior admin (603) 862-3056
participants (2)
-
Mark Sapiro -
The Mailing List System Admin