[Mailman-Users] web interface for sync_members redux

2016-02-12 Thread The Mailing List System Admin 

I see that people have requested in the past a web interface to the
syn_members functionality, and found at least two patches to modify
the current web interface to do this.  At this early stage of the game
with Mailman, I'm not willing to be doing things like patching
Mailman, so I was wondering if anyone has solved this problem with a
stand-alone CGI script that handles the required list owner
authentication?

Lacking that, is there a way that I could confirm a list's password
from the command line so I could roll my own CGI script to expose a
transaction service for a select group of my list owners?  (Along with
the authentication requirement I would also limit its use to only
certain lists.)

  - Using Mailman version: 2.1.20
  - Python 2.4.3 (#1, Oct 23 2012, 22:02:41)
  - Red Hat Enterprise Linux Server release 5.11 (Tikanga)

--
  Cordially,
  the UNH Mailing List System Admins
  Bill Costa, senior admin
  (603) 862-3056

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] web interface for sync_members redux

2016-02-12 Thread Mark Sapiro 
On 02/11/2016 11:58 AM, The Mailing List System Admin wrote:
> I see that people have requested in the past a web interface to the
> syn_members functionality, and found at least two patches to modify
> the current web interface to do this.  At this early stage of the game
> with Mailman, I'm not willing to be doing things like patching
> Mailman, so I was wondering if anyone has solved this problem with a
> stand-alone CGI script that handles the required list owner
> authentication?


I thought about and may still make a skeleton CGI that could do the list
admin authentication and allow for calling mailman command line scripts.
There is an issue with this however. See below.


> Lacking that, is there a way that I could confirm a list's password
> from the command line so I could roll my own CGI script to expose a
> transaction service for a select group of my list owners?  (Along with
> the authentication requirement I would also limit its use to only
> certain lists.)


See the FAQ at  and the members.c
program attached to that FAQ. It would be fairly easy to modify
members.c to do what you want except for the authentication requirement.

The issue with the members.c approach is it has no good way to do the
authentication and neither does the calling CGI or PHP script. Thus the
first idea about a skeleton CGI which does authentication and then
whatever you add to it to do such as running sync_members. The
underlying issue is that whatever is doing this must run as a member of
Mailman's group. Thus, members.c is compiled, executable code in a file
with Mailman's group and SETGID. Likewise, All Mailman's CGIs are
invoked by compiled executable wrappers that are in files with Mailman's
group and SETGID.

So the stumbling block here is that members.c can't properly
authenticate the user as a list admin, and the skeleton CGI that I might
create needs a new wrapper. This latter is not difficult if you have a
Mailman source distribution, but if you are reluctant to patch Mailman,
this may be an issue for you.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] web interface for sync_members redux

2016-02-12 Thread The Mailing List System Admin 

Mark Sapiro  recently wrote, in part...


See the FAQ at  and the members.c
program attached...


Thanks for the reference.


The issue with the members.c approach is it has no good way to do
the authentication and neither does the calling CGI or PHP script.


I see your point.  Perhaps I can approach this from a different angle.
It would be easy for me to authenticate the owner against our LDAP.  I
just have to tie the LDAP account to the list, and I can do that by
email address.  And of course I need to make it clear to the owner
that they are using their local UNH account credentials, not their
Mailman credentials.  This seems doable given the tools I have on hand
and members.c program as a launching pad.

Once again, thanks for your help!

--
  Cordially,
  the UNH Mailing List System Admins
  Bill Costa, senior admin
  (603) 862-3056
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org