Parameter list

Presentation

The following table describes all configuration parameters. The colons are: You can edit etc/lemonldap-ng.ini to override locally any of these parameters

The key name can also be seen when you access directly to the configuration backend (for example with an LDAP browser if you choose the LDAP configuration backend).

When a key name contains one or more /, it means that it's multi-level hash map. For example level1Key / level2Key will be used as:
level1Key => { level2Key => 'value' },

General parameters

Backends



Full name Key name Version GUI Portal Menu Handler Manager Sessions
Authentication backend authentication 0 Yes X        
User backend userDB 0.9.3 Yes X        
Password backend passwordDB 0.9.4 Yes X        
Session backend globalStorage 0 Yes X   X   X
Session backend options globalStorageOptions 0 Yes X   X   X
Configuration backend configStorage 0 No X   X X X
Cache backend localStorage 0 No X   X X  
Cache backend options localStorageOptions 0 No X   X X  
Notification backend notificationStorage 0.9.3 Yes X        
Issuer backend issuerDB 1.0 No X        

Common



Full name Key name Version GUI Portal Menu Handler Manager Sessions
Remote user (for Apache logs) whatToTrace 0 Yes X   X X X
Custom functions customFunctions 0.9.3 Yes X   X X  
Headers sent exportedHeaders 0 Yes X   X    
Access rules locationRules 0 Yes X   X    
Portal URL portal 0 Yes X   X    
Name of the cookie cookieName 0 Yes X   X    
Main DNS domain domain 0 Yes X   X    
CDA activation cda 0.9.4 Yes X   X    
Cookie security securedCookie 0 Yes X        
Cookie expiration cookieExpiration 1.0 Yes X        
Attributes from user backend exportedVars 0 Yes X        
Local groups groups 0 Yes X        
Macros macros 0 Yes X        
Session lifetime for cronjob timeout 0 Yes (purge script)        
Syslog facility syslog 0.9.3 Yes X        
SOAP activation Soap 0.9.4 Yes X        
Attributes exported in SOAP exportedAttr 0.9.4 Yes X        
Store password in session storePassword 0.9.3 Yes X        
Notification activation notification 0.9.3 Yes X        
Trusted domains trustedDomains 0.9.4 Yes X        
Rule for session granting grantSessionRule 1.0 Yes X        
Status module status 0.9 No     X    
Force HTTPS in redirection https 0 Yes     X    
Force port in redirection port 0 Yes     X    
Protection scheme protection 0 No     (CGI) X X
Sessions image path imagePath 0.9.3 No         X
jQuery URI jqueryUri 0.9.3 No         X
Use XForwardedFor for IP useXForwardedForIP 0.9.4 No         X
Multi values separator multiValuesSeparator 1.0 No X       X

SMTP (reset password by mail)



Full name Key name Version GUI Portal Menu Handler Manager Sessions
SMTP server SMTPServer 0.9.4 Yes X        
Mail From address mailFrom 0.9.4 Yes X        
Regexp for random password randomPasswordRegexp 0.9.4 Yes X        
Subject for password mail mailSubject 0.9.4 Yes X        
Body for password mail mailBody 0.9.4 Yes X        
Subject for confirmation mail mailConfirmSubject 1.0 Yes X        
Body for confirmation mail mailConfirmBody 1.0 Yes X        
URL for mail reset mailUrl 1.0 Yes X        


Note: setting mailBody and mailConfirmBody will disable the use of default HTML templates.

Templates customization



Full name Key name Version GUI Portal
Skin name portalSkin 1.0 Yes X
Display logout module portalDisplayLogout 1.0 Yes X
Display reset password form portalDisplayResetPassword 1.0 Yes X
Display change password module portalDisplayChangePassword 1.0 Yes X
Display applications list portalDisplayAppslist 1.0 Yes X
Allow form autocompletion portalAutocomplete 1.0 Yes X
Require old password (change) portalRequireOldPassword 1.0 Yes X
User name session field portalUserAttr 1.0 Yes X
Open links in new window portalOpenLinkInNewWindow 1.0 Yes X

Authentication configuration (Portal only)

Common



Full name Key name Version GUI
Delete other session singleSession 1.0 Yes
Delete other session if IP differs singleIP 1.0 Yes
Do not allow several users for 1 IP singleUserByIP 1.0 Yes
Display other sessions notifyOther 1.0 Yes
Display deleted sessions notifyDeleted 1.0 Yes

LDAP



Full name Key name Version GUI Default
LDAP server or Net::LDAP connexion string ldapServer 0 Yes
LDAP Port ldapPort 0 Yes 389
LDAP search base ldapBase 0 Yes localhost
Bind DN managerDn 0 Yes  
Bind Password managerPassword 0 Yes  
Main search filter LDAPFilter 0 Yes (&(uid=$user)(objectClass=inetOrgPerson))
Authentication search filter AuthLDAPFilter 0.9 Yes  
Mail search filter mailLDAPFilter 0.9.4 Yes  
Password policy control ldapPpolicyControl 0.9.1 Yes 0
Extended SetPassword modify ldapSetPassword 0.9.4 Yes 0
Groups base ldapGroupBase 0.8 Yes  
Groups objectClass ldapGroupObjectClass 0.9.4 Yes  
Groups member attribute ldapGroupAttributeName 0.9.4 Yes  
Groups member link value ldapGroupAttributeNameUser 0.9.4 Yes  
Groups name attribute ldapGroupAttributeNameSearch 0.9.4 Yes  
Activate recursive groups ldapGroupRecursive 1.0 Yes  
Group link attribute name ldapGroupAttributeNameGroup 1.0 Yes  
Change password as user ldapChangePasswordAsUser 1.0 Yes  
LDAP Password encoding ldapPwdEnc 1.0 Yes utf-8

DBI



Full name Key name Version
Connection chain dbiAuthChain 1.0
Connection user dbiAuthUser 1.0
Connection password dbiAuthPassword 1.0
Authentication table dbiAuthTable 1.0
Login column dbiAuthLoginCol 1.0
Password column dbiAuthPasswordCol 1.0
Password hash dbiAuthPasswordHash 1.0
UserDB connection chain dbiUserChain 1.0
UserDB connection user dbiUserUser 1.0
UserDB connection password dbiUserPassword 1.0
UserDB table dbiUserTable 1.0
Mail column dbiPasswordMailCol 1.0
Pivot from user table userPivot 1.0

SSL



Full name Key name Version GUI
User field in certificate SSLVar 0 Yes
Map with LDAP attribute SSLLDAPField 0 Yes
Force SSL authentication SSLRequire 0 Yes

CAS



Full name Key name Version GUI
CAS server URL CAS_url 0 Yes
CAS login URL CAS_loginUrl 0 Yes
CAS validation URL CAS_validationUrl 0 Yes
CAS CA file CAS_CAFile 0 Yes

Remote



Full name Key name Version GUI
Remote portal remotePortal 0.9.4 Yes
Remote Session backend remoteGlobalStorage 0.9.4 Yes
Remote Session backend options remoteGlobalStorageOptions 0.9.4 Yes
Remote cookie name remoteCookieName 0.9.4 No

Proxy



Full name Key name Version GUI
Target portal URL soapAuthService 1.0 Yes
Target cookie name remoteCookieName 1.0 Yes
Target session SOAP end point soapSessionService 1.0 Yes

Liberty Alliance



Full name Key name Version GUI
SP certificate laSP / certificate 0.9 No
SP metadata (XML file) laSP / metadata 0.9 No
SP private key laSP / privkey 0.9 No
SP secret key laSP / secretkey 0.9 No
IDPs list (XML file) laIdpsFile 0.9 No
Debug activation laDebug 0.9 No
LDAP attribute in assertion laLdapLoginAttribute 0.9 No
Federation storage laStorage 0.9 No
Federation storage options laStorageOptions 0.9 No

Twitter



Full name Key name Version GUI
twitter application key twitterKey 1.0 Yes
twitter application secret twitterSecret 1.0 Yes
twitter application name twitterAppName 1.0 Yes

OpenID



Full name Key name Version GUI
OpenID secret token openIdSecret 1.0 Yes