LemonLDAP::NG configuration is stored in a backend that allows all modules to access it.
</p>
<p>
<p><divclass="noteimportant">Note that all <acronymtitle="LemonLDAP::NG">LL::NG</acronym> components must have access :
</p>
<ul>
<liclass="level1"><divclass="li"> to the configuration backend</div>
</li>
<liclass="level1"><divclass="li"> to the sessions storage backend</div>
</li>
</ul>
<p>
Detailled configuration backends documentation is available <ahref="../../documentation/1.2/start.html#configuration_database"class="wikilink1"title="documentation:1.2:start">here</a>.
</div></p>
</p>
<p>
By default, configuration is stored in <ahref="../../documentation/1.2/fileconfbackend.html"class="wikilink1"title="documentation:1.2:fileconfbackend">files</a>, so access trough network is not possible. To allow this, use <ahref="../../documentation/1.2/soapconfbackend.html"class="wikilink1"title="documentation:1.2:soapconfbackend">SOAP</a> for configuration access, or use a network service like <ahref="../../documentation/1.2/sqlconfbackend.html"class="wikilink1"title="documentation:1.2:sqlconfbackend">SQL database</a> or <ahref="../../documentation/1.2/ldapconfbackend.html"class="wikilink1"title="documentation:1.2:ldapconfbackend">LDAP directory</a>.
</p>
<p>
Configuration backend can be set in the <ahref="#local_file"title="documentation:1.2:configlocation ↵"class="wikilink1">local configuration file</a>, in <code>configuration</code> section.
</p>
<p>
For example, to configure the <code>File</code> configuration backend:
<p><divclass="notetip">See <ahref="../../documentation/1.2/changeconfbackend.html"class="wikilink1"title="documentation:1.2:changeconfbackend">How to change configuration backend</a> to known how to change this.
</div></p>
</p>
</div>
<!-- SECTION "Backends" [39-1049] -->
<h2><aname="manager"id="manager">Manager</a></h2>
<divclass="level2">
<p>
Most of configuration can be done trough LemonLDAP::NG Manager (by default <ahref="http://manager.example.com"class="urlextern"title="http://manager.example.com"rel="nofollow">http://manager.example.com</a>).
</p>
<p>
By default, Manager is protected to allow only the demonstration user “dwho”.
</p>
<p>
<p><divclass="noteimportant">This user will not be available anymore if you configure a new authentication backend! Remember to change the access rule in Manager virtual host to allow new administrators.
</div></p>
</p>
<p>
If you can not access the Manager anymore, you can unprotect it by editing <code>lemonldap-ng.in</code> and changing the <code>protection</code> parameter:
<p><divclass="notetip">See <ahref="../../documentation/1.2/managerprotection.html"class="wikilink1"title="documentation:1.2:managerprotection">Manager protection documentation</a> to know how to use Apache modules or <acronymtitle="LemonLDAP::NG">LL::NG</acronym> to manage access to Manager.
<liclass="level1"><divclass="li"><strong>Variables</strong>: user information, macros and groups used to fill <acronymtitle="Single Sign On">SSO</acronym> session</div>
<liclass="level1"><divclass="li"><strong><acronymtitle="Security Assertion Markup Language">SAML</acronym> service providers</strong>: Registered SP</div>
</li>
</ul>
<p>
LemonLDAP::NG configuration is mainly a key/value structure, so Manager will present all keys into a structured tree. A click on a key will display the associated value.
</p>
<p>
<p><divclass="noteimportant">When modifying a value, always click on the <code>Apply</code> button if available, to be sure the value is saved.
</div></p>
</p>
<p>
When all modifications are done, click on <code>Save</code> to store configuration.
</p>
<p>
<p><divclass="notewarning">LemonLDAP::NG will do some checks on configuration and display errors and warnings if any. Configuration <strong>is not saved</strong> if errors occur.
</div></p>
</p>
<p>
You can change the graphical aspect of the Manager, by clicking on the <code>Menu style</code> button. It will open a dialog to choose:
</p>
<ul>
<liclass="level1"><divclass="li"> Menu organization: tree or accordion</div>
Menu style preferences are stored in cookies (1 year duration). You can fix default values by editing these values in <code>lemonldap-ng.ini</code>, section <code>manager</code>:
<p><divclass="noteimportant">LemonLDAP::NG does not manage Apache configuration
</div></p>
</p>
<p>
LemonLDAP::NG ships 3 Apache configuration files:
</p>
<ul>
<liclass="level1"><divclass="li"><strong>portal-apache2.conf</strong>: Portal virtual host, with <acronymtitle="Simple Object Access Protocol">SOAP</acronym> and Issuer end points</div>
<liclass="level1"><divclass="li"><strong>handler-apache2.conf</strong> : Handler declaration, reload and sample virtual hosts</div>
</li>
</ul>
<p>
These files must be included in Apache configuration, either with <code>Include</code> directives in <code>httpd.conf</code> (see <ahref="../../documentation/quickstart.html#apache"class="wikilink1"title="documentation:quickstart">quick start example</a>), or with symbolic links in Apache configuration directory (like <code>/etc/httpd/conf.d</code>).
</p>
<p>
<p><divclass="notewarning">Mod <acronymtitle="Practical Extraction and Report Language">Perl</acronym> must be loaded before LemonLDAP::NG, so include configuration after the mod_perl <code>LoadModule</code> directive.
Manager virtual host is used to serve configuration interface and local documentation.
</p>
<ul>
<liclass="level1"><divclass="li"> Configuration interface access is not protected by Apache but by LemonLDAP::NG itself (see <code>lemonldap-ng.ini</code>):</div>
<p><divclass="noteclassic">As Handlers keep configuration in cache, when configuration change, it should be updated in Handlers. An Apache restart will work, but LemonLDAP::NG offers the mean to reload them through an <acronymtitle="Hyper Text Transfer Protocol">HTTP</acronym> request. Configuration reload will then be effective in less than 10 minutes.
</div></p>
</p>
<p>
After configuration is saved by Manager, LemonLDAP::NG will try to reload configuration on distant Handlers by sending an <acronymtitle="Hyper Text Transfer Protocol">HTTP</acronym> request to the servers. The servers and URLs can be configured in Manager, <code>General Parameters</code>><code>reload configuration URLs</code>: keys are server names or <acronymtitle="Internet Protocol">IP</acronym> the requests will be sent to, and values are the requested URLs.
</p>
<p>
These parameters can be overwritten in LemonLDAP::NG ini file, in the section <code>apply</code>.
</p>
<p>
<p><divclass="notetip">You only need a reload <acronymtitle="Uniform Resource Locator">URL</acronym> per physical servers, as Handlers share the same configuration cache on each physical server.
</div></p>
</p>
<p>
The <code>reload</code> target is managed in Apache configuration, inside a virtual host protected by LemonLDAP::NG Handler, for example:
LemonLDAP::NG configuration can be managed in a local file with <ahref="http://en.wikipedia.org/wiki/INI_file"class="urlextern"title="http://en.wikipedia.org/wiki/INI_file"rel="nofollow">INI format</a>. This file is called <code>lemonldap-ng.ini</code> and has the following sections:
</p>
<ul>
<liclass="level1"><divclass="li"><strong>configuration</strong>: where configuration is stored</div>
</li>
<liclass="level1"><divclass="li"><strong>apply</strong>: reload <acronymtitle="Uniform Resource Locator">URL</acronym> for distant Hanlders</div>
</li>
<liclass="level1"><divclass="li"><strong>all</strong>: parameters for all modules</div>
</li>
<liclass="level1"><divclass="li"><strong>portal</strong>: parameters only for Portal</div>
</li>
<liclass="level1"><divclass="li"><strong>manager</strong>: parameters only for Manager</div>
</li>
<liclass="level1"><divclass="li"><strong>handler</strong>: parameters only for Handler</div>
</li>
</ul>
<p>
When you set a parameter in <code>lemonldap-ng.ini</code>, it will override the parameter from the global configuration.
</p>
<p>
For example, to override configured skin for portal:
<p><divclass="notetip">You need to know the technical name of configuration parameter to do this. You can refer to <ahref="../../documentation/1.2/parameterlist.html"class="wikilink1"title="documentation:1.2:parameterlist">parameter list</a> to find it.
LemonLDAP::NG allows to override any configuration parameter directly in script file. However, it is not advised to edit such files, as they are part of the program, and will be erased at next upgrade.
</p>
<p>
<p><divclass="notetip">You also need to know the technical name of configuration parameter to do this. You can refer to <ahref="../../documentation/1.2/parameterlist.html"class="wikilink1"title="documentation:1.2:parameterlist">parameter list</a> to find it.
