111 lines
2.8 KiB
ReStructuredText
111 lines
2.8 KiB
ReStructuredText
![]() |
Quick start tutorial
|
||
|
====================
|
||
|
|
||
|
|
||
|
.. important::
|
||
|
|
||
|
This tutorial will guide you into a minimal
|
||
|
installation and configuration procedure. You need some prerequisites:
|
||
|
|
||
|
- A computer with a GNU/Linux recent distribution (Debian, Ubuntu,
|
||
|
CentOS, RHEL, ...) with root privileges
|
||
|
- A web browser
|
||
|
- The possibility to update your local ``hosts`` file, or an easy
|
||
|
access to your DNS server
|
||
|
- A cup of coffee (or tea, we are open minded)
|
||
|
|
||
|
|
||
|
|
||
|
Installation
|
||
|
------------
|
||
|
|
||
|
You should install Lemonldap::NG using packages, but you can also
|
||
|
install it from
|
||
|
:doc:`the tarball<installtarball>`.
|
||
|
|
||
|
Debian / Ubuntu
|
||
|
~~~~~~~~~~~~~~~
|
||
|
|
||
|
::
|
||
|
|
||
|
apt install apt-transport-https
|
||
|
wget -O - https://lemonldap-ng.org/_media/rpm-gpg-key-ow2 | apt-key add -
|
||
|
echo "deb https://lemonldap-ng.org/deb stable main" > /etc/apt/sources.list.d/lemonldap-ng.list
|
||
|
apt update
|
||
|
apt install lemonldap-ng
|
||
|
|
||
|
CentOS / RHEL
|
||
|
~~~~~~~~~~~~~
|
||
|
|
||
|
::
|
||
|
|
||
|
curl https://lemonldap-ng.org/_media/rpm-gpg-key-ow2 > /etc/pki/rpm-gpg/RPM-GPG-KEY-OW2
|
||
|
echo "[lemonldap-ng]
|
||
|
name=LemonLDAP::NG packages
|
||
|
baseurl=https://lemonldap-ng.org/redhat/stable/$releasever/noarch
|
||
|
enabled=1
|
||
|
gpgcheck=1
|
||
|
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OW2" > /etc/yum.repos.d/lemonldap-ng.repo
|
||
|
yum update
|
||
|
yum install lemonldap-ng
|
||
|
|
||
|
SSO domain configuration
|
||
|
------------------------
|
||
|
|
||
|
The defaut SSO domain is ``example.com``. You can keep it for your tests
|
||
|
or change it, for example for ``mydomain.com``:
|
||
|
|
||
|
::
|
||
|
|
||
|
sed -i 's/example\.com/mydomain.com/g' /etc/lemonldap-ng/* /var/lib/lemonldap-ng/conf/lmConf-1.json
|
||
|
sed -i 's/example\.com/mydomain.com/g' /etc/nginx/conf.d/*
|
||
|
sed -i 's/example\.com/mydomain.com/g' /etc/httpd/conf.d/*
|
||
|
sed -i 's/example\.com/mydomain.com/g' /etc/apache2/sites-available/*
|
||
|
|
||
|
In order to be able to test, update your DNS or your local ``hosts``
|
||
|
file to map this names to the SSO server IP:
|
||
|
|
||
|
- auth.mydomain.com
|
||
|
- manager.mydomain.com
|
||
|
- test1.mydomain.com
|
||
|
- test2.mydomain.com
|
||
|
|
||
|
For example on your local computer:
|
||
|
|
||
|
::
|
||
|
|
||
|
echo "192.168.1.30 auth.mydomain.com manager.mydomain.com test1.mydomain.com test2.mydomain.com" >> /etc/hosts
|
||
|
|
||
|
Run
|
||
|
---
|
||
|
|
||
|
Since LemonLDAP::NG 1.2, the
|
||
|
:doc:`demonstration backend<authdemo>` is
|
||
|
configured by default.
|
||
|
|
||
|
Demonstration backend has hard coded user accounts:
|
||
|
|
||
|
====== ======== =============
|
||
|
Login Password Role
|
||
|
====== ======== =============
|
||
|
rtyler rtyler user
|
||
|
msmith msmith user
|
||
|
dwho dwho administrator
|
||
|
====== ======== =============
|
||
|
|
||
|
Open SSO session
|
||
|
~~~~~~~~~~~~~~~~
|
||
|
|
||
|
Go on http://auth.mydomain.com and log with one of the demonstration
|
||
|
account.
|
||
|
|
||
|
Access protected application
|
||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
|
||
|
Try http://test1.mydomain.com or http://test2.mydomain.com
|
||
|
|
||
|
Edit configuration
|
||
|
~~~~~~~~~~~~~~~~~~
|
||
|
|
||
|
Log with the dwho account and go on http://manager.mydomain.com
|