2020-05-14 23:29:41 +02:00
|
|
|
Viewer module
|
|
|
|
=============
|
|
|
|
|
|
|
|
This module can be useful to allow certain users to edit WebSSO
|
|
|
|
configuration in Read Only mode.
|
|
|
|
|
|
|
|
Configuration
|
|
|
|
-------------
|
|
|
|
|
|
|
|
Parameters are set in ``lemonldap-ng.ini`` file, section [manager]:
|
|
|
|
|
2020-05-21 15:13:24 +02:00
|
|
|
.. code-block:: ini
|
2020-05-14 23:29:41 +02:00
|
|
|
|
|
|
|
[manager]
|
|
|
|
enabledModules = conf, sessions, notifications, 2ndFA, viewer
|
|
|
|
|
|
|
|
defaultModule = viewer
|
|
|
|
|
|
|
|
viewerHiddenKeys = samlIDPMetaDataNodes samlSPMetaDataNodes managerPassword ManagerDn globalStorageOptions persistentStorageOptions
|
|
|
|
viewerAllowBrowser = $groups =~ /\bsu\b/
|
|
|
|
viewerAllowDiff = $groups =~ /\bsu\b/
|
|
|
|
|
|
|
|
- **Parameters**:
|
|
|
|
|
|
|
|
- **enabledModules**: list of modules to enable
|
|
|
|
- **defaultModule**: module displayed by default route
|
|
|
|
(http://manager.example.com/manager.(fcgi|psgi)
|
|
|
|
- **viewerHiddenKeys**: keys not displayed by Viewer
|
|
|
|
- **viewerAllowBrowser**: allow to browse other configurations
|
|
|
|
- **viewerAllowDiff**: enable "difference with previous" link
|
|
|
|
|
|
|
|
|
2020-05-21 15:13:24 +02:00
|
|
|
.. danger::
|
2020-05-18 09:56:39 +02:00
|
|
|
|
|
|
|
|
2020-05-14 23:29:41 +02:00
|
|
|
|
|
|
|
You have to set access rules to allow/deny users to access modules.
|
2020-05-18 09:56:39 +02:00
|
|
|
|
2020-05-14 23:29:41 +02:00
|
|
|
In Manager: \* Declare a Virtual Host : manager.example.com \* Set an
|
|
|
|
access rule for each enabled module :
|
2020-05-18 09:56:39 +02:00
|
|
|
|
2020-05-14 23:29:41 +02:00
|
|
|
#. Configuration : ^/(.*?\.(fcgi|psgi)/)?(manager\.html|confs|$) = $uid
|
|
|
|
eq 'dwho'
|
|
|
|
#. Notifications : ^/(.*?\.(fcgi|psgi)/)?notifications = $uid eq 'dwho'
|
|
|
|
#. Sessions : ^/(.*?\.(fcgi|psgi)/)?sessions = $uid eq 'dwho'
|
|
|
|
#. Viewer : ^/(.*?\.(fcgi|psgi)/)?viewer = $uid =~ /\b(?:dwho|rtyler)\b/
|
|
|
|
#. Default : $uid =~ /\b(?:dwho|rtyler)\b/
|
|
|
|
|
|
|
|
|
|
|
|
|
2020-05-18 09:56:39 +02:00
|
|
|
|
2020-05-21 15:13:24 +02:00
|
|
|
.. attention::
|
2020-05-14 23:29:41 +02:00
|
|
|
|
|
|
|
To avoid that Read-Only users can access to
|
|
|
|
configuration module by using default route, keep in mind to set
|
2020-05-18 09:56:39 +02:00
|
|
|
'defaultModule' option
|