When installing <abbrtitle="LemonLDAP::NG">LL::NG</abbr>, the Manager can only be accessed with the demo account <code>dwho</code>. This How To explains how change this default behavior to protect Manager with other rules.
<divclass="notetip">Apache based protection allow one to be independent from WebSSO, so Manager will always be reachable even if WebSSO configuration is corrupted.
The configuration can be changed in <code>etc/manager-apache2.conf</code>, for example to restrict the <abbrtitle="Internet Protocol">IP</abbr> allowed to access the Manager:
<spanclass="kw1">Deny</span> from <spanclass="kw2">all</span>
<spanclass="kw1">Allow</span> from 127.0.0.0/<spanclass="nu0">8</span> 192.168.100.0/<spanclass="nu0">32</span>
<spanclass="kw1">Options</span> +ExecCGI
</<spanclass="kw3">Directory</span>></pre>
<p>
But you will rather prefer to use an Apache authentication module, like for example <ahref="http://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html"class="urlextern"title="http://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html"rel="nofollow">LDAP authentication module</a>:
<h2class="sectionedit3"id="llng_based_protection">LL::NG based protection</h2>
<divclass="level2">
<divclass="notewarning">Before enabling Manager protection by <abbrtitle="LemonLDAP::NG">LL::NG</abbr>, you must have configured how users authenticate on Portal, and test that you can log in without difficulties. Else, you will lock access to Manager and will never access it anymore.
</div>
<p>
By default, you will have a manager virtual host define in configuration. If not Go on Manager, and declare Manager as a new <ahref="configvhost.html#lemonldapng_configuration"class="wikilink1"title="documentation:2.0:configvhost">virtual host</a>, for example <code>manager.example.com</code>. You can then set the access rule. No headers are needed.
<spanclass="kw1">Allow</span> from <spanclass="kw2">all</span>
<spanclass="kw1">Options</span> +ExecCGI
</<spanclass="kw3">Directory</span>></pre>
<p>
Restart Apache and try to log on Manager. You should be redirected to <abbrtitle="LemonLDAP::NG">LL::NG</abbr> Portal.
</p>
<p>
You can then add the Manager as <ahref="portalmenu.html#categories_and_applications"class="wikilink1"title="documentation:2.0:portalmenu">an application in the menu</a>.
</p>
<divclass="notetip">If for an obscure reason, the WebSSO is not working and you want to access the Manager, remove the protection in <code>lemonldap-ng.ini</code>. Add an Apache access control to avoid other access.