diff --git a/build/lemonldap-ng/doc/advanced-access-rules.html b/build/lemonldap-ng/doc/advanced-access-rules.html index 57e9ee458..bcb35e5d1 100644 --- a/build/lemonldap-ng/doc/advanced-access-rules.html +++ b/build/lemonldap-ng/doc/advanced-access-rules.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: advanced-access-rules.html + @@ -216,10 +258,17 @@ objectClass ( SSOOID:2:1 a value inside the entry of the users.

Habilitation based on a date

+ "HHabilitationbasedonadate">Habilitation based on a date
+
+ If the user has got ssoStartDate and/or ssoEndDate, you can configure + rules to compare the current date to the start/end dates.

Habilitation based on a period

+ "HHabilitationbasedonaperiod">Habilitation based on a + period
+
+ If the user has got ssoTimeProfile, you can configure rules to compare the + current time and compare it to the time profile.

Send a role to a protected @@ -365,5 +414,7 @@ Auth-Roles => $bbbRoles Now the protected application can read in the header HTTP_AUTH_ROLES the role of the user. + +

Index

diff --git a/build/lemonldap-ng/doc/advanced-install.html b/build/lemonldap-ng/doc/advanced-install.html index f7d73cbd0..4f743b0c1 100644 --- a/build/lemonldap-ng/doc/advanced-install.html +++ b/build/lemonldap-ng/doc/advanced-install.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: advanced-install.html + @@ -369,5 +411,7 @@ SSLEngine On + +

Index

diff --git a/build/lemonldap-ng/doc/contacts.html b/build/lemonldap-ng/doc/contacts.html new file mode 100644 index 000000000..9665b827e --- /dev/null +++ b/build/lemonldap-ng/doc/contacts.html @@ -0,0 +1,144 @@ + + + + + + + + Lemonldap::NG documentation: contacts.html + + + + + +
+

Contacts

+ +

LemonLDAP

+ +

Mailing + lists

+ +
    +
  • Devel: lemonldap-dev AT ow2.org (Archives)
    • +
+ +

Core team

+ +
    +
  • Eric German, germanlinux AT yahoo.com: Leader
    • + +
  • Habib ZITOUNI zitouni.habib AT gmail.com (version 3)
    • + +
  • Hamza AISSAT asthamza AT hotmail.fr (version 3)
    • + +
  • Casimir ANTUNES (webmin)
    • +
+ +

Contributors

+ +
    +
  • Sebastien DIAZ: sebastien.diaz AT gmail.com module pour sympa + pluglemonsympa (liste de discussion)
    • + +
  • Apache::Authenlemonldap: module CPAN à installer sur un + serveur apache qui permet de décoder les en-têtes + envoyées par lemonldap.
    • + +
  • Lemonldap::Cluster::Status: module CPAN qui permet de superviser un + cluster de serveurs lemonldap de la même manière qu'un + server-status individuel.
    • + +
  • Valve lemonldap pour Tomcat: valve java a installer sur un serveur + Tomcat qui permet de décoder les entetes envoyées par + lemonldap. Auteurs : Itin avec : BOIREAU Oliver CHECCO Jean-Thomas GZADY + Mounir RIVIERE Daniel
    • +
+ +

LemonLDAP::NG

+ +

Mailing + lists

+ +
    +
  • Devel: lemonldap-ng-dev AT ow2.org (Archives)
    • + +
  • Users: lemonldap-ng-users AT ow2.org (Archives)
    • +
+ +

Core team

+ +
    +
  • Xavier Guimard, x.guimard AT free.fr: Leader
    • + +
  • Thomas Chemineau: Developer
    • + +
  • Clément Oudot: Graphics, documentation, tests
    • +
+ +

Contributors

+ + +
+ +

Index

+ + diff --git a/build/lemonldap-ng/doc/debian-packages-install.html b/build/lemonldap-ng/doc/debian-packages-install.html new file mode 100644 index 000000000..451a330a9 --- /dev/null +++ b/build/lemonldap-ng/doc/debian-packages-install.html @@ -0,0 +1,153 @@ + + + + + + + + Lemonldap::NG documentation: debian-packages-install.html + + + + + +
+

Installation on Debian/Ubuntu + with packages

+ +

+ + + +

Get the + packages

+ +

If you run Debian lenny (testing) or sid + (unstable), the LemonLDAP::NG packages are directly installable: + +
+ 
+# apt-cache search lemonldap-ng
+
+

+
+ Else you will have to download them first, from this location: + http://packages.debian.org/search?keywords=lemonldap-ng.
+ +
+ For example: + +
+ 
+# wget http://ftp.de.debian.org/debian/pool/main/l/lemonldap-ng/lemonldap-ng_0.9.2-1_all.deb
+# wget http://ftp.de.debian.org/debian/pool/main/l/lemonldap-ng/liblemonldap-ng-conf-perl_0.9.2-1_all.deb
+# wget http://ftp.de.debian.org/debian/pool/main/l/lemonldap-ng/liblemonldap-ng-portal-perl_0.9.2-1_all.deb
+# wget http://ftp.de.debian.org/debian/pool/main/l/lemonldap-ng/liblemonldap-ng-handler-perl_0.9.2-1_all.deb
+# wget http://ftp.de.debian.org/debian/pool/main/l/lemonldap-ng/liblemonldap-ng-manager-perl_0.9.2-1_all.deb
+
+
+ +

Install packages (Debian + testing/unstable)


+
+ +
+ 
+# apt-get install apache2 lemonldap-ng
+
+
+ +

Install + packages (Other)


+
+ Before installing the packages, install dependencies: + +
+ 
+# apt-get install apache2 libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl  libsoap-lite-perl libhtml-template-perl
+
+

+
+ Then: + +
+ 
+# dpkg -i liblemonldap-ng-* lemonldap-ng*
+
+
+ +

File location

+ +
    +
  • All configuration is in /etc/lemonldap-ng
    • + +
  • All Perl modules are in /usr/share/perl5/Lemonldap/NG/
    • + +
  • All Perl scripts/pages are in /var/lib/lemonldap-ng/
    • +
+
+ +

Index

+ + diff --git a/build/lemonldap-ng/doc/dokuwiki.html b/build/lemonldap-ng/doc/dokuwiki.html new file mode 100644 index 000000000..26dc08723 --- /dev/null +++ b/build/lemonldap-ng/doc/dokuwiki.html @@ -0,0 +1,140 @@ + + + + + + + + Lemonldap::NG documentation: dokuwiki.html + + + + + +
+

LemonLDAP SSO + with Dokuwiki

+ +

+ + This plugin was provided by Erwan Legall (LINAGORA). See the + original + article. + +

Installation

+ +

Simply unpack the LemonLDAP::NG Dokuwiki plugin + (see download section) and copy the lemonldap.class.php and + lemonldapuserdatabackend.class.php in your inc/auth/ directory. + +

Note: The Dokuwiki must be provided by the http + server wheris the lemonLDAP handler. + +

Configuration


+
+ Very simple too, the only thing you have to change is the conf/local.php + to add this line:
+
+ +
+ 
+$conf[authtype]    = lemonldap;
+
+

+
+ That's it! + +

LemonLDAP / dokuwiki / Apache2 + VHost example


+
+ There is an example of an apache2 vhost which prvide an LemonLDAP + authentified dokuwiki:
+
+ For information, this can be an Apache2 lemon/doku config file:
+
+ +
+ 
+PerlRequire /var/lib/lemonldap-ng/handler/MyHandler.pm

<VirtualHost *>
+    ServerName dokuwiki.sso-lemonldap.com
+    PerlOptions +GlobalRequest
+    PerlHeaderParserHandler MyHandler

    <Files *.pl>
+        SetHandler perl-script
+        PerlResponseHandler ModPerl::Registry
+        PerlSendHeader  On
+    </Files>

    # DocumentRoot
+    DocumentRoot /var/www/dokuwiki.sso-lemonldap.com

    <Directory /var/www/dokuwiki.sso-lemonldap.com>
+        Order deny,allow
+        #Deny from all
+        Allow from all
+        Options -Indexes +FollowSymLinks +MultiViews
+    </Directory>

        <IfModule mod_dir.c>
+            DirectoryIndex index.pl index.php index.html
+        </IfModule>

    # Logs
+    LogLevel warn
+    ErrorLog /var/log/apache2/dokuwikisso-lemonldap.com-error.log
+    CustomLog /var/log/apache2/dokuwikisso-lemonldap.com-access.log combined

</VirtualHost>
+
+
+
+ +

Index

+ + diff --git a/build/lemonldap-ng/doc/errors-fr.html b/build/lemonldap-ng/doc/errors-fr.html index 73f9fc900..53c2024d4 100644 --- a/build/lemonldap-ng/doc/errors-fr.html +++ b/build/lemonldap-ng/doc/errors-fr.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: errors-fr.html + @@ -196,5 +238,7 @@

+ +

Index

diff --git a/build/lemonldap-ng/doc/errors.html b/build/lemonldap-ng/doc/errors.html index d25310ea1..1d857b09b 100644 --- a/build/lemonldap-ng/doc/errors.html +++ b/build/lemonldap-ng/doc/errors.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: errors.html + @@ -183,5 +225,7 @@

This message appears when an handler can not access to session database. The real error is reported. + +

Index

diff --git a/build/lemonldap-ng/doc/faq-fr.html b/build/lemonldap-ng/doc/faq-fr.html index b44e24cde..26f9aa45c 100644 --- a/build/lemonldap-ng/doc/faq-fr.html +++ b/build/lemonldap-ng/doc/faq-fr.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: faq-fr.html + @@ -209,9 +251,8 @@ par une simple connexion HTTP(S). Le serveur SOAP accède lui à la configuration par un des systèmes précédents (File ou DBI). Pour plus d'informations, voir - la page Utilisation des Web - Services. + la page Utilisation des + Web Services.

Erreurs référence ces messages d'erreur et de débogage. + +

Index

diff --git a/build/lemonldap-ng/doc/faq.html b/build/lemonldap-ng/doc/faq.html index 5ef2e7d82..6dba50ba0 100644 --- a/build/lemonldap-ng/doc/faq.html +++ b/build/lemonldap-ng/doc/faq.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: faq.html + @@ -410,5 +452,7 @@ my $portal = Lemonldap::NG::Portal::SharedConf->new(

Those messages are described here. + +

Index

diff --git a/build/lemonldap-ng/doc/index.html b/build/lemonldap-ng/doc/index.html new file mode 100644 index 000000000..6eaf5d032 --- /dev/null +++ b/build/lemonldap-ng/doc/index.html @@ -0,0 +1,77 @@ + + + +Lemonldap::NG documentation: index + + + + +
+

LemonLDAP::NG documentation

+ +
+

Find the latest version of the documentation on LemonLDAP::NG Wiki !

+ + diff --git a/build/lemonldap-ng/doc/install-fr.html b/build/lemonldap-ng/doc/install-fr.html index 2e39313a9..8e6149bb5 100644 --- a/build/lemonldap-ng/doc/install-fr.html +++ b/build/lemonldap-ng/doc/install-fr.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: install-fr.html + @@ -76,8 +118,8 @@ #apt-get install libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl Et si vous souhaitez utiliser les fonctionnalités SOAP du - manager (cf. Utilisation des modules SOAP) : + manager (cf. Utilisation des + modules SOAP) : 
@@ -205,5 +247,7 @@ ln -s /usr/share/doc/lemonldap-ng/example/apache2.conf /etc/apache2/sites-enable
     redirigés vers auth.example.com. Connectez-vous avec un compte
     valide et la page protégée apparaîtra.
+ +

Index

diff --git a/build/lemonldap-ng/doc/install.html b/build/lemonldap-ng/doc/install.html index 15372d3cc..2e74178eb 100644 --- a/build/lemonldap-ng/doc/install.html +++ b/build/lemonldap-ng/doc/install.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: install.html + @@ -188,5 +230,7 @@ ln -s /usr/share/doc/lemonldap-ng/example/apache2.conf /etc/apache2/sites-enable redirect to auth.example.com. Try to authenticate yourself with a valid account and the protected page will appear. + +

Index

diff --git a/build/lemonldap-ng/doc/liberty-alliance-fr.html b/build/lemonldap-ng/doc/liberty-alliance-fr.html index 45bb2fe35..df361cbbd 100644 --- a/build/lemonldap-ng/doc/liberty-alliance-fr.html +++ b/build/lemonldap-ng/doc/liberty-alliance-fr.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: liberty-alliance-fr.html + @@ -533,5 +575,7 @@ my $var_dir = "/http://federid.objectweb.org/xwiki/bin/view/Main/Demonstration + +

Index

diff --git a/build/lemonldap-ng/doc/logo_bpi.png b/build/lemonldap-ng/doc/logo_bpi.png new file mode 100644 index 000000000..2935cd0c9 Binary files /dev/null and b/build/lemonldap-ng/doc/logo_bpi.png differ diff --git a/build/lemonldap-ng/doc/logo_gendarmerie_nationale.png b/build/lemonldap-ng/doc/logo_gendarmerie_nationale.png new file mode 100644 index 000000000..253863dbd Binary files /dev/null and b/build/lemonldap-ng/doc/logo_gendarmerie_nationale.png differ diff --git a/build/lemonldap-ng/doc/logo_lemonldap-ng_400px.png b/build/lemonldap-ng/doc/logo_lemonldap-ng_400px.png new file mode 100644 index 000000000..cd3aae8c2 Binary files /dev/null and b/build/lemonldap-ng/doc/logo_lemonldap-ng_400px.png differ diff --git a/build/lemonldap-ng/doc/overview-fr.html b/build/lemonldap-ng/doc/overview-fr.html index 0f76e49fb..7f8fb6a05 100644 --- a/build/lemonldap-ng/doc/overview-fr.html +++ b/build/lemonldap-ng/doc/overview-fr.html @@ -1,6 +1,6 @@ - + @@ -9,6 +9,53 @@ Lemonldap::NG documentation: overview-fr.html + + @@ -16,8 +63,10 @@

LemonLDAP::NG

-

- +

+ +
+

Lemonldap::NG est un + +

Index

diff --git a/build/lemonldap-ng/doc/overview.html b/build/lemonldap-ng/doc/overview.html index e0528d47e..a7cf71001 100644 --- a/build/lemonldap-ng/doc/overview.html +++ b/build/lemonldap-ng/doc/overview.html @@ -1,6 +1,6 @@ - + @@ -9,6 +9,53 @@ Lemonldap::NG documentation: overview.html + + @@ -16,8 +63,10 @@

LemonLDAP::NG

-

- +

+ +
+

Lemonldap::NG is a modular Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with @@ -421,5 +470,7 @@ Remote-IP => $ip either Perl version 5.8.4 or, at your option, any later version of Perl 5 you may have available. + +

Index

diff --git a/build/lemonldap-ng/doc/password-policy.html b/build/lemonldap-ng/doc/password-policy.html index 137b9f4f6..8e6885513 100644 --- a/build/lemonldap-ng/doc/password-policy.html +++ b/build/lemonldap-ng/doc/password-policy.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: password-policy.html + @@ -102,5 +144,7 @@ + +

Index

diff --git a/build/lemonldap-ng/doc/phpldapadmin.html b/build/lemonldap-ng/doc/phpldapadmin.html new file mode 100644 index 000000000..bdeb9dcda --- /dev/null +++ b/build/lemonldap-ng/doc/phpldapadmin.html @@ -0,0 +1,195 @@ + + + + + + + + Lemonldap::NG documentation: phpldapadmin.html + + + + + +
+

phpLDAPadmin

+ +

+ + + +

Presentation

+ +

phpLDAPadmin is an LDAP administration tool + written in PHP. See http://phpldapadmin.sourceforge.net/ + for more informations. + +

Simple + integration

+ +

This integration is easy: phpLDAPadmin will + connect to the directory with a static DN and password, and so will not + request authentication anymore. The access to phpLDAPadmin will be + protected by LemonLDAP::NG with specific access rules. + +

Warning: phpLDAPadmin will have no idea of the + user connected to the WebSSO. So a simple user can have admin rights on + the LDAP directory if your access rules are too lazy. + +

phpLDAPadmin configuration

+ +

Just set the authentication type to 'config' and + indicate DN and password inside the file config.php: + +

+ +
+ 
+$ldapservers->SetValue($i,'server','auth_type','config');
+$ldapservers->SetValue($i,'login','dn','cn=Manager,dc=example,dc=com');
+$ldapservers->SetValue($i,'login','pass','secret');
+
+
+ +

Save and close. + +

Apache + configuration

+ +

We recommend to create a virtualhost for + phpLDAPadmin (eg. http://pla.example.com). Then + configure this virtualhost in your existing Apache configuration: + +

+ +
+ 
+# The following lines must be set once for all virtualhosts 
+NameVirtualHost *

PerlRequire /opt/lemonldap-ng/handler/Handler.pm
+PerlOptions +GlobalRequest
+<Files ~ ".(pl)$">
+        SetHandler      perl-script
+        PerlHandler     ModPerl::Registry
+        PerlSendHeader  On
+</Files>

# Define here all protected virtualhosts

<VirtualHost *>
+        ServerName pla.example.com
+        ServerSignature Off

        DocumentRoot /opt/phpldapadmin
+        DirectoryIndex index.php

        PerlHeaderParserHandler Handler

        <Location /refresh>
+                PerlHeaderParserHandler Handler->refresh
+        </Location>

        LogLevel warn
+        ErrorLog /var/log/httpd/phpldapadmin-error.log
+        CustomLog /var/log/httpd/phphldapadmin-access.log combined
+</VirtualHost>
+
+
+ +

LemonLDAP::NG + configuration


+
+ Go to the manager and create a new virtual host:
+
+ +
+ 
+pla.example.com
+
+

+
+ Then create the access rule. Some examples:
+
+ +
+ 
+default => accept
+
+

+
+ +
+ 
+default => $groups ~= \badmin\b
+
+

+
+ Remove all HTTP_HEADERS, because they are not used! + +

Complex + integration


+
+ This is a feature request: + https://sourceforge.net/tracker/index.php?func=detail&aid=2073323&group_id=61828&atid=498549 +
+ +

Index

+ + diff --git a/build/lemonldap-ng/doc/references.html b/build/lemonldap-ng/doc/references.html new file mode 100644 index 000000000..e4fc15a15 --- /dev/null +++ b/build/lemonldap-ng/doc/references.html @@ -0,0 +1,97 @@ + + + + + + + + Lemonldap::NG documentation: references.html + + + + + +
+

References

+ +

+ + They use LemonLDAP::NG: + +

Gendarmerie + Nationale

+ +

+ + +
    +
  • Nb users:
    • + +
  • Nb protected applications:
    • +
+ +

Bibliothèque Publique + d'Information

+ +

logo_bpi.png + +
    +
  • Nb users: ~500
    • + +
  • Nb protected applications: ~10
    • +
+
+ +

Index

+ + diff --git a/build/lemonldap-ng/doc/roadmap.html b/build/lemonldap-ng/doc/roadmap.html new file mode 100644 index 000000000..af2c734c1 --- /dev/null +++ b/build/lemonldap-ng/doc/roadmap.html @@ -0,0 +1,126 @@ + + + + + + + + Lemonldap::NG documentation: roadmap.html + + + + + +
+

Roadmap for + LemonLDAP::NG

+ +

+ + + +

Version 0.9 + (2008)

+ +
    +
  • Liberty Alliance authentication module
    • + +
  • Skins for Manager and Portal
    • + +
  • SOAP access to configuration and sessions
    • +
+ +

Version 1.0 (end + 2008)

+ +
    +
  • Dissociate authentication and user backend capabilities (for + example, to choose LDAP for authentication, and MySQL for reading user's + information).
    • + +
  • Add a Menu.pm to portal modules, to provide an enhanced application + menu and password modification form
    • + +
  • i18n (internationalization) for modules, scripts and HTML + templates
    • + +
  • Production installation script
    • + +
  • Packages for Debian/Ubuntu, RedHat/CentOS
    • + +
  • Date and time parameters in access rules
    • + +
  • Monitoring scripts (MRTG, Cacti, Nagios)
    • + +
  • Sessions explorer
    • + +
  • Handler POST functionnalities, to fill authentication forms with + login/password
    • +
+ +

Version 2.0 + (2010)

+ +
    +
  • Manage Apache virtualhost configuration through LDAP backend
    • + +
  • SAML2 authentication and user backend
    • + +
  • SNMP extensions for monitoring
    • + +
  • Local password policy
    • +
+
+ +

Index

+ + diff --git a/build/lemonldap-ng/doc/soap-fr.html b/build/lemonldap-ng/doc/soap-fr.html index ba96ea83f..bdd810bff 100644 --- a/build/lemonldap-ng/doc/soap-fr.html +++ b/build/lemonldap-ng/doc/soap-fr.html @@ -9,6 +9,48 @@ Lemonldap::NG documentation: soap-fr.html + @@ -492,5 +534,7 @@ configStorage => {

+ +

Index

diff --git a/build/lemonldap-ng/doc/sympa.html b/build/lemonldap-ng/doc/sympa.html new file mode 100644 index 000000000..abe9136f9 --- /dev/null +++ b/build/lemonldap-ng/doc/sympa.html @@ -0,0 +1,212 @@ + + + + + + + + Lemonldap::NG documentation: sympa.html + + + + + +
+

Sympa

+ +

+ + + +

Presentation

+ +

Sympa is a mailing list manager. See http://www.sympa.org for more + informations. + +

Integration with + LemonLDAP::NG

+ +

Presentation

+ +

Sympa provide a magic authentication mecanism, + which display a special button on the interface. When the user click on + it, if he has already an SSO session, he is directly authenticated. + +

This works for CAS, Shibboleth and LemonLDAP::NG. + +

Sympa + configuration


+
+ Edit the file "auth.conf", for example:
+
+ +
+ 
+# vi /etc/sympa/auth.conf
+
+

+
+ And fill it (replace all "example" elements): + +
+ 
+generic_sso
+        service_name                    LemonLDAP::NG
+        service_id                      lemonldapng
+        http_header_prefix              HTTP
+        email_http_header               HTTP_EMAIL
+        netid_http_header               HTTP_AUTH-USER
+        internal_email_by_netid         1
+        logout_url                      http://sympa.example.com/wws/logout

ldap
+        host                            localhost:389
+        timeout                         20
+        bind_dn                         cn=admin,dc=example,dc=com
+        bind_password                   secret
+        suffix                          dc=example,dc=com
+        get_dn_by_uid_filter            (uid=[sender])
+        get_dn_by_email_filter          (|(mail=[sender])(n2atraliasmail=[sender]))
+        alternative_email_attribute     n2atrmaildrop
+        email_attribute                 mail
+        scope                           sub
+        authentication_info_url         http://sympa.example.com
+
+
+ +

Apache + configuration

+ +

We recommend to create a virtualhost for + Sympa(eg. http://sympa.example.com). Then + configure this virtualhost in your existing Apache configuration: + +

+ +
+ 
+# The following lines must be set once for all virtualhosts 
+NameVirtualHost *

PerlRequire /opt/lemonldap-ng/handler/Handler.pm
+PerlOptions +GlobalRequest
+<Files ~ ".(pl)$">
+        SetHandler      perl-script
+        PerlHandler     ModPerl::Registry
+        PerlSendHeader  On
+</Files>

# Define here all protected virtualhosts
+<VirtualHost *>
+    ServerName sympa.example.com

    # WebSSO protection
+    <Location /wws/sso_login/lemonldapng>
+    PerlHeaderParserHandler Handler
+    </Location>

    <Location /reload>
+    PerlHeaderParserHandler Handler->reload
+    </Location>

    RedirectMatch ^/$ /wws
+    Alias /wwsicons /usr/share/sympa/icons
+    ScriptAlias /wws /usr/lib/cgi-bin/sympa/wwsympa.fcgi

    LogLevel warn
+    ErrorLog /var/log/apache2/sympa-error.log
+    CustomLog /var/log/apache2/sympa-access.log combined
+</VirtualHost>
+
+
+ +

LemonLDAP::NG configuration

+ +

Go to the manager and create a new virtual host: + +
+ 
+pla.example.com
+
+

+
+ Then create the access rule: + +
+ 
+default => accept
+
+

+
+ And set the correct HTTP headers: + +
+ 
+Auth-User => $uid
+email => $email
+
+
+
+ +

Index

+ + diff --git a/build/lemonldap-ng/doc/tomcat-valve.html b/build/lemonldap-ng/doc/tomcat-valve.html new file mode 100644 index 000000000..607d330cc --- /dev/null +++ b/build/lemonldap-ng/doc/tomcat-valve.html @@ -0,0 +1,170 @@ + + + + + + + + Lemonldap::NG documentation: tomcat-valve.html + + + + + +
+

Tomcat valve

+ +

+ + The Tomcat valve was provided by Pascal Pejac. + +

This valve is only available for tomcat 5.5 or + greater. + +

Compilation

+ +

Note: source and compiled valve can be found in + the download area. + +

Required : + +
    +
  • ant
    • + +
  • jre > 1.4
    • + +
  • tomcat >= 5.5
    • +
Configure your tomcat home in build.properties files.
+
+ Note: be crareful for windosw user, path must contains "/".
+
+ Exemple: + +
+ 
+c:/my hardisk/tomcat/
+
+

+
+ Next run ant command: + +
+ 
+ant
+
+

+
+ ValveLemonLDAPNG.jar is created under /dist directory. + +

Installation


+
+ Copy ValveLemonLDAPNG.jar on <TOMCAT_HOME>/server/lib
+
+ Add on your server.xml file a new valve entry like this (in host + section):
+
+ +
+ 
+<Valve className="org.lemonLDAPNG.SSOValve" userKey="AUTH-USER" roleKey="AUTH-ROLE" roleSeparator="," allows="127.0.0.1"/>
+
+

+
+ Configure attributes: + +
    +
  • userKey: key in the http header send by lemonLDAP in order to store + user login.
    • + +
  • roleKey: key in the http header send by lemonLDAP in order to store + roles. If lemonLDAP send some roles split by some commas, use + roleSeparator.
    • + +
  • roleSeparator (optional): see above.
    • + +
  • allows (optional): filter remote IP. IP defined in this attribute + are allowed (use "," separator for multiple IP). Just set the + LemonLDAP::NG handler IP on this attribute in order to add more + security. If this attribute is missed all hosts are allowed.
    • +
+ +

Quick test + and debugging tips


+
+ Download for exemple probe application (great administration tool for + tomcat): http://www.lambdaprobe.org.
+
+ Install valve and configure it.
+
+ Send via LemonLDAP::NG user with role = probeuser or other user with role + = manager.
+
+ Probe doesn't ask authentification, you're logged...
+
+ For debugging, this valve can print some helpfull information in debug + level. Configure logging in tomcat (see http://tomcat.apache.org/tomcat-5.5-doc/logging.html) + . +
+ +

Index

+ +