dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update doc

Browse Source
This commit is contained in:
Xavier Guimard 2016-03-01 17:47:48 +00:00
parent 8bb4268475
commit 327d322575
15 changed files with 489 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
doc/pages/documentation/1.9/applications.html
View File

@ -99,22 +99,16 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
<div class="table sectionedit12"><table class="inline">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> GRR </th><th class="col1 centeralign"> phpLDAPadmin </th><th class="col2 centeralign"> LinShare </th><th class="col3 centeralign"> SAP </th>
<th class="col0 centeralign"> GRR </th><th class="col1 centeralign"> phpLDAPadmin </th><th class="col2 centeralign"> LimeSurvey </th><th class="col3 centeralign"> SAP </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="../../documentation/1.9/applications/grr.html" class="media" title="documentation:1.9:applications:grr"><img src="../../../media/applications/grr_logo.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="../../documentation/1.9/applications/phpldapadmin.html" class="media" title="documentation:1.9:applications:phpldapadmin"><img src="../../../media/applications/phpldapadmin_logo.png" class="media" alt="" /></a> </td><td class="col2 centeralign"> <a href="http://www.linpki.org/projects/linshare/wiki/HttpHeaderSSOEN" class="media" title="http://www.linpki.org/projects/linshare/wiki/HttpHeaderSSOEN" rel="nofollow"><img src="../../../media/applications/linshare_logo.png" class="media" alt="" /></a> </td><td class="col3 centeralign"> <a href="http://help.sap.com/saphelp_nw70/helpdata/en/d0/a3d940c2653126e10000000a1550b0/frameset.htm" class="media" title="http://help.sap.com/saphelp_nw70/helpdata/en/d0/a3d940c2653126e10000000a1550b0/frameset.htm" rel="nofollow"><img src="../../../media/applications/saplogo.gif" class="media" title="SAP" alt="SAP" /></a> </td>
</tr>
<tr class="row2 roweven">
<th class="col0 centeralign"> LimeSurvey </th><th class="col1 leftalign"> </th><th class="col2 leftalign"> </th><th class="col3 leftalign"> </th>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <a href="../../documentation/1.9/applications/limesurvey.html" class="media" title="documentation:1.9:applications:limesurvey"><img src="../../../media/applications/limesurvey_logo.png" class="media" title="LimeSurvey" alt="LimeSurvey" width="120" /></a> </td><td class="col1"> </td><td class="col2"> </td><td class="col3"> </td>
<td class="col0 centeralign"> <a href="../../documentation/1.9/applications/grr.html" class="media" title="documentation:1.9:applications:grr"><img src="../../../media/applications/grr_logo.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="../../documentation/1.9/applications/phpldapadmin.html" class="media" title="documentation:1.9:applications:phpldapadmin"><img src="../../../media/applications/phpldapadmin_logo.png" class="media" alt="" /></a> </td><td class="col2 centeralign"> <a href="../../documentation/1.9/applications/limesurvey.html" class="media" title="documentation:1.9:applications:limesurvey"><img src="../../../media/applications/limesurvey_logo.png" class="media" title="LimeSurvey" alt="LimeSurvey" width="120" /></a> </td><td class="col3 centeralign"> <a href="http://help.sap.com/saphelp_nw70/helpdata/en/d0/a3d940c2653126e10000000a1550b0/frameset.htm" class="media" title="http://help.sap.com/saphelp_nw70/helpdata/en/d0/a3d940c2653126e10000000a1550b0/frameset.htm" rel="nofollow"><img src="../../../media/applications/saplogo.gif" class="media" title="SAP" alt="SAP" /></a> </td>
</tr>
</table></div>
<!-- EDIT12 TABLE [1248-1789] -->
<!-- EDIT12 TABLE [1248-1651] -->
</div>
<!-- EDIT11 SECTION "Other" [1231-1790] -->
<!-- EDIT11 SECTION "Other" [1231-1652] -->
<h2 class="sectionedit13" id="frameworks">Frameworks</h2>
<div class="level2">
<div class="table sectionedit14"><table class="inline">
@ -127,9 +121,9 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
<td class="col0 centeralign"> <a href="../../documentation/1.9/applications/spring.html" class="media" title="documentation:1.9:applications:spring"><img src="../../../media/applications/spring_logo.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="../../documentation/1.9/applications/django.html" class="media" title="documentation:1.9:applications:django"><img src="../../../media/applications/django_logo.png" class="media" alt="" /></a> </td>
</tr>
</table></div>
<!-- EDIT14 TABLE [1815-1982] -->
<!-- EDIT14 TABLE [1677-1844] -->
</div>
<!-- EDIT13 SECTION "Frameworks" [1791-1983] -->
<!-- EDIT13 SECTION "Frameworks" [1653-1845] -->
<h2 class="sectionedit15" id="connectors">Connectors</h2>
<div class="level2">
<div class="table sectionedit16"><table class="inline">
@ -150,9 +144,9 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
<a href="http://fr.lutece.paris.fr" class="urlextern" title="http://fr.lutece.paris.fr" rel="nofollow">Lutece</a> </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT16 TABLE [2008-2499] -->
<!-- EDIT16 TABLE [1870-2361] -->
</div>
<!-- EDIT15 SECTION "Connectors" [1984-2500] -->
<!-- EDIT15 SECTION "Connectors" [1846-2362] -->
<h2 class="sectionedit17" id="saml_connectors">SAML connectors</h2>
<div class="level2">
@ -170,6 +164,6 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
<td class="col0 centeralign"> <a href="../../documentation/1.9/applications/googleapps.html" class="media" title="documentation:1.9:applications:googleapps"><img src="../../../media/applications/googleapps_logo.png" class="mediacenter" alt="" /></a> </td><td class="col1 centeralign"> <a href="../../documentation/1.9/applications/cornerstone.html" class="media" title="documentation:1.9:applications:cornerstone"><img src="../../../media/applications/csod_logo.png" class="mediacenter" alt="" /></a> </td><td class="col2 centeralign"> <a href="../../documentation/1.9/applications/salesforce.html" class="media" title="documentation:1.9:applications:salesforce"><img src="../../../media/applications/salesforce-logo.jpg" class="mediacenter" alt="" /></a> </td>
</tr>
</table></div>
<!-- EDIT18 TABLE [2620-2891] -->
<!-- EDIT18 TABLE [2482-2753] -->
</div>
</div><!-- closes <div class="dokuwiki export">-->

46
doc/pages/documentation/1.9/applications/bugzilla.html
View File

@ -78,12 +78,16 @@ Then set:
</div>
<!-- EDIT4 SECTION "Bugzilla administration" [366-653] -->
<h3 class="sectionedit5" id="bugzilla_virtual_host_in_apache">Bugzilla virtual host in Apache</h3>
<h3 class="sectionedit5" id="bugzilla_virtual_host">Bugzilla virtual host</h3>
<div class="level3">
<p>
Configure Bugzilla virtual host like other <a href="../../../documentation/1.9/configvhost.html" class="wikilink1" title="documentation:1.9:configvhost">protected virtual host</a>.
</p>
<ul>
<li class="level1"><div class="li"> For Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> bugzilla.example.com
&nbsp;
@ -92,9 +96,47 @@ Configure Bugzilla virtual host like other <a href="../../../documentation/1.9/c
...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> For Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
listen 80;
server_name bugzilla.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Client requests
location / {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
...
&nbsp;
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}</pre>
</div>
<!-- EDIT5 SECTION "Bugzilla virtual host in Apache" [654-953] -->
<!-- EDIT5 SECTION "Bugzilla virtual host" [654-1913] -->
<h3 class="sectionedit6" id="bugzilla_virtual_host_in_manager">Bugzilla virtual host in Manager</h3>
<div class="level3">

16
doc/pages/documentation/1.9/applications/cornerstone.html
View File

@ -117,23 +117,9 @@ CSOD needs two things to configure <abbr title="LemonLDAP::NG">LL::NG</abbr> as
<div class="level4">
<p>
For the certificate, you can build it from the signing private key registered in Manager. Select the key, and export it (button <code>Download this file</code>):
See <a href="../../../documentation/1.9/samlservice.html#security_parameters" class="wikilink1" title="documentation:1.9:samlservice">SAML security parameters</a> to know how generate a certificate from you <abbr title="Security Assertion Markup Language">SAML</abbr> private key.
</p>
<p>
<a href="/_detail/documentation/googleapps-export-priv-key.png?id=documentation%3A1.9%3Aapplications%3Acornerstone" class="media" title="documentation:googleapps-export-priv-key.png"><img src="../../../../media/documentation/googleapps-export-priv-key.png" class="mediacenter" alt="" /></a>
</p>
<p>
After choosing the file name (for example lemonldapn-ng-priv.key), download the key on your disk.
</p>
<p>
Then use openssl to generate an auto-signed certificate:
</p>
<pre class="code">openssl req -new -key lemonldap-ng-priv.key -out cert.csr
openssl x509 -req -days 3650 -in cert.csr -signkey lemonldap-ng-priv.key -out cert.pem</pre>
</div>
<h4 id="saml_assertion">SAML assertion</h4>

56
doc/pages/documentation/1.9/applications/dokuwiki.html
View File

@ -73,12 +73,21 @@ Edit Dokuwiki local configuration (<code>conf/local.php</code>) and set <code>le
</div>
<!-- EDIT5 SECTION "Dokuwiki local configuration" [1005-1194] -->
<h3 class="sectionedit6" id="dokuwiki_virtual_host_in_apache">Dokuwiki virtual host in Apache</h3>
<h3 class="sectionedit6" id="dokuwiki_virtual_host">Dokuwiki virtual host</h3>
<div class="level3">
<p>
Configure Dokuwiki virtual host like other <a href="../../../documentation/1.9/configvhost.html" class="wikilink1" title="documentation:1.9:configvhost">protected virtual host</a>.
</p>
<p>
<p><div class="noteimportant">If you are protecting Dokuwiki with <abbr title="LemonLDAP::NG">LL::NG</abbr> as reverse proxy, <a href="../../../documentation/1.9/header_remote_user_conversion.html" class="wikilink1" title="documentation:1.9:header_remote_user_conversion">convert header into REMOTE_USER environment variable</a>.
</div></p>
</p>
<ul>
<li class="level1"><div class="li"> For Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> dokuwiki.example.com
&nbsp;
@ -87,14 +96,47 @@ Configure Dokuwiki virtual host like other <a href="../../../documentation/1.9/c
...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
<p><div class="noteimportant">If you are protecting Dokuwiki with <abbr title="LemonLDAP::NG">LL::NG</abbr> as reverse proxy, <a href="../../../documentation/1.9/header_remote_user_conversion.html" class="wikilink1" title="documentation:1.9:header_remote_user_conversion">convert header into REMOTE_USER environment variable</a>.
</div></p>
</p>
<ul>
<li class="level1"><div class="li"> For Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
listen 80;
server_name dokuwiki.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Client requests
location / {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
...
&nbsp;
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}</pre>
</div>
<!-- EDIT6 SECTION "Dokuwiki virtual host in Apache" [1195-1669] -->
<!-- EDIT6 SECTION "Dokuwiki virtual host" [1195-2630] -->
<h3 class="sectionedit7" id="dokuwiki_virtual_host_in_manager">Dokuwiki virtual host in Manager</h3>
<div class="level3">

58
doc/pages/documentation/1.9/applications/drupal.html
View File

@ -61,12 +61,21 @@ Go on Drupal administration interface and enable the Webserver Auth module.
</div>
<!-- EDIT5 SECTION "Drupal module activation" [554-666] -->
<h3 class="sectionedit6" id="drupal_virtual_host_in_apache">Drupal virtual host in Apache</h3>
<h3 class="sectionedit6" id="drupal_virtual_host">Drupal virtual host</h3>
<div class="level3">
<p>
Configure Drupal virtual host like other <a href="../../../documentation/1.9/configvhost.html" class="wikilink1" title="documentation:1.9:configvhost">protected virtual host</a>.
</p>
<p>
<p><div class="noteimportant">If you are protecting Drupal with <abbr title="LemonLDAP::NG">LL::NG</abbr> as reverse proxy, <a href="../../../documentation/1.9/header_remote_user_conversion.html" class="wikilink1" title="documentation:1.9:header_remote_user_conversion">convert header into REMOTE_USER environment variable</a>.
</div></p>
</p>
<ul>
<li class="level1"><div class="li"> For Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> drupal.example.com
&nbsp;
@ -75,14 +84,47 @@ Configure Drupal virtual host like other <a href="../../../documentation/1.9/con
...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
<p><div class="noteimportant">If you are protecting Drupal with <abbr title="LemonLDAP::NG">LL::NG</abbr> as reverse proxy, <a href="../../../documentation/1.9/header_remote_user_conversion.html" class="wikilink1" title="documentation:1.9:header_remote_user_conversion">convert header into REMOTE_USER environment variable</a>.
</div></p>
</p>
<ul>
<li class="level1"><div class="li"> For Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
listen 80;
server_name drupal.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Client requests
location / {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
...
&nbsp;
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}</pre>
</div>
<!-- EDIT6 SECTION "Drupal virtual host in Apache" [667-1133] -->
<!-- EDIT6 SECTION "Drupal virtual host" [667-2092] -->
<h3 class="sectionedit7" id="drupal_virtual_host_in_manager">Drupal virtual host in Manager</h3>
<div class="level3">
@ -99,7 +141,7 @@ If using <abbr title="LemonLDAP::NG">LL::NG</abbr> as reverse proxy, configure t
</p>
</div>
<!-- EDIT7 SECTION "Drupal virtual host in Manager" [1134-1487] -->
<!-- EDIT7 SECTION "Drupal virtual host in Manager" [2093-2446] -->
<h3 class="sectionedit8" id="protect_only_the_administration_pages">Protect only the administration pages</h3>
<div class="level3">

46
doc/pages/documentation/1.9/applications/liferay.html
View File

@ -160,12 +160,16 @@ Then use the <code>SiteMinder</code> tab to configure <abbr title="Single Sign O
</div>
<!-- EDIT4 SECTION "Liferay administration" [839-2004] -->
<h3 class="sectionedit5" id="liferay_virtual_host_in_apache">Liferay virtual host in Apache</h3>
<h3 class="sectionedit5" id="liferay_virtual_host">Liferay virtual host</h3>
<div class="level3">
<p>
Configure Liferay virtual host like other <a href="../../../documentation/1.9/configvhost.html" class="wikilink1" title="documentation:1.9:configvhost">protected virtual host</a>.
</p>
<ul>
<li class="level1"><div class="li"> For Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> liferay.example.com
&nbsp;
@ -174,9 +178,47 @@ Configure Liferay virtual host like other <a href="../../../documentation/1.9/co
...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> For Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
listen 80;
server_name liferay.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Client requests
location / {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
...
&nbsp;
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}</pre>
</div>
<!-- EDIT5 SECTION "Liferay virtual host in Apache" [2005-2301] -->
<!-- EDIT5 SECTION "Liferay virtual host" [2005-3261] -->
<h3 class="sectionedit6" id="liferay_virtual_host_in_manager">Liferay virtual host in Manager</h3>
<div class="level3">

54
doc/pages/documentation/1.9/applications/limesurvey.html
View File

@ -95,20 +95,24 @@ The configuration is done in config.php:
</div>
<!-- EDIT4 SECTION "LimeSurvey configuration" [667-1672] -->
<h3 class="sectionedit5" id="limesurvey_virtual_host_in_apache">LimeSurvey virtual host in Apache</h3>
<h3 class="sectionedit5" id="limesurvey_virtual_host">LimeSurvey virtual host</h3>
<div class="level3">
<p>
Configure LimeSurvey virtual host like other <a href="../../../documentation/1.9/configvhost.html" class="wikilink1" title="documentation:1.9:configvhost">protected virtual host</a>.
</p>
<ul>
<li class="level1"><div class="li"> For Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> limesurvey.example.com
&nbsp;
PerlHeaderParserHandler Lemonldap::NG::Handler
&nbsp;
<span class="kw1">SetEnvIfNoCase</span> Auth-<span class="kw1">User</span> <span class="st0">&quot;(.*)&quot;</span> PHP_AUTH_USER=$1
<span class="kw1">SetEnvIfNoCase</span> Auth-<span class="kw1">User</span> <span class="st0">&quot;(.*)&quot;</span> PHP_AUTH_USER=$1
&nbsp;
<span class="kw1">Alias</span> /limesurvey /var/www/html/limesurvey
<span class="kw1">Alias</span> /limesurvey /var/www/html/limesurvey
<span class="kw1">DocumentRoot</span> /var/www/html/limesurvey
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
@ -117,9 +121,47 @@ Configure LimeSurvey virtual host like other <a href="../../../documentation/1.9
<p><div class="noteimportant">You need to set the PHP_AUTH_USER variable to have the Webserver authentication mode working.
</div></p>
</p>
<ul>
<li class="level1"><div class="li"> For Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
listen 80;
server_name limesurvey.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Client requests
location / {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
...
&nbsp;
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}</pre>
</div>
<!-- EDIT5 SECTION "LimeSurvey virtual host in Apache" [1673-2227] -->
<!-- EDIT5 SECTION "LimeSurvey virtual host" [1673-3192] -->
<h3 class="sectionedit6" id="limesurvey_virtual_host_in_manager">LimeSurvey virtual host in Manager</h3>
<div class="level3">
@ -153,7 +195,7 @@ Go to the Manager and <a href="../../../documentation/1.9/configvhost.html#lemon
<td class="col0 centeralign"> Auth-SuperAdmin </td><td class="col1 centeralign"> 1 if user is superadmin </td>
</tr>
</table></div>
<!-- EDIT7 TABLE [2400-2618] -->
<!-- EDIT7 TABLE [3365-3583] -->
<p>
<p><div class="notetip">You can manage roles with the <a href="../../../documentation/1.9/rbac.html" class="wikilink1" title="documentation:1.9:rbac">RBAC model</a> or by using groups.
</div></p>
@ -179,7 +221,7 @@ Go to the Manager and <a href="../../../documentation/1.9/configvhost.html#lemon
<td class="col0 centeralign"> Default </td><td class="col1 centeralign"> default </td><td class="col2 centeralign"> Allow only users with a LimeSurvey role </td>
</tr>
</table></div>
<!-- EDIT8 TABLE [2725-3010] -->
<!-- EDIT8 TABLE [3690-3975] -->
<p>
<p><div class="notetip">
You can set the default access to:

56
doc/pages/documentation/1.9/applications/mediawiki.html
View File

@ -119,12 +119,21 @@ Add then extension configuration, for example:
</div>
<!-- EDIT5 SECTION "MediWiki local configuration" [1013-2635] -->
<h3 class="sectionedit6" id="mediawiki_virtual_host_in_apache">MediaWiki virtual host in Apache</h3>
<h3 class="sectionedit6" id="mediawiki_virtual_host">MediaWiki virtual host</h3>
<div class="level3">
<p>
Configure MediaWiki virtual host like other <a href="../../../documentation/1.9/configvhost.html" class="wikilink1" title="documentation:1.9:configvhost">protected virtual host</a>.
</p>
<p>
<p><div class="noteimportant">If you are protecting MediaWiki with <abbr title="LemonLDAP::NG">LL::NG</abbr> as reverse proxy, <a href="../../../documentation/1.9/header_remote_user_conversion.html" class="wikilink1" title="documentation:1.9:header_remote_user_conversion">convert header into REMOTE_USER environment variable</a>.
</div></p>
</p>
<ul>
<li class="level1"><div class="li"> For Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> mediawiki.example.com
&nbsp;
@ -133,14 +142,47 @@ Configure MediaWiki virtual host like other <a href="../../../documentation/1.9/
...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
<p><div class="noteimportant">If you are protecting MediaWiki with <abbr title="LemonLDAP::NG">LL::NG</abbr> as reverse proxy, <a href="../../../documentation/1.9/header_remote_user_conversion.html" class="wikilink1" title="documentation:1.9:header_remote_user_conversion">convert header into REMOTE_USER environment variable</a>.
</div></p>
</p>
<ul>
<li class="level1"><div class="li"> For Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
listen 80;
server_name mediawiki.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Client requests
location / {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
...
&nbsp;
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}</pre>
</div>
<!-- EDIT6 SECTION "MediaWiki virtual host in Apache" [2636-3114] -->
<!-- EDIT6 SECTION "MediaWiki virtual host" [2636-4075] -->
<h3 class="sectionedit7" id="mediawiki_virtual_host_in_manager">MediaWiki virtual host in Manager</h3>
<div class="level3">

57
doc/pages/documentation/1.9/applications/obm.html
View File

@ -153,8 +153,12 @@ Parameters:
</ul>
<p>
Edit also OBM Apache configuration to enable <abbr title="LemonLDAP::NG">LL::NG</abbr> Handler:
Edit also OBM configuration to enable <abbr title="LemonLDAP::NG">LL::NG</abbr> Handler:
</p>
<ul>
<li class="level1"><div class="li"> For Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> obm.example.com
&nbsp;
@ -166,14 +170,47 @@ Edit also OBM Apache configuration to enable <abbr title="LemonLDAP::NG">LL::NG<
...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
<p><div class="noteimportant">OBM Apache configuration must be loaded <strong>after</strong> <abbr title="LemonLDAP::NG">LL::NG</abbr> <a href="../../../documentation/1.9/configlocation.html#apache" class="wikilink1" title="documentation:1.9:configlocation">Apache configuration</a>.
</div></p>
</p>
<ul>
<li class="level1"><div class="li"> For Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
listen 80;
server_name obm.example.com;
root /usr/share/obm/php;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Client requests
location ~ \.php$ {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
...
&nbsp;
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}</pre>
</div>
<!-- EDIT4 SECTION "OBM" [516-6179] -->
<!-- EDIT4 SECTION "OBM" [516-7008] -->
<h3 class="sectionedit5" id="llng">LL::NG</h3>
<div class="level3">
@ -223,7 +260,7 @@ You may also create these macros to manage OBM administrator account (<code>Vari
<td class="col0 leftalign"> mailR </td><td class="col1 leftalign"> ($uid =~ /^admin0/i)[0] ? &quot;&quot; : ($mail =~ /^([^@]+)/)[0] . &quot;\@example.com&quot; </td>
</tr>
</table></div>
<!-- EDIT6 TABLE [6693-6872] -->
<!-- EDIT6 TABLE [7522-7701] -->
</div>
<h4 id="virtual_host">Virtual host</h4>
@ -278,7 +315,7 @@ Define at least:
<td class="col0">default</td><td class="col1">accept (or whatever you want)</td>
</tr>
</table></div>
<!-- EDIT7 TABLE [7254-7477] -->
<!-- EDIT7 TABLE [8083-8306] -->
</div>
<h5 id="headers">Headers</h5>
@ -309,7 +346,7 @@ Define headers used in OBM mapping, for example:
<td class="col0">OBM_USERPASSWORD</td><td class="col1">$_password</td>
</tr>
</table></div>
<!-- EDIT8 TABLE [7543-7671] -->
<!-- EDIT8 TABLE [8372-8500] -->
</div>
<h4 id="other">Other</h4>

46
doc/pages/documentation/1.9/applications/phpldapadmin.html
View File

@ -64,12 +64,16 @@ Just set the authentication type to <code>config</code> and indicate <abbr title
</div>
<!-- EDIT4 SECTION "phpLDAPadmin local configuration" [626-980] -->
<h3 class="sectionedit5" id="phpldapadmin_virtual_host_in_apache">phpLDAPadmin virtual host in Apache</h3>
<h3 class="sectionedit5" id="phpldapadmin_virtual_host">phpLDAPadmin virtual host</h3>
<div class="level3">
<p>
Configure phpLDAPadmin virtual host like other <a href="../../../documentation/1.9/configvhost.html" class="wikilink1" title="documentation:1.9:configvhost">protected virtual host</a>.
</p>
<ul>
<li class="level1"><div class="li"> For Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> phpldapadmin.example.com
&nbsp;
@ -78,9 +82,47 @@ Configure phpLDAPadmin virtual host like other <a href="../../../documentation/1
...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> For Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
listen 80;
server_name phpldapadmin.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Client requests
location / {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
...
&nbsp;
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}</pre>
</div>
<!-- EDIT5 SECTION "phpLDAPadmin virtual host in Apache" [981-1292] -->
<!-- EDIT5 SECTION "phpLDAPadmin virtual host" [981-2256] -->
<h3 class="sectionedit6" id="phpldapadmin_virtual_host_in_manager">phpLDAPadmin virtual host in Manager</h3>
<div class="level3">

4
doc/pages/documentation/1.9/applications/roundcube.html
View File

@ -58,12 +58,12 @@
</div></p>
</p>
<ul>
<li class="level1"><div class="li"> In Apache configuration, add the PerlHeaderParserHandler Lemonldap::NG::Handler on the webmail.domain.tls vhost</div>
<li class="level1"><div class="li"> Configure <a href="../../../documentation/1.9/configvhost.html" class="wikilink1" title="documentation:1.9:configvhost">Apache or Nginx virtual host</a></div>
</li>
</ul>
</div>
<!-- EDIT4 SECTION "LemonLDAP::NG" [374-845] -->
<!-- EDIT4 SECTION "LemonLDAP::NG" [374-790] -->
<h3 class="sectionedit5" id="roundcube1">RoundCube</h3>
<div class="level3">
<ul>

56
doc/pages/documentation/1.9/applications/sympa.html
View File

@ -90,12 +90,21 @@ You can also use &lt;portal&gt;?logout=1 as logout_url to remove LemonLDAP::NG s
</div>
<!-- EDIT4 SECTION "Sympa configuration" [488-1292] -->
<h3 class="sectionedit5" id="sympa_virtual_host_in_apache">Sympa virtual host in Apache</h3>
<h3 class="sectionedit5" id="sympa_virtual_host">Sympa virtual host</h3>
<div class="level3">
<p>
Configure Sympa virtual host like other <a href="../../../documentation/1.9/configvhost.html" class="wikilink1" title="documentation:1.9:configvhost">protected virtual host</a> but protect only magic authentication <abbr title="Uniform Resource Locator">URL</abbr>.
</p>
<p>
<p><div class="notetip">The location <abbr title="Uniform Resource Locator">URL</abbr> end is based on the <code>service_id</code> defined in Sympa apache configuration.
</div></p>
</p>
<ul>
<li class="level1"><div class="li"> For Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> sympa.example.com
&nbsp;
@ -106,14 +115,47 @@ Configure Sympa virtual host like other <a href="../../../documentation/1.9/conf
...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
<p><div class="notetip">The location <abbr title="Uniform Resource Locator">URL</abbr> end is based on the <code>service_id</code> defined in Sympa apache configuration.
</div></p>
</p>
<ul>
<li class="level1"><div class="li"> For Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
listen 80;
server_name sympa.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Client requests
location /wws/sso_login/lemonldapng {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
...
&nbsp;
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}</pre>
</div>
<!-- EDIT5 SECTION "Sympa virtual host in Apache" [1293-1805] -->
<!-- EDIT5 SECTION "Sympa virtual host" [1293-2795] -->
<h3 class="sectionedit6" id="sympa_virtual_host_in_manager">Sympa virtual host in Manager</h3>
<div class="level3">

15
doc/pages/documentation/1.9/configlocation.html
View File

@ -110,7 +110,7 @@ If you can not access the Manager anymore, you can unprotect it by editing <code
The Manager displays main branches:
</p>
<ul>
<li class="level1"><div class="li"> <strong>General Parameters</strong>: 1uthentication modules, portal, etc.</div>
<li class="level1"><div class="li"> <strong>General Parameters</strong>: Authentication modules, portal, etc.</div>
</li>
<li class="level1"><div class="li"> <strong>Variables</strong>: User information, macros and groups used to fill <abbr title="Single Sign On">SSO</abbr> session</div>
</li>
@ -533,6 +533,11 @@ In Portal virtual host, you will find several configuration parts:
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
fastcgi_param LLTYPE cgi;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
set $sn $request_uri;
if ($sn ~ &quot;^(.*)\?&quot;) {
set $sn $1;
}
fastcgi_param SCRIPT_NAME $sn;
fastcgi_split_path_info ^(.*\.pl)(/.+)$;
}
&nbsp;
@ -584,7 +589,7 @@ In Portal virtual host, you will find several configuration parts:
rewrite ^/.well-known/openid-configuration$ /openid-configuration.pl last;</pre>
</div>
<!-- EDIT11 SECTION "Portal" [12691-14269] -->
<!-- EDIT11 SECTION "Portal" [12691-14383] -->
<h3 class="sectionedit12" id="manager2">Manager</h3>
<div class="level3">
@ -618,7 +623,7 @@ By default, configuration interface access is not protected by Nginx but by Lemo
</p>
</div>
<!-- EDIT12 SECTION "Manager" [14270-15022] -->
<!-- EDIT12 SECTION "Manager" [14384-15136] -->
<h3 class="sectionedit13" id="handler1">Handler</h3>
<div class="level3">
@ -715,7 +720,7 @@ Then, to protect a standard virtual host, you must insert this (or create an inc
# Insert then your configuration (fastcgi_* or proxy_*)</pre>
</div>
<!-- EDIT13 SECTION "Handler" [15023-17970] -->
<!-- EDIT13 SECTION "Handler" [15137-18084] -->
<h2 class="sectionedit14" id="configuration_reload">Configuration reload</h2>
<div class="level2">
@ -747,7 +752,7 @@ The <code>reload</code> target is managed in Apache or Nginx configuration, insi
</p>
</div>
<!-- EDIT14 SECTION "Configuration reload" [17971-19141] -->
<!-- EDIT14 SECTION "Configuration reload" [18085-19255] -->
<h2 class="sectionedit15" id="local_file">Local file</h2>
<div class="level2">

59
doc/pages/documentation/1.9/configvhost.html
View File

@ -147,37 +147,50 @@ To protect a virtual host in Nginx, the LemonLDAP::NG FastCGI server must be lau
</p>
<p>
Then you can take any virtual host, and simply add this lines to protect it:
Then you can take any virtual host and modify it:
</p>
<pre class="code file nginx"># Log format
include /path/to/lemonldap-ng/nginx-lmlog.conf;
server {
...
location = /lmauth {
<ul>
<li class="level1"><div class="li"> Declare the /lmauth endpoint</div>
</li>
</ul>
<pre class="code file nginx"> location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass /path/to/llng/fastcgi/server/socket;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
&nbsp;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
&nbsp;
# Keep original hostname
fastcgi_param HOST $http_host;
&nbsp;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
location /path/to/protect {
}</pre>
<ul>
<li class="level1"><div class="li"> Protect the application (/ or /path/to/protect):</div>
</li>
</ul>
<pre class="code file nginx"> location /path/to/protect {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
##################################
# PASSING HEADERS TO APPLICATION #
##################################
...
}</pre>
<ul>
<li class="level1"><div class="li"> Use LUA or set manually the headers:</div>
</li>
</ul>
<pre class="code file nginx"> location /path/to/protect {
&nbsp;
...
&nbsp;
# IF LUA IS SUPPORTED
#include /path/to/lemonldap-ng/nginx-lua-headers.conf
#include /etc/lemonldap-ng/nginx-lua-headers.conf;
&nbsp;
# ELSE
# Set manually your headers
@ -186,10 +199,18 @@ server {
# OR
#fastcgi_param HTTP_AUTH_USER $authuser;
&nbsp;
# Then (if LUA not supported), change cookie header to hide LLNG cookie
#auth_request_set $lmcookie $upstream_http_cookie;
#proxy_set_header Cookie: $lmcookie;
# OR in the corresponding block
#fastcgi_param HTTP_COOKIE $lmcookie;
&nbsp;
# Set REMOTE_USER (for FastCGI apps only)
#fastcgi_param REMOTE_USER $lmremote_user;
}</pre>
</div>
<!-- EDIT6 SECTION "Nginx configuration" [3049-4454] -->
<!-- EDIT6 SECTION "Nginx configuration" [3049-4833] -->
<h3 class="sectionedit7" id="hosted_application1">Hosted application</h3>
<div class="level3">
@ -248,7 +269,7 @@ server {
}</pre>
</div>
<!-- EDIT7 SECTION "Hosted application" [4455-6084] -->
<!-- EDIT7 SECTION "Hosted application" [4834-6463] -->
<h3 class="sectionedit8" id="reverse_proxy1">Reverse proxy</h3>
<div class="level3">
@ -299,7 +320,7 @@ server {
}</pre>
</div>
<!-- EDIT8 SECTION "Reverse proxy" [6085-7379] -->
<!-- EDIT8 SECTION "Reverse proxy" [6464-7758] -->
<h2 class="sectionedit9" id="lemonldapng_configuration">LemonLDAP::NG configuration</h2>
<div class="level2">
@ -326,7 +347,7 @@ A virtual host contains:
</ul>
</div>
<!-- EDIT9 SECTION "LemonLDAP::NG configuration" [7380-7867] -->
<!-- EDIT9 SECTION "LemonLDAP::NG configuration" [7759-8246] -->
<h3 class="sectionedit10" id="access_rules_and_http_headers">Access rules and HTTP headers</h3>
<div class="level3">
@ -335,7 +356,7 @@ See <strong><a href="../../documentation/1.9/writingrulesand_headers.html" class
</p>
</div>
<!-- EDIT10 SECTION "Access rules and HTTP headers" [7868-8060] -->
<!-- EDIT10 SECTION "Access rules and HTTP headers" [8247-8439] -->
<h3 class="sectionedit11" id="post_data">POST data</h3>
<div class="level3">
@ -344,7 +365,7 @@ See <strong><a href="../../documentation/1.9/formreplay.html" class="wikilink1"
</p>
</div>
<!-- EDIT11 SECTION "POST data" [8061-8195] -->
<!-- EDIT11 SECTION "POST data" [8440-8574] -->
<h3 class="sectionedit12" id="options">Options</h3>
<div class="level3">

4
doc/pages/documentation/1.9/fastcgiserver.html
View File

@ -67,10 +67,12 @@ FastCGI server has few parameters. They can be set by environment variables (rea
The FastCGI server reads also <code>LLTYPE</code> parameter in FastCGI requests (see portal-nginx.conf or manager-nginx.conf) to choose which module is called:
</p>
<ul>
<li class="level1"><div class="li"> <code>auth</code> for the portal</div>
<li class="level1"><div class="li"> <code>cgi</code> for the portal (or any CGI: it works like PHP-FPM for Perl !)</div>
</li>
<li class="level1"><div class="li"> <code>manager</code> for the manager</div>
</li>
<li class="level1"><div class="li"> <code>status</code> to see statistics (if enabled)</div>
</li>
</ul>
<p>