dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Documentation update

Browse Source
This commit is contained in:
Xavier Guimard 2009-09-10 13:22:06 +00:00
parent 9e3b55b9ac
commit 3795047f14
14 changed files with 218 additions and 170 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build/lemonldap-ng/doc/1-Overview.html
View File

@ -226,7 +226,7 @@
stores the start time in the _utime field.
<p class="paragraph"></p>By default, a session stay 10 minutes in the
local storage, so in the worth case, a user is authorized 10 minutes after
local storage, so in the worst case, a user is authorized 10 minutes after
he lost his rights.
<h4 class="heading-1-1-1"><span id=

24
build/lemonldap-ng/doc/2-FAQ-fr.html
View File

@ -124,6 +124,9 @@
"#HCommentfonctionnele7E7ECrossDomainAuthentication7E7E28CDA293F">Comment
fonctionne le <i class="italic">Cross Domain Authentication</i>
(CDA) ?</a></li>
<li><a href="#HQu27estcequelesystC3A8medenotifications">Qu'est ce
que le syst&egrave;me de notifications</a></li>
</ul>
</li>
@ -475,6 +478,27 @@ my $portal = Lemonldap::NG::Portal::SharedConf-&gt;new(
cookie dans son domaine. Il retire alors le param&egrave;tre ajout&eacute;
par le portail et effectue le traitement normal de la requ&ecirc;te.
<ul class="star">
<li><span class="wikilink"><a href=
"4.9-Cross-domain-authentication.html">Documentation
compl&egrave;te</a></span> (en)</li>
</ul>
<h4 class="heading-1-1-1"><span id=
"HQu27estcequelesystC3A8medenotifications">Qu'est ce que le syst&egrave;me
de notifications</span></h4>
<p class="paragraph"></p>C'est un syst&egrave;me permettant de notifier un
message &agrave; un utilisateur lors de l'acc&egrave;s au portail. Si le
message contient des cases &agrave; cocher, elles doivent toutes
&ecirc;tre coch&eacute;es pour pouvoir ouvrir la session.
<ul class="star">
<li><span class="wikilink"><a href=
"4.9-Notification-system.html">Documentation compl&egrave;te</a></span>
(en)</li>
</ul>
<h3 class="heading-1-1"><span id=
"HAuthentification">Authentification</span></h3>

21
build/lemonldap-ng/doc/2-FAQ.html
View File

@ -117,6 +117,9 @@
"#HHowworksthe7E7ECrossDomainAuthentication7E7E28CDA293F">How works
the <i class="italic">Cross Domain Authentication</i> (CDA)
?</a></li>
<li><a href="#HWhatis22notificationsystem22">What is "notification
system"</a></li>
</ul>
</li>
@ -411,6 +414,24 @@ my $portal = Lemonldap::NG::Portal::SharedConf-&gt;new(
Lemonldap::NG::Handler::CDA agent detects this parameter et generate a
cookie in its domain.
<ul class="star">
<li><span class="wikilink"><a href=
"4.9-Cross-domain-authentication.html">Documentation</a></span>
(en)</li>
</ul>
<h4 class="heading-1-1-1"><span id="HWhatis22notificationsystem22">What is
"notification system"</span></h4>
<p class="paragraph"></p>It's a system used to notify a message to a user
using the portal. If the message contains checkboxes, they have to be all
checked to open the session.
<ul class="star">
<li><span class="wikilink"><a href=
"4.9-Notification-system.html">Documentation</a></span> (en)</li>
</ul>
<h3 class="heading-1-1"><span id=
"HAuthentication">Authentication</span></h3>

37
build/lemonldap-ng/doc/3-Table-of-contents-fr.html
View File

@ -124,7 +124,7 @@
</ul>
</li>
</ul><strong class="strong">Documentation applicable pour LemonLDAP::NG
&gt;= 0.9</strong>
&gt;= 0.9.4</strong>
<p class="paragraph"></p><strong class="strong">Merci de lire <span class=
"wikilink"><a href="2-FAQ-fr.html">FAQ</a></span> en premier</strong>
@ -412,6 +412,20 @@
<span class="wikiexternallink"><a href="http://www.bugzilla.org/">Site
web officiel</a></span></td>
</tr>
<tr class="table-odd">
<td><strong class="strong">Liferay</strong><br />
<img src="/xwiki/bin/download/NG/Documentation/liferay_logo.png" alt=
"liferay_logo.png" /></td>
<td>Portail<br />
<br />
<span class="wikilink"><a href=
"/xwiki/bin/view/NG/DocAppLiferay">Proc&eacute;dure SSO</a></span>
(en)<br />
<span class="wikiexternallink"><a href="http://www.liferay.com/">Site
web officiel</a></span></td>
</tr>
</table>
<h4 class="heading-1-1-1"><span id="HConnecteurs">Connecteurs</span></h4>
@ -449,8 +463,25 @@
Web (Apache, IIS, ...)<br />
<br />
<span class="wikilink"><a href=
"5-Appli-HTTP-Basic-Authentication.html">SSO procedure</a></span>
(en)</td>
"5-Appli-HTTP-Basic-Authentication.html">Proc&eacute;dure
SSO</a></span> (en)</td>
</tr>
<tr class="table-odd">
<td><strong class="strong">Spring Security</strong><br />
<strong class="strong">(ACEGI)</strong><br />
<img src="/xwiki/bin/download/NG/Documentation/spring_logo.png" alt=
"spring_logo.png" /></td>
<td>Spring Security est un framework de s&eacute;curit&eacute; pour
applications J2EE.<br />
<br />
<span class="wikilink"><a href=
"/xwiki/bin/view/NG/DocAppSpringSecurity">Proc&eacute;dure
SSO</a></span> (en)<br />
<span class="wikiexternallink"><a href=
"http://static.springsource.org/spring-security/site/index.">Site web
officiel</a></span></td>
</tr>
</table>

36
build/lemonldap-ng/doc/3-Table-of-contents.html
View File

@ -119,7 +119,7 @@
</ul>
</li>
</ul><strong class="strong">Documentation applicable for LemonLDAP::NG
&gt;= 0.9</strong>
&gt;= 0.9.4</strong>
<p class="paragraph"></p><strong class="strong">Please read the
<span class="wikilink"><a href="2-FAQ.html">FAQ</a></span> first</strong>
@ -283,8 +283,9 @@
"4.8-Configure-password-policy.html">Password Policy</a></span>
(en)</li>
<li><span class="wikilink"><a href="4.8-Configure-LDAP-schema.html">LDAP
schema extension</a></span> (en)</li>
<li><span class="wikilink"><a href=
"/xwiki/bin/view/NG/SpecLDAPSchema">LDAP schema extension</a></span>
(en)</li>
</ul>
<h4 class="heading-1-1-1"><span id="HAdvancedfeatures">Advanced
@ -400,6 +401,19 @@
<span class="wikiexternallink"><a href=
"http://www.bugzilla.org/">Official website</a></span></td>
</tr>
<tr class="table-odd">
<td><strong class="strong">Liferay</strong><br />
<img src="/xwiki/bin/download/NG/Documentation/liferay_logo.png" alt=
"liferay_logo.png" /></td>
<td>Portal<br />
<br />
<span class="wikilink"><a href="/xwiki/bin/view/NG/DocAppLiferay">SSO
procedure</a></span> (en)<br />
<span class="wikiexternallink"><a href=
"http://www.liferay.com/">Official website</a></span></td>
</tr>
</table>
<h4 class="heading-1-1-1"><span id="HConnectors">Connectors</span></h4>
@ -438,6 +452,22 @@
"5-Appli-HTTP-Basic-Authentication.html">SSO procedure</a></span>
(en)</td>
</tr>
<tr class="table-odd">
<td><strong class="strong">Spring Security</strong><br />
<strong class="strong">(ACEGI)</strong><br />
<img src="/xwiki/bin/download/NG/Documentation/spring_logo.png" alt=
"spring_logo.png" /></td>
<td>Spring Security is a well know J2EE security framework.<br />
<br />
<span class="wikilink"><a href=
"/xwiki/bin/view/NG/DocAppSpringSecurity">SSO procedure</a></span>
(en)<br />
<span class="wikiexternallink"><a href=
"http://static.springsource.org/spring-security/site/index.">Official
website</a></span></td>
</tr>
</table>
<h4 class="heading-1-1-1"><span id="HSelfmade">Self-made</span></h4>

55
build/lemonldap-ng/doc/4.1-Configuration-overview.html
View File

@ -149,13 +149,60 @@ MyGroup =&gt; { $uid eq <span class=
<div class="code">
<pre>
^/restricted.*$ =&gt; $groups =~ /\bMyGroup\b/
</pre>
</div><br />
<br />
The VirtualHost in LemonLDAP::NG must match a VirtualHost in Apache
configuration, like:
<div class="code">
<pre>
# Application Test
&lt;VirtualHost *:80&gt;
ServerName test1.example.com
ServerAlias test2.example.com<br /><br /> # SSO protection
PerlHeaderParserHandler My::Package<br /><br /> # DocumentRoot
DocumentRoot /usr/local/lemonldap-ng/htdocs/test/
&lt;Directory /usr/local/lemonldap-ng/htdocs/test/&gt;
Order deny,allow
Allow from all
Options +ExecCGI
&lt;/Directory&gt;<br /><br /> # Configuration reload mechanism (only 1 per physical server is
# needed): choose your URL to avoid restarting Apache when
# configuration change
&lt;Location /reload&gt;
Order deny,allow
Deny from all
Allow from 127.0.0.0/8
PerlHeaderParserHandler My::Package-&gt;refresh
&lt;/Location&gt;<br /><br /> # Uncomment <span class=
"java-keyword">this</span> to activate status module
#&lt;Location /status&gt;
# Order deny,allow
# Deny from all
# Allow from 127.0.0.0/8
# PerlHeaderParserHandler My::Package-&gt;status
#&lt;/Location&gt;<br /><br />&lt;/VirtualHost&gt;
</pre>
</div>
<h3 class="heading-1-1"><span id="HTogofurther">To go
further</span></h3><br />
<br />
See the <span class="wikilink"><a href=
<p class="paragraph"></p><strong class="strong">Remarks</strong>:
<ul class="star">
<li>You can use DocumentRoot to protect a local application, or use
mod_proxy to use LemonLDAP::NG as a reverse proxy</li>
<li>You have to declare only one "reload" target on a physical server,
because only one Handler can be instancied on a physical server</li>
<li>Of course you must already have a virtualhost for the portal and
another for the manager; These hosts are only in Apache, and not in
LemonLDAP::NG configuration.</li>
</ul>
<h3 class="heading-1-1"><span id="HTogofurther">To go further</span></h3>
<p class="paragraph"></p>See the <span class="wikilink"><a href=
"4.1-Configuration-parameter-list.html">full parameters list</a></span>.
</div>

2
build/lemonldap-ng/doc/4.2-HTML-templates-customization.html
View File

@ -147,7 +147,7 @@
configuration variables:
<ul class="star">
<li>XWiki.MySkin: name of the skin (ex: "pastel")</li>
<li>$skin: name of the skin (ex: "pastel")</li>
<li>$skin_dir: full system path to skins</li>

4
build/lemonldap-ng/doc/4.5-Apache-and-Kerberos-authentication-backend.html
View File

@ -92,6 +92,10 @@
is catched by LemonLDAP::NG when configured with "Apache" authentication
module.
<p class="paragraph"></p>You can have a look at this tutorial to complete
the following one: <span class="wikiexternallink"><a href=
"http://michele.pupazzo.org/diary/?p=460">http://michele.pupazzo.org/diary/?p=460</a></span>
<p class="paragraph"></p>The following documentation explains how set
Kerberos Authentication with LemonLDAP::NG on Apache2/Linux and Active
Directory as Kerberos server.

38
build/lemonldap-ng/doc/4.5-CAS-authentication-backend.html
View File

@ -77,24 +77,44 @@
"http://sourcesup.cru.fr/projects/perlcas/">AuthCAS Perl
module</a></span>.
<p class="paragraph"></p>To work, your CAS server need to use HTTPS (CAS
cookies are only sent over SSL connections)
<h3 class="heading-1-1"><span id=
"HConfiguration">Configuration</span></h3>
<p class="paragraph"></p>Edit portal/index.pl:
<p class="paragraph"></p>Edit portal/index.pl and add those parameters in
constructor:
<div class="code">
<pre>
my $portal = <span class=
"java-keyword">new</span> Lemonldap::NG::Portal::Simple(
authentication =&gt; 'CAS',
CAS_url =&gt; 'https://cas.myserver',
CAS_CAFile =&gt; '/etc/httpd/conf/ssl.crt/ca-bundle.crt',
CAS_loginUrl =&gt; 'http://myserver/app.cgi',
CAS_validationUrl =&gt; 'http://myserver/app.cgi',
);
authentication =&gt; 'CAS',
CAS_url =&gt; 'https://cas.example.com',
#CAS_CAFile =&gt; '/etc/httpd/conf/ssl.crt/ca-bundle.crt',
CAS_loginUrl =&gt; 'http://auth.example.com',
CAS_validationUrl =&gt; 'http://auth.example.com',
</pre>
</div>
<p class="paragraph"></p>Parameters explanations:
<ul class="star">
<li>CAS_url: this is the login URL on your CAS server. This has to use
HTTPS.</li>
<li>CAS_CAFile: only use to verify CAS server certificate, not
mandatory.</li>
<li>CAS_loginUrl: where CAS redirect the user after CAS authentication,
this is the portal.</li>
<li>CAS_validationUrl: where the service ticket (ST) is checked, this is
the portal.</li>
</ul>Of course the CAS user must exists in your UserDB backend. You can
rely just on CAS authentication by using the <span class=
"wikilink"><a href="4.6-Null-user-backend.html">Null UserDB
backend</a></span>
<h3 class="heading-1-1"><span id="HSeealso">See also</span></h3>
<ul class="star">

2
build/lemonldap-ng/doc/4.5-LDAP-authentication-backend.html
View File

@ -143,7 +143,7 @@ authentication =&gt; LDAP,
<div class="code">
<pre>
authLDAPFilter =&gt; '(&amp;(sAMAccountName=$user)(ojectClass=person))',
AuthLDAPFilter =&gt; '(&amp;(sAMAccountName=$user)(objectClass=person))',
</pre>
</div><br />
<br />

2
build/lemonldap-ng/doc/4.7-LDAP-password-backend.html
View File

@ -117,7 +117,7 @@ passwordDB =&gt; LDAP,
<div class="code">
<pre>
mailLDAPFitler =&gt; '(&amp;(mail=$mail)(objectClass=person))',
mailLDAPFilter =&gt; '(&amp;(mail=$mail)(objectClass=person))',
</pre>
</div>

147
build/lemonldap-ng/doc/4.8-Configure-LDAP-schema.html
View File

@ -54,153 +54,6 @@
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HLDAPSchemaforadvancedaccessrules">LDAP
Schema for advanced access rules</span></h2>
<p class="paragraph"></p>
<ul>
<li><a href="#HTopic">Topic</a></li>
<li>
<a href="#HLDAPSchema">LDAP Schema</a>
<ul>
<li><a href="#HOIDprefix">OID prefix</a></li>
<li><a href="#HOpenLDAPschema">OpenLDAP schema</a></li>
</ul>
</li>
<li><a href="#HHowtouseitinLemonLDAP3A3ANG">How to use it in
LemonLDAP::NG</a></li>
</ul>
<h3 class="heading-1-1"><span id="HTopic">Topic</span></h3>
<p class="paragraph"></p>LemonLDAP::NG is powerfull WebSSO engine who
manage access trough user's attributes stored in an LDAP directory.
<p class="paragraph"></p>We can use standards attributes like uid, cn or
mail to describe access rules to protected web applications.
<p class="paragraph"></p>But sometimes we need more information! For
example:
<ul class="star">
<li>An application name (to allow access by applications and not by
group of users)</li>
<li>A start date and an end date (to open or close the service even the
entry already exists)</li>
<li>Logon hours (allowed hours and day of the week)</li>
<li>One or more roles (to send to the protected applications)</li>
</ul>
<h3 class="heading-1-1"><span id="HLDAPSchema">LDAP Schema</span></h3>
<h4 class="heading-1-1-1"><span id="HOIDprefix">OID prefix</span></h4>
<p class="paragraph"></p>We plan to use this prefix:
1.3.6.1.4.1.10943.10.2.
<p class="paragraph"></p>The prefix 1.3.6.1.4.1.10943 is owned by LINAGORA
(See <span class="wikiexternallink"><a href=
"http://www.iana.org/assignments/enterprise-numbers">http://www.iana.org/assignments/enterprise-numbers</a></span>).
<h4 class="heading-1-1-1"><span id="HOpenLDAPschema">OpenLDAP
schema</span></h4>
<p class="paragraph"></p>Just add this file to OpenLDAP schemas:
<p class="paragraph"></p>
<div class="code">
<pre>
#=======================================
# Schema <span class="java-keyword">for</span> advanced SSO access rules
#
# Designed <span class="java-keyword">for</span> OpenLDAP software
# <span class="nobr"><a href=
"http://www.openldap.org">http://www.openldap.org</a></span>
#
# Part of LemonLDAP::NG project
# <span class="nobr"><a href=
"http://lemonldap.ow2.org">http://lemonldap.ow2.org</a></span>
#
# Author: Clement OUDOT
#=======================================<br /><br />#=======================================
# OID Prefix
# Registered in IANA database
#=======================================
objectIdentifier SSOOID 1.3.6.1.4.1.10943.10.2<br /><br />#=======================================
# Attributes
#=======================================<br /><br /># Application Name
attributetype ( SSOOID:1:1
NAME 'ssoName'
DESC 'An application name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br /># Roles
attributetype ( SSOOID:1:2
NAME 'ssoRoles'
DESC 'One or more roles'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br /># Time profile
attributetype ( SSOOID:1:3
NAME 'ssoLogonsHours'
DESC 'Logons hours'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br /># Start date
attributetype ( SSOOID:1:4
NAME 'ssoStartDate'
DESC 'Start date'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br /># End date
attributetype ( SSOOID:1:5
NAME 'ssoEndDate'
DESC 'End date'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br />#=======================================
# ObjectClasses
#=======================================<br /><br /># SSO user
objectClass ( SSOOID:2:1
NAME 'ssoUser'
DESC 'SSO extended informations <span class=
"java-keyword">for</span> a user'
SUP top
AUXILIARY
MAY ( ssoName $ ssoRoles $ ssoLogonHours $
ssoStartDate $ ssoEndDate ) )
</pre>
</div>
<h3 class="heading-1-1"><span id="HHowtouseitinLemonLDAP3A3ANG">How to use
it in LemonLDAP::NG</span></h3>
<p class="paragraph"></p>In LemonLDAP::NG Manager, go to General
Parameters &gt; Exported Variables and add new variables:
<ul class="star">
<li>ssoName =&gt; $ssoName</li>
<li>ssoRoles =&gt; $ssoRoles</li>
<li>ssoLogonHours =&gt; $ssoLogonHours</li>
<li>ssoStartDate =&gt; $ssoStartDate</li>
<li>ssoEndDate =&gt; $ssoEndDate</li>
</ul>Save and reload Apache and Handler to get the configuration updated.
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>

5
build/lemonldap-ng/doc/6-Contacts.html
View File

@ -73,6 +73,11 @@
"http://mail.ow2.org/wws/arc/lemonldap-ng-users">Archives</a></span>)</li>
</ul>
<h4 class="heading-1-1-1"><span id="HIRCchannel">IRC channel</span></h4>
<p class="paragraph"></p>You can reach us on #lemonldap-ng, on freenode
IRC server.
<h4 class="heading-1-1-1"><span id="HCoreteam">Core team</span></h4>
<ul class="star">

13
build/lemonldap-ng/doc/6-References.html
View File

@ -67,6 +67,8 @@
d'Information</a></li>
<li><a href="#HLINAGORAGroup">LINAGORA Group</a></li>
<li><a href="#HSGS">SGS</a></li>
</ul>They use LemonLDAP::NG:
<h3 class="heading-1-1"><span id="HGendarmerieNationale">Gendarmerie
@ -108,6 +110,17 @@
<li>Nb protected applications: ~5</li>
</ul>
<h3 class="heading-1-1"><span id="HSGS">SGS</span></h3>
<p class="paragraph"></p><img src="SGS_white_small.jpg" alt=
"SGS_white_small.jpg" />
<ul class="star">
<li>Nb users: ~50</li>
<li>Nb protected applications: ~10</li>
</ul>
</div>
<p class="footer"><a href="index.html">Index</a></p>