dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

LEMONLDAP::NG : documentation update

Browse Source
This commit is contained in:
Xavier Guimard 2008-02-16 22:21:24 +00:00
parent e355b0b9c0
commit 5048ce41c0
14 changed files with 452 additions and 476 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
build/lemonldap-ng/_example/lmConfig.mysql
View File

@ -17,5 +17,6 @@ CREATE TABLE lmConfig (
exportedVars text,
managerDn text,
managerPassword text,
timeout int,
whatToTrace text
);

1
build/lemonldap-ng/debian/migrating.sql Normal file
View File

@ -0,0 +1 @@
ALTER TABLE lmConfig ADD COLUMN timeout int;

183
build/lemonldap-ng/doc/advanced-install.html
View File

@ -5,7 +5,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 1 September 2005), see www.w3.org" />
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>FAQ LEMONLDAP::NG</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
@ -99,11 +99,10 @@
<h4 class="heading-1-1-1"><span id="HPerlprereq">Perl prereq</span></h4>
<p class="paragraph"></p>Perl modules: Apache::Session, Net::LDAP,
MIME::Base64, CGI, LWP::UserAgent, Cache::Cache, DBI, XML::Simple
<p class="paragraph"></p>With Debian:
<p class="paragraph"></p>
MIME::Base64, CGI, LWP::UserAgent, Cache::Cache, DBI, XML::Simple<br />
<br />
With Debian:<br />
<br />
<div class="code">
<pre>
@ -111,47 +110,42 @@ apt-get install libapache-session-perl libnet-ldap-perl libcache-cache-perl &#13
libdbi-perl perl-modules libwww-perl libcache-cache-perl &#13;
libxml-simple-perl
</pre>
</div>
<p class="paragraph"></p>Portal:
<p class="paragraph"></p>Apache::Session, Net::LDAP, MIME::Base64, CGI,
DBI
<p class="paragraph"></p>With Debian:
<p class="paragraph"></p>
</div><br />
<br />
Portal:<br />
<br />
Apache::Session, Net::LDAP, MIME::Base64, CGI, DBI<br />
<br />
With Debian:<br />
<br />
<div class="code">
<pre>
apt-get install libapache-session-perl libnet-ldap-perl libdbi-perl &#13;
perl-modules
</pre>
</div>
<p class="paragraph"></p>Handler:
<p class="paragraph"></p>Apache::Session, LWP::UserAgent, Cache::Cache,
DBI
<p class="paragraph"></p>With Debian:
<p class="paragraph"></p>
</div><br />
<br />
Handler:<br />
<br />
Apache::Session, LWP::UserAgent, Cache::Cache, DBI<br />
<br />
With Debian:<br />
<br />
<div class="code">
<pre>
apt-get install libapache-session-perl libdbi-perl libwww-perl &#13;
libcache-cache-perl
</pre>
</div>
<p class="paragraph"></p>Manager:
<p class="paragraph"></p>CGI, XML::Simple, DBI
<p class="paragraph"></p>With Debian:
<p class="paragraph"></p>
</div><br />
<br />
Manager:<br />
<br />
CGI, XML::Simple, DBI<br />
<br />
With Debian:<br />
<br />
<div class="code">
<pre>
@ -160,12 +154,10 @@ apt-get install perl-modules libxml-simple-perl
</div>
<h3 class="heading-1-1"><span id="HSOFTWAREINSTALLATION">SOFTWARE
INSTALLATION</span></h3>
<p class="paragraph"></p>If you just want to install a handler or a portal
or a manager:
<p class="paragraph"></p>
INSTALLATION</span></h3><br />
<br />
If you just want to install a handler or a portal or a manager:<br />
<br />
<div class="code">
<pre>
@ -174,11 +166,10 @@ $ tar xzf lemonldap-ng-*.tar.gz
$ perl Makefile.PL &amp;&amp; make &amp;&amp; make test
$ sudo make install
</pre>
</div>
<p class="paragraph"></p>else for a complete install:
<p class="paragraph"></p>
</div><br />
<br />
else for a complete install:<br />
<br />
<div class="code">
<pre>
@ -187,20 +178,19 @@ $ tar xzf lemonldap-ng-*.tar.gz
$ make &amp;&amp; make test
$ sudo make install
</pre>
</div>
<p class="paragraph"></p>See prereq in
</div><br />
<br />
See prereq in
<h3 class="heading-1-1"><span id="HLEMONLDAPINSTALLATION">LEMONLDAP
INSTALLATION</span></h3>
<h4 class="heading-1-1-1"><span id="HDatabaseconfiguration">Database
configuration</span></h4>If you use DBI or another system to share
Lemonldap::NG configuration, you have to initialize the database.
<p class="paragraph"></p>For example, create the database "lemonldapng" :
<p class="paragraph"></p>
Lemonldap::NG configuration, you have to initialize the database.<br />
<br />
For example, create the database "lemonldapng" :<br />
<br />
<div class="code">
<pre>
@ -210,11 +200,10 @@ $ tar xzf lemonldap-ng-*.tar.gz
<h5 class="heading-1-1-1-1"><span id=
"HLemonldap3A3ANGConfigurationdatabase">Lemonldap::NG Configuration
database</span></h5>
<p class="paragraph"></p>To store configuration, use this table :
<p class="paragraph"></p>
database</span></h5><br />
<br />
To store configuration, use this table :<br />
<br />
<div class="code">
<pre>
@ -244,14 +233,13 @@ CREATE TABLE lmConfig (
</div>
<h5 class="heading-1-1-1-1"><span id=
"HApache3A3ASessiondatabase">Apache::Session database</span></h5>
<p class="paragraph"></p>The choice of Apache::Session::* module is free.
See Apache::Session::Store::* or Apache::Session::* to know how to
configure the module. For example, if you want to use
Apache::Session::MySQL, you can create the database like this:
<p class="paragraph"></p>
"HApache3A3ASessiondatabase">Apache::Session database</span></h5><br />
<br />
The choice of Apache::Session::* module is free. See
Apache::Session::Store::* or Apache::Session::* to know how to configure
the module. For example, if you want to use Apache::Session::MySQL, you
can create the database like this:<br />
<br />
<div class="code">
<pre>
@ -263,13 +251,12 @@ CREATE TABLE sessions (
</div>
<h4 class="heading-1-1-1"><span id="HManagerconfiguration">Manager
configuration</span></h4>
<p class="paragraph"></p>Copy example/manager.cgi and personalize it if
you want (see Lemonldap::NG::Manager). You have to set in particular
configStorage. For example with MySQL:
<p class="paragraph"></p>
configuration</span></h4><br />
<br />
Copy example/manager.cgi and personalize it if you want (see
Lemonldap::NG::Manager). You have to set in particular configStorage. For
example with MySQL:<br />
<br />
<div class="code">
<pre>
@ -283,12 +270,11 @@ $my $manager = Lemonldap::NG::Manager-&gt;<span class=
"java-quote">"mypass"</span>,
} );
</pre>
</div>
<p class="paragraph"></p>Securise Manager access with Apache: Lemonldap
does not securise the manager itself yet:
<p class="paragraph"></p>
</div><br />
<br />
Securise Manager access with Apache: Lemonldap does not securise the
manager itself yet:<br />
<br />
<div class="code">
<pre>
@ -302,10 +288,10 @@ SSLEngine On
</div>
<h4 class="heading-1-1-1"><span id="HConfigurationedition">Configuration
edition</span></h4>
<p class="paragraph"></p>Connect to the manager with your browser start
configure your Web-SSO. You have to set at least some parameters:
edition</span></h4><br />
<br />
Connect to the manager with your browser start configure your Web-SSO. You
have to set at least some parameters:
<h5 class="heading-1-1-1-1"><span id="HGeneralparameters">General
parameters</span></h5>
@ -330,11 +316,12 @@ SSLEngine On
Apache::Session::&lt;Choosen module&gt;.</li>
</ul>
<h5 class="heading-1-1-1-1"><span id="HUsergroups">User groups</span></h5>
<p class="paragraph"></p>Use the "New Group" button to add your first
group. On the left, set the keyword which will be used later and set on
the right the corresponding rule. You can use :
<h5 class="heading-1-1-1-1"><span id="HUsergroups">User
groups</span></h5><br />
<br />
Use the "New Group" button to add your first group. On the left, set the
keyword which will be used later and set on the right the corresponding
rule. You can use :
<ul class="star">
<li>an LDAP filter (it will be tested with the user uid)</li>
@ -347,15 +334,15 @@ SSLEngine On
</ul>
<h5 class="heading-1-1-1-1"><span id="HVirtualhosts">Virtual
hosts</span></h5>
<p class="paragraph"></p>You have to create a virtual host for each Apache
host (virtual or real) protected by Lemonldap::NG even if just a
sub-directory is protected. Else, user who want to access to the protected
area will be rejected with a "500 Internal Server Error" message and the
apache logs will explain the problem.
<p class="paragraph"></p>Each virtual host has 2 groups of parameters:
hosts</span></h5><br />
<br />
You have to create a virtual host for each Apache host (virtual or real)
protected by Lemonldap::NG even if just a sub-directory is protected.
Else, user who want to access to the protected area will be rejected with
a "500 Internal Server Error" message and the apache logs will explain the
problem.<br />
<br />
Each virtual host has 2 groups of parameters:
<ul class="star">
<li>Headers: the headers added to the apache request. Default: Auth-User

2
build/lemonldap-ng/doc/errors-fr.html
View File

@ -5,7 +5,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 1 September 2005), see www.w3.org" />
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>FAQ LEMONLDAP::NG</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />

2
build/lemonldap-ng/doc/errors.html
View File

@ -5,7 +5,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 1 September 2005), see www.w3.org" />
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>FAQ LEMONLDAP::NG</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />

183
build/lemonldap-ng/doc/faq-fr.html
View File

@ -5,7 +5,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 1 September 2005), see www.w3.org" />
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>FAQ LEMONLDAP::NG</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
@ -216,18 +216,17 @@
<h4 class="heading-1-1-1"><span id=
"HL27exemplefournifonctionneenHTTP2CmaispasenHTTPS">L'exemple fourni
fonctionne en HTTP, mais pas en HTTPS.</span></h4>
<p class="paragraph"></p>Dans le m&eacute;canisme des redirections vers le
portail puis vers le site prot&eacute;g&eacute;, il faut indiquer &agrave;
l'agent (handler) s'il est de type HTTPS ou non. Ceci est fait par le
param&egrave;tre <tt>https</tt> qui doit &ecirc;tre mis &agrave; 1. Ce
param&egrave;tre n'est pas accessible dans la configuration (manager), car
il est sp&eacute;cifique aux h&ocirc;tes virtuels. C'est donc lors de
l'appel &agrave; la fonction <tt>init</tt> (dans le fichier My::Package)
qu'il doit &ecirc;tre renseign&eacute;:
<p class="paragraph"></p>
fonctionne en HTTP, mais pas en HTTPS.</span></h4><br />
<br />
Dans le m&eacute;canisme des redirections vers le portail puis vers le
site prot&eacute;g&eacute;, il faut indiquer &agrave; l'agent (handler)
s'il est de type HTTPS ou non. Ceci est fait par le param&egrave;tre
<tt>https</tt> qui doit &ecirc;tre mis &agrave; 1. Ce param&egrave;tre
n'est pas accessible dans la configuration (manager), car il est
sp&eacute;cifique aux h&ocirc;tes virtuels. C'est donc lors de l'appel
&agrave; la fonction <tt>init</tt> (dans le fichier My::Package) qu'il
doit &ecirc;tre renseign&eacute;:<br />
<br />
<pre>
__PACKAGE__-&gt;init ( {
localStorage =&gt; "Cache::FileCache",
@ -248,24 +247,22 @@ __PACKAGE__-&gt;init ( {
<h4 class="heading-1-1-1"><span id=
"HAquoisertleparamC3A8trehttpsduhandler3F">A quoi sert le param&egrave;tre
https du handler ?</span></h4>
<p class="paragraph"></p>Ce param&egrave;tre n'est utilis&eacute; que dans
les redirections vers le portail d'authentification. Il sert juste
&agrave; indiquer &agrave; ce dernier qu'apr&egrave;s authentification,
l'utilisateur doit &ecirc;tre redirig&eacute; vers l'application en https
et non en http.
https du handler ?</span></h4><br />
<br />
Ce param&egrave;tre n'est utilis&eacute; que dans les redirections vers le
portail d'authentification. Il sert juste &agrave; indiquer &agrave; ce
dernier qu'apr&egrave;s authentification, l'utilisateur doit &ecirc;tre
redirig&eacute; vers l'application en https et non en http.
<h4 class="heading-1-1-1"><span id=
"HQu27estcequ27uneCGIautoprotC3A9gC3A9e3F">Qu'est ce qu'une CGI
auto-prot&eacute;g&eacute;e ?</span></h4>
<p class="paragraph"></p>Lorsqu'on a qu'une seule page Perl &agrave;
prot&eacute;ger dans un VirtualHost, plut&ocirc;t que de la
prot&eacute;ger en utilisant un agent Lemonldap::NG dans Apache, on peut
utiliser une CGI auto-prot&eacute;g&eacute;e:
<p class="paragraph"></p>
auto-prot&eacute;g&eacute;e ?</span></h4><br />
<br />
Lorsqu'on a qu'une seule page Perl &agrave; prot&eacute;ger dans un
VirtualHost, plut&ocirc;t que de la prot&eacute;ger en utilisant un agent
Lemonldap::NG dans Apache, on peut utiliser une CGI
auto-prot&eacute;g&eacute;e:<br />
<br />
<pre>
use Lemonldap::NG::Handler::CGI;
my $cgi = Lemonldap::NG::Handler::CGI-&gt;new ( {
@ -273,11 +270,11 @@ __PACKAGE__-&gt;init ( {
}
);
$cgi-&gt;authenticate;
</pre>
<p class="paragraph"></p>Dans l'exemple ci-dessus, $cgi est un objet de
type CGI(3). La seule diff&eacute;rence est qu'il b&eacute;n&eacute;ficie
de quelques fonctions suppl&eacute;mentaires:
</pre><br />
<br />
Dans l'exemple ci-dessus, $cgi est un objet de type CGI(3). La seule
diff&eacute;rence est qu'il b&eacute;n&eacute;ficie de quelques fonctions
suppl&eacute;mentaires:
<ul class="star">
<li>authenticate : pour appeler le m&eacute;canisme d'authentification
@ -297,11 +294,11 @@ __PACKAGE__-&gt;init ( {
<h4 class="heading-1-1-1"><span id=
"HCommentfairefonctionnerLemonldap3A3ANGavecunannuaireActiveDirectory3F">Comment
faire fonctionner Lemonldap::NG avec un annuaire Active-Directory
?</span></h4>
<p class="paragraph"></p>Active-Directory utilise le champ <tt>cn</tt>
comme identifiant unique au lieu de <tt>uid</tt>. Il faut donc modifier la
configuration de Lemonldap::NG en deux points&nbsp;:
?</span></h4><br />
<br />
Active-Directory utilise le champ <tt>cn</tt> comme identifiant unique au
lieu de <tt>uid</tt>. Il faut donc modifier la configuration de
Lemonldap::NG en deux points&nbsp;:
<ol>
<li>la recherche de l'utilisateur dans l'annuaire doit &ecirc;tre
@ -338,13 +335,12 @@ my $portal = Lemonldap::NG::Portal::SharedConf-&gt;new(
<h4 class="heading-1-1-1"><span id=
"HCommentutiliserLemonldap3A3ANGenreverseproxy3F">Comment utiliser
Lemonldap::NG en reverse-proxy ?</span></h4>
<p class="paragraph"></p>Lemonldap::NG prot&egrave;ge simplement les
VirtualHosts d'Apache. Pour fonctionner en reverse-proxy, il suffit donc
de configurer Apache en reverse-proxy:
<p class="paragraph"></p>
Lemonldap::NG en reverse-proxy ?</span></h4><br />
<br />
Lemonldap::NG prot&egrave;ge simplement les VirtualHosts d'Apache. Pour
fonctionner en reverse-proxy, il suffit donc de configurer Apache en
reverse-proxy:<br />
<br />
<pre>
# httpd.conf
&lt;VirtualHost *&gt;
@ -360,20 +356,19 @@ my $portal = Lemonldap::NG::Portal::SharedConf-&gt;new(
# RewriteRule /(.*)$ <span class="nobr"><a href=
"http://serveur-reel/$1">http://serveur-reel/$1</a></span> [P]
&lt;/VirtualHost&gt;
</pre>
<p class="paragraph"></p>Si toutefois vous pr&eacute;f&eacute;rez utiliser
un proxy Perl, Lemonldap::NG en fournit un
(Lemonldap::NG::Handler::Proxy(3)).
</pre><br />
<br />
Si toutefois vous pr&eacute;f&eacute;rez utiliser un proxy Perl,
Lemonldap::NG en fournit un (Lemonldap::NG::Handler::Proxy(3)).
<h3 class="heading-1-1"><span id=
"HFonctionnement">Fonctionnement</span></h3>
<h4 class="heading-1-1-1"><span id=
"HAquoisertlecachelocaldesagents28handlers293F">A quoi sert le cache local
des agents (handlers) ?</span></h4>
<p class="paragraph"></p>Le cache local des agents a deux fonctions:
des agents (handlers) ?</span></h4><br />
<br />
Le cache local des agents a deux fonctions:
<ul class="star">
<li>partager la configuration entre processus Apache: on &eacute;vite
@ -396,52 +391,53 @@ my $portal = Lemonldap::NG::Portal::SharedConf-&gt;new(
<h4 class="heading-1-1-1"><span id=
"HPourquoinepeutonpasconfigurerlecachelocaldesagents28handlers29danslaconsoled27administration3F">
Pourquoi ne peut-on pas configurer le cache local des agents (handlers)
dans la console d'administration ?</span></h4>
<p class="paragraph"></p>Le cache local doit &ecirc;tre choisi ou
param&eacute;tr&eacute; en fonction du serveur: si on choisit par exemple
le module Cache::FileCache, le r&eacute;pertoire de stockage n'est pas
n&eacute;cessairement le m&ecirc;me partout. De plus, une modification du
cache ne peut &ecirc;tre appliqu&eacute;e sans red&eacute;marrage du
serveur Apache contrairement aux autres param&egrave;tres
g&eacute;r&eacute;s par la console d'administration.
dans la console d'administration ?</span></h4><br />
<br />
Le cache local doit &ecirc;tre choisi ou param&eacute;tr&eacute; en
fonction du serveur: si on choisit par exemple le module Cache::FileCache,
le r&eacute;pertoire de stockage n'est pas n&eacute;cessairement le
m&ecirc;me partout. De plus, une modification du cache ne peut &ecirc;tre
appliqu&eacute;e sans red&eacute;marrage du serveur Apache contrairement
aux autres param&egrave;tres g&eacute;r&eacute;s par la console
d'administration.
<h4 class="heading-1-1-1"><span id=
"HQu27estcequele7E7ECrossDomainAuthentication7E7E28CDA293F">Qu'est ce que
le <i class="italic">Cross Domain Authentication</i> (CDA) ?</span></h4>
<p class="paragraph"></p>Le syst&egrave;me de propagation de la session
Lemonldap::NG est bas&eacute; sur des cookies. Or ces cookies sont
attach&eacute;s au domaine dont ils sont issus. Lemonldap::NG fournit un
dispositif permettant de passer outre ce probl&egrave;me: il suffit
d'utiliser le portail Lemonldap::NG::Portal::CDA et les agents
le <i class="italic">Cross Domain Authentication</i> (CDA)
?</span></h4><br />
<br />
Le syst&egrave;me de propagation de la session Lemonldap::NG est
bas&eacute; sur des cookies. Or ces cookies sont attach&eacute;s au
domaine dont ils sont issus. Lemonldap::NG fournit un dispositif
permettant de passer outre ce probl&egrave;me: il suffit d'utiliser le
portail Lemonldap::NG::Portal::CDA et les agents
Lemonldap::NG::Handler::CDA sur les sites prot&eacute;g&eacute;s en dehors
du domaine du portail.
<h4 class="heading-1-1-1"><span id=
"HCommentfonctionnele7E7ECrossDomainAuthentication7E7E28CDA293F">Comment
fonctionne le <i class="italic">Cross Domain Authentication</i> (CDA)
?</span></h4>
<p class="paragraph"></p>Un portail Lemonldap::NG::Portal::CDA
d&eacute;tecte si l'URL demand&eacute;e n'est pas dans le m&ecirc;me
domaine. Si c'est le cas, il ajoute un param&egrave;tre &agrave; cette
requ&ecirc;te correspondant au cookie de session. Lorsque l'utilisateur
est renvoy&eacute; vers cette URL, l'agent Lemonldap::NG::Handler::CDA
reconna&icirc;t ce param&egrave;tre et g&eacute;n&egrave;re alors le
cookie dans son domaine. Il retire alors le param&egrave;tre ajout&eacute;
par le portail et effectue le traitement normal de la requ&ecirc;te.
?</span></h4><br />
<br />
Un portail Lemonldap::NG::Portal::CDA d&eacute;tecte si l'URL
demand&eacute;e n'est pas dans le m&ecirc;me domaine. Si c'est le cas, il
ajoute un param&egrave;tre &agrave; cette requ&ecirc;te correspondant au
cookie de session. Lorsque l'utilisateur est renvoy&eacute; vers cette
URL, l'agent Lemonldap::NG::Handler::CDA reconna&icirc;t ce
param&egrave;tre et g&eacute;n&egrave;re alors le cookie dans son domaine.
Il retire alors le param&egrave;tre ajout&eacute; par le portail et
effectue le traitement normal de la requ&ecirc;te.
<h3 class="heading-1-1"><span id=
"HAuthentification">Authentification</span></h3>
<h4 class="heading-1-1-1"><span id=
"HPeutonchangerlemoded27authentification3F">Peut-on changer le mode
d'authentification ?</span></h4>
<p class="paragraph"></p>Lemonldap::NG fournit plusieurs modes
d'authentification (&agrave; param&eacute;trer dans le champ
"authentification" de l'interface d'administration) :
d'authentification ?</span></h4><br />
<br />
Lemonldap::NG fournit plusieurs modes d'authentification (&agrave;
param&eacute;trer dans le champ "authentification" de l'interface
d'administration) :
<ul class="star">
<li><strong class="strong">ldap</strong> : c'est le mode par
@ -483,16 +479,15 @@ my $portal = Lemonldap::NG::Portal::SharedConf-&gt;new(
<h3 class="heading-1-1"><span id=
"HMessagesd27erreuretdedC3A9boguage">Messages d'erreur et de
d&eacute;boguage</span></h3>
<p class="paragraph"></p>Lemonldap::NG produit des messages de
d&eacute;bogage et d'erreur enregistr&eacute;s dans le journal d'Apache
(error.log par d&eacute;faut). Vous pouvez modifier le niveau d'affichage
en adaptant le param&egrave;tre LogLevel d'Apache.
<p class="paragraph"></p>La page <span class="wikilink"><a href=
"errors-fr.html">Erreurs</a></span> r&eacute;f&eacute;rence ces messages
d'erreur et de d&eacute;bogage.
d&eacute;boguage</span></h3><br />
<br />
Lemonldap::NG produit des messages de d&eacute;bogage et d'erreur
enregistr&eacute;s dans le journal d'Apache (error.log par d&eacute;faut).
Vous pouvez modifier le niveau d'affichage en adaptant le param&egrave;tre
LogLevel d'Apache.<br />
<br />
La page <span class="wikilink"><a href="errors-fr.html">Erreurs</a></span>
r&eacute;f&eacute;rence ces messages d'erreur et de d&eacute;bogage.
</div>
</body>
</html>

159
build/lemonldap-ng/doc/faq.html
View File

@ -5,7 +5,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 1 September 2005), see www.w3.org" />
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>FAQ LEMONLDAP::NG</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
@ -183,15 +183,14 @@
<h4 class="heading-1-1-1"><span id=
"HTheprovidedexampleworkswithHTTP2CbutnotwithHTTPS">The provided example
works with HTTP, but not with HTTPS.</span></h4>
<p class="paragraph"></p>In the redirection mechanism to the portal then
to the protected site, you have to indicate to the handler if users access
by HTTPS or HTTP to it. This is done by the <tt>https</tt> parameter. This
parameter has to be configured directly in the handlers is not accessible
by the manager interface:
<p class="paragraph"></p>
works with HTTP, but not with HTTPS.</span></h4><br />
<br />
In the redirection mechanism to the portal then to the protected site, you
have to indicate to the handler if users access by HTTPS or HTTP to it.
This is done by the <tt>https</tt> parameter. This parameter has to be
configured directly in the handlers is not accessible by the manager
interface:<br />
<br />
<pre>
__PACKAGE__-&gt;init ( {
localStorage =&gt; "Cache::FileCache",
@ -212,21 +211,18 @@ __PACKAGE__-&gt;init ( {
<h4 class="heading-1-1-1"><span id=
"HForwhatisusedthe22https22parameter3F">For what is used the "https"
parameter ?</span></h4>
<p class="paragraph"></p>This parameter is used only in authentication
portal redirections. It is just used to indicate to the portal that after
authentification, the user must be redirected towards the application
using https and not http.
parameter ?</span></h4><br />
<br />
This parameter is used only in authentication portal redirections. It is
just used to indicate to the portal that after authentification, the user
must be redirected towards the application using https and not http.
<h4 class="heading-1-1-1"><span id="HWhatisanautoprotectedCGI3F">What is
an auto-protected CGI ?</span></h4>
<p class="paragraph"></p>When you have just 1 Perl CGI to protect in a
VirtualHost, you can use an auto-protected CGI instead of using a
Lemonldap::NG handler:
<p class="paragraph"></p>
an auto-protected CGI ?</span></h4><br />
<br />
When you have just 1 Perl CGI to protect in a VirtualHost, you can use an
auto-protected CGI instead of using a Lemonldap::NG handler:<br />
<br />
<pre>
use Lemonldap::NG::Handler::CGI;
my $cgi = Lemonldap::NG::Handler::CGI-&gt;new ( {
@ -234,10 +230,10 @@ __PACKAGE__-&gt;init ( {
}
);
$cgi-&gt;authenticate;
</pre>
<p class="paragraph"></p>In the example above, $cgi is a CGI(3) object.
The only difference is that it has some additional functions:
</pre><br />
<br />
In the example above, $cgi is a CGI(3) object. The only difference is that
it has some additional functions:
<ul class="star">
<li>authenticate : to call Lemonldap::NG authentication mechanism,</li>
@ -255,11 +251,11 @@ __PACKAGE__-&gt;init ( {
<h4 class="heading-1-1-1"><span id=
"HHowtouseLemonldap3A3ANGwithActiveDirectory3F">How to use Lemonldap::NG
with Active-Directory ?</span></h4>
<p class="paragraph"></p>Active-Directory uses <tt>cn</tt> field instead
of <tt>uid</tt> as unique identifier. You have so to modify Lemonldap::NG
configuration in 2 points&nbsp;:
with Active-Directory ?</span></h4><br />
<br />
Active-Directory uses <tt>cn</tt> field instead of <tt>uid</tt> as unique
identifier. You have so to modify Lemonldap::NG configuration in 2
points&nbsp;:
<ol>
<li>the field <tt>cn</tt> (or <tt>samAccountName</tt>) has to be used to
@ -270,9 +266,8 @@ __PACKAGE__-&gt;init ( {
<tt>$cn</tt> in the field "General Parameters -&gt; Attribute to use in
Apache's logs" (and to verify that this variable is an exported
attribute). The LDAP filter change needs to overload a subroutine in the
portail. This can be done so&nbsp;:
<p class="paragraph"></p>
portail. This can be done so&nbsp;:<br />
<br />
<pre>
#!/usr/bin/perl
use Lemonldap::NG::Portal::SharedConf;
@ -293,13 +288,11 @@ my $portal = Lemonldap::NG::Portal::SharedConf-&gt;new(
<h4 class="heading-1-1-1"><span id=
"HHowtouseLemonldap3A3ANGasreverseproxy3F">How to use Lemonldap::NG as
reverse-proxy ?</span></h4>
<p class="paragraph"></p>Lemonldap::NG protects Apache VirtualHosts. To
use it as reverse-proxy, you just have to configure Apache as
reverse-proxy&nbsp;:
<p class="paragraph"></p>
reverse-proxy ?</span></h4><br />
<br />
Lemonldap::NG protects Apache VirtualHosts. To use it as reverse-proxy,
you just have to configure Apache as reverse-proxy&nbsp;:<br />
<br />
<pre>
# httpd.conf
&lt;VirtualHost *&gt;
@ -315,18 +308,18 @@ my $portal = Lemonldap::NG::Portal::SharedConf-&gt;new(
# RewriteRule /(.*)$ <span class="nobr"><a href=
"http://serveur-reel/$1">http://serveur-reel/$1</a></span> [P]
&lt;/VirtualHost&gt;
</pre>
<p class="paragraph"></p>If you prefer to use a Perl proxy, Lemonldap::NG
provides one (Lemonldap::NG::Handler::Proxy(3))
</pre><br />
<br />
If you prefer to use a Perl proxy, Lemonldap::NG provides one
(Lemonldap::NG::Handler::Proxy(3))
<h3 class="heading-1-1"><span id="HOperation">Operation</span></h3>
<h4 class="heading-1-1-1"><span id=
"HWithwhatservesthehandlerlocalcache3F">With what serves the handler local
cache ?</span></h4>
<p class="paragraph"></p>The handler local cache is used for 2 things :
cache ?</span></h4><br />
<br />
The handler local cache is used for 2 things :
<ul class="star">
<li>share configuration between Apache process : this avoid downloading
@ -341,44 +334,44 @@ my $portal = Lemonldap::NG::Portal::SharedConf-&gt;new(
<h4 class="heading-1-1-1"><span id=
"HWhyhandlerslocalcachecannotbeconfiguredbythemanager3F">Why handlers
local cache can not be configured by the manager ?</span></h4>
<p class="paragraph"></p>The local cache has to be choosed nad configured
for each server: for example with the Cache::FileCache module, the storage
directory can be different. An other point is that the local storage can
not be reloaded without restarting Apache, but all parameters managed by
the manager can do it.
local cache can not be configured by the manager ?</span></h4><br />
<br />
The local cache has to be choosed nad configured for each server: for
example with the Cache::FileCache module, the storage directory can be
different. An other point is that the local storage can not be reloaded
without restarting Apache, but all parameters managed by the manager can
do it.
<h4 class="heading-1-1-1"><span id=
"HWhatisthe7E7ECrossDomainAuthentication7E7E28CDA293F">What is the
<i class="italic">Cross Domain Authentication</i> (CDA) ?</span></h4>
<p class="paragraph"></p>The Lemonldap::NG sessions propagation system is
based on cookies, but cookies are attached to a DNS domain. Lemonldap::NG
provides a system to bypass this restriction: you just have to use a
Lemonldap::NG::Portal::CDA portal and Lemonldap::NG::Handler::CDA handlers
in all protected sites outwards the portal DNS domain.
<i class="italic">Cross Domain Authentication</i> (CDA)
?</span></h4><br />
<br />
The Lemonldap::NG sessions propagation system is based on cookies, but
cookies are attached to a DNS domain. Lemonldap::NG provides a system to
bypass this restriction: you just have to use a Lemonldap::NG::Portal::CDA
portal and Lemonldap::NG::Handler::CDA handlers in all protected sites
outwards the portal DNS domain.
<h4 class="heading-1-1-1"><span id=
"HHowworksthe7E7ECrossDomainAuthentication7E7E28CDA293F">How works the
<i class="italic">Cross Domain Authentication</i> (CDA) ?</span></h4>
<p class="paragraph"></p>Lemonldap::NG::Portal::CDA portal detects if
required URL is in the same domain. If not, it adds a parameter to this
request. When the user returns to the protected application,
Lemonldap::NG::Handler::CDA agent detects this parameter et generate a
cookie in its domain.
<i class="italic">Cross Domain Authentication</i> (CDA)
?</span></h4><br />
<br />
Lemonldap::NG::Portal::CDA portal detects if required URL is in the same
domain. If not, it adds a parameter to this request. When the user returns
to the protected application, Lemonldap::NG::Handler::CDA agent detects
this parameter et generate a cookie in its domain.
<h3 class="heading-1-1"><span id=
"HAuthentication">Authentication</span></h3>
<h4 class="heading-1-1-1"><span id=
"HHowtochangeauthenticationscheme3F">How to change authentication scheme
?</span></h4>
<p class="paragraph"></p>Lemonldap::NG provides several authentication
modes (to use in the "authentification" field of the administration
interface)&nbsp;:
?</span></h4><br />
<br />
Lemonldap::NG provides several authentication modes (to use in the
"authentification" field of the administration interface)&nbsp;:
<ul class="star">
<li><strong class="strong">ldap</strong> : this is the default mode :
@ -401,14 +394,14 @@ my $portal = Lemonldap::NG::Portal::SharedConf-&gt;new(
</ul>
<h3 class="heading-1-1"><span id="HErroranddebugmessages">Error and debug
messages</span></h3>
<p class="paragraph"></p>Lemonldap::NG produces error and debug messages
logged by Apache (in error.log by default). You can adapt debug level by
setting LogLevel parameter in Apache configuration file.
<p class="paragraph"></p>Those messages are described <span class=
"wikilink"><a href="errors.html">here</a></span>.
messages</span></h3><br />
<br />
Lemonldap::NG produces error and debug messages logged by Apache (in
error.log by default). You can adapt debug level by setting LogLevel
parameter in Apache configuration file.<br />
<br />
Those messages are described <span class="wikilink"><a href=
"errors.html">here</a></span>.
</div>
</body>
</html>

58
build/lemonldap-ng/doc/install-fr.html
View File

@ -5,7 +5,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 1 September 2005), see www.w3.org" />
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>FAQ LEMONLDAP::NG</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
@ -88,9 +88,8 @@
<h3 class="heading-1-1"><span id="HCOMPILATION">COMPILATION</span></h3>
<h4 class="heading-1-1-1"><span id="HInstallationcomplC3A8te">Installation
compl&egrave;te</span></h4>
<p class="paragraph"></p>
compl&egrave;te</span></h4><br />
<br />
<div class="code">
<pre>
@ -103,9 +102,8 @@ $ make example
</div>
<h4 class="heading-1-1-1"><span id="HInstallationsurDebian">Installation
sur Debian</span></h4>
<p class="paragraph"></p>
sur Debian</span></h4><br />
<br />
<div class="code">
<pre>
@ -114,12 +112,10 @@ $ cd lemonldap-ng-*
$ debuild
$ sudo dpkg -i ../lemonldap-ng*.deb
</pre>
</div>
<p class="paragraph"></p>Vous pouvez &eacute;galement utiliser le
repository Debian:
<p class="paragraph"></p>
</div><br />
<br />
Vous pouvez &eacute;galement utiliser le repository Debian:<br />
<br />
<div class="code">
<pre>
@ -131,13 +127,12 @@ deb-src <span class="nobr"><a href=
</div>
<h3 class="heading-1-1"><span id=
"HCONFIGURATIONDEL27EXEMPLE">CONFIGURATION DE L'EXEMPLE</span></h3>
<p class="paragraph"></p>Apr&egrave;s compilation, vous disposez d'un
fichier example/apache.conf. Vous avez simplement &agrave; l'inclure dans
le fichier de configuration d'Apache:
<p class="paragraph"></p>
"HCONFIGURATIONDEL27EXEMPLE">CONFIGURATION DE L'EXEMPLE</span></h3><br />
<br />
Apr&egrave;s compilation, vous disposez d'un fichier example/apache.conf.
Vous avez simplement &agrave; l'inclure dans le fichier de configuration
d'Apache:<br />
<br />
<div class="code">
<pre>
@ -150,11 +145,10 @@ ln -s /usr/share/doc/lemonldap-ng/example/apache.conf /etc/apache/conf.d/test.co
# ou avec Apache-2.x
ln -s /usr/share/doc/lemonldap-ng/example/apache2.conf /etc/apache2/sites-enabled/test.conf
</pre>
</div>
<p class="paragraph"></p>Modifiez votre fichier /etc/hosts pour y ajouter:
<p class="paragraph"></p>
</div><br />
<br />
Modifiez votre fichier /etc/hosts pour y ajouter:<br />
<br />
<div class="code">
<pre>
@ -162,10 +156,10 @@ ln -s /usr/share/doc/lemonldap-ng/example/apache2.conf /etc/apache2/sites-enable
127.0.0.3 test.example.com
127.0.0.4 manager.example.com
</pre>
</div>
<p class="paragraph"></p>Vous devez ensuite indiquer les param&egrave;tres
de connexion LDAP. Vous pouvez au choix :
</div><br />
<br />
Vous devez ensuite indiquer les param&egrave;tres de connexion LDAP. Vous
pouvez au choix :
<ul class="star">
<li>utiliser l'interface d'administration: red&eacute;marrez Apache et
@ -176,9 +170,9 @@ ln -s /usr/share/doc/lemonldap-ng/example/apache2.conf /etc/apache2/sites-enable
renseigner vos param&egrave;tres LDAP (utilisateurs Debian:
/usr/share/doc/lemonldap-ng/example/conf/lmConfig-1).</li>
</ul>Si vous ne renseignez pas managerDn et managerPassword, Lemonldap::NG
utilisera une connexion anonyme pour trouver le dn de l'utilisateur.
<p class="paragraph"></p>NOTES:
utilisera une connexion anonyme pour trouver le dn de l'utilisateur.<br />
<br />
NOTES:
<ul class="star">
<li>seuls quelques param&egrave;tres peuvent &ecirc;tre

56
build/lemonldap-ng/doc/install.html
View File

@ -5,7 +5,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 1 September 2005), see www.w3.org" />
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>FAQ LEMONLDAP::NG</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
@ -76,9 +76,8 @@ apt-get install libsoap-lite-perl
<h3 class="heading-1-1"><span id="HBUILDING">BUILDING</span></h3>
<h4 class="heading-1-1-1"><span id="HCompleteinstall">Complete
install</span></h4>
<p class="paragraph"></p>
install</span></h4><br />
<br />
<div class="code">
<pre>
@ -91,9 +90,8 @@ $ make example
</div>
<h4 class="heading-1-1-1"><span id="HDebianinstall">Debian
install</span></h4>
<p class="paragraph"></p>
install</span></h4><br />
<br />
<div class="code">
<pre>
@ -102,11 +100,10 @@ $ cd lemonldap-ng-*
$ debuild
$ sudo dpkg -i ../lemonldap-ng*.deb
</pre>
</div>
<p class="paragraph"></p>You can also use the Debian repository :
<p class="paragraph"></p>
</div><br />
<br />
You can also use the Debian repository :<br />
<br />
<div class="code">
<pre>
@ -118,13 +115,11 @@ deb-src <span class="nobr"><a href=
</div>
<h3 class="heading-1-1"><span id="HEXAMPLECONFIGURATION">EXAMPLE
CONFIGURATION</span></h3>
<p class="paragraph"></p>After build, you have a new file named
example/apache.conf. You just have to include this file in Apache
configuration:
<p class="paragraph"></p>
CONFIGURATION</span></h3><br />
<br />
After build, you have a new file named example/apache.conf. You just have
to include this file in Apache configuration:<br />
<br />
<div class="code">
<pre>
@ -137,11 +132,10 @@ ln -s /usr/share/doc/lemonldap-ng/example/apache.conf /etc/apache/conf.d/test.co
# or with Apache-2.x
ln -s /usr/share/doc/lemonldap-ng/example/apache2.conf /etc/apache2/sites-enabled/test.conf
</pre>
</div>
<p class="paragraph"></p>Modify your /etc/hosts file to include:
<p class="paragraph"></p>
</div><br />
<br />
Modify your /etc/hosts file to include:<br />
<br />
<div class="code">
<pre>
@ -149,10 +143,10 @@ ln -s /usr/share/doc/lemonldap-ng/example/apache2.conf /etc/apache2/sites-enable
127.0.0.3 test.example.com
127.0.0.4 manager.example.com
</pre>
</div>
<p class="paragraph"></p>Now you have to edit configuration to set your
LDAP settings. You can either use :
</div><br />
<br />
Now you have to edit configuration to set your LDAP settings. You can
either use :
<ul class="star">
<li>the manager interface: restart Apache and connect to <span class=
@ -163,9 +157,9 @@ ln -s /usr/share/doc/lemonldap-ng/example/apache2.conf /etc/apache2/sites-enable
your LDAP settings (Debian users:
/usr/share/doc/lemonldap-ng/example/conf/lmConfig-1).</li>
</ul>If you don't set managerDn and managerPassword, Lemonldap::NG will
use an anonymous bind to find user dn.
<p class="paragraph"></p>WARNINGS:
use an anonymous bind to find user dn.<br />
<br />
WARNINGS:
<ul class="star">
<li>only few parameters can be set by hand in the configuration file.

143
build/lemonldap-ng/doc/overview-fr.html
View File

@ -5,7 +5,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 1 September 2005), see www.w3.org" />
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>FAQ LEMONLDAP::NG</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
@ -296,18 +296,17 @@ group1 =&gt; { $departmentUID eq <span class=
</div>
<h5 class="heading-1-1-1-1"><span id=
"HPerformances">Performances</span></h5>
<p class="paragraph"></p>Vous pouvez utiliser des expressions Perl aussi
complexe que n&eacute;cessaire et vous pouvez utiliser tous les attibuts
LDAP (et cr&eacute;er vos propres attributs additionnels avec le
m&eacute;canisme des macros) dans les d&eacute;finitions de groupes, les
r&egrave;gles d'acc&egrave;s et les en-t&ecirc;tes HTTP
personnalis&eacute;s: vous devez seulement utiliser le nom choisi
pr&eacute;c&eacute;d&eacute; d'un "$".
<p class="paragraph"></p>Vous devez toutefois bien choisir vos
expressions:
"HPerformances">Performances</span></h5><br />
<br />
Vous pouvez utiliser des expressions Perl aussi complexe que
n&eacute;cessaire et vous pouvez utiliser tous les attibuts LDAP (et
cr&eacute;er vos propres attributs additionnels avec le m&eacute;canisme
des macros) dans les d&eacute;finitions de groupes, les r&egrave;gles
d'acc&egrave;s et les en-t&ecirc;tes HTTP personnalis&eacute;s: vous devez
seulement utiliser le nom choisi pr&eacute;c&eacute;d&eacute; d'un
"$".<br />
<br />
Vous devez toutefois bien choisir vos expressions:
<ul class="star">
<li>les groupes et les macros ne sont &eacute;valu&eacute;es que lorsque
@ -325,11 +324,11 @@ group1 =&gt; { $departmentUID eq <span class=
^/<span class=
"java-keyword">protected</span>/.*$ =&gt; $groups =~ /bgroup1b/
</pre>
</div>
<p class="paragraph"></p>Dans la d&eacute;finition des groupes, vous
pouvez au choix utiliser des filtres LDAP ou des expressions Perl ou
encore mixer les deux. Les expressions Perl sont encadr&eacute;es par {} :
</div><br />
<br />
Dans la d&eacute;finition des groupes, vous pouvez au choix utiliser des
filtres LDAP ou des expressions Perl ou encore mixer les deux. Les
expressions Perl sont encadr&eacute;es par {} :
<div class="code">
<pre>
@ -340,44 +339,43 @@ group1 =&gt; {$uid eq <span class=
group1 =&gt; (|(uid=xavier.guimard){$ou eq <span class=
"java-quote">"unit1"</span>})
</pre>
</div>
<p class="paragraph"></p>Pour limiter les requ&ecirc;tes LDAP, il est
conseill&eacute; d'utiliser les expressions Perl. Ainsi seuls 2
sollicitations de l'annuaire sont n&eacute;cessaires.
</div><br />
<br />
Pour limiter les requ&ecirc;tes LDAP, il est conseill&eacute; d'utiliser
les expressions Perl. Ainsi seuls 2 sollicitations de l'annuaire sont
n&eacute;cessaires.
<h4 class="heading-1-1-1"><span id=
"HTraC3A7abilitC3A9">Tra&ccedil;abilit&eacute;</span></h4>
<h5 class="heading-1-1-1-1"><span id="HTracerlesaccC3A8sauportail">Tracer
les acc&egrave;s au portail</span></h5>
<p class="paragraph"></p>Lemonldap::NG::Portal n'enregistre pas les
&eacute;v&eacute;nements de connexion par d&eacute;faut, mais il est
tr&egrave;s facile de surcharger la m&eacute;thode "log".
les acc&egrave;s au portail</span></h5><br />
<br />
Lemonldap::NG::Portal n'enregistre pas les &eacute;v&eacute;nements de
connexion par d&eacute;faut, mais il est tr&egrave;s facile de surcharger
la m&eacute;thode "log".
<h5 class="heading-1-1-1-1"><span id=
"HTracerlesaccC3A8sauxapplications">Tracer les acc&egrave;s aux
applications</span></h5>
<p class="paragraph"></p>Comme un Web-SSO ne peut interpr&eacute;ter le
contenu des requ&ecirc;tes HTTP transmise aux applications
prot&eacute;g&eacute;es, il ne peut enregistrer au mieux que les URL. Et
comme Apache le fait parfaitement, Lemonldap::NG::Handler(3) lui fournit
le nom &agrave; enregistrer dans les journaux. Le param&egrave;tre
optionnel "whatToTrace" indique la variable &agrave; utiliser ($uid par
d&eacute;faut).
<p class="paragraph"></p>La trace r&eacute;elle doit &ecirc;tre
effectu&eacute;e par l'application seule capable d'interpr&eacute;ter le
r&eacute;sultat des transactions.
<p class="paragraph"></p>Lemonldap::NG peut exporter des en-t&ecirc;tes
HTTP aussi bien en utilisant Apache en reverse-proxy qu'en
prot&eacute;gent directement les applications. Par d&eacute;faut, le champ
Auth-User est utilis&eacute; mais vous pouvez choisir les en-t&ecirc;tes
que vous transmettez &agrave; chaque application s&eacute;paremment. Les
expressions d&eacute;finissant les en-t&ecirc;tes associent :
applications</span></h5><br />
<br />
Comme un Web-SSO ne peut interpr&eacute;ter le contenu des requ&ecirc;tes
HTTP transmise aux applications prot&eacute;g&eacute;es, il ne peut
enregistrer au mieux que les URL. Et comme Apache le fait parfaitement,
Lemonldap::NG::Handler(3) lui fournit le nom &agrave; enregistrer dans les
journaux. Le param&egrave;tre optionnel "whatToTrace" indique la variable
&agrave; utiliser ($uid par d&eacute;faut).<br />
<br />
La trace r&eacute;elle doit &ecirc;tre effectu&eacute;e par l'application
seule capable d'interpr&eacute;ter le r&eacute;sultat des
transactions.<br />
<br />
Lemonldap::NG peut exporter des en-t&ecirc;tes HTTP aussi bien en
utilisant Apache en reverse-proxy qu'en prot&eacute;gent directement les
applications. Par d&eacute;faut, le champ Auth-User est utilis&eacute;
mais vous pouvez choisir les en-t&ecirc;tes que vous transmettez &agrave;
chaque application s&eacute;paremment. Les expressions d&eacute;finissant
les en-t&ecirc;tes associent :
<ul class="star">
<li>le nom d'en-t&ecirc;te,</li>
@ -410,9 +408,10 @@ Remote-IP =&gt; $ip
</pre>
</div>
<h3 class="heading-1-1"><span id="HInstallation">Installation</span></h3>
<p class="paragraph"></p>Attention :
<h3 class="heading-1-1"><span id=
"HInstallation">Installation</span></h3><br />
<br />
Attention :
<ul class="star">
<li>Lemonldap::NG est un projet diff&eacute;rent de Lemonldap et
@ -439,10 +438,10 @@ Remote-IP =&gt; $ip
<h3 class="heading-1-1"><span id=
"HSystC3A8medestockagedessessions">Syst&egrave;me de stockage des
sessions</span></h3>
<p class="paragraph"></p>Lemonldap::NG utilise 3 niveaux de cache pour les
donn&eacute;es des utilisateurs authentifi&eacute;s :
sessions</span></h3><br />
<br />
Lemonldap::NG utilise 3 niveaux de cache pour les donn&eacute;es des
utilisateurs authentifi&eacute;s :
<ul class="star">
<li>un module Apache::Session::* au choix utilis&eacute; par le portail
@ -461,26 +460,26 @@ Remote-IP =&gt; $ip
int&eacute;ressant avec le syst&egrave;me de connexions persistantes du
protocole HTTP/1.1 (Keep-Alive).</li>
</ul>Ainsi, le nombre de requ&ecirc;tes au cache principal est
limit&eacute; &agrave; 1 par utilisateur actif toutes les 10 minutes.
limit&eacute; &agrave; 1 par utilisateur actif toutes les 10
minutes.<br />
<br />
Lemonldap::NG est tr&egrave;s rapide, mais vous pouvez encore
am&eacute;liorer les performances en utilisnt un module Cache::Cache ne
n&eacute;cessitant pas d'acc&egrave;s au disque.
<p class="paragraph"></p>Lemonldap::NG est tr&egrave;s rapide, mais vous
pouvez encore am&eacute;liorer les performances en utilisnt un module
Cache::Cache ne n&eacute;cessitant pas d'acc&egrave;s au disque.
<h3 class="heading-1-1"><span id="HAuteur">Auteur</span></h3>
<p class="paragraph"></p>Xavier Guimard, &lt;x.guimard@free.fr&gt;
<h3 class="heading-1-1"><span id="HAuteur">Auteur</span></h3><br />
<br />
Xavier Guimard, &lt;x.guimard@free.fr&gt;
<h3 class="heading-1-1"><span id="HCopyrightetlicense">Copyright et
license</span></h3>
<p class="paragraph"></p>Copyright &copy; 2005-2007 par Xavier Guimard
&lt;x.guimard@free.fr&gt;
<p class="paragraph"></p>Ce logiciel est libre, vous pouvez le
redistribuer et/ou le modifier sous les m&ecirc;mes termes que Perl
lui-m&ecirc;me en version 5.8.4 ou &agrave; votre guise en version Perl 5
sup&eacute;rieure.
license</span></h3><br />
<br />
Copyright &copy; 2005-2007 par Xavier Guimard
&lt;x.guimard@free.fr&gt;<br />
<br />
Ce logiciel est libre, vous pouvez le redistribuer et/ou le modifier sous
les m&ecirc;mes termes que Perl lui-m&ecirc;me en version 5.8.4 ou
&agrave; votre guise en version Perl 5 sup&eacute;rieure.
</div>
</body>
</html>

122
build/lemonldap-ng/doc/overview.html
View File

@ -5,7 +5,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 1 September 2005), see www.w3.org" />
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>FAQ LEMONLDAP::NG</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
@ -254,16 +254,14 @@ group1 =&gt; { $departmentUID eq <span class=
</div>
<h5 class="heading-1-1-1-1"><span id=
"HPerformance">Performance</span></h5>
<p class="paragraph"></p>You can use Perl expressions as complicated as
you want and you can use all the exported LDAP attributes (and create your
own attributes: with 'macros' mechanism) in groups evaluations, area
protections or custom HTTP headers (you just have to call them with a
"$").
<p class="paragraph"></p>ou have to be careful when choosing your
expressions:
"HPerformance">Performance</span></h5><br />
<br />
You can use Perl expressions as complicated as you want and you can use
all the exported LDAP attributes (and create your own attributes: with
'macros' mechanism) in groups evaluations, area protections or custom HTTP
headers (you just have to call them with a "$").<br />
<br />
ou have to be careful when choosing your expressions:
<ul class="star">
<li>groups and macros are evaluated each time a user is redirected to
@ -279,11 +277,10 @@ group1 =&gt; { $departmentUID eq <span class=
^/<span class=
"java-keyword">protected</span>/.*$ =&gt; $groups =~ /bgroup1b/
</pre>
</div>
<p class="paragraph"></p>You can also use LDAP filters, or Perl expression
or mixed expressions in groups definitions. Perl expressions has to be
enclosed with {} :
</div><br />
<br />
You can also use LDAP filters, or Perl expression or mixed expressions in
groups definitions. Perl expressions has to be enclosed with {} :
<div class="code">
<pre>
@ -294,36 +291,36 @@ group1 =&gt; {$uid eq <span class=
group1 =&gt; (|(uid=xavier.guimard){$ou eq <span class=
"java-quote">"unit1"</span>})
</pre>
</div>
<p class="paragraph"></p>It is also recommanded to use Perl expressions to
avoid requiering the LDAP server more than 2 times per authentication.
</div><br />
<br />
It is also recommanded to use Perl expressions to avoid requiering the
LDAP server more than 2 times per authentication.
<h4 class="heading-1-1-1"><span id="HAccounting">Accounting</span></h4>
<h5 class="heading-1-1-1-1"><span id="HLoggingportalaccess">Logging portal
access</span></h5>
<p class="paragraph"></p>Lemonldap::NG::Portal doesn't log anything by
default, but it's easy to overload log method for normal portal access.
access</span></h5><br />
<br />
Lemonldap::NG::Portal doesn't log anything by default, but it's easy to
overload log method for normal portal access.
<h5 class="heading-1-1-1-1"><span id="HLoggingapplicationaccess">Logging
application access</span></h5>
<p class="paragraph"></p>Because a Web-SSO knows nothing about the
protected application, it can't do more than logging URL. As Apache does
this fine, Lemonldap::NG::Handler(3) gives it the name to used in logs.
The whatToTrace parameter indicates which variable Apache has to use ($uid
by default).
<p class="paragraph"></p>The real accounting has to be done by the
application itself which knows the result of SQL transaction for example.
<p class="paragraph"></p>Lemonldap::NG can export HTTP headers either
using a proxy or protecting directly the application. By default, the
Auth-User field is used but you can change it using the exportedHeaders
parameters (in the Manager, each virtual host as custom headers branch).
This parameters contains an associative array per virtual host :
application access</span></h5><br />
<br />
Because a Web-SSO knows nothing about the protected application, it can't
do more than logging URL. As Apache does this fine,
Lemonldap::NG::Handler(3) gives it the name to used in logs. The
whatToTrace parameter indicates which variable Apache has to use ($uid by
default).<br />
<br />
The real accounting has to be done by the application itself which knows
the result of SQL transaction for example.<br />
<br />
Lemonldap::NG can export HTTP headers either using a proxy or protecting
directly the application. By default, the Auth-User field is used but you
can change it using the exportedHeaders parameters (in the Manager, each
virtual host as custom headers branch). This parameters contains an
associative array per virtual host :
<ul class="star">
<li>keys are the names of the choosen headers,</li>
@ -356,9 +353,10 @@ Remote-IP =&gt; $ip
</pre>
</div>
<h3 class="heading-1-1"><span id="HInstallation">Installation</span></h3>
<p class="paragraph"></p>Warnings :
<h3 class="heading-1-1"><span id=
"HInstallation">Installation</span></h3><br />
<br />
Warnings :
<ul class="star">
<li>Lemonldap::NG is a different project than Lemonldap and contains all
@ -377,10 +375,9 @@ Remote-IP =&gt; $ip
installation documentation.
<h3 class="heading-1-1"><span id="HSessionstoragesystem">Session storage
system</span></h3>
<p class="paragraph"></p>Lemonldap::NG use 3 levels of cache for
authenticated users :
system</span></h3><br />
<br />
Lemonldap::NG use 3 levels of cache for authenticated users :
<ul class="star">
<li>an Apache::Session::* module used by lemonldap::NG::Portal to store
@ -395,25 +392,24 @@ Remote-IP =&gt; $ip
refuse access. This is very efficient with HTTP/1.1 Keep-Alive
system.</li>
</ul>So the number of request to the central storage is limited to 1 per
active user each 10 minutes.
active user each 10 minutes.<br />
<br />
Lemonldap::NG is very fast, but you can increase performance using a
Cache::Cache module that does not use disk access.
<p class="paragraph"></p>Lemonldap::NG is very fast, but you can increase
performance using a Cache::Cache module that does not use disk access.
<h3 class="heading-1-1"><span id="HAuthor">Author</span></h3>
<p class="paragraph"></p>Xavier Guimard, &lt;x.guimard@free.fr&gt;
<h3 class="heading-1-1"><span id="HAuthor">Author</span></h3><br />
<br />
Xavier Guimard, &lt;x.guimard@free.fr&gt;
<h3 class="heading-1-1"><span id="HCopyrightandlicence">Copyright and
licence</span></h3>
<p class="paragraph"></p>Copyright &copy; 2005-2007 by Xavier Guimard
&lt;x.guimard@free.fr&gt;
<p class="paragraph"></p>This library is free software; you can
redistribute it and/or modify it under the same terms as Perl itself,
either Perl version 5.8.4 or, at your option, any later version of Perl 5
you may have available.
licence</span></h3><br />
<br />
Copyright &copy; 2005-2007 by Xavier Guimard
&lt;x.guimard@free.fr&gt;<br />
<br />
This library is free software; you can redistribute it and/or modify it
under the same terms as Perl itself, either Perl version 5.8.4 or, at your
option, any later version of Perl 5 you may have available.
</div>
</body>
</html>

16
build/lemonldap-ng/scripts/doc.pl
View File

@ -14,6 +14,8 @@ my $docs = {
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocInstall?language=en' => 'advanced-install.html',
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Erreurs?language=en' => 'errors-fr.html',
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Erreurs?language=fr' => 'errors.html',
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocSOAP?language=fr' => 'soap-fr.html',
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocLA?language=fr' => 'liberty-alliance-fr.html',
};
my %imgs;
@ -27,6 +29,7 @@ while ( my ( $url, $file ) = each %$docs ) {
my $buf;
my $ind = 0;
my $div;
my $pre = 0;
while (<DOC>) {
$ind++ if (/<div class="main-content">/);
next unless ($ind);
@ -35,6 +38,17 @@ while ( my ( $url, $file ) = each %$docs ) {
$ind-- unless ($div);
s/\r//g;
utf8::decode($_);
if(/<pre/) {
$pre++;
s#(?<=<pre)<p class="paragraph"/>#<br/><br/>#g;
print STDERR "Trouvé: $`\n$&\n$'\n\n";
}
elsif($pre) {
s#(?<!<\/pre)<p class="paragraph"/>#<br/><br/>#g;
}
$pre++ if(/<pre/);
s#<p class="paragraph"/>#<br/><br/>#g if($pre);
$pre-- if(/<\/pre/);
if(s#(["'])/xwiki/bin/download/NG/Presentation/([\w\.\-]+)\1#$1$2$1#) {
$imgs{$2} = 1;
}
@ -56,7 +70,7 @@ while ( my ( $url, $file ) = each %$docs ) {
}
close DOC;
open FILE, "|tidy -u -c -i -wrap 79 >$file";
open FILE, "|tee /tmp/$file|tidy -u -c -i -wrap 79 >$file";
print FILE '<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "XHTML 1.0 Strict"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

1
modules/lemonldap-ng-manager/example/lmConfig.mysql
View File

@ -17,5 +17,6 @@ CREATE TABLE lmConfig (
exportedVars text,
managerDn text,
managerPassword text,
timeout int,
whatToTrace text
);

1
modules/lemonldap-ng-manager/scripts/lmConfig_File2MySQL
View File

@ -35,6 +35,7 @@ if($opts{c}) {
exportedVars text,
managerDn text,
managerPassword text,
timeout int,
whatToTrace text\n);\n";
}