LEMONLDAP::NG : documentation update
This commit is contained in:
parent
e355b0b9c0
commit
5048ce41c0
|
@ -17,5 +17,6 @@ CREATE TABLE lmConfig (
|
|||
exportedVars text,
|
||||
managerDn text,
|
||||
managerPassword text,
|
||||
timeout int,
|
||||
whatToTrace text
|
||||
);
|
||||
|
|
1
build/lemonldap-ng/debian/migrating.sql
Normal file
1
build/lemonldap-ng/debian/migrating.sql
Normal file
|
@ -0,0 +1 @@
|
|||
ALTER TABLE lmConfig ADD COLUMN timeout int;
|
|
@ -5,7 +5,7 @@
|
|||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 1 September 2005), see www.w3.org" />
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>FAQ LEMONLDAP::NG</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
|
@ -99,11 +99,10 @@
|
|||
<h4 class="heading-1-1-1"><span id="HPerlprereq">Perl prereq</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Perl modules: Apache::Session, Net::LDAP,
|
||||
MIME::Base64, CGI, LWP::UserAgent, Cache::Cache, DBI, XML::Simple
|
||||
|
||||
<p class="paragraph"></p>With Debian:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
MIME::Base64, CGI, LWP::UserAgent, Cache::Cache, DBI, XML::Simple<br />
|
||||
<br />
|
||||
With Debian:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -111,47 +110,42 @@ apt-get install libapache-session-perl libnet-ldap-perl libcache-cache-perl 
|
|||
libdbi-perl perl-modules libwww-perl libcache-cache-perl
|
||||
libxml-simple-perl
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Portal:
|
||||
|
||||
<p class="paragraph"></p>Apache::Session, Net::LDAP, MIME::Base64, CGI,
|
||||
DBI
|
||||
|
||||
<p class="paragraph"></p>With Debian:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
</div><br />
|
||||
<br />
|
||||
Portal:<br />
|
||||
<br />
|
||||
Apache::Session, Net::LDAP, MIME::Base64, CGI, DBI<br />
|
||||
<br />
|
||||
With Debian:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
apt-get install libapache-session-perl libnet-ldap-perl libdbi-perl
|
||||
perl-modules
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Handler:
|
||||
|
||||
<p class="paragraph"></p>Apache::Session, LWP::UserAgent, Cache::Cache,
|
||||
DBI
|
||||
|
||||
<p class="paragraph"></p>With Debian:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
</div><br />
|
||||
<br />
|
||||
Handler:<br />
|
||||
<br />
|
||||
Apache::Session, LWP::UserAgent, Cache::Cache, DBI<br />
|
||||
<br />
|
||||
With Debian:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
apt-get install libapache-session-perl libdbi-perl libwww-perl
|
||||
libcache-cache-perl
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Manager:
|
||||
|
||||
<p class="paragraph"></p>CGI, XML::Simple, DBI
|
||||
|
||||
<p class="paragraph"></p>With Debian:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
</div><br />
|
||||
<br />
|
||||
Manager:<br />
|
||||
<br />
|
||||
CGI, XML::Simple, DBI<br />
|
||||
<br />
|
||||
With Debian:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -160,12 +154,10 @@ apt-get install perl-modules libxml-simple-perl
|
|||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HSOFTWAREINSTALLATION">SOFTWARE
|
||||
INSTALLATION</span></h3>
|
||||
|
||||
<p class="paragraph"></p>If you just want to install a handler or a portal
|
||||
or a manager:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
INSTALLATION</span></h3><br />
|
||||
<br />
|
||||
If you just want to install a handler or a portal or a manager:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -174,11 +166,10 @@ $ tar xzf lemonldap-ng-*.tar.gz
|
|||
$ perl Makefile.PL && make && make test
|
||||
$ sudo make install
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>else for a complete install:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
</div><br />
|
||||
<br />
|
||||
else for a complete install:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -187,20 +178,19 @@ $ tar xzf lemonldap-ng-*.tar.gz
|
|||
$ make && make test
|
||||
$ sudo make install
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>See prereq in
|
||||
</div><br />
|
||||
<br />
|
||||
See prereq in
|
||||
|
||||
<h3 class="heading-1-1"><span id="HLEMONLDAPINSTALLATION">LEMONLDAP
|
||||
INSTALLATION</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HDatabaseconfiguration">Database
|
||||
configuration</span></h4>If you use DBI or another system to share
|
||||
Lemonldap::NG configuration, you have to initialize the database.
|
||||
|
||||
<p class="paragraph"></p>For example, create the database "lemonldapng" :
|
||||
|
||||
<p class="paragraph"></p>
|
||||
Lemonldap::NG configuration, you have to initialize the database.<br />
|
||||
<br />
|
||||
For example, create the database "lemonldapng" :<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -210,11 +200,10 @@ $ tar xzf lemonldap-ng-*.tar.gz
|
|||
|
||||
<h5 class="heading-1-1-1-1"><span id=
|
||||
"HLemonldap3A3ANGConfigurationdatabase">Lemonldap::NG Configuration
|
||||
database</span></h5>
|
||||
|
||||
<p class="paragraph"></p>To store configuration, use this table :
|
||||
|
||||
<p class="paragraph"></p>
|
||||
database</span></h5><br />
|
||||
<br />
|
||||
To store configuration, use this table :<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -244,14 +233,13 @@ CREATE TABLE lmConfig (
|
|||
</div>
|
||||
|
||||
<h5 class="heading-1-1-1-1"><span id=
|
||||
"HApache3A3ASessiondatabase">Apache::Session database</span></h5>
|
||||
|
||||
<p class="paragraph"></p>The choice of Apache::Session::* module is free.
|
||||
See Apache::Session::Store::* or Apache::Session::* to know how to
|
||||
configure the module. For example, if you want to use
|
||||
Apache::Session::MySQL, you can create the database like this:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
"HApache3A3ASessiondatabase">Apache::Session database</span></h5><br />
|
||||
<br />
|
||||
The choice of Apache::Session::* module is free. See
|
||||
Apache::Session::Store::* or Apache::Session::* to know how to configure
|
||||
the module. For example, if you want to use Apache::Session::MySQL, you
|
||||
can create the database like this:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -263,13 +251,12 @@ CREATE TABLE sessions (
|
|||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HManagerconfiguration">Manager
|
||||
configuration</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Copy example/manager.cgi and personalize it if
|
||||
you want (see Lemonldap::NG::Manager). You have to set in particular
|
||||
configStorage. For example with MySQL:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
configuration</span></h4><br />
|
||||
<br />
|
||||
Copy example/manager.cgi and personalize it if you want (see
|
||||
Lemonldap::NG::Manager). You have to set in particular configStorage. For
|
||||
example with MySQL:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -283,12 +270,11 @@ $my $manager = Lemonldap::NG::Manager-><span class=
|
|||
"java-quote">"mypass"</span>,
|
||||
} );
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Securise Manager access with Apache: Lemonldap
|
||||
does not securise the manager itself yet:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
</div><br />
|
||||
<br />
|
||||
Securise Manager access with Apache: Lemonldap does not securise the
|
||||
manager itself yet:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -302,10 +288,10 @@ SSLEngine On
|
|||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HConfigurationedition">Configuration
|
||||
edition</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Connect to the manager with your browser start
|
||||
configure your Web-SSO. You have to set at least some parameters:
|
||||
edition</span></h4><br />
|
||||
<br />
|
||||
Connect to the manager with your browser start configure your Web-SSO. You
|
||||
have to set at least some parameters:
|
||||
|
||||
<h5 class="heading-1-1-1-1"><span id="HGeneralparameters">General
|
||||
parameters</span></h5>
|
||||
|
@ -330,11 +316,12 @@ SSLEngine On
|
|||
Apache::Session::<Choosen module>.</li>
|
||||
</ul>
|
||||
|
||||
<h5 class="heading-1-1-1-1"><span id="HUsergroups">User groups</span></h5>
|
||||
|
||||
<p class="paragraph"></p>Use the "New Group" button to add your first
|
||||
group. On the left, set the keyword which will be used later and set on
|
||||
the right the corresponding rule. You can use :
|
||||
<h5 class="heading-1-1-1-1"><span id="HUsergroups">User
|
||||
groups</span></h5><br />
|
||||
<br />
|
||||
Use the "New Group" button to add your first group. On the left, set the
|
||||
keyword which will be used later and set on the right the corresponding
|
||||
rule. You can use :
|
||||
|
||||
<ul class="star">
|
||||
<li>an LDAP filter (it will be tested with the user uid)</li>
|
||||
|
@ -347,15 +334,15 @@ SSLEngine On
|
|||
</ul>
|
||||
|
||||
<h5 class="heading-1-1-1-1"><span id="HVirtualhosts">Virtual
|
||||
hosts</span></h5>
|
||||
|
||||
<p class="paragraph"></p>You have to create a virtual host for each Apache
|
||||
host (virtual or real) protected by Lemonldap::NG even if just a
|
||||
sub-directory is protected. Else, user who want to access to the protected
|
||||
area will be rejected with a "500 Internal Server Error" message and the
|
||||
apache logs will explain the problem.
|
||||
|
||||
<p class="paragraph"></p>Each virtual host has 2 groups of parameters:
|
||||
hosts</span></h5><br />
|
||||
<br />
|
||||
You have to create a virtual host for each Apache host (virtual or real)
|
||||
protected by Lemonldap::NG even if just a sub-directory is protected.
|
||||
Else, user who want to access to the protected area will be rejected with
|
||||
a "500 Internal Server Error" message and the apache logs will explain the
|
||||
problem.<br />
|
||||
<br />
|
||||
Each virtual host has 2 groups of parameters:
|
||||
|
||||
<ul class="star">
|
||||
<li>Headers: the headers added to the apache request. Default: Auth-User
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 1 September 2005), see www.w3.org" />
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>FAQ LEMONLDAP::NG</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 1 September 2005), see www.w3.org" />
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>FAQ LEMONLDAP::NG</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 1 September 2005), see www.w3.org" />
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>FAQ LEMONLDAP::NG</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
|
@ -216,18 +216,17 @@
|
|||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HL27exemplefournifonctionneenHTTP2CmaispasenHTTPS">L'exemple fourni
|
||||
fonctionne en HTTP, mais pas en HTTPS.</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Dans le mécanisme des redirections vers le
|
||||
portail puis vers le site protégé, il faut indiquer à
|
||||
l'agent (handler) s'il est de type HTTPS ou non. Ceci est fait par le
|
||||
paramètre <tt>https</tt> qui doit être mis à 1. Ce
|
||||
paramètre n'est pas accessible dans la configuration (manager), car
|
||||
il est spécifique aux hôtes virtuels. C'est donc lors de
|
||||
l'appel à la fonction <tt>init</tt> (dans le fichier My::Package)
|
||||
qu'il doit être renseigné:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
fonctionne en HTTP, mais pas en HTTPS.</span></h4><br />
|
||||
<br />
|
||||
Dans le mécanisme des redirections vers le portail puis vers le
|
||||
site protégé, il faut indiquer à l'agent (handler)
|
||||
s'il est de type HTTPS ou non. Ceci est fait par le paramètre
|
||||
<tt>https</tt> qui doit être mis à 1. Ce paramètre
|
||||
n'est pas accessible dans la configuration (manager), car il est
|
||||
spécifique aux hôtes virtuels. C'est donc lors de l'appel
|
||||
à la fonction <tt>init</tt> (dans le fichier My::Package) qu'il
|
||||
doit être renseigné:<br />
|
||||
<br />
|
||||
<pre>
|
||||
__PACKAGE__->init ( {
|
||||
localStorage => "Cache::FileCache",
|
||||
|
@ -248,24 +247,22 @@ __PACKAGE__->init ( {
|
|||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HAquoisertleparamC3A8trehttpsduhandler3F">A quoi sert le paramètre
|
||||
https du handler ?</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Ce paramètre n'est utilisé que dans
|
||||
les redirections vers le portail d'authentification. Il sert juste
|
||||
à indiquer à ce dernier qu'après authentification,
|
||||
l'utilisateur doit être redirigé vers l'application en https
|
||||
et non en http.
|
||||
https du handler ?</span></h4><br />
|
||||
<br />
|
||||
Ce paramètre n'est utilisé que dans les redirections vers le
|
||||
portail d'authentification. Il sert juste à indiquer à ce
|
||||
dernier qu'après authentification, l'utilisateur doit être
|
||||
redirigé vers l'application en https et non en http.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HQu27estcequ27uneCGIautoprotC3A9gC3A9e3F">Qu'est ce qu'une CGI
|
||||
auto-protégée ?</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Lorsqu'on a qu'une seule page Perl à
|
||||
protéger dans un VirtualHost, plutôt que de la
|
||||
protéger en utilisant un agent Lemonldap::NG dans Apache, on peut
|
||||
utiliser une CGI auto-protégée:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
auto-protégée ?</span></h4><br />
|
||||
<br />
|
||||
Lorsqu'on a qu'une seule page Perl à protéger dans un
|
||||
VirtualHost, plutôt que de la protéger en utilisant un agent
|
||||
Lemonldap::NG dans Apache, on peut utiliser une CGI
|
||||
auto-protégée:<br />
|
||||
<br />
|
||||
<pre>
|
||||
use Lemonldap::NG::Handler::CGI;
|
||||
my $cgi = Lemonldap::NG::Handler::CGI->new ( {
|
||||
|
@ -273,11 +270,11 @@ __PACKAGE__->init ( {
|
|||
}
|
||||
);
|
||||
$cgi->authenticate;
|
||||
</pre>
|
||||
|
||||
<p class="paragraph"></p>Dans l'exemple ci-dessus, $cgi est un objet de
|
||||
type CGI(3). La seule différence est qu'il bénéficie
|
||||
de quelques fonctions supplémentaires:
|
||||
</pre><br />
|
||||
<br />
|
||||
Dans l'exemple ci-dessus, $cgi est un objet de type CGI(3). La seule
|
||||
différence est qu'il bénéficie de quelques fonctions
|
||||
supplémentaires:
|
||||
|
||||
<ul class="star">
|
||||
<li>authenticate : pour appeler le mécanisme d'authentification
|
||||
|
@ -297,11 +294,11 @@ __PACKAGE__->init ( {
|
|||
<h4 class="heading-1-1-1"><span id=
|
||||
"HCommentfairefonctionnerLemonldap3A3ANGavecunannuaireActiveDirectory3F">Comment
|
||||
faire fonctionner Lemonldap::NG avec un annuaire Active-Directory
|
||||
?</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Active-Directory utilise le champ <tt>cn</tt>
|
||||
comme identifiant unique au lieu de <tt>uid</tt>. Il faut donc modifier la
|
||||
configuration de Lemonldap::NG en deux points :
|
||||
?</span></h4><br />
|
||||
<br />
|
||||
Active-Directory utilise le champ <tt>cn</tt> comme identifiant unique au
|
||||
lieu de <tt>uid</tt>. Il faut donc modifier la configuration de
|
||||
Lemonldap::NG en deux points :
|
||||
|
||||
<ol>
|
||||
<li>la recherche de l'utilisateur dans l'annuaire doit être
|
||||
|
@ -338,13 +335,12 @@ my $portal = Lemonldap::NG::Portal::SharedConf->new(
|
|||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HCommentutiliserLemonldap3A3ANGenreverseproxy3F">Comment utiliser
|
||||
Lemonldap::NG en reverse-proxy ?</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG protège simplement les
|
||||
VirtualHosts d'Apache. Pour fonctionner en reverse-proxy, il suffit donc
|
||||
de configurer Apache en reverse-proxy:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
Lemonldap::NG en reverse-proxy ?</span></h4><br />
|
||||
<br />
|
||||
Lemonldap::NG protège simplement les VirtualHosts d'Apache. Pour
|
||||
fonctionner en reverse-proxy, il suffit donc de configurer Apache en
|
||||
reverse-proxy:<br />
|
||||
<br />
|
||||
<pre>
|
||||
# httpd.conf
|
||||
<VirtualHost *>
|
||||
|
@ -360,20 +356,19 @@ my $portal = Lemonldap::NG::Portal::SharedConf->new(
|
|||
# RewriteRule /(.*)$ <span class="nobr"><a href=
|
||||
"http://serveur-reel/$1">http://serveur-reel/$1</a></span> [P]
|
||||
</VirtualHost>
|
||||
</pre>
|
||||
|
||||
<p class="paragraph"></p>Si toutefois vous préférez utiliser
|
||||
un proxy Perl, Lemonldap::NG en fournit un
|
||||
(Lemonldap::NG::Handler::Proxy(3)).
|
||||
</pre><br />
|
||||
<br />
|
||||
Si toutefois vous préférez utiliser un proxy Perl,
|
||||
Lemonldap::NG en fournit un (Lemonldap::NG::Handler::Proxy(3)).
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HFonctionnement">Fonctionnement</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HAquoisertlecachelocaldesagents28handlers293F">A quoi sert le cache local
|
||||
des agents (handlers) ?</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Le cache local des agents a deux fonctions:
|
||||
des agents (handlers) ?</span></h4><br />
|
||||
<br />
|
||||
Le cache local des agents a deux fonctions:
|
||||
|
||||
<ul class="star">
|
||||
<li>partager la configuration entre processus Apache: on évite
|
||||
|
@ -396,52 +391,53 @@ my $portal = Lemonldap::NG::Portal::SharedConf->new(
|
|||
<h4 class="heading-1-1-1"><span id=
|
||||
"HPourquoinepeutonpasconfigurerlecachelocaldesagents28handlers29danslaconsoled27administration3F">
|
||||
Pourquoi ne peut-on pas configurer le cache local des agents (handlers)
|
||||
dans la console d'administration ?</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Le cache local doit être choisi ou
|
||||
paramétré en fonction du serveur: si on choisit par exemple
|
||||
le module Cache::FileCache, le répertoire de stockage n'est pas
|
||||
nécessairement le même partout. De plus, une modification du
|
||||
cache ne peut être appliquée sans redémarrage du
|
||||
serveur Apache contrairement aux autres paramètres
|
||||
gérés par la console d'administration.
|
||||
dans la console d'administration ?</span></h4><br />
|
||||
<br />
|
||||
Le cache local doit être choisi ou paramétré en
|
||||
fonction du serveur: si on choisit par exemple le module Cache::FileCache,
|
||||
le répertoire de stockage n'est pas nécessairement le
|
||||
même partout. De plus, une modification du cache ne peut être
|
||||
appliquée sans redémarrage du serveur Apache contrairement
|
||||
aux autres paramètres gérés par la console
|
||||
d'administration.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HQu27estcequele7E7ECrossDomainAuthentication7E7E28CDA293F">Qu'est ce que
|
||||
le <i class="italic">Cross Domain Authentication</i> (CDA) ?</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Le système de propagation de la session
|
||||
Lemonldap::NG est basé sur des cookies. Or ces cookies sont
|
||||
attachés au domaine dont ils sont issus. Lemonldap::NG fournit un
|
||||
dispositif permettant de passer outre ce problème: il suffit
|
||||
d'utiliser le portail Lemonldap::NG::Portal::CDA et les agents
|
||||
le <i class="italic">Cross Domain Authentication</i> (CDA)
|
||||
?</span></h4><br />
|
||||
<br />
|
||||
Le système de propagation de la session Lemonldap::NG est
|
||||
basé sur des cookies. Or ces cookies sont attachés au
|
||||
domaine dont ils sont issus. Lemonldap::NG fournit un dispositif
|
||||
permettant de passer outre ce problème: il suffit d'utiliser le
|
||||
portail Lemonldap::NG::Portal::CDA et les agents
|
||||
Lemonldap::NG::Handler::CDA sur les sites protégés en dehors
|
||||
du domaine du portail.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HCommentfonctionnele7E7ECrossDomainAuthentication7E7E28CDA293F">Comment
|
||||
fonctionne le <i class="italic">Cross Domain Authentication</i> (CDA)
|
||||
?</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Un portail Lemonldap::NG::Portal::CDA
|
||||
détecte si l'URL demandée n'est pas dans le même
|
||||
domaine. Si c'est le cas, il ajoute un paramètre à cette
|
||||
requête correspondant au cookie de session. Lorsque l'utilisateur
|
||||
est renvoyé vers cette URL, l'agent Lemonldap::NG::Handler::CDA
|
||||
reconnaît ce paramètre et génère alors le
|
||||
cookie dans son domaine. Il retire alors le paramètre ajouté
|
||||
par le portail et effectue le traitement normal de la requête.
|
||||
?</span></h4><br />
|
||||
<br />
|
||||
Un portail Lemonldap::NG::Portal::CDA détecte si l'URL
|
||||
demandée n'est pas dans le même domaine. Si c'est le cas, il
|
||||
ajoute un paramètre à cette requête correspondant au
|
||||
cookie de session. Lorsque l'utilisateur est renvoyé vers cette
|
||||
URL, l'agent Lemonldap::NG::Handler::CDA reconnaît ce
|
||||
paramètre et génère alors le cookie dans son domaine.
|
||||
Il retire alors le paramètre ajouté par le portail et
|
||||
effectue le traitement normal de la requête.
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HAuthentification">Authentification</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HPeutonchangerlemoded27authentification3F">Peut-on changer le mode
|
||||
d'authentification ?</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG fournit plusieurs modes
|
||||
d'authentification (à paramétrer dans le champ
|
||||
"authentification" de l'interface d'administration) :
|
||||
d'authentification ?</span></h4><br />
|
||||
<br />
|
||||
Lemonldap::NG fournit plusieurs modes d'authentification (à
|
||||
paramétrer dans le champ "authentification" de l'interface
|
||||
d'administration) :
|
||||
|
||||
<ul class="star">
|
||||
<li><strong class="strong">ldap</strong> : c'est le mode par
|
||||
|
@ -483,16 +479,15 @@ my $portal = Lemonldap::NG::Portal::SharedConf->new(
|
|||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HMessagesd27erreuretdedC3A9boguage">Messages d'erreur et de
|
||||
déboguage</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG produit des messages de
|
||||
débogage et d'erreur enregistrés dans le journal d'Apache
|
||||
(error.log par défaut). Vous pouvez modifier le niveau d'affichage
|
||||
en adaptant le paramètre LogLevel d'Apache.
|
||||
|
||||
<p class="paragraph"></p>La page <span class="wikilink"><a href=
|
||||
"errors-fr.html">Erreurs</a></span> référence ces messages
|
||||
d'erreur et de débogage.
|
||||
déboguage</span></h3><br />
|
||||
<br />
|
||||
Lemonldap::NG produit des messages de débogage et d'erreur
|
||||
enregistrés dans le journal d'Apache (error.log par défaut).
|
||||
Vous pouvez modifier le niveau d'affichage en adaptant le paramètre
|
||||
LogLevel d'Apache.<br />
|
||||
<br />
|
||||
La page <span class="wikilink"><a href="errors-fr.html">Erreurs</a></span>
|
||||
référence ces messages d'erreur et de débogage.
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 1 September 2005), see www.w3.org" />
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>FAQ LEMONLDAP::NG</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
|
@ -183,15 +183,14 @@
|
|||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HTheprovidedexampleworkswithHTTP2CbutnotwithHTTPS">The provided example
|
||||
works with HTTP, but not with HTTPS.</span></h4>
|
||||
|
||||
<p class="paragraph"></p>In the redirection mechanism to the portal then
|
||||
to the protected site, you have to indicate to the handler if users access
|
||||
by HTTPS or HTTP to it. This is done by the <tt>https</tt> parameter. This
|
||||
parameter has to be configured directly in the handlers is not accessible
|
||||
by the manager interface:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
works with HTTP, but not with HTTPS.</span></h4><br />
|
||||
<br />
|
||||
In the redirection mechanism to the portal then to the protected site, you
|
||||
have to indicate to the handler if users access by HTTPS or HTTP to it.
|
||||
This is done by the <tt>https</tt> parameter. This parameter has to be
|
||||
configured directly in the handlers is not accessible by the manager
|
||||
interface:<br />
|
||||
<br />
|
||||
<pre>
|
||||
__PACKAGE__->init ( {
|
||||
localStorage => "Cache::FileCache",
|
||||
|
@ -212,21 +211,18 @@ __PACKAGE__->init ( {
|
|||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HForwhatisusedthe22https22parameter3F">For what is used the "https"
|
||||
parameter ?</span></h4>
|
||||
|
||||
<p class="paragraph"></p>This parameter is used only in authentication
|
||||
portal redirections. It is just used to indicate to the portal that after
|
||||
authentification, the user must be redirected towards the application
|
||||
using https and not http.
|
||||
parameter ?</span></h4><br />
|
||||
<br />
|
||||
This parameter is used only in authentication portal redirections. It is
|
||||
just used to indicate to the portal that after authentification, the user
|
||||
must be redirected towards the application using https and not http.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HWhatisanautoprotectedCGI3F">What is
|
||||
an auto-protected CGI ?</span></h4>
|
||||
|
||||
<p class="paragraph"></p>When you have just 1 Perl CGI to protect in a
|
||||
VirtualHost, you can use an auto-protected CGI instead of using a
|
||||
Lemonldap::NG handler:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
an auto-protected CGI ?</span></h4><br />
|
||||
<br />
|
||||
When you have just 1 Perl CGI to protect in a VirtualHost, you can use an
|
||||
auto-protected CGI instead of using a Lemonldap::NG handler:<br />
|
||||
<br />
|
||||
<pre>
|
||||
use Lemonldap::NG::Handler::CGI;
|
||||
my $cgi = Lemonldap::NG::Handler::CGI->new ( {
|
||||
|
@ -234,10 +230,10 @@ __PACKAGE__->init ( {
|
|||
}
|
||||
);
|
||||
$cgi->authenticate;
|
||||
</pre>
|
||||
|
||||
<p class="paragraph"></p>In the example above, $cgi is a CGI(3) object.
|
||||
The only difference is that it has some additional functions:
|
||||
</pre><br />
|
||||
<br />
|
||||
In the example above, $cgi is a CGI(3) object. The only difference is that
|
||||
it has some additional functions:
|
||||
|
||||
<ul class="star">
|
||||
<li>authenticate : to call Lemonldap::NG authentication mechanism,</li>
|
||||
|
@ -255,11 +251,11 @@ __PACKAGE__->init ( {
|
|||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HHowtouseLemonldap3A3ANGwithActiveDirectory3F">How to use Lemonldap::NG
|
||||
with Active-Directory ?</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Active-Directory uses <tt>cn</tt> field instead
|
||||
of <tt>uid</tt> as unique identifier. You have so to modify Lemonldap::NG
|
||||
configuration in 2 points :
|
||||
with Active-Directory ?</span></h4><br />
|
||||
<br />
|
||||
Active-Directory uses <tt>cn</tt> field instead of <tt>uid</tt> as unique
|
||||
identifier. You have so to modify Lemonldap::NG configuration in 2
|
||||
points :
|
||||
|
||||
<ol>
|
||||
<li>the field <tt>cn</tt> (or <tt>samAccountName</tt>) has to be used to
|
||||
|
@ -270,9 +266,8 @@ __PACKAGE__->init ( {
|
|||
<tt>$cn</tt> in the field "General Parameters -> Attribute to use in
|
||||
Apache's logs" (and to verify that this variable is an exported
|
||||
attribute). The LDAP filter change needs to overload a subroutine in the
|
||||
portail. This can be done so :
|
||||
|
||||
<p class="paragraph"></p>
|
||||
portail. This can be done so :<br />
|
||||
<br />
|
||||
<pre>
|
||||
#!/usr/bin/perl
|
||||
use Lemonldap::NG::Portal::SharedConf;
|
||||
|
@ -293,13 +288,11 @@ my $portal = Lemonldap::NG::Portal::SharedConf->new(
|
|||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HHowtouseLemonldap3A3ANGasreverseproxy3F">How to use Lemonldap::NG as
|
||||
reverse-proxy ?</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG protects Apache VirtualHosts. To
|
||||
use it as reverse-proxy, you just have to configure Apache as
|
||||
reverse-proxy :
|
||||
|
||||
<p class="paragraph"></p>
|
||||
reverse-proxy ?</span></h4><br />
|
||||
<br />
|
||||
Lemonldap::NG protects Apache VirtualHosts. To use it as reverse-proxy,
|
||||
you just have to configure Apache as reverse-proxy :<br />
|
||||
<br />
|
||||
<pre>
|
||||
# httpd.conf
|
||||
<VirtualHost *>
|
||||
|
@ -315,18 +308,18 @@ my $portal = Lemonldap::NG::Portal::SharedConf->new(
|
|||
# RewriteRule /(.*)$ <span class="nobr"><a href=
|
||||
"http://serveur-reel/$1">http://serveur-reel/$1</a></span> [P]
|
||||
</VirtualHost>
|
||||
</pre>
|
||||
|
||||
<p class="paragraph"></p>If you prefer to use a Perl proxy, Lemonldap::NG
|
||||
provides one (Lemonldap::NG::Handler::Proxy(3))
|
||||
</pre><br />
|
||||
<br />
|
||||
If you prefer to use a Perl proxy, Lemonldap::NG provides one
|
||||
(Lemonldap::NG::Handler::Proxy(3))
|
||||
|
||||
<h3 class="heading-1-1"><span id="HOperation">Operation</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HWithwhatservesthehandlerlocalcache3F">With what serves the handler local
|
||||
cache ?</span></h4>
|
||||
|
||||
<p class="paragraph"></p>The handler local cache is used for 2 things :
|
||||
cache ?</span></h4><br />
|
||||
<br />
|
||||
The handler local cache is used for 2 things :
|
||||
|
||||
<ul class="star">
|
||||
<li>share configuration between Apache process : this avoid downloading
|
||||
|
@ -341,44 +334,44 @@ my $portal = Lemonldap::NG::Portal::SharedConf->new(
|
|||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HWhyhandlerslocalcachecannotbeconfiguredbythemanager3F">Why handlers
|
||||
local cache can not be configured by the manager ?</span></h4>
|
||||
|
||||
<p class="paragraph"></p>The local cache has to be choosed nad configured
|
||||
for each server: for example with the Cache::FileCache module, the storage
|
||||
directory can be different. An other point is that the local storage can
|
||||
not be reloaded without restarting Apache, but all parameters managed by
|
||||
the manager can do it.
|
||||
local cache can not be configured by the manager ?</span></h4><br />
|
||||
<br />
|
||||
The local cache has to be choosed nad configured for each server: for
|
||||
example with the Cache::FileCache module, the storage directory can be
|
||||
different. An other point is that the local storage can not be reloaded
|
||||
without restarting Apache, but all parameters managed by the manager can
|
||||
do it.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HWhatisthe7E7ECrossDomainAuthentication7E7E28CDA293F">What is the
|
||||
<i class="italic">Cross Domain Authentication</i> (CDA) ?</span></h4>
|
||||
|
||||
<p class="paragraph"></p>The Lemonldap::NG sessions propagation system is
|
||||
based on cookies, but cookies are attached to a DNS domain. Lemonldap::NG
|
||||
provides a system to bypass this restriction: you just have to use a
|
||||
Lemonldap::NG::Portal::CDA portal and Lemonldap::NG::Handler::CDA handlers
|
||||
in all protected sites outwards the portal DNS domain.
|
||||
<i class="italic">Cross Domain Authentication</i> (CDA)
|
||||
?</span></h4><br />
|
||||
<br />
|
||||
The Lemonldap::NG sessions propagation system is based on cookies, but
|
||||
cookies are attached to a DNS domain. Lemonldap::NG provides a system to
|
||||
bypass this restriction: you just have to use a Lemonldap::NG::Portal::CDA
|
||||
portal and Lemonldap::NG::Handler::CDA handlers in all protected sites
|
||||
outwards the portal DNS domain.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HHowworksthe7E7ECrossDomainAuthentication7E7E28CDA293F">How works the
|
||||
<i class="italic">Cross Domain Authentication</i> (CDA) ?</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG::Portal::CDA portal detects if
|
||||
required URL is in the same domain. If not, it adds a parameter to this
|
||||
request. When the user returns to the protected application,
|
||||
Lemonldap::NG::Handler::CDA agent detects this parameter et generate a
|
||||
cookie in its domain.
|
||||
<i class="italic">Cross Domain Authentication</i> (CDA)
|
||||
?</span></h4><br />
|
||||
<br />
|
||||
Lemonldap::NG::Portal::CDA portal detects if required URL is in the same
|
||||
domain. If not, it adds a parameter to this request. When the user returns
|
||||
to the protected application, Lemonldap::NG::Handler::CDA agent detects
|
||||
this parameter et generate a cookie in its domain.
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HAuthentication">Authentication</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HHowtochangeauthenticationscheme3F">How to change authentication scheme
|
||||
?</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG provides several authentication
|
||||
modes (to use in the "authentification" field of the administration
|
||||
interface) :
|
||||
?</span></h4><br />
|
||||
<br />
|
||||
Lemonldap::NG provides several authentication modes (to use in the
|
||||
"authentification" field of the administration interface) :
|
||||
|
||||
<ul class="star">
|
||||
<li><strong class="strong">ldap</strong> : this is the default mode :
|
||||
|
@ -401,14 +394,14 @@ my $portal = Lemonldap::NG::Portal::SharedConf->new(
|
|||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HErroranddebugmessages">Error and debug
|
||||
messages</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG produces error and debug messages
|
||||
logged by Apache (in error.log by default). You can adapt debug level by
|
||||
setting LogLevel parameter in Apache configuration file.
|
||||
|
||||
<p class="paragraph"></p>Those messages are described <span class=
|
||||
"wikilink"><a href="errors.html">here</a></span>.
|
||||
messages</span></h3><br />
|
||||
<br />
|
||||
Lemonldap::NG produces error and debug messages logged by Apache (in
|
||||
error.log by default). You can adapt debug level by setting LogLevel
|
||||
parameter in Apache configuration file.<br />
|
||||
<br />
|
||||
Those messages are described <span class="wikilink"><a href=
|
||||
"errors.html">here</a></span>.
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 1 September 2005), see www.w3.org" />
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>FAQ LEMONLDAP::NG</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
|
@ -88,9 +88,8 @@
|
|||
<h3 class="heading-1-1"><span id="HCOMPILATION">COMPILATION</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HInstallationcomplC3A8te">Installation
|
||||
complète</span></h4>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
complète</span></h4><br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -103,9 +102,8 @@ $ make example
|
|||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HInstallationsurDebian">Installation
|
||||
sur Debian</span></h4>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
sur Debian</span></h4><br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -114,12 +112,10 @@ $ cd lemonldap-ng-*
|
|||
$ debuild
|
||||
$ sudo dpkg -i ../lemonldap-ng*.deb
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Vous pouvez également utiliser le
|
||||
repository Debian:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
</div><br />
|
||||
<br />
|
||||
Vous pouvez également utiliser le repository Debian:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -131,13 +127,12 @@ deb-src <span class="nobr"><a href=
|
|||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HCONFIGURATIONDEL27EXEMPLE">CONFIGURATION DE L'EXEMPLE</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Après compilation, vous disposez d'un
|
||||
fichier example/apache.conf. Vous avez simplement à l'inclure dans
|
||||
le fichier de configuration d'Apache:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
"HCONFIGURATIONDEL27EXEMPLE">CONFIGURATION DE L'EXEMPLE</span></h3><br />
|
||||
<br />
|
||||
Après compilation, vous disposez d'un fichier example/apache.conf.
|
||||
Vous avez simplement à l'inclure dans le fichier de configuration
|
||||
d'Apache:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -150,11 +145,10 @@ ln -s /usr/share/doc/lemonldap-ng/example/apache.conf /etc/apache/conf.d/test.co
|
|||
# ou avec Apache-2.x
|
||||
ln -s /usr/share/doc/lemonldap-ng/example/apache2.conf /etc/apache2/sites-enabled/test.conf
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Modifiez votre fichier /etc/hosts pour y ajouter:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
</div><br />
|
||||
<br />
|
||||
Modifiez votre fichier /etc/hosts pour y ajouter:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -162,10 +156,10 @@ ln -s /usr/share/doc/lemonldap-ng/example/apache2.conf /etc/apache2/sites-enable
|
|||
127.0.0.3 test.example.com
|
||||
127.0.0.4 manager.example.com
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Vous devez ensuite indiquer les paramètres
|
||||
de connexion LDAP. Vous pouvez au choix :
|
||||
</div><br />
|
||||
<br />
|
||||
Vous devez ensuite indiquer les paramètres de connexion LDAP. Vous
|
||||
pouvez au choix :
|
||||
|
||||
<ul class="star">
|
||||
<li>utiliser l'interface d'administration: redémarrez Apache et
|
||||
|
@ -176,9 +170,9 @@ ln -s /usr/share/doc/lemonldap-ng/example/apache2.conf /etc/apache2/sites-enable
|
|||
renseigner vos paramètres LDAP (utilisateurs Debian:
|
||||
/usr/share/doc/lemonldap-ng/example/conf/lmConfig-1).</li>
|
||||
</ul>Si vous ne renseignez pas managerDn et managerPassword, Lemonldap::NG
|
||||
utilisera une connexion anonyme pour trouver le dn de l'utilisateur.
|
||||
|
||||
<p class="paragraph"></p>NOTES:
|
||||
utilisera une connexion anonyme pour trouver le dn de l'utilisateur.<br />
|
||||
<br />
|
||||
NOTES:
|
||||
|
||||
<ul class="star">
|
||||
<li>seuls quelques paramètres peuvent être
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 1 September 2005), see www.w3.org" />
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>FAQ LEMONLDAP::NG</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
|
@ -76,9 +76,8 @@ apt-get install libsoap-lite-perl
|
|||
<h3 class="heading-1-1"><span id="HBUILDING">BUILDING</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HCompleteinstall">Complete
|
||||
install</span></h4>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
install</span></h4><br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -91,9 +90,8 @@ $ make example
|
|||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HDebianinstall">Debian
|
||||
install</span></h4>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
install</span></h4><br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -102,11 +100,10 @@ $ cd lemonldap-ng-*
|
|||
$ debuild
|
||||
$ sudo dpkg -i ../lemonldap-ng*.deb
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>You can also use the Debian repository :
|
||||
|
||||
<p class="paragraph"></p>
|
||||
</div><br />
|
||||
<br />
|
||||
You can also use the Debian repository :<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -118,13 +115,11 @@ deb-src <span class="nobr"><a href=
|
|||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HEXAMPLECONFIGURATION">EXAMPLE
|
||||
CONFIGURATION</span></h3>
|
||||
|
||||
<p class="paragraph"></p>After build, you have a new file named
|
||||
example/apache.conf. You just have to include this file in Apache
|
||||
configuration:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
CONFIGURATION</span></h3><br />
|
||||
<br />
|
||||
After build, you have a new file named example/apache.conf. You just have
|
||||
to include this file in Apache configuration:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -137,11 +132,10 @@ ln -s /usr/share/doc/lemonldap-ng/example/apache.conf /etc/apache/conf.d/test.co
|
|||
# or with Apache-2.x
|
||||
ln -s /usr/share/doc/lemonldap-ng/example/apache2.conf /etc/apache2/sites-enabled/test.conf
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Modify your /etc/hosts file to include:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
</div><br />
|
||||
<br />
|
||||
Modify your /etc/hosts file to include:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -149,10 +143,10 @@ ln -s /usr/share/doc/lemonldap-ng/example/apache2.conf /etc/apache2/sites-enable
|
|||
127.0.0.3 test.example.com
|
||||
127.0.0.4 manager.example.com
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Now you have to edit configuration to set your
|
||||
LDAP settings. You can either use :
|
||||
</div><br />
|
||||
<br />
|
||||
Now you have to edit configuration to set your LDAP settings. You can
|
||||
either use :
|
||||
|
||||
<ul class="star">
|
||||
<li>the manager interface: restart Apache and connect to <span class=
|
||||
|
@ -163,9 +157,9 @@ ln -s /usr/share/doc/lemonldap-ng/example/apache2.conf /etc/apache2/sites-enable
|
|||
your LDAP settings (Debian users:
|
||||
/usr/share/doc/lemonldap-ng/example/conf/lmConfig-1).</li>
|
||||
</ul>If you don't set managerDn and managerPassword, Lemonldap::NG will
|
||||
use an anonymous bind to find user dn.
|
||||
|
||||
<p class="paragraph"></p>WARNINGS:
|
||||
use an anonymous bind to find user dn.<br />
|
||||
<br />
|
||||
WARNINGS:
|
||||
|
||||
<ul class="star">
|
||||
<li>only few parameters can be set by hand in the configuration file.
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 1 September 2005), see www.w3.org" />
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>FAQ LEMONLDAP::NG</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
|
@ -296,18 +296,17 @@ group1 => { $departmentUID eq <span class=
|
|||
</div>
|
||||
|
||||
<h5 class="heading-1-1-1-1"><span id=
|
||||
"HPerformances">Performances</span></h5>
|
||||
|
||||
<p class="paragraph"></p>Vous pouvez utiliser des expressions Perl aussi
|
||||
complexe que nécessaire et vous pouvez utiliser tous les attibuts
|
||||
LDAP (et créer vos propres attributs additionnels avec le
|
||||
mécanisme des macros) dans les définitions de groupes, les
|
||||
règles d'accès et les en-têtes HTTP
|
||||
personnalisés: vous devez seulement utiliser le nom choisi
|
||||
précédé d'un "$".
|
||||
|
||||
<p class="paragraph"></p>Vous devez toutefois bien choisir vos
|
||||
expressions:
|
||||
"HPerformances">Performances</span></h5><br />
|
||||
<br />
|
||||
Vous pouvez utiliser des expressions Perl aussi complexe que
|
||||
nécessaire et vous pouvez utiliser tous les attibuts LDAP (et
|
||||
créer vos propres attributs additionnels avec le mécanisme
|
||||
des macros) dans les définitions de groupes, les règles
|
||||
d'accès et les en-têtes HTTP personnalisés: vous devez
|
||||
seulement utiliser le nom choisi précédé d'un
|
||||
"$".<br />
|
||||
<br />
|
||||
Vous devez toutefois bien choisir vos expressions:
|
||||
|
||||
<ul class="star">
|
||||
<li>les groupes et les macros ne sont évaluées que lorsque
|
||||
|
@ -325,11 +324,11 @@ group1 => { $departmentUID eq <span class=
|
|||
^/<span class=
|
||||
"java-keyword">protected</span>/.*$ => $groups =~ /bgroup1b/
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Dans la définition des groupes, vous
|
||||
pouvez au choix utiliser des filtres LDAP ou des expressions Perl ou
|
||||
encore mixer les deux. Les expressions Perl sont encadrées par {} :
|
||||
</div><br />
|
||||
<br />
|
||||
Dans la définition des groupes, vous pouvez au choix utiliser des
|
||||
filtres LDAP ou des expressions Perl ou encore mixer les deux. Les
|
||||
expressions Perl sont encadrées par {} :
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -340,44 +339,43 @@ group1 => {$uid eq <span class=
|
|||
group1 => (|(uid=xavier.guimard){$ou eq <span class=
|
||||
"java-quote">"unit1"</span>})
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Pour limiter les requêtes LDAP, il est
|
||||
conseillé d'utiliser les expressions Perl. Ainsi seuls 2
|
||||
sollicitations de l'annuaire sont nécessaires.
|
||||
</div><br />
|
||||
<br />
|
||||
Pour limiter les requêtes LDAP, il est conseillé d'utiliser
|
||||
les expressions Perl. Ainsi seuls 2 sollicitations de l'annuaire sont
|
||||
nécessaires.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HTraC3A7abilitC3A9">Traçabilité</span></h4>
|
||||
|
||||
<h5 class="heading-1-1-1-1"><span id="HTracerlesaccC3A8sauportail">Tracer
|
||||
les accès au portail</span></h5>
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG::Portal n'enregistre pas les
|
||||
événements de connexion par défaut, mais il est
|
||||
très facile de surcharger la méthode "log".
|
||||
les accès au portail</span></h5><br />
|
||||
<br />
|
||||
Lemonldap::NG::Portal n'enregistre pas les événements de
|
||||
connexion par défaut, mais il est très facile de surcharger
|
||||
la méthode "log".
|
||||
|
||||
<h5 class="heading-1-1-1-1"><span id=
|
||||
"HTracerlesaccC3A8sauxapplications">Tracer les accès aux
|
||||
applications</span></h5>
|
||||
|
||||
<p class="paragraph"></p>Comme un Web-SSO ne peut interpréter le
|
||||
contenu des requêtes HTTP transmise aux applications
|
||||
protégées, il ne peut enregistrer au mieux que les URL. Et
|
||||
comme Apache le fait parfaitement, Lemonldap::NG::Handler(3) lui fournit
|
||||
le nom à enregistrer dans les journaux. Le paramètre
|
||||
optionnel "whatToTrace" indique la variable à utiliser ($uid par
|
||||
défaut).
|
||||
|
||||
<p class="paragraph"></p>La trace réelle doit être
|
||||
effectuée par l'application seule capable d'interpréter le
|
||||
résultat des transactions.
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG peut exporter des en-têtes
|
||||
HTTP aussi bien en utilisant Apache en reverse-proxy qu'en
|
||||
protégent directement les applications. Par défaut, le champ
|
||||
Auth-User est utilisé mais vous pouvez choisir les en-têtes
|
||||
que vous transmettez à chaque application séparemment. Les
|
||||
expressions définissant les en-têtes associent :
|
||||
applications</span></h5><br />
|
||||
<br />
|
||||
Comme un Web-SSO ne peut interpréter le contenu des requêtes
|
||||
HTTP transmise aux applications protégées, il ne peut
|
||||
enregistrer au mieux que les URL. Et comme Apache le fait parfaitement,
|
||||
Lemonldap::NG::Handler(3) lui fournit le nom à enregistrer dans les
|
||||
journaux. Le paramètre optionnel "whatToTrace" indique la variable
|
||||
à utiliser ($uid par défaut).<br />
|
||||
<br />
|
||||
La trace réelle doit être effectuée par l'application
|
||||
seule capable d'interpréter le résultat des
|
||||
transactions.<br />
|
||||
<br />
|
||||
Lemonldap::NG peut exporter des en-têtes HTTP aussi bien en
|
||||
utilisant Apache en reverse-proxy qu'en protégent directement les
|
||||
applications. Par défaut, le champ Auth-User est utilisé
|
||||
mais vous pouvez choisir les en-têtes que vous transmettez à
|
||||
chaque application séparemment. Les expressions définissant
|
||||
les en-têtes associent :
|
||||
|
||||
<ul class="star">
|
||||
<li>le nom d'en-tête,</li>
|
||||
|
@ -410,9 +408,10 @@ Remote-IP => $ip
|
|||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HInstallation">Installation</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Attention :
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HInstallation">Installation</span></h3><br />
|
||||
<br />
|
||||
Attention :
|
||||
|
||||
<ul class="star">
|
||||
<li>Lemonldap::NG est un projet différent de Lemonldap et
|
||||
|
@ -439,10 +438,10 @@ Remote-IP => $ip
|
|||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HSystC3A8medestockagedessessions">Système de stockage des
|
||||
sessions</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG utilise 3 niveaux de cache pour les
|
||||
données des utilisateurs authentifiés :
|
||||
sessions</span></h3><br />
|
||||
<br />
|
||||
Lemonldap::NG utilise 3 niveaux de cache pour les données des
|
||||
utilisateurs authentifiés :
|
||||
|
||||
<ul class="star">
|
||||
<li>un module Apache::Session::* au choix utilisé par le portail
|
||||
|
@ -461,26 +460,26 @@ Remote-IP => $ip
|
|||
intéressant avec le système de connexions persistantes du
|
||||
protocole HTTP/1.1 (Keep-Alive).</li>
|
||||
</ul>Ainsi, le nombre de requêtes au cache principal est
|
||||
limité à 1 par utilisateur actif toutes les 10 minutes.
|
||||
limité à 1 par utilisateur actif toutes les 10
|
||||
minutes.<br />
|
||||
<br />
|
||||
Lemonldap::NG est très rapide, mais vous pouvez encore
|
||||
améliorer les performances en utilisnt un module Cache::Cache ne
|
||||
nécessitant pas d'accès au disque.
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG est très rapide, mais vous
|
||||
pouvez encore améliorer les performances en utilisnt un module
|
||||
Cache::Cache ne nécessitant pas d'accès au disque.
|
||||
|
||||
<h3 class="heading-1-1"><span id="HAuteur">Auteur</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Xavier Guimard, <x.guimard@free.fr>
|
||||
<h3 class="heading-1-1"><span id="HAuteur">Auteur</span></h3><br />
|
||||
<br />
|
||||
Xavier Guimard, <x.guimard@free.fr>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HCopyrightetlicense">Copyright et
|
||||
license</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Copyright © 2005-2007 par Xavier Guimard
|
||||
<x.guimard@free.fr>
|
||||
|
||||
<p class="paragraph"></p>Ce logiciel est libre, vous pouvez le
|
||||
redistribuer et/ou le modifier sous les mêmes termes que Perl
|
||||
lui-même en version 5.8.4 ou à votre guise en version Perl 5
|
||||
supérieure.
|
||||
license</span></h3><br />
|
||||
<br />
|
||||
Copyright © 2005-2007 par Xavier Guimard
|
||||
<x.guimard@free.fr><br />
|
||||
<br />
|
||||
Ce logiciel est libre, vous pouvez le redistribuer et/ou le modifier sous
|
||||
les mêmes termes que Perl lui-même en version 5.8.4 ou
|
||||
à votre guise en version Perl 5 supérieure.
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 1 September 2005), see www.w3.org" />
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>FAQ LEMONLDAP::NG</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
|
@ -254,16 +254,14 @@ group1 => { $departmentUID eq <span class=
|
|||
</div>
|
||||
|
||||
<h5 class="heading-1-1-1-1"><span id=
|
||||
"HPerformance">Performance</span></h5>
|
||||
|
||||
<p class="paragraph"></p>You can use Perl expressions as complicated as
|
||||
you want and you can use all the exported LDAP attributes (and create your
|
||||
own attributes: with 'macros' mechanism) in groups evaluations, area
|
||||
protections or custom HTTP headers (you just have to call them with a
|
||||
"$").
|
||||
|
||||
<p class="paragraph"></p>ou have to be careful when choosing your
|
||||
expressions:
|
||||
"HPerformance">Performance</span></h5><br />
|
||||
<br />
|
||||
You can use Perl expressions as complicated as you want and you can use
|
||||
all the exported LDAP attributes (and create your own attributes: with
|
||||
'macros' mechanism) in groups evaluations, area protections or custom HTTP
|
||||
headers (you just have to call them with a "$").<br />
|
||||
<br />
|
||||
ou have to be careful when choosing your expressions:
|
||||
|
||||
<ul class="star">
|
||||
<li>groups and macros are evaluated each time a user is redirected to
|
||||
|
@ -279,11 +277,10 @@ group1 => { $departmentUID eq <span class=
|
|||
^/<span class=
|
||||
"java-keyword">protected</span>/.*$ => $groups =~ /bgroup1b/
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>You can also use LDAP filters, or Perl expression
|
||||
or mixed expressions in groups definitions. Perl expressions has to be
|
||||
enclosed with {} :
|
||||
</div><br />
|
||||
<br />
|
||||
You can also use LDAP filters, or Perl expression or mixed expressions in
|
||||
groups definitions. Perl expressions has to be enclosed with {} :
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -294,36 +291,36 @@ group1 => {$uid eq <span class=
|
|||
group1 => (|(uid=xavier.guimard){$ou eq <span class=
|
||||
"java-quote">"unit1"</span>})
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>It is also recommanded to use Perl expressions to
|
||||
avoid requiering the LDAP server more than 2 times per authentication.
|
||||
</div><br />
|
||||
<br />
|
||||
It is also recommanded to use Perl expressions to avoid requiering the
|
||||
LDAP server more than 2 times per authentication.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HAccounting">Accounting</span></h4>
|
||||
|
||||
<h5 class="heading-1-1-1-1"><span id="HLoggingportalaccess">Logging portal
|
||||
access</span></h5>
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG::Portal doesn't log anything by
|
||||
default, but it's easy to overload log method for normal portal access.
|
||||
access</span></h5><br />
|
||||
<br />
|
||||
Lemonldap::NG::Portal doesn't log anything by default, but it's easy to
|
||||
overload log method for normal portal access.
|
||||
|
||||
<h5 class="heading-1-1-1-1"><span id="HLoggingapplicationaccess">Logging
|
||||
application access</span></h5>
|
||||
|
||||
<p class="paragraph"></p>Because a Web-SSO knows nothing about the
|
||||
protected application, it can't do more than logging URL. As Apache does
|
||||
this fine, Lemonldap::NG::Handler(3) gives it the name to used in logs.
|
||||
The whatToTrace parameter indicates which variable Apache has to use ($uid
|
||||
by default).
|
||||
|
||||
<p class="paragraph"></p>The real accounting has to be done by the
|
||||
application itself which knows the result of SQL transaction for example.
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG can export HTTP headers either
|
||||
using a proxy or protecting directly the application. By default, the
|
||||
Auth-User field is used but you can change it using the exportedHeaders
|
||||
parameters (in the Manager, each virtual host as custom headers branch).
|
||||
This parameters contains an associative array per virtual host :
|
||||
application access</span></h5><br />
|
||||
<br />
|
||||
Because a Web-SSO knows nothing about the protected application, it can't
|
||||
do more than logging URL. As Apache does this fine,
|
||||
Lemonldap::NG::Handler(3) gives it the name to used in logs. The
|
||||
whatToTrace parameter indicates which variable Apache has to use ($uid by
|
||||
default).<br />
|
||||
<br />
|
||||
The real accounting has to be done by the application itself which knows
|
||||
the result of SQL transaction for example.<br />
|
||||
<br />
|
||||
Lemonldap::NG can export HTTP headers either using a proxy or protecting
|
||||
directly the application. By default, the Auth-User field is used but you
|
||||
can change it using the exportedHeaders parameters (in the Manager, each
|
||||
virtual host as custom headers branch). This parameters contains an
|
||||
associative array per virtual host :
|
||||
|
||||
<ul class="star">
|
||||
<li>keys are the names of the choosen headers,</li>
|
||||
|
@ -356,9 +353,10 @@ Remote-IP => $ip
|
|||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HInstallation">Installation</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Warnings :
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HInstallation">Installation</span></h3><br />
|
||||
<br />
|
||||
Warnings :
|
||||
|
||||
<ul class="star">
|
||||
<li>Lemonldap::NG is a different project than Lemonldap and contains all
|
||||
|
@ -377,10 +375,9 @@ Remote-IP => $ip
|
|||
installation documentation.
|
||||
|
||||
<h3 class="heading-1-1"><span id="HSessionstoragesystem">Session storage
|
||||
system</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG use 3 levels of cache for
|
||||
authenticated users :
|
||||
system</span></h3><br />
|
||||
<br />
|
||||
Lemonldap::NG use 3 levels of cache for authenticated users :
|
||||
|
||||
<ul class="star">
|
||||
<li>an Apache::Session::* module used by lemonldap::NG::Portal to store
|
||||
|
@ -395,25 +392,24 @@ Remote-IP => $ip
|
|||
refuse access. This is very efficient with HTTP/1.1 Keep-Alive
|
||||
system.</li>
|
||||
</ul>So the number of request to the central storage is limited to 1 per
|
||||
active user each 10 minutes.
|
||||
active user each 10 minutes.<br />
|
||||
<br />
|
||||
Lemonldap::NG is very fast, but you can increase performance using a
|
||||
Cache::Cache module that does not use disk access.
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG is very fast, but you can increase
|
||||
performance using a Cache::Cache module that does not use disk access.
|
||||
|
||||
<h3 class="heading-1-1"><span id="HAuthor">Author</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Xavier Guimard, <x.guimard@free.fr>
|
||||
<h3 class="heading-1-1"><span id="HAuthor">Author</span></h3><br />
|
||||
<br />
|
||||
Xavier Guimard, <x.guimard@free.fr>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HCopyrightandlicence">Copyright and
|
||||
licence</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Copyright © 2005-2007 by Xavier Guimard
|
||||
<x.guimard@free.fr>
|
||||
|
||||
<p class="paragraph"></p>This library is free software; you can
|
||||
redistribute it and/or modify it under the same terms as Perl itself,
|
||||
either Perl version 5.8.4 or, at your option, any later version of Perl 5
|
||||
you may have available.
|
||||
licence</span></h3><br />
|
||||
<br />
|
||||
Copyright © 2005-2007 by Xavier Guimard
|
||||
<x.guimard@free.fr><br />
|
||||
<br />
|
||||
This library is free software; you can redistribute it and/or modify it
|
||||
under the same terms as Perl itself, either Perl version 5.8.4 or, at your
|
||||
option, any later version of Perl 5 you may have available.
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -14,6 +14,8 @@ my $docs = {
|
|||
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocInstall?language=en' => 'advanced-install.html',
|
||||
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Erreurs?language=en' => 'errors-fr.html',
|
||||
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Erreurs?language=fr' => 'errors.html',
|
||||
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocSOAP?language=fr' => 'soap-fr.html',
|
||||
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocLA?language=fr' => 'liberty-alliance-fr.html',
|
||||
};
|
||||
|
||||
my %imgs;
|
||||
|
@ -27,6 +29,7 @@ while ( my ( $url, $file ) = each %$docs ) {
|
|||
my $buf;
|
||||
my $ind = 0;
|
||||
my $div;
|
||||
my $pre = 0;
|
||||
while (<DOC>) {
|
||||
$ind++ if (/<div class="main-content">/);
|
||||
next unless ($ind);
|
||||
|
@ -35,6 +38,17 @@ while ( my ( $url, $file ) = each %$docs ) {
|
|||
$ind-- unless ($div);
|
||||
s/\r//g;
|
||||
utf8::decode($_);
|
||||
if(/<pre/) {
|
||||
$pre++;
|
||||
s#(?<=<pre)<p class="paragraph"/>#<br/><br/>#g;
|
||||
print STDERR "Trouvé: $`\n$&\n$'\n\n";
|
||||
}
|
||||
elsif($pre) {
|
||||
s#(?<!<\/pre)<p class="paragraph"/>#<br/><br/>#g;
|
||||
}
|
||||
$pre++ if(/<pre/);
|
||||
s#<p class="paragraph"/>#<br/><br/>#g if($pre);
|
||||
$pre-- if(/<\/pre/);
|
||||
if(s#(["'])/xwiki/bin/download/NG/Presentation/([\w\.\-]+)\1#$1$2$1#) {
|
||||
$imgs{$2} = 1;
|
||||
}
|
||||
|
@ -56,7 +70,7 @@ while ( my ( $url, $file ) = each %$docs ) {
|
|||
}
|
||||
close DOC;
|
||||
|
||||
open FILE, "|tidy -u -c -i -wrap 79 >$file";
|
||||
open FILE, "|tee /tmp/$file|tidy -u -c -i -wrap 79 >$file";
|
||||
print FILE '<?xml version="1.0" encoding="UTF-8" ?>
|
||||
<!DOCTYPE html PUBLIC "XHTML 1.0 Strict"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
|
|
@ -17,5 +17,6 @@ CREATE TABLE lmConfig (
|
|||
exportedVars text,
|
||||
managerDn text,
|
||||
managerPassword text,
|
||||
timeout int,
|
||||
whatToTrace text
|
||||
);
|
||||
|
|
|
@ -35,6 +35,7 @@ if($opts{c}) {
|
|||
exportedVars text,
|
||||
managerDn text,
|
||||
managerPassword text,
|
||||
timeout int,
|
||||
whatToTrace text\n);\n";
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user