LEMONLDAP::NG : documentation update + missing images
This commit is contained in:
parent
741e87b56a
commit
59bbd54920
BIN
build/lemonldap-ng/doc/DIA_DIT_Roles.png
Normal file
BIN
build/lemonldap-ng/doc/DIA_DIT_Roles.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 107 KiB |
|
@ -48,8 +48,18 @@
|
||||||
<li><a href="#HHabilitationbasedonaperiod">Habilitation based on a
|
<li><a href="#HHabilitationbasedonaperiod">Habilitation based on a
|
||||||
period</a></li>
|
period</a></li>
|
||||||
|
|
||||||
<li><a href="#HSendaroletoaprotectedapplication">Send a role to a
|
<li>
|
||||||
protected application</a></li>
|
<a href="#HSendaroletoaprotectedapplication">Send a role to a
|
||||||
|
protected application</a>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li><a href="#HRolesassimplevaluesofauserattribute">Roles as
|
||||||
|
simple values of a user attribute</a></li>
|
||||||
|
|
||||||
|
<li><a href="#HRolesasentriesinthedirectory">Roles as entries in
|
||||||
|
the directory</a></li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
@ -196,7 +206,7 @@ objectClass ( SSOOID:2:1
|
||||||
|
|
||||||
<div class="code">
|
<div class="code">
|
||||||
<pre>
|
<pre>
|
||||||
<span class="java-keyword">default</span> => $ssoName =~ /bacmeb/
|
<span class="java-keyword">default</span> => $ssoName =~ /\bacme\b/
|
||||||
</pre>
|
</pre>
|
||||||
</div><br />
|
</div><br />
|
||||||
<br />
|
<br />
|
||||||
|
@ -214,6 +224,146 @@ objectClass ( SSOOID:2:1
|
||||||
<h4 class="heading-1-1-1"><span id=
|
<h4 class="heading-1-1-1"><span id=
|
||||||
"HSendaroletoaprotectedapplication">Send a role to a protected
|
"HSendaroletoaprotectedapplication">Send a role to a protected
|
||||||
application</span></h4>
|
application</span></h4>
|
||||||
|
|
||||||
|
<h5 class="heading-1-1-1-1"><span id=
|
||||||
|
"HRolesassimplevaluesofauserattribute">Roles as simple values of a user
|
||||||
|
attribute</span></h5><br />
|
||||||
|
<br />
|
||||||
|
Imagine you've set your directory schema to store roles as values of
|
||||||
|
ssoRoles, an attribute of the user. This is simple because you can send
|
||||||
|
the role to the application by creating a HTTP header (for example
|
||||||
|
Auth-Role) with the concatened values (';' is the concatenation
|
||||||
|
string):<br />
|
||||||
|
<br />
|
||||||
|
|
||||||
|
<div class="code">
|
||||||
|
<pre>
|
||||||
|
Auth-Roles => $ssoRoles
|
||||||
|
</pre>
|
||||||
|
</div><br />
|
||||||
|
<br />
|
||||||
|
If the user has these values inside its entry:<br />
|
||||||
|
<br />
|
||||||
|
|
||||||
|
<div class="code">
|
||||||
|
<pre>
|
||||||
|
ssoRoles: user
|
||||||
|
ssoRoles: admin
|
||||||
|
</pre>
|
||||||
|
</div><br />
|
||||||
|
<br />
|
||||||
|
Then you got this value inside the Auth-Roles header:<br />
|
||||||
|
<br />
|
||||||
|
|
||||||
|
<div class="code">
|
||||||
|
<pre>
|
||||||
|
user;admin
|
||||||
|
</pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<h5 class="heading-1-1-1-1"><span id="HRolesasentriesinthedirectory">Roles
|
||||||
|
as entries in the directory</span></h5><br />
|
||||||
|
<br />
|
||||||
|
Now imagine the following DIT:<br />
|
||||||
|
<br />
|
||||||
|
<img src="DIA_DIT_Roles.png" alt="DIA_DIT_Roles.png" /><br />
|
||||||
|
<br />
|
||||||
|
Roles are entries, below branchs representing applications. Each user has
|
||||||
|
a ssoRoles attributes, which values are the DN of the corresponding roles.
|
||||||
|
With this oragnization, you can set roles to user within specific
|
||||||
|
application.<br />
|
||||||
|
<br />
|
||||||
|
In the schema above, the user has the following values:<br />
|
||||||
|
<br />
|
||||||
|
|
||||||
|
<div class="code">
|
||||||
|
<pre>
|
||||||
|
ssoRoles: ou=admin,ou=aaa,ou=roles,dc=acme,dc=com
|
||||||
|
ssoRoles: ou=user,ou=bbb,ou=roles,dc=acme,dc=com
|
||||||
|
</pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<p class="paragraph"></p>So he is "user" on application "BBB" and "admin"
|
||||||
|
on application "AAA".
|
||||||
|
|
||||||
|
<p class="paragraph"></p>Now we have to send to right role to the right
|
||||||
|
application trough LemonLDAP::NG.
|
||||||
|
|
||||||
|
<p class="paragraph"></p>First step: create a rule to grant access only if
|
||||||
|
the user has a role in the application:
|
||||||
|
|
||||||
|
<ul class="star">
|
||||||
|
<li>For application AAA:</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<div class="code">
|
||||||
|
<pre>
|
||||||
|
<span class="java-keyword">default</span> => $ssoRoles =~ /ou=aaa,ou=roles/
|
||||||
|
</pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<ul class="star">
|
||||||
|
<li>For application BBB:</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<div class="code">
|
||||||
|
<pre>
|
||||||
|
<span class="java-keyword">default</span> => $ssoRoles =~ /ou=bbb,ou=roles/
|
||||||
|
</pre>
|
||||||
|
</div><br />
|
||||||
|
<br />
|
||||||
|
Second step: get the role name for the application. We will use the macros
|
||||||
|
to do that. Create two macros (inside General Parameters > Macros):
|
||||||
|
|
||||||
|
<ul class="star">
|
||||||
|
<li>For application AAA:</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<div class="code">
|
||||||
|
<pre>
|
||||||
|
aaaRole => ((grep{/ou=aaa/} split(';',$ssoRoles))[0] =~ /ou=(.*),ou=aaa/)[0]
|
||||||
|
</pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<ul class="star">
|
||||||
|
<li>For application BBB:</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<div class="code">
|
||||||
|
<pre>
|
||||||
|
bbbRole => ((grep{/ou=bbb/} split(';',$ssoRoles))[0] =~ /ou=(.*),ou=bbb/)[0]
|
||||||
|
</pre>
|
||||||
|
</div><br />
|
||||||
|
<br />
|
||||||
|
These regular expressions read the 'ou' value of the DN of the role of the
|
||||||
|
concerned application. This work if the user has only one role per
|
||||||
|
application.<br />
|
||||||
|
<br />
|
||||||
|
Third step: provide the role to the application. It is done by creating
|
||||||
|
the correct HTTP header:
|
||||||
|
|
||||||
|
<ul class="star">
|
||||||
|
<li>For application AAA:</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<div class="code">
|
||||||
|
<pre>
|
||||||
|
Auth-Roles => $aaaRoles
|
||||||
|
</pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<ul class="star">
|
||||||
|
<li>For application BBB:</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<div class="code">
|
||||||
|
<pre>
|
||||||
|
Auth-Roles => $bbbRoles
|
||||||
|
</pre>
|
||||||
|
</div><br />
|
||||||
|
<br />
|
||||||
|
Now the protected application can read in the header HTTP_AUTH_ROLES the
|
||||||
|
role of the user.
|
||||||
</div>
|
</div>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
BIN
build/lemonldap-ng/doc/bouton_federid.png
Normal file
BIN
build/lemonldap-ng/doc/bouton_federid.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 1.2 KiB |
|
@ -123,8 +123,8 @@
|
||||||
<h4 class="heading-1-1-1"><span id="HLibertyAlliance">Liberty
|
<h4 class="heading-1-1-1"><span id="HLibertyAlliance">Liberty
|
||||||
Alliance</span></h4><br />
|
Alliance</span></h4><br />
|
||||||
<br />
|
<br />
|
||||||
<img src="/xwiki/bin/download/NG/DocLA/liberty_alliance_logo_jpeg.jpg"
|
<img src="liberty_alliance_logo_jpeg.jpg" alt=
|
||||||
alt="liberty_alliance_logo_jpeg.jpg" /><br />
|
"liberty_alliance_logo_jpeg.jpg" /><br />
|
||||||
<br />
|
<br />
|
||||||
Cette norme permet de fédérer des identités issues de
|
Cette norme permet de fédérer des identités issues de
|
||||||
référentiels différents (par exemple un annuaire, une
|
référentiels différents (par exemple un annuaire, une
|
||||||
|
@ -153,8 +153,7 @@
|
||||||
<h4 class="heading-1-1-1"><span id="HLeprojetFederID">Le projet
|
<h4 class="heading-1-1-1"><span id="HLeprojetFederID">Le projet
|
||||||
FederID</span></h4><br />
|
FederID</span></h4><br />
|
||||||
<br />
|
<br />
|
||||||
<img src="/xwiki/bin/download/NG/DocLA/bouton_federid.png" alt=
|
<img src="bouton_federid.png" alt="bouton_federid.png" /><br />
|
||||||
"bouton_federid.png" /><br />
|
|
||||||
<br />
|
<br />
|
||||||
Le projet <span class="wikiexternallink"><a href=
|
Le projet <span class="wikiexternallink"><a href=
|
||||||
"http://www.federid.org">FederID</a></span> vise à offrir une
|
"http://www.federid.org">FederID</a></span> vise à offrir une
|
||||||
|
|
BIN
build/lemonldap-ng/doc/liberty_alliance_logo_jpeg.jpg
Normal file
BIN
build/lemonldap-ng/doc/liberty_alliance_logo_jpeg.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 24 KiB |
|
@ -17,7 +17,7 @@ my $docs = {
|
||||||
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocSOAP?language=fr' => 'soap-fr.html',
|
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocSOAP?language=fr' => 'soap-fr.html',
|
||||||
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocLA?language=fr' => 'liberty-alliance-fr.html',
|
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocLA?language=fr' => 'liberty-alliance-fr.html',
|
||||||
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocPpolicy' => 'password-policy.html',
|
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocPpolicy' => 'password-policy.html',
|
||||||
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/SpecLDAPSchema' => 'advanced-access-rules.html',
|
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/LDAPSchema' => 'advanced-access-rules.html',
|
||||||
};
|
};
|
||||||
|
|
||||||
my %imgs;
|
my %imgs;
|
||||||
|
@ -58,7 +58,11 @@ while ( my ( $url, $file ) = each %$docs ) {
|
||||||
while (s#(?<=<pre>)(.*?)(?:<p[^>]*>\s*</p>|<p[^>]*/>)(.*?)(?=</pre>)#$1<br/><br/>$2#gi) {}
|
while (s#(?<=<pre>)(.*?)(?:<p[^>]*>\s*</p>|<p[^>]*/>)(.*?)(?=</pre>)#$1<br/><br/>$2#gi) {}
|
||||||
while (s#(?<=<pre>)(.*?)(?:<p[^>]*>\s*</p>|<p[^>]*/>)(.*?)(?!</pre>)#$1<br/><br/>$2#gi) {}
|
while (s#(?<=<pre>)(.*?)(?:<p[^>]*>\s*</p>|<p[^>]*/>)(.*?)(?!</pre>)#$1<br/><br/>$2#gi) {}
|
||||||
}
|
}
|
||||||
if(s#(["'])/xwiki/bin/download/NG/Presentation/([\w\.\-]+)\1#$1$2$1#) {
|
if(m#(["'])/xwiki/bin/download/([\/\w\.\-]+)\1#) {
|
||||||
|
$imgs{$2} = 1;
|
||||||
|
s#(["'])/xwiki/bin/download/(?:[\/\w\.\-]+)/([\w\.\-]+)\1#$1$2$1#;
|
||||||
|
}
|
||||||
|
if(s#(["'])/xwiki/bin/download/([\/\w\.\-]+)\1#$1$2$1#) {
|
||||||
$imgs{$2} = 1;
|
$imgs{$2} = 1;
|
||||||
}
|
}
|
||||||
if($file =~ /-fr/) {
|
if($file =~ /-fr/) {
|
||||||
|
@ -95,5 +99,5 @@ while ( my ( $url, $file ) = each %$docs ) {
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach(keys %imgs) {
|
foreach(keys %imgs) {
|
||||||
`wget -N http://wiki.lemonldap.objectweb.org/xwiki/bin/download/NG/Presentation/$_`;
|
`wget -N http://wiki.lemonldap.objectweb.org/xwiki/bin/download/$_`;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user