dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update doc

This commit is contained in:
Xavier Guimard 2018-07-14 22:23:25 +02:00
parent 7c2fbe8d2b
commit 5d13d022a4
24 changed files with 216 additions and 157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/pages/documentation/current/applications/alfresco.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:applications:alfresco</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,alfresco"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="alfresco.html"/>

4
doc/pages/documentation/current/applications/img/icons.png
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=ca8b27b06771874f4f7205ded14cfc7c" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=b080493cd401ddb4d6ec6dbe57503dcd" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -241,7 +241,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1529961293" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1531599531" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

4
doc/pages/documentation/current/applications/img/loader.gif
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=ca8b27b06771874f4f7205ded14cfc7c" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=b080493cd401ddb4d6ec6dbe57503dcd" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -241,7 +241,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1529961293" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1531599531" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

2
doc/pages/documentation/current/authfacebook.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authfacebook</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authfacebook"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authfacebook.html"/>

2
doc/pages/documentation/current/authtwitter.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authtwitter</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authtwitter"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authtwitter.html"/>

10
doc/pages/documentation/current/checkstate.html
View File

@ -48,11 +48,11 @@
<div class="level1">
<p>
This plugin can be used to check if portal instance is ready. This can be a health check to told keep-alive service to force a fail-over on the backup-node.
This plugin can be used to check if portal instance is ready. This can be a health check to request keep-alive service to force a fail-over on the backup-node.
</p>
</div>
<!-- EDIT1 SECTION "Check state plugin" [1-192] -->
<!-- EDIT1 SECTION "Check state plugin" [1-195] -->
<h2 class="sectionedit2" id="configuration">Configuration</h2>
<div class="level2">
@ -61,7 +61,7 @@ Just enable it in the manager (section “plugins”). You <em class="u">must</e
</p>
</div>
<!-- EDIT2 SECTION "Configuration" [193-310] -->
<!-- EDIT2 SECTION "Configuration" [196-313] -->
<h2 class="sectionedit3" id="usage">Usage</h2>
<div class="level2">
@ -84,12 +84,12 @@ When enabled, <code>/checkstate</code> <abbr title="Uniform Resource Locator">UR
<td class="col0 centeralign"> <code>password</code> </td><td class="col1 centeralign"> optional </td>
</tr>
</table></div>
<!-- EDIT4 TABLE [413-667] -->
<!-- EDIT4 TABLE [416-670] -->
<p>
Example: <code><a href="https://auth.example.com/checkstate?secret=qwerty&amp;user=dwho&amp;password=dwho" class="urlextern" title="https://auth.example.com/checkstate?secret=qwerty&amp;user=dwho&amp;password=dwho" rel="nofollow">https://auth.example.com/checkstate?secret=qwerty&amp;user=dwho&amp;password=dwho</a></code>
</p>
</div>
<!-- EDIT3 SECTION "Usage" [311-] --></div>
<!-- EDIT3 SECTION "Usage" [314-] --></div>
</body>
</html>

20
doc/pages/documentation/current/configlocation.html
View File

@ -344,7 +344,7 @@ In Portal virtual host, you will find several configuration parts:
<span class="kw1">DirectoryIndex</span> index.fcgi index.html
&lt;/<span class="kw3">IfModule</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> REST/SOAP end points (inactivated by default):</div>
<li class="level1"><div class="li"> REST/SOAP end points (disabled by default):</div>
</li>
</ul>
<pre class="code file apache"> <span class="co1"># REST/SOAP functions for sessions management (disabled by default)</span>
@ -368,7 +368,7 @@ In Portal virtual host, you will find several configuration parts:
&lt;/<span class="kw3">Location</span>&gt;</pre>
</div>
<!-- EDIT7 SECTION "Portal" [6660-8760] -->
<!-- EDIT7 SECTION "Portal" [6660-8757] -->
<h3 class="sectionedit8" id="manager1">Manager</h3>
<div class="level3">
@ -415,7 +415,7 @@ Configuration interface access is not protected by Apache but by LemonLDAP::NG i
</p>
</div>
<!-- EDIT8 SECTION "Manager" [8761-10304] -->
<!-- EDIT8 SECTION "Manager" [8758-10301] -->
<h3 class="sectionedit9" id="handler">Handler</h3>
<div class="level3">
<ul>
@ -468,7 +468,7 @@ Then, to protect a standard virtual host, the only configuration line to add is:
<pre class="code file apache">PerlHeaderParserHandler Lemonldap::NG::Handler</pre>
</div>
<!-- EDIT9 SECTION "Handler" [10305-11663] -->
<!-- EDIT9 SECTION "Handler" [10302-11660] -->
<h2 class="sectionedit10" id="nginx">Nginx</h2>
<div class="level2">
<div class="noteimportant">LemonLDAP::NG does not manage Nginx configuration
@ -491,7 +491,7 @@ See <a href="confignginx.html" class="wikilink1" title="documentation:2.0:config
<div class="notewarning"><a href="fastcgiserver.html" class="wikilink1" title="documentation:2.0:fastcgiserver">LL::NG FastCGI</a> server must be loaded separately.
</div>
</div>
<!-- EDIT10 SECTION "Nginx" [11664-12117] -->
<!-- EDIT10 SECTION "Nginx" [11661-12114] -->
<h3 class="sectionedit11" id="portal1">Portal</h3>
<div class="level3">
@ -563,7 +563,7 @@ In Portal virtual host, you will find several configuration parts:
}</pre>
</div>
<!-- EDIT11 SECTION "Portal" [12118-13909] -->
<!-- EDIT11 SECTION "Portal" [12115-13906] -->
<h3 class="sectionedit12" id="manager2">Manager</h3>
<div class="level3">
@ -597,7 +597,7 @@ By default, configuration interface access is not protected by Nginx but by Lemo
</p>
</div>
<!-- EDIT12 SECTION "Manager" [13910-14655] -->
<!-- EDIT12 SECTION "Manager" [13907-14652] -->
<h3 class="sectionedit13" id="handler1">Handler</h3>
<div class="level3">
@ -697,7 +697,7 @@ Then, to protect a standard virtual host, you must insert this (or create an inc
# Insert then your configuration (fastcgi_* or proxy_*)</pre>
</div>
<!-- EDIT13 SECTION "Handler" [14656-17742] -->
<!-- EDIT13 SECTION "Handler" [14653-17739] -->
<h2 class="sectionedit14" id="configuration_reload">Configuration reload</h2>
<div class="level2">
<div class="noteclassic">As Handlers keep configuration in cache, when configuration change, it should be updated in Handlers. An Apache restart will work, but LemonLDAP::NG offers the mean to reload them through an HTTP request. Configuration reload will then be effective in less than 10 minutes. If you want to change this timeout, set <code>checkTime = 240</code> in your lemonldap-ng.ini file <em>(values in seconds)</em>
@ -718,7 +718,7 @@ The <code>reload</code> target is managed in Apache or Nginx configuration, insi
</div><div class="noteimportant">If you want to use reload mechanism on a portal only host, you must install a handler in Portal host to be able to refresh local cache. Include <code>handler-nginx.conf</code> or <code>handler-apache2.conf</code> for example
</div>
</div>
<!-- EDIT14 SECTION "Configuration reload" [17743-19256] -->
<!-- EDIT14 SECTION "Configuration reload" [17740-19253] -->
<h2 class="sectionedit15" id="local_file">Local file</h2>
<div class="level2">
@ -752,6 +752,6 @@ For example, to override configured skin for portal:
<div class="notetip">You need to know the technical name of configuration parameter to do this. You can refer to <a href="parameterlist.html" class="wikilink1" title="documentation:2.0:parameterlist">parameter list</a> to find it.
</div>
</div>
<!-- EDIT15 SECTION "Local file" [19257-] --></div>
<!-- EDIT15 SECTION "Local file" [19254-] --></div>
</body>
</html>

4
doc/pages/documentation/current/error.html
View File

@ -84,7 +84,7 @@
<pre class="file">Unable to clear local cache</pre>
<p>
→ Local cache cannot be cleard, check the localStorage and localStorageOptions or file permissions
→ Local cache cannot be cleared, check the localStorage and localStorageOptions or file permissions
</p>
<pre class="file">Status module can not be loaded without localStorage parameter</pre>
@ -99,7 +99,7 @@
<pre class="file">User rejected because VirtualHost XXXX has no configuration</pre>
<p>
→ The specified virtual host was not configured in Manager.
→ The specified virtual host is not configured in Manager.
</p>
<pre class="file">mkdir /tmp/MyNamespace/2: Permission denied ...</pre>

20
doc/pages/documentation/current/federationproxy.html
View File

@ -62,19 +62,31 @@ So you can configure it to authenticate users using a federation protocol and si
</p>
<p>
Schemes validated:
Schemes tested:
</p>
<ul>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr>-SP <strong></strong> LLNG as <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML</a>/<a href="authopenidconnect.html" class="wikilink1" title="documentation:2.0:authopenidconnect">OpenID-Connect</a> proxy <strong></strong> OIDC Provider</div>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> / OpenID-Connect:</div>
<ul>
<li class="level2"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr>-SP <strong></strong> LLNG as <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML</a>/<a href="authopenidconnect.html" class="wikilink1" title="documentation:2.0:authopenidconnect">OpenID-Connect</a> proxy <strong></strong> OIDC Provider</div>
</li>
<li class="level1"><div class="li"> OIDC-RP <strong></strong> LLNG as <a href="idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect">OpenID-Connect</a>/<a href="authsaml.html" class="wikilink1" title="documentation:2.0:authsaml">SAML</a> proxy <strong></strong> <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Provider</div>
<li class="level2"><div class="li"> OIDC-RP <strong></strong> LLNG as <a href="idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect">OpenID-Connect</a>/<a href="authsaml.html" class="wikilink1" title="documentation:2.0:authsaml">SAML</a> proxy <strong></strong> <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Provider</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> / <abbr title="Central Authentication Service">CAS</abbr></div>
<ul>
<li class="level2"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr>-SP <strong></strong> LLNG as <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML</a>/<a href="authcas.html" class="wikilink1" title="documentation:2.0:authcas">CAS</a> proxy <strong></strong> <abbr title="Central Authentication Service">CAS</abbr> Server</div>
</li>
<li class="level2"><div class="li"> <abbr title="Central Authentication Service">CAS</abbr> Application <strong></strong> LLNG as <a href="idpcas.html" class="wikilink1" title="documentation:2.0:idpcas">CAS</a>/<a href="authsaml.html" class="wikilink1" title="documentation:2.0:authsaml">SAML</a> proxy <strong></strong> <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Provider</div>
</li>
</ul>
</li>
</ul>
<p>
Note that OpenID-Connect consortium hasn&#039;t already defined single-logout initiated by OpenID-Connect Provider. LLNG will implement it when this standard will be published.
</p>
<div class="noteimportant">Development of federation can be complex. Don&#039;t hesitate to contact us on lemonldap-ng-users@ow2.org
<div class="noteimportant">Federation proxy installation can be complex. Don&#039;t hesitate to contact us on lemonldap-ng-users@ow2.org
</div>
<p>
See the following chapters:

18
doc/pages/documentation/current/idpsaml.html
View File

@ -60,8 +60,11 @@
<li class="level3"><div class="li"><a href="#metadata">Metadata</a></div></li>
<li class="level3"><div class="li"><a href="#exported_attributes">Exported attributes</a></div></li>
<li class="level3"><div class="li"><a href="#options">Options</a></div></li>
</ul></li>
</ul></li>
</ul>
</li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#known_issues">Known issues</a></div></li>
</ul>
</div>
</div>
@ -273,6 +276,15 @@ For example: <a href="http://auth.example.com/saml/singleSignOn?IDPInitiated=1&a
</div>
</div>
<!-- EDIT7 SECTION "Register partner Service Provider on LemonLDAP::NG" [1093-] --></div>
<!-- EDIT7 SECTION "Register partner Service Provider on LemonLDAP::NG" [1093-4707] -->
<h2 class="sectionedit8" id="known_issues">Known issues</h2>
<div class="level2">
<p>
Using both Issuer::<abbr title="Security Assertion Markup Language">SAML</abbr> and Auth::<abbr title="Security Assertion Markup Language">SAML</abbr> on the same LLNG may have some side-effects on single-logout.
</p>
</div>
<!-- EDIT8 SECTION "Known issues" [4708-] --></div>
</body>
</html>

32
doc/pages/documentation/current/logs.html
View File

@ -91,7 +91,7 @@ Each category can be handle by a different logging framework. You can choose bet
</li>
<li class="level1"><div class="li"> <strong>Lemonldap::NG::Common::Logger::Syslog</strong>: syslog logging</div>
</li>
<li class="level1"><div class="li"> <strong>Lemonldap::NG::Common::Logger::Apache2</strong>: use Apache2 logging, levels are stored in Apache2 logs and the level is controlled by <code>LogLevel</code> Apache parameter</div>
<li class="level1"><div class="li"> <strong>Lemonldap::NG::Common::Logger::Apache2</strong>: use Apache2 logging, levels are stored in Apache2 logs and the log level is defined by <code>LogLevel</code> Apache parameter</div>
</li>
<li class="level1"><div class="li"> <strong>Lemonldap::NG::Common::Logger::Log4perl</strong>: use <code>Log4perl</code> framework to log <em>(inspired by Java Log4J)</em></div>
</li>
@ -100,9 +100,11 @@ Each category can be handle by a different logging framework. You can choose bet
<li class="level1"><div class="li"> <strong>Lemonldap::NG::Common::Logger::Dispatch</strong>: dispatch logs in other backends depending on log level</div>
</li>
</ul>
<div class="noteimportant">Except for Apache2 and Log4Perl, log level is defined by <code>logLevel</code> parameter set in <code>lemonldap-ng.ini</code> file. Logger configurations are defined in lemonldap-ng.ini.
</div>
<p>
Except for Apache2 and Log4Perl, log level is defined by <code>logLevel</code> parameter set in <code>lemonldap-ng.ini</code> file. Logger configurations are defined in lemonldap-ng.ini. Example:
Example:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>all<span class="br0">&#93;</span></span>
<span class="re1">logger</span> <span class="sy0">=</span><span class="re2"> Lemonldap::NG::Common::Logger::Log4perl</span>
@ -114,11 +116,11 @@ You can also modify these values in each lemonldap-ng.ini section to have differ
</p>
<p>
LLNG provides also a username that can be used by webservers in their access log. To configure the user identifier in access log, go in Manager, <code>General Parameters</code> &gt; <code>Logging</code> &gt; <code>REMOTE_USER</code>.
Therefore, LLNG provides a username that can be used by webservers in their access log. To configure the user identifier to write into access logs, go into Manager, <code>General Parameters</code> &gt; <code>Logging</code> &gt; <code>REMOTE_USER</code>.
</p>
</div>
<!-- EDIT1 SECTION "Logs" [1-1527] -->
<!-- EDIT1 SECTION "Logs" [1-1571] -->
<h2 class="sectionedit2" id="default_loggers">Default loggers</h2>
<div class="level2">
<ul>
@ -131,12 +133,12 @@ LLNG provides also a username that can be used by webservers in their access log
</ul>
</div>
<!-- EDIT2 SECTION "Default loggers" [1528-1847] -->
<!-- EDIT2 SECTION "Default loggers" [1572-1891] -->
<h2 class="sectionedit3" id="log_levels">Log levels</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Log levels" [1848-1871] -->
<!-- EDIT3 SECTION "Log levels" [1892-1915] -->
<h3 class="sectionedit4" id="technical_log_levels">Technical log levels</h3>
<div class="level3">
<ul>
@ -153,7 +155,7 @@ LLNG provides also a username that can be used by webservers in their access log
</ul>
</div>
<!-- EDIT4 SECTION "Technical log levels" [1872-2281] -->
<!-- EDIT4 SECTION "Technical log levels" [1916-2325] -->
<h3 class="sectionedit5" id="log_levels_for_user_actions">Log levels for user actions</h3>
<div class="level3">
<ul>
@ -170,12 +172,12 @@ LLNG provides also a username that can be used by webservers in their access log
</ul>
</div>
<!-- EDIT5 SECTION "Log levels for user actions" [2282-2675] -->
<!-- EDIT5 SECTION "Log levels for user actions" [2326-2719] -->
<h2 class="sectionedit6" id="logger_configuration">Logger configuration</h2>
<div class="level2">
</div>
<!-- EDIT6 SECTION "Logger configuration" [2676-2709] -->
<!-- EDIT6 SECTION "Logger configuration" [2720-2753] -->
<h3 class="sectionedit7" id="std_logger">Std logger</h3>
<div class="level3">
@ -184,7 +186,7 @@ Nothing to configure except logLevel.
</p>
</div>
<!-- EDIT7 SECTION "Std logger" [2710-2770] -->
<!-- EDIT7 SECTION "Std logger" [2754-2814] -->
<h3 class="sectionedit8" id="apache2_logger">Apache2 logger</h3>
<div class="level3">
@ -197,7 +199,7 @@ See <a href="http://httpd.apache.org/docs/current/mod/core.html#loglevel" class=
</p>
</div>
<!-- EDIT8 SECTION "Apache2 logger" [2771-3006] -->
<!-- EDIT8 SECTION "Apache2 logger" [2815-3050] -->
<h3 class="sectionedit9" id="syslog">Syslog</h3>
<div class="level3">
@ -208,7 +210,7 @@ You can choose facility in lemonldap-ng.ini file. Default values:
<span class="re1">userSyslogFacility</span> <span class="sy0">=</span><span class="re2"> auth</span></pre>
</div>
<!-- EDIT9 SECTION "Syslog" [3007-3165] -->
<!-- EDIT9 SECTION "Syslog" [3051-3209] -->
<h3 class="sectionedit10" id="log4perl">Log4perl</h3>
<div class="level3">
@ -220,7 +222,7 @@ You can indicate the Log4perl configuration file and the classes to use. Default
<span class="re1">log4perlUserLogger</span> <span class="sy0">=</span><span class="re2"> LLNG.user</span></pre>
</div>
<!-- EDIT10 SECTION "Log4perl" [3166-3392] -->
<!-- EDIT10 SECTION "Log4perl" [3210-3436] -->
<h3 class="sectionedit11" id="sentry">Sentry</h3>
<div class="level3">
@ -231,7 +233,7 @@ You just have to give your DSN:
<div class="noteimportant">This experimental logger requires <a href="https://metacpan.org/pod/Sentry::Raven" class="urlextern" title="https://metacpan.org/pod/Sentry::Raven" rel="nofollow">Sentry::Raven</a> Perl module.
</div>
</div>
<!-- EDIT11 SECTION "Sentry" [3393-3614] -->
<!-- EDIT11 SECTION "Sentry" [3437-3658] -->
<h3 class="sectionedit12" id="dispatch">Dispatch</h3>
<div class="level3">
@ -249,6 +251,6 @@ Use it to use more than one logger. Example:
<div class="noteimportant">At least <code>logDispatchError</code> <em>(or <code>userLogDispatchError</code> for user logs)</em> must be defined. All sub level will be dispatched on it, until another lever is declared. In the above example, Sentry collects <code>error</code> and <code>warn</code> levels and all user actions, while syslog stores technical <code>notice</code>, <code>info</code> and <code>debug</code> logs.
</div>
</div>
<!-- EDIT12 SECTION "Dispatch" [3615-] --></div>
<!-- EDIT12 SECTION "Dispatch" [3659-] --></div>
</body>
</html>

10
doc/pages/documentation/current/monitoring.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:monitoring</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,monitoring"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="monitoring.html"/>
@ -45,19 +45,19 @@
<div class="dokuwiki export container">
<p>
Handler can be monitor using MRTG. See <a href="mrtg.html" class="wikilink1" title="documentation:2.0:mrtg">MRTG monitoring</a>.
Handler can be monitored by using MRTG. See <a href="mrtg.html" class="wikilink1" title="documentation:2.0:mrtg">MRTG monitoring</a>.
</p>
<p>
Portal can also publish its status using REST. To enable it, go to the manager, general parameters, advanced parameters. Then enable portal status.
Portal can also publish its status using REST. To enable it, go to the manager, general parameters, plugins. Then enable “publish portal status” option.
</p>
<p>
Then protect <a href="http://auth.yourdomain/portalStatus" class="urlextern" title="http://auth.yourdomain/portalStatus" rel="nofollow">http://auth.yourdomain/portalStatus</a> in your webserver configuration.
Then protect <a href="http://auth.yourdomain/portalStatus" class="urlextern" title="http://auth.yourdomain/portalStatus" rel="nofollow">http://auth.yourdomain/portalStatus</a> in webserver configuration.
</p>
<p>
This REST <abbr title="Uniform Resource Locator">URL</abbr> just publish a hash containing number of sessions of each type.
This REST <abbr title="Uniform Resource Locator">URL</abbr> just publishes a hash containing number of sessions of each type.
</p>
</div>
</body>

2
doc/pages/documentation/current/parameterlist.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:parameterlist</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,parameterlist"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="parameterlist.html"/>

65
doc/pages/documentation/current/prereq.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:prereq</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,prereq"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="prereq.html"/>
@ -55,6 +55,7 @@
<li class="level2"><div class="li"><a href="#core">Core</a></div></li>
<li class="level2"><div class="li"><a href="#deprecated_features">Deprecated features</a></div></li>
<li class="level2"><div class="li"><a href="#saml2">SAML2</a></div></li>
<li class="level2"><div class="li"><a href="#second_factor">Second factor</a></div></li>
<li class="level2"><div class="li"><a href="#specific_authentication_backends">Specific authentication backends</a></div></li>
<li class="level2"><div class="li"><a href="#smtpreset_password_by_mail">SMTP / Reset password by mail</a></div></li>
<li class="level2"><div class="li"><a href="#unit_tests">Unit tests</a></div></li>
@ -63,7 +64,7 @@
<li class="level1"><div class="li"><a href="#other">Other</a></div></li>
<li class="level1"><div class="li"><a href="#install_dependencies_on_your_system">Install dependencies on your system</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#apt-get">APT-GET</a></div></li>
<li class="level2"><div class="li"><a href="#apt">APT</a></div></li>
<li class="level2"><div class="li"><a href="#yum">YUM</a></div></li>
</ul></li>
</ul>
@ -103,10 +104,10 @@ For Apache2, you can use all workers mpm-worker, mpm-prefork and mpm-event. Mpm-
<!-- EDIT2 SECTION "Web Server" [48-610] -->
<h2 class="sectionedit3" id="perl">Perl</h2>
<div class="level2">
<div class="noteclassic">Here the list of Perl modules used in LemonLDAP::NG. Core modules must be installed on the system. Other modules must be installed only if you planned to use the related feature.
<div class="noteclassic">Here the list of Perl modules used in LemonLDAP::NG. Core modules must be installed on the system. Other modules are required only if you plan to use related features.
</div>
</div>
<!-- EDIT3 SECTION "Perl" [611-821] -->
<!-- EDIT3 SECTION "Perl" [611-810] -->
<h3 class="sectionedit4" id="core">Core</h3>
<div class="level3">
<ul>
@ -181,7 +182,7 @@ For Apache2, you can use all workers mpm-worker, mpm-prefork and mpm-event. Mpm-
</ul>
</div>
<!-- EDIT4 SECTION "Core" [822-1445] -->
<!-- EDIT4 SECTION "Core" [811-1434] -->
<h3 class="sectionedit5" id="deprecated_features">Deprecated features</h3>
<div class="level3">
<ul>
@ -204,7 +205,7 @@ For Apache2, you can use all workers mpm-worker, mpm-prefork and mpm-event. Mpm-
</ul>
</div>
<!-- EDIT5 SECTION "Deprecated features" [1446-1614] -->
<!-- EDIT5 SECTION "Deprecated features" [1435-1603] -->
<h3 class="sectionedit6" id="saml2">SAML2</h3>
<div class="level3">
<ul>
@ -217,8 +218,19 @@ For Apache2, you can use all workers mpm-worker, mpm-prefork and mpm-event. Mpm-
</ul>
</div>
<!-- EDIT6 SECTION "SAML2" [1615-1700] -->
<h3 class="sectionedit7" id="specific_authentication_backends">Specific authentication backends</h3>
<!-- EDIT6 SECTION "SAML2" [1604-1689] -->
<h3 class="sectionedit7" id="second_factor">Second factor</h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> Crypt::U2F::Server::Simple (U2F keys)</div>
</li>
<li class="level1"><div class="li"> Convert::Base32 (TOTP)</div>
</li>
</ul>
</div>
<!-- EDIT7 SECTION "Second factor" [1690-1783] -->
<h3 class="sectionedit8" id="specific_authentication_backends">Specific authentication backends</h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> Facebook:</div>
@ -260,32 +272,38 @@ For Apache2, you can use all workers mpm-worker, mpm-prefork and mpm-event. Mpm-
</ul>
</div>
<!-- EDIT7 SECTION "Specific authentication backends" [1701-1929] -->
<h3 class="sectionedit8" id="smtpreset_password_by_mail">SMTP / Reset password by mail</h3>
<!-- EDIT8 SECTION "Specific authentication backends" [1784-2012] -->
<h3 class="sectionedit9" id="smtpreset_password_by_mail">SMTP / Reset password by mail</h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> Email::Sender</div>
</li>
<li class="level1"><div class="li"> String::Random</div>
</li>
<li class="level1"><div class="li"> Net::SMTP</div>
</li>
</ul>
</div>
<!-- EDIT8 SECTION "SMTP / Reset password by mail" [1930-2008] -->
<h3 class="sectionedit9" id="unit_tests">Unit tests</h3>
<!-- EDIT9 SECTION "SMTP / Reset password by mail" [2013-2105] -->
<h3 class="sectionedit10" id="unit_tests">Unit tests</h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> Test::POD</div>
</li>
<li class="level1"><div class="li"> Test::MockObject</div>
</li>
<li class="level1"><div class="li"> Crypt::U2F::Server</div>
</li>
<li class="level1"><div class="li"> Authen::U2F::Tester</div>
</li>
<li class="level1"><div class="li"> YAML</div>
</li>
</ul>
</div>
<!-- EDIT9 SECTION "Unit tests" [2009-2075] -->
<h2 class="sectionedit10" id="other">Other</h2>
<!-- EDIT10 SECTION "Unit tests" [2106-2219] -->
<h2 class="sectionedit11" id="other">Other</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> Jquery (javascript framework) is included in tarball and RPMs, but is a dependency on Debian official releases</div>
@ -293,13 +311,14 @@ For Apache2, you can use all workers mpm-worker, mpm-prefork and mpm-event. Mpm-
</ul>
</div>
<!-- EDIT10 SECTION "Other" [2076-2210] -->
<h2 class="sectionedit11" id="install_dependencies_on_your_system">Install dependencies on your system</h2>
<!-- EDIT11 SECTION "Other" [2220-2354] -->
<h2 class="sectionedit12" id="install_dependencies_on_your_system">Install dependencies on your system</h2>
<div class="level2">
<div class="notewarning">You don&#039;t need to install them if you use <abbr title="LemonLDAP::NG">LL::NG</abbr> packages. With <code>apt</code> or <code>yum</code>, dependencies will be automatically installed.
</div>
<!-- EDIT11 SECTION "Install dependencies on your system" [2211-2260] -->
<h3 class="sectionedit12" id="apt-get">APT-GET</h3>
</div>
<!-- EDIT12 SECTION "Install dependencies on your system" [2355-2554] -->
<h3 class="sectionedit13" id="apt">APT</h3>
<div class="level3">
<p>
@ -318,10 +337,10 @@ For Nginx:
<pre class="code">apt install nginx nginx-extras</pre>
</div>
<!-- EDIT12 SECTION "APT-GET" [2261-3043] -->
<h3 class="sectionedit13" id="yum">YUM</h3>
<!-- EDIT13 SECTION "APT" [2555-3333] -->
<h3 class="sectionedit14" id="yum">YUM</h3>
<div class="level3">
<div class="notetip">You need <a href="http://fedoraproject.org/wiki/EPEL/" class="urlextern" title="http://fedoraproject.org/wiki/EPEL/" rel="nofollow">EPEL</a> repository. See how you can activate this repository: <a href="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse" class="urlextern" title="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse" rel="nofollow">http://fedoraproject.org/wiki/EPEL/FAQ#howtouse</a>
<div class="notetip">You need <a href="http://fedoraproject.org/wiki/EPEL/" class="urlextern" title="http://fedoraproject.org/wiki/EPEL/" rel="nofollow">EPEL</a> repository. See below how to enable this repository: <a href="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse" class="urlextern" title="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse" rel="nofollow">http://fedoraproject.org/wiki/EPEL/FAQ#howtouse</a>
</div>
<p>
Perl dependencies:
@ -340,6 +359,6 @@ For Nginx:
<div class="noteimportant">As you need a recent version of Nginx, the best is to install <a href="https://www.nginx.com/resources/wiki/start/topics/tutorials/install/#official-red-hat-centos-packages" class="urlextern" title="https://www.nginx.com/resources/wiki/start/topics/tutorials/install/#official-red-hat-centos-packages" rel="nofollow">Nginx official packages</a>.
</div>
</div>
<!-- EDIT13 SECTION "YUM" [3044-] --></div>
<!-- EDIT14 SECTION "YUM" [3334-] --></div>
</body>
</html>

7
doc/pages/documentation/current/psgi.html
View File

@ -229,7 +229,8 @@ You will find in LLNG Nginx configuration files some comments that explain how t
<p>
lemonldap-ng-uwsgi-app installs a uWSGI application: <code>/etc/uwsgi/apps-available/llng-server.yaml</code>. To enable it, link it in <code>apps-enabled</code> and restart your uWSGI daemon:
</p>
<pre class="code shell">cd /etc/uwsgi/apps-enabled
<pre class="code shell">apt-get install uwsgi uwsgi-plugin-psgi
cd /etc/uwsgi/apps-enabled
ln -s ../apps-available/llng-server.yaml
service uwsgi restart</pre>
@ -238,7 +239,7 @@ Then adapt your Nginx configuration to use this uWSGI app.
</p>
</div>
<!-- EDIT5 SECTION "Using uWSGI" [3413-4230] -->
<!-- EDIT5 SECTION "Using uWSGI" [3413-4270] -->
<h2 class="sectionedit6" id="protect_a_psgi_application">Protect a PSGI application</h2>
<div class="level2">
@ -282,6 +283,6 @@ builder <span class="br0">&#123;</span>
</dd></dl>
</div>
<!-- EDIT6 SECTION "Protect a PSGI application" [4231-] --></div>
<!-- EDIT6 SECTION "Protect a PSGI application" [4271-] --></div>
</body>
</html>

4
doc/pages/documentation/current/restserverplugin
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=ca8b27b06771874f4f7205ded14cfc7c" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=b080493cd401ddb4d6ec6dbe57503dcd" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -241,7 +241,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1529961311" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1531599550" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

28
doc/pages/documentation/current/secondfactor.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:secondfactor</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,secondfactor"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="secondfactor.html"/>
@ -66,14 +66,14 @@
<div class="level1">
<p>
Two-Factor Authentication <em>(as known as 2FA)</em> is a kind (subset) of <a href="https://en.wikipedia.org/wiki/Multi-factor_authentication" class="urlextern" title="https://en.wikipedia.org/wiki/Multi-factor_authentication" rel="nofollow">multi-factor authentication</a>. It is a method to confirm a user&#039;s claimed identity by using a combination of two different factors :
Two-Factor Authentication <em>(as known as 2FA)</em> is a kind (subset) of <a href="https://en.wikipedia.org/wiki/Multi-factor_authentication" class="urlextern" title="https://en.wikipedia.org/wiki/Multi-factor_authentication" rel="nofollow">multi-factor authentication</a>. It is a method to confirm a user&#039;s claimed identity by using a combination of two different factors between:
</p>
<ol>
<li class="level1"><div class="li"> something they know <em>(login / password, …)</em>,</div>
<li class="level1"><div class="li"> something they know <em>(login / password, …)</em></div>
</li>
<li class="level1"><div class="li"> something they have <em>(U2F Key, smartphone, …) or </em> </div>
<li class="level1"><div class="li"> something they have <em>(U2F Key, smartphone, …) </em> </div>
</li>
<li class="level1"><div class="li"> something they are <em>(biometrics like fingerprints, …)</em>.</div>
<li class="level1"><div class="li"> something they are <em>(biometrics like fingerprints, …)</em></div>
</li>
</ol>
@ -83,20 +83,20 @@ Since 2.0, LLNG provides some second factor plugins that can be used to complete
<ul>
<li class="level1"><div class="li"> <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">U2F tokens</a></div>
</li>
<li class="level1"><div class="li"> <a href="totp2f.html" class="wikilink1" title="documentation:2.0:totp2f">TOTP</a> <em>(to use with <a href="https://freeotp.github.io/" class="urlextern" title="https://freeotp.github.io/" rel="nofollow">FreeOTP</a>, ||<a href="https://en.wikipedia.org/wiki/Google_Authenticator" class="urlextern" title="https://en.wikipedia.org/wiki/Google_Authenticator" rel="nofollow">https://en.wikipedia.org/wiki/Google_Authenticator</a>|Google-Authenticator]],…)</em></div>
<li class="level1"><div class="li"> <a href="totp2f.html" class="wikilink1" title="documentation:2.0:totp2f">TOTP</a> <em>(to use with <a href="https://freeotp.github.io/" class="urlextern" title="https://freeotp.github.io/" rel="nofollow">FreeOTP</a>, <a href="https://en.wikipedia.org/wiki/Google_Authenticator" class="urlextern" title="https://en.wikipedia.org/wiki/Google_Authenticator" rel="nofollow">Google-Authenticator</a>,…)</em></div>
</li>
<li class="level1"><div class="li"> <a href="utotp2f.html" class="wikilink1" title="documentation:2.0:utotp2f">U2F-or-TOTP</a> <em>(enable both U2F and TOTP)</em></div>
</li>
<li class="level1"><div class="li"> <a href="yubikey2f.html" class="wikilink1" title="documentation:2.0:yubikey2f">Yubikey tokens</a> <em> provide by Yubico</em> </div>
</li>
<li class="level1"><div class="li"> <a href="rest2f.html" class="wikilink1" title="documentation:2.0:rest2f">REST</a> <em>(to call an external command)</em> </div>
<li class="level1"><div class="li"> <a href="rest2f.html" class="wikilink1" title="documentation:2.0:rest2f">REST</a> <em>(Remote REST app)</em> </div>
</li>
<li class="level1"><div class="li"> <a href="external2f.html" class="wikilink1" title="documentation:2.0:external2f">External 2F</a> <em>(Remote REST app) </em> </div>
<li class="level1"><div class="li"> <a href="external2f.html" class="wikilink1" title="documentation:2.0:external2f">External 2F</a> <em>(to call an external command)</em> </div>
</li>
</ul>
</div>
<!-- EDIT1 SECTION "Second Factors" [1-993] -->
<!-- EDIT1 SECTION "Second Factors" [1-994] -->
<h2 class="sectionedit2" id="providing_tokens_from_an_external_source">Providing tokens from an external source</h2>
<div class="level2">
@ -106,25 +106,25 @@ If you don&#039;t want to use self-registration features for U2F, TOTP and so on
<pre class="code json">[ {&quot;type&quot; : &quot;TOTP&quot;, &quot;name&quot; : &quot;MyTOTP&quot;, …}, {&lt;other_token&gt;}, …]</pre>
</div>
<!-- EDIT2 SECTION "Providing tokens from an external source" [994-1387] -->
<!-- EDIT2 SECTION "Providing tokens from an external source" [995-1388] -->
<h3 class="sectionedit3" id="u2f_tokens">U2F Tokens</h3>
<div class="level3">
<pre class="code json">{&quot;name&quot; : &quot;MyU2FKey&quot; , &quot;type&quot; : &quot;U2F&quot; , &quot;_userKey&quot; : &quot;########&quot; , &quot;_keyHandle&quot;:&quot;########&quot; , &quot;epoch&quot;:&quot;1524078936&quot;}</pre>
</div>
<!-- EDIT3 SECTION "U2F Tokens" [1388-1545] -->
<!-- EDIT3 SECTION "U2F Tokens" [1389-1546] -->
<h3 class="sectionedit4" id="totp_tokens">TOTP Tokens</h3>
<div class="level3">
<pre class="code json">{&quot;name&quot; : &quot;MyTOTP&quot; , &quot;type&quot; : &quot;TOTP&quot; , &quot;_secret&quot; : &quot;########&quot; , &quot;epoch&quot; : &quot;1523817955&quot;}</pre>
</div>
<!-- EDIT4 SECTION "TOTP Tokens" [1546-1678] -->
<!-- EDIT4 SECTION "TOTP Tokens" [1547-1679] -->
<h3 class="sectionedit5" id="yubikey_tokens">Yubikey Tokens</h3>
<div class="level3">
<pre class="code json">{&quot;name&quot; : &quot;MyYubikey&quot; , &quot;type&quot; : &quot;UBK&quot; , &quot;_yubikey&quot; : &quot;########&quot; , &quot;epoch&quot; : &quot;1523817715&quot;}</pre>
</div>
<!-- EDIT5 SECTION "Yubikey Tokens" [1679-1817] -->
<!-- EDIT5 SECTION "Yubikey Tokens" [1680-1818] -->
<h2 class="sectionedit6" id="developer_corner">Developer corner</h2>
<div class="level2">
@ -141,6 +141,6 @@ To enable manager Second Factor Administration Module, set <code>enabledModules<
<span class="re1">enabledModules</span> <span class="sy0">=</span><span class="re2"> conf, sessions, notifications, 2ndFA</span></pre>
</div>
<!-- EDIT6 SECTION "Developer corner" [1818-] --></div>
<!-- EDIT6 SECTION "Developer corner" [1819-] --></div>
</body>
</html>

34
doc/pages/documentation/current/security.html
View File

@ -183,9 +183,9 @@ If you use <a href="soapsessionbackend.html" class="wikilink1" title="documentat
<div class="level3">
<p>
<a href="writingrulesand_headers.html#rules" class="wikilink1" title="documentation:2.0:writingrulesand_headers">Rules</a> are applied in alphabetical order (comment and regular expression). The first rule that matches is applied.
<a href="writingrulesand_headers.html#rules" class="wikilink1" title="documentation:2.0:writingrulesand_headers">Rules</a> are applied in alphabetical order (comment and regular expression). The first matching rule is applied.
</p>
<div class="noteimportant">The “default” rule is only applied if no other rule match
<div class="noteimportant">The “default” rule is only applied if no other rule matchs
</div>
<p>
The Manager let you define comments in rules, to order them:
@ -211,7 +211,7 @@ For example, if these rules are used without comments:
<td class="col0"> ^/pub/ </td><td class="col1"> accept </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT10 TABLE [3378-3488] -->
<!-- EDIT10 TABLE [3375-3485] -->
<p>
Then the second rule will be applied first, so every authenticated user will access to <code>/pub/admin</code> directory.
</p>
@ -232,8 +232,8 @@ Use comment to correct this:
<td class="col0"> ^/pub/ </td><td class="col1"> accept </td><td class="col2"> 2_pub </td>
</tr>
</table></div>
<!-- EDIT11 TABLE [3633-3757] --><div class="notetip"><ul>
<li class="level1"><div class="li"> Reload the Manager to see the order that will be used</div>
<!-- EDIT11 TABLE [3630-3754] --><div class="notetip"><ul>
<li class="level1"><div class="li"> Reload the Manager to see the effective order</div>
</li>
<li class="level1"><div class="li"> Use rule comments to order your rules</div>
</li>
@ -241,7 +241,7 @@ Use comment to correct this:
</div>
</div>
<!-- EDIT9 SECTION "Order your rules" [2962-3878] -->
<!-- EDIT9 SECTION "Order your rules" [2962-3867] -->
<h3 class="sectionedit12" id="be_careful_with_url_parameters">Be careful with URL parameters</h3>
<div class="level3">
@ -265,7 +265,7 @@ For example with this rule on the <code>access</code> parameter:
<td class="col0"> default </td><td class="col1"> accept </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT13 TABLE [4115-4249] -->
<!-- EDIT13 TABLE [4104-4238] -->
<p>
Then a user that try to access to one of the following <em class="u">will be granted</em> !
</p>
@ -295,11 +295,11 @@ You can use the following rules instead:
<td class="col0"> default </td><td class="col1"> accept </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT14 TABLE [4447-4650] --><div class="notetip"><strong>(?i)</strong> means case no sensitive.
<!-- EDIT14 TABLE [4436-4639] --><div class="notetip"><strong>(?i)</strong> means case no sensitive.
</div><div class="notewarning">Remember that rules written on GET parameters must be tested.
</div>
</div>
<!-- EDIT12 SECTION "Be careful with URL parameters" [3879-4787] -->
<!-- EDIT12 SECTION "Be careful with URL parameters" [3868-4776] -->
<h3 class="sectionedit15" id="encoded_characters">Encoded characters</h3>
<div class="level3">
@ -308,7 +308,7 @@ Some characters are encoded in URLs by the browser (such as space,…). To avoid
</p>
</div>
<!-- EDIT15 SECTION "Encoded characters" [4788-5041] -->
<!-- EDIT15 SECTION "Encoded characters" [4777-5030] -->
<h2 class="sectionedit16" id="secure_reverse-proxies">Secure reverse-proxies</h2>
<div class="level2">
@ -354,7 +354,7 @@ It is recommended to secure the channel between reverse-proxies and application
</ul>
</div>
<!-- EDIT16 SECTION "Secure reverse-proxies" [5042-6710] -->
<!-- EDIT16 SECTION "Secure reverse-proxies" [5031-6699] -->
<h2 class="sectionedit17" id="configure_security_settings">Configure security settings</h2>
<div class="level2">
@ -381,12 +381,12 @@ Go in Manager, <code>General parameters</code> » <code>Advanced parameters</cod
</ul>
</div>
<!-- EDIT17 SECTION "Configure security settings" [6711-8044] -->
<!-- EDIT17 SECTION "Configure security settings" [6700-8033] -->
<h2 class="sectionedit18" id="fail2ban">Fail2ban</h2>
<div class="level2">
<p>
For block brute force attack with fail2ban
To prevent brute force attack with fail2ban
</p>
<p>
@ -433,7 +433,7 @@ Restart fail2ban
</p>
</div>
<!-- EDIT18 SECTION "Fail2ban" [8045-9098] -->
<!-- EDIT18 SECTION "Fail2ban" [8034-9088] -->
<h2 class="sectionedit19" id="sessions_identifier">Sessions identifier</h2>
<div class="level2">
@ -442,11 +442,11 @@ You can change the module used for sessions identifier generation. To do, add <c
</p>
<p>
We recommend the use of <code>Lemonldap::NG::Common::Apache::Session::Generate::SHA256</code>.
We recommend to use : <code>Lemonldap::NG::Common::Apache::Session::Generate::SHA256</code>.
</p>
</div>
<!-- EDIT19 SECTION "Sessions identifier" [9099-9363] -->
<!-- EDIT19 SECTION "Sessions identifier" [9089-9351] -->
<h2 class="sectionedit20" id="saml">SAML</h2>
<div class="level2">
@ -455,6 +455,6 @@ See <a href="samlservice.html#security_parameters" class="wikilink1" title="docu
</p>
</div>
<!-- EDIT20 SECTION "SAML" [9364-] --></div>
<!-- EDIT20 SECTION "SAML" [9352-] --></div>
</body>
</html>

2
doc/pages/documentation/current/servertoserver.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:servertoserver</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,servertoserver"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="servertoserver.html"/>

50
doc/pages/documentation/current/start.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:start</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,start"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="start.html"/>
@ -49,7 +49,7 @@
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Présentation</a></div></li>
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#installation">Installation</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#before_installation">Before installation</a></div></li>
@ -95,7 +95,7 @@
</div>
<!-- EDIT1 SECTION "Documentation for LemonLDAP::NG 2.0" [1-51] -->
<h2 class="sectionedit2" id="presentation">Présentation</h2>
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> <a href="documentation/presentation.html" class="wikilink1" title="documentation:presentation">Presentation</a></div>
@ -109,12 +109,12 @@
</ul>
</div>
<!-- EDIT2 SECTION "Présentation" [52-270] -->
<!-- EDIT2 SECTION "Presentation" [52-269] -->
<h2 class="sectionedit3" id="installation">Installation</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Installation" [271-296] -->
<!-- EDIT3 SECTION "Installation" [270-295] -->
<h3 class="sectionedit4" id="before_installation">Before installation</h3>
<div class="level3">
@ -135,7 +135,7 @@
</p>
</div>
<!-- EDIT4 SECTION "Before installation" [297-561] -->
<!-- EDIT4 SECTION "Before installation" [296-560] -->
<h3 class="sectionedit5" id="installation1">Installation</h3>
<div class="level3">
@ -164,7 +164,7 @@
</p>
</div>
<!-- EDIT5 SECTION "Installation" [562-1104] -->
<!-- EDIT5 SECTION "Installation" [561-1103] -->
<h3 class="sectionedit6" id="after_installation">After installation</h3>
<div class="level3">
@ -187,12 +187,12 @@
</p>
</div>
<!-- EDIT6 SECTION "After installation" [1105-1538] -->
<!-- EDIT6 SECTION "After installation" [1104-1537] -->
<h2 class="sectionedit7" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT7 SECTION "Configuration" [1539-1565] -->
<!-- EDIT7 SECTION "Configuration" [1538-1564] -->
<h3 class="sectionedit8" id="first_steps">First steps</h3>
<div class="level3">
@ -221,7 +221,7 @@
</p>
</div>
<!-- EDIT8 SECTION "First steps" [1566-2025] -->
<!-- EDIT8 SECTION "First steps" [1565-2024] -->
<h3 class="sectionedit9" id="portal">Portal</h3>
<div class="level3">
@ -380,7 +380,7 @@
<td class="col0"> <a href="autosignin.html" class="wikilink1" title="documentation:2.0:autosignin">Auto Signin</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
</table></div>
<!-- EDIT10 TABLE [2562-4917] -->
<!-- EDIT10 TABLE [2561-4916] -->
<p>
</div></div>
</p>
@ -424,13 +424,13 @@
<td class="col0"> <a href="issuerdbget.html" class="wikilink1" title="documentation:2.0:issuerdbget">Get parameters provider</a> <em>(for poor applications)</em> </td><td class="col1 leftalign"> </td><td class="col2 centeralign"></td>
</tr>
</table></div>
<!-- EDIT11 TABLE [5263-5624] -->
<!-- EDIT11 TABLE [5262-5623] -->
<p>
</div></div>
</p>
</div>
<!-- EDIT9 SECTION "Portal" [2026-5652] -->
<!-- EDIT9 SECTION "Portal" [2025-5651] -->
<h3 class="sectionedit12" id="handlers">Handlers</h3>
<div class="level3">
@ -474,7 +474,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
<td class="col0"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra PreAuth</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 leftalign"> </td><td class="col5 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT13 TABLE [5927-7105] -->
<!-- EDIT13 TABLE [5926-7104] -->
<p>
<em>(*): <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:nodehandler">Node.js handler</a> has not yet reached the same level of functionalities.</em>
</p>
@ -484,7 +484,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
</p>
</div>
<!-- EDIT12 SECTION "Handlers" [5653-7230] -->
<!-- EDIT12 SECTION "Handlers" [5652-7229] -->
<h3 class="sectionedit14" id="llng_databases">LLNG databases</h3>
<div class="level3">
@ -533,7 +533,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
<td class="col0 centeralign"> <a href="localconfbackend.html" class="wikilink1" title="documentation:2.0:localconfbackend">Local</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 leftalign"> </td><td class="col2 leftalign"> Use only lemonldap-ng.ini parameters. </td>
</tr>
</table></div>
<!-- EDIT15 TABLE [7535-8621] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
<!-- EDIT15 TABLE [7534-8620] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
</div>
<p>
</div></div>
@ -588,13 +588,13 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
<strong>Can be used to secure another backend</strong> for remote servers. </td>
</tr>
</table></div>
<!-- EDIT16 TABLE [9486-11166] -->
<!-- EDIT16 TABLE [9485-11165] -->
<p>
</div></div>
</p>
</div>
<!-- EDIT14 SECTION "LLNG databases" [7231-11194] -->
<!-- EDIT14 SECTION "LLNG databases" [7230-11193] -->
<h2 class="sectionedit17" id="applications_protection">Applications protection</h2>
<div class="level2">
@ -623,7 +623,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT17 SECTION "Applications protection" [11195-11685] -->
<!-- EDIT17 SECTION "Applications protection" [11194-11684] -->
<h3 class="sectionedit18" id="well_known_compatible_applications">Well known compatible applications</h3>
<div class="level3">
<div class="noteclassic">Here is a list of well known applications that are compatible with <abbr title="LemonLDAP::NG">LL::NG</abbr>. A full list is available on <a href="applications.html" class="wikilink1" title="documentation:2.0:applications">vendor applications page</a>.
@ -721,7 +721,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT18 SECTION "Well known compatible applications" [11686-13899] -->
<!-- EDIT18 SECTION "Well known compatible applications" [11685-13898] -->
<h2 class="sectionedit19" id="advanced_features">Advanced features</h2>
<div class="level2">
@ -778,7 +778,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT19 SECTION "Advanced features" [13900-15082] -->
<!-- EDIT19 SECTION "Advanced features" [13899-15081] -->
<h2 class="sectionedit20" id="mini_howtos">Mini howtos</h2>
<div class="level2">
@ -811,7 +811,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT20 SECTION "Mini howtos" [15083-15856] -->
<!-- EDIT20 SECTION "Mini howtos" [15082-15855] -->
<h2 class="sectionedit21" id="exploitation">Exploitation</h2>
<div class="level2">
@ -846,7 +846,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT21 SECTION "Exploitation" [15857-16371] -->
<!-- EDIT21 SECTION "Exploitation" [15856-16370] -->
<h2 class="sectionedit22" id="bug_report">Bug report</h2>
<div class="level2">
@ -855,7 +855,7 @@ See <a href="bugreport.html" class="wikilink1" title="bugreport">How to report a
</p>
</div>
<!-- EDIT22 SECTION "Bug report" [16372-16436] -->
<!-- EDIT22 SECTION "Bug report" [16371-16435] -->
<h2 class="sectionedit23" id="developer_corner">Developer corner</h2>
<div class="level2">
@ -914,6 +914,6 @@ If you don&#039;t want to publish your translation <em>(<code>XX</code> must be
</ul>
</div>
<!-- EDIT23 SECTION "Developer corner" [16437-] --></div>
<!-- EDIT23 SECTION "Developer corner" [16436-] --></div>
</body>
</html>

39
doc/pages/documentation/current/totp2f.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:totp2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,totp2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="totp2f.html"/>
@ -49,6 +49,7 @@
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#prerequisites_and_dependencies">Prerequisites and dependencies</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level1"><div class="li"><a href="#enrollment">Enrollment</a></div></li>
<li class="level1"><div class="li"><a href="#assistance">Assistance</a></div></li>
@ -58,7 +59,7 @@
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="totp_2nd_factor_authentication_u2f">TOTP 2nd Factor Authentication (U2F)</h1>
<h1 class="sectionedit1" id="totp_2nd_factor_authentication">TOTP 2nd Factor Authentication</h1>
<div class="level1">
<p>
@ -71,8 +72,24 @@ LLNG can propose to users to register this kind of software to increase authenti
<div class="notetip">Note that it&#039;s a second factor, not an authentication module. Users are authenticated both by login form and TOTP.
</div>
</div>
<!-- EDIT1 SECTION "TOTP 2nd Factor Authentication (U2F)" [1-633] -->
<h2 class="sectionedit2" id="configuration">Configuration</h2>
<!-- EDIT1 SECTION "TOTP 2nd Factor Authentication" [1-627] -->
<h2 class="sectionedit2" id="prerequisites_and_dependencies">Prerequisites and dependencies</h2>
<div class="level2">
<p>
This feature uses libconvert-base32-perl. Before enable it, on Debian you must install libconvert-base32-perl by :
</p>
<pre class="code">apt update
apt install libconvert-base32-perl</pre>
<p>
Or from CPAN repository :
</p>
<pre class="code">cpanm Convert::Base32</pre>
</div>
<!-- EDIT2 SECTION "Prerequisites and dependencies" [628-912] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
<p>
@ -101,8 +118,8 @@ In the manager (advanced parameters), you just have to enable it:
<div class="noteimportant">If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule that <code>$_2fDevices =~ /“type”:\s*“TOTP”/s</code> is set, else TOTP will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
</div>
</div>
<!-- EDIT2 SECTION "Configuration" [634-1964] -->
<h2 class="sectionedit3" id="enrollment">Enrollment</h2>
<!-- EDIT3 SECTION "Configuration" [913-2243] -->
<h2 class="sectionedit4" id="enrollment">Enrollment</h2>
<div class="level2">
<p>
@ -110,8 +127,8 @@ If you&#039;ve enabled self registration, users can register their keys by using
</p>
</div>
<!-- EDIT3 SECTION "Enrollment" [1965-2092] -->
<h2 class="sectionedit4" id="assistance">Assistance</h2>
<!-- EDIT4 SECTION "Enrollment" [2244-2371] -->
<h2 class="sectionedit5" id="assistance">Assistance</h2>
<div class="level2">
<p>
@ -124,8 +141,8 @@ To enable manager Second Factor Administration Module, set <code>enabledModules<
<span class="re1">enabledModules</span> <span class="sy0">=</span><span class="re2"> conf, sessions, notifications, 2ndFA</span></pre>
</div>
<!-- EDIT4 SECTION "Assistance" [2093-2407] -->
<h2 class="sectionedit5" id="developer_corner">Developer corner</h2>
<!-- EDIT5 SECTION "Assistance" [2372-2686] -->
<h2 class="sectionedit6" id="developer_corner">Developer corner</h2>
<div class="level2">
<p>
@ -134,6 +151,6 @@ If you have another TOTP registration interface, you have to set these keys in S
<pre class="code file json">[{&quot;name&quot; : &quot;MyTOTP&quot; , &quot;type&quot; : &quot;TOTP&quot; , &quot;_secret&quot; : &quot;########&quot; , &quot;epoch&quot;:&quot;1524078936&quot;}, ...]</pre>
</div>
<!-- EDIT5 SECTION "Developer corner" [2408-] --></div>
<!-- EDIT6 SECTION "Developer corner" [2687-] --></div>
</body>
</html>

10
doc/pages/documentation/current/u2f.html
View File

@ -136,17 +136,13 @@ If you have enabled self registration, users can register their U2F keys using <
<div class="level2">
<p>
If a user lost its key, you can delete the 2F device from the manager Second Factor module :
</p>
<p>
* To enable manager Second Factor Administration Module, set <code>enabledModules</code> key in your <code>lemonldap-ng.ini</code> file :
If a user lost its key, you can delete the 2F device from the manager Second Factor module. To enable manager Second Factor Administration Module, set <code>enabledModules</code> key in your <code>lemonldap-ng.ini</code> file :
</p>
<pre class="code ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">enabledModules</span> <span class="sy0">=</span><span class="re2"> conf, sessions, notifications, 2ndFA</span></pre>
</div>
<!-- EDIT6 SECTION "Assistance" [2308-2630] -->
<!-- EDIT6 SECTION "Assistance" [2308-2625] -->
<h2 class="sectionedit7" id="developer_corner">Developer corner</h2>
<div class="level2">
@ -161,6 +157,6 @@ Note that both “origin” and “appId” are fixed to portal <abbr title="Uni
</p>
</div>
<!-- EDIT7 SECTION "Developer corner" [2631-] --></div>
<!-- EDIT7 SECTION "Developer corner" [2626-] --></div>
</body>
</html>

2
doc/pages/documentation/current/upgrade.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:upgrade</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,upgrade"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="upgrade.html"/>

2
doc/pages/documentation/current/utotp2f.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:utotp2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,utotp2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="utotp2f.html"/>