Update doc
This commit is contained in:
parent
7c2fbe8d2b
commit
5d13d022a4
|
@ -4,7 +4,7 @@
|
|||
<meta charset="utf-8" />
|
||||
<title>documentation:2.0:applications:alfresco</title>
|
||||
<meta name="generator" content="DokuWiki"/>
|
||||
<meta name="robots" content="noindex,nofollow"/>
|
||||
<meta name="robots" content="index,follow"/>
|
||||
<meta name="keywords" content="documentation,2.0,applications,alfresco"/>
|
||||
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
||||
<link rel="start" href="alfresco.html"/>
|
||||
|
|
|
@ -90,7 +90,7 @@
|
|||
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
|
||||
|
||||
<ul class="nav navbar-nav">
|
||||
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&sectok=ca8b27b06771874f4f7205ded14cfc7c" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
|
||||
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&sectok=b080493cd401ddb4d6ec6dbe57503dcd" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
|
||||
|
||||
</div>
|
||||
|
||||
|
@ -241,7 +241,7 @@ You've followed a link to a topic that doesn't exist yet. If permissio
|
|||
|
||||
</div><!-- /site -->
|
||||
|
||||
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&1529961293" width="2" height="1" alt="" /></div>
|
||||
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&1531599531" width="2" height="1" alt="" /></div>
|
||||
<div id="screen__mode" class="no">
|
||||
<span class="visible-xs"></span>
|
||||
<span class="visible-sm"></span>
|
||||
|
|
|
@ -90,7 +90,7 @@
|
|||
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
|
||||
|
||||
<ul class="nav navbar-nav">
|
||||
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&sectok=ca8b27b06771874f4f7205ded14cfc7c" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
|
||||
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&sectok=b080493cd401ddb4d6ec6dbe57503dcd" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
|
||||
|
||||
</div>
|
||||
|
||||
|
@ -241,7 +241,7 @@ You've followed a link to a topic that doesn't exist yet. If permissio
|
|||
|
||||
</div><!-- /site -->
|
||||
|
||||
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&1529961293" width="2" height="1" alt="" /></div>
|
||||
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&1531599531" width="2" height="1" alt="" /></div>
|
||||
<div id="screen__mode" class="no">
|
||||
<span class="visible-xs"></span>
|
||||
<span class="visible-sm"></span>
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
<meta charset="utf-8" />
|
||||
<title>documentation:2.0:authfacebook</title>
|
||||
<meta name="generator" content="DokuWiki"/>
|
||||
<meta name="robots" content="noindex,nofollow"/>
|
||||
<meta name="robots" content="index,follow"/>
|
||||
<meta name="keywords" content="documentation,2.0,authfacebook"/>
|
||||
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
||||
<link rel="start" href="authfacebook.html"/>
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
<meta charset="utf-8" />
|
||||
<title>documentation:2.0:authtwitter</title>
|
||||
<meta name="generator" content="DokuWiki"/>
|
||||
<meta name="robots" content="noindex,nofollow"/>
|
||||
<meta name="robots" content="index,follow"/>
|
||||
<meta name="keywords" content="documentation,2.0,authtwitter"/>
|
||||
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
||||
<link rel="start" href="authtwitter.html"/>
|
||||
|
|
|
@ -48,11 +48,11 @@
|
|||
<div class="level1">
|
||||
|
||||
<p>
|
||||
This plugin can be used to check if portal instance is ready. This can be a health check to told keep-alive service to force a fail-over on the backup-node.
|
||||
This plugin can be used to check if portal instance is ready. This can be a health check to request keep-alive service to force a fail-over on the backup-node.
|
||||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT1 SECTION "Check state plugin" [1-192] -->
|
||||
<!-- EDIT1 SECTION "Check state plugin" [1-195] -->
|
||||
<h2 class="sectionedit2" id="configuration">Configuration</h2>
|
||||
<div class="level2">
|
||||
|
||||
|
@ -61,7 +61,7 @@ Just enable it in the manager (section “plugins”). You <em class="u">must</e
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT2 SECTION "Configuration" [193-310] -->
|
||||
<!-- EDIT2 SECTION "Configuration" [196-313] -->
|
||||
<h2 class="sectionedit3" id="usage">Usage</h2>
|
||||
<div class="level2">
|
||||
|
||||
|
@ -84,12 +84,12 @@ When enabled, <code>/checkstate</code> <abbr title="Uniform Resource Locator">UR
|
|||
<td class="col0 centeralign"> <code>password</code> </td><td class="col1 centeralign"> optional </td>
|
||||
</tr>
|
||||
</table></div>
|
||||
<!-- EDIT4 TABLE [413-667] -->
|
||||
<!-- EDIT4 TABLE [416-670] -->
|
||||
<p>
|
||||
Example: <code><a href="https://auth.example.com/checkstate?secret=qwerty&user=dwho&password=dwho" class="urlextern" title="https://auth.example.com/checkstate?secret=qwerty&user=dwho&password=dwho" rel="nofollow">https://auth.example.com/checkstate?secret=qwerty&user=dwho&password=dwho</a></code>
|
||||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT3 SECTION "Usage" [311-] --></div>
|
||||
<!-- EDIT3 SECTION "Usage" [314-] --></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -344,7 +344,7 @@ In Portal virtual host, you will find several configuration parts:
|
|||
<span class="kw1">DirectoryIndex</span> index.fcgi index.html
|
||||
</<span class="kw3">IfModule</span>></pre>
|
||||
<ul>
|
||||
<li class="level1"><div class="li"> REST/SOAP end points (inactivated by default):</div>
|
||||
<li class="level1"><div class="li"> REST/SOAP end points (disabled by default):</div>
|
||||
</li>
|
||||
</ul>
|
||||
<pre class="code file apache"> <span class="co1"># REST/SOAP functions for sessions management (disabled by default)</span>
|
||||
|
@ -368,7 +368,7 @@ In Portal virtual host, you will find several configuration parts:
|
|||
</<span class="kw3">Location</span>></pre>
|
||||
|
||||
</div>
|
||||
<!-- EDIT7 SECTION "Portal" [6660-8760] -->
|
||||
<!-- EDIT7 SECTION "Portal" [6660-8757] -->
|
||||
<h3 class="sectionedit8" id="manager1">Manager</h3>
|
||||
<div class="level3">
|
||||
|
||||
|
@ -415,7 +415,7 @@ Configuration interface access is not protected by Apache but by LemonLDAP::NG i
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT8 SECTION "Manager" [8761-10304] -->
|
||||
<!-- EDIT8 SECTION "Manager" [8758-10301] -->
|
||||
<h3 class="sectionedit9" id="handler">Handler</h3>
|
||||
<div class="level3">
|
||||
<ul>
|
||||
|
@ -468,7 +468,7 @@ Then, to protect a standard virtual host, the only configuration line to add is:
|
|||
<pre class="code file apache">PerlHeaderParserHandler Lemonldap::NG::Handler</pre>
|
||||
|
||||
</div>
|
||||
<!-- EDIT9 SECTION "Handler" [10305-11663] -->
|
||||
<!-- EDIT9 SECTION "Handler" [10302-11660] -->
|
||||
<h2 class="sectionedit10" id="nginx">Nginx</h2>
|
||||
<div class="level2">
|
||||
<div class="noteimportant">LemonLDAP::NG does not manage Nginx configuration
|
||||
|
@ -491,7 +491,7 @@ See <a href="confignginx.html" class="wikilink1" title="documentation:2.0:config
|
|||
<div class="notewarning"><a href="fastcgiserver.html" class="wikilink1" title="documentation:2.0:fastcgiserver">LL::NG FastCGI</a> server must be loaded separately.
|
||||
</div>
|
||||
</div>
|
||||
<!-- EDIT10 SECTION "Nginx" [11664-12117] -->
|
||||
<!-- EDIT10 SECTION "Nginx" [11661-12114] -->
|
||||
<h3 class="sectionedit11" id="portal1">Portal</h3>
|
||||
<div class="level3">
|
||||
|
||||
|
@ -563,7 +563,7 @@ In Portal virtual host, you will find several configuration parts:
|
|||
}</pre>
|
||||
|
||||
</div>
|
||||
<!-- EDIT11 SECTION "Portal" [12118-13909] -->
|
||||
<!-- EDIT11 SECTION "Portal" [12115-13906] -->
|
||||
<h3 class="sectionedit12" id="manager2">Manager</h3>
|
||||
<div class="level3">
|
||||
|
||||
|
@ -597,7 +597,7 @@ By default, configuration interface access is not protected by Nginx but by Lemo
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT12 SECTION "Manager" [13910-14655] -->
|
||||
<!-- EDIT12 SECTION "Manager" [13907-14652] -->
|
||||
<h3 class="sectionedit13" id="handler1">Handler</h3>
|
||||
<div class="level3">
|
||||
|
||||
|
@ -697,7 +697,7 @@ Then, to protect a standard virtual host, you must insert this (or create an inc
|
|||
# Insert then your configuration (fastcgi_* or proxy_*)</pre>
|
||||
|
||||
</div>
|
||||
<!-- EDIT13 SECTION "Handler" [14656-17742] -->
|
||||
<!-- EDIT13 SECTION "Handler" [14653-17739] -->
|
||||
<h2 class="sectionedit14" id="configuration_reload">Configuration reload</h2>
|
||||
<div class="level2">
|
||||
<div class="noteclassic">As Handlers keep configuration in cache, when configuration change, it should be updated in Handlers. An Apache restart will work, but LemonLDAP::NG offers the mean to reload them through an HTTP request. Configuration reload will then be effective in less than 10 minutes. If you want to change this timeout, set <code>checkTime = 240</code> in your lemonldap-ng.ini file <em>(values in seconds)</em>
|
||||
|
@ -718,7 +718,7 @@ The <code>reload</code> target is managed in Apache or Nginx configuration, insi
|
|||
</div><div class="noteimportant">If you want to use reload mechanism on a portal only host, you must install a handler in Portal host to be able to refresh local cache. Include <code>handler-nginx.conf</code> or <code>handler-apache2.conf</code> for example
|
||||
</div>
|
||||
</div>
|
||||
<!-- EDIT14 SECTION "Configuration reload" [17743-19256] -->
|
||||
<!-- EDIT14 SECTION "Configuration reload" [17740-19253] -->
|
||||
<h2 class="sectionedit15" id="local_file">Local file</h2>
|
||||
<div class="level2">
|
||||
|
||||
|
@ -752,6 +752,6 @@ For example, to override configured skin for portal:
|
|||
<div class="notetip">You need to know the technical name of configuration parameter to do this. You can refer to <a href="parameterlist.html" class="wikilink1" title="documentation:2.0:parameterlist">parameter list</a> to find it.
|
||||
</div>
|
||||
</div>
|
||||
<!-- EDIT15 SECTION "Local file" [19257-] --></div>
|
||||
<!-- EDIT15 SECTION "Local file" [19254-] --></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -84,7 +84,7 @@
|
|||
<pre class="file">Unable to clear local cache</pre>
|
||||
|
||||
<p>
|
||||
→ Local cache cannot be cleard, check the localStorage and localStorageOptions or file permissions
|
||||
→ Local cache cannot be cleared, check the localStorage and localStorageOptions or file permissions
|
||||
</p>
|
||||
<pre class="file">Status module can not be loaded without localStorage parameter</pre>
|
||||
|
||||
|
@ -99,7 +99,7 @@
|
|||
<pre class="file">User rejected because VirtualHost XXXX has no configuration</pre>
|
||||
|
||||
<p>
|
||||
→ The specified virtual host was not configured in Manager.
|
||||
→ The specified virtual host is not configured in Manager.
|
||||
</p>
|
||||
<pre class="file">mkdir /tmp/MyNamespace/2: Permission denied ...</pre>
|
||||
|
||||
|
|
|
@ -62,19 +62,31 @@ So you can configure it to authenticate users using a federation protocol and si
|
|||
</p>
|
||||
|
||||
<p>
|
||||
Schemes validated:
|
||||
Schemes tested:
|
||||
</p>
|
||||
<ul>
|
||||
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr>-SP <strong>⇔</strong> LLNG as <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML</a>/<a href="authopenidconnect.html" class="wikilink1" title="documentation:2.0:authopenidconnect">OpenID-Connect</a> proxy <strong>⇔</strong> OIDC Provider</div>
|
||||
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> / OpenID-Connect:</div>
|
||||
<ul>
|
||||
<li class="level2"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr>-SP <strong>⇔</strong> LLNG as <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML</a>/<a href="authopenidconnect.html" class="wikilink1" title="documentation:2.0:authopenidconnect">OpenID-Connect</a> proxy <strong>⇔</strong> OIDC Provider</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> OIDC-RP <strong>⇔</strong> LLNG as <a href="idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect">OpenID-Connect</a>/<a href="authsaml.html" class="wikilink1" title="documentation:2.0:authsaml">SAML</a> proxy <strong>⇔</strong> <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Provider</div>
|
||||
<li class="level2"><div class="li"> OIDC-RP <strong>⇔</strong> LLNG as <a href="idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect">OpenID-Connect</a>/<a href="authsaml.html" class="wikilink1" title="documentation:2.0:authsaml">SAML</a> proxy <strong>⇔</strong> <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Provider</div>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> / <abbr title="Central Authentication Service">CAS</abbr></div>
|
||||
<ul>
|
||||
<li class="level2"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr>-SP <strong>⇔</strong> LLNG as <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML</a>/<a href="authcas.html" class="wikilink1" title="documentation:2.0:authcas">CAS</a> proxy <strong>⇔</strong> <abbr title="Central Authentication Service">CAS</abbr> Server</div>
|
||||
</li>
|
||||
<li class="level2"><div class="li"> <abbr title="Central Authentication Service">CAS</abbr> Application <strong>⇔</strong> LLNG as <a href="idpcas.html" class="wikilink1" title="documentation:2.0:idpcas">CAS</a>/<a href="authsaml.html" class="wikilink1" title="documentation:2.0:authsaml">SAML</a> proxy <strong>⇔</strong> <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Provider</div>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<p>
|
||||
Note that OpenID-Connect consortium hasn't already defined single-logout initiated by OpenID-Connect Provider. LLNG will implement it when this standard will be published.
|
||||
</p>
|
||||
<div class="noteimportant">Development of federation can be complex. Don't hesitate to contact us on lemonldap-ng-users@ow2.org
|
||||
<div class="noteimportant">Federation proxy installation can be complex. Don't hesitate to contact us on lemonldap-ng-users@ow2.org
|
||||
</div>
|
||||
<p>
|
||||
See the following chapters:
|
||||
|
|
|
@ -60,8 +60,11 @@
|
|||
<li class="level3"><div class="li"><a href="#metadata">Metadata</a></div></li>
|
||||
<li class="level3"><div class="li"><a href="#exported_attributes">Exported attributes</a></div></li>
|
||||
<li class="level3"><div class="li"><a href="#options">Options</a></div></li>
|
||||
</ul></li>
|
||||
</ul></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li class="level1"><div class="li"><a href="#known_issues">Known issues</a></div></li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -273,6 +276,15 @@ For example: <a href="http://auth.example.com/saml/singleSignOn?IDPInitiated=1&a
|
|||
|
||||
</div>
|
||||
</div>
|
||||
<!-- EDIT7 SECTION "Register partner Service Provider on LemonLDAP::NG" [1093-] --></div>
|
||||
<!-- EDIT7 SECTION "Register partner Service Provider on LemonLDAP::NG" [1093-4707] -->
|
||||
<h2 class="sectionedit8" id="known_issues">Known issues</h2>
|
||||
<div class="level2">
|
||||
|
||||
<p>
|
||||
Using both Issuer::<abbr title="Security Assertion Markup Language">SAML</abbr> and Auth::<abbr title="Security Assertion Markup Language">SAML</abbr> on the same LLNG may have some side-effects on single-logout.
|
||||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT8 SECTION "Known issues" [4708-] --></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -91,7 +91,7 @@ Each category can be handle by a different logging framework. You can choose bet
|
|||
</li>
|
||||
<li class="level1"><div class="li"> <strong>Lemonldap::NG::Common::Logger::Syslog</strong>: syslog logging</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <strong>Lemonldap::NG::Common::Logger::Apache2</strong>: use Apache2 logging, levels are stored in Apache2 logs and the level is controlled by <code>LogLevel</code> Apache parameter</div>
|
||||
<li class="level1"><div class="li"> <strong>Lemonldap::NG::Common::Logger::Apache2</strong>: use Apache2 logging, levels are stored in Apache2 logs and the log level is defined by <code>LogLevel</code> Apache parameter</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <strong>Lemonldap::NG::Common::Logger::Log4perl</strong>: use <code>Log4perl</code> framework to log <em>(inspired by Java Log4J)</em></div>
|
||||
</li>
|
||||
|
@ -100,9 +100,11 @@ Each category can be handle by a different logging framework. You can choose bet
|
|||
<li class="level1"><div class="li"> <strong>Lemonldap::NG::Common::Logger::Dispatch</strong>: dispatch logs in other backends depending on log level</div>
|
||||
</li>
|
||||
</ul>
|
||||
<div class="noteimportant">Except for Apache2 and Log4Perl, log level is defined by <code>logLevel</code> parameter set in <code>lemonldap-ng.ini</code> file. Logger configurations are defined in lemonldap-ng.ini.
|
||||
|
||||
</div>
|
||||
<p>
|
||||
Except for Apache2 and Log4Perl, log level is defined by <code>logLevel</code> parameter set in <code>lemonldap-ng.ini</code> file. Logger configurations are defined in lemonldap-ng.ini. Example:
|
||||
Example:
|
||||
</p>
|
||||
<pre class="code file ini"><span class="re0"><span class="br0">[</span>all<span class="br0">]</span></span>
|
||||
<span class="re1">logger</span> <span class="sy0">=</span><span class="re2"> Lemonldap::NG::Common::Logger::Log4perl</span>
|
||||
|
@ -114,11 +116,11 @@ You can also modify these values in each lemonldap-ng.ini section to have differ
|
|||
</p>
|
||||
|
||||
<p>
|
||||
LLNG provides also a username that can be used by webservers in their access log. To configure the user identifier in access log, go in Manager, <code>General Parameters</code> > <code>Logging</code> > <code>REMOTE_USER</code>.
|
||||
Therefore, LLNG provides a username that can be used by webservers in their access log. To configure the user identifier to write into access logs, go into Manager, <code>General Parameters</code> > <code>Logging</code> > <code>REMOTE_USER</code>.
|
||||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT1 SECTION "Logs" [1-1527] -->
|
||||
<!-- EDIT1 SECTION "Logs" [1-1571] -->
|
||||
<h2 class="sectionedit2" id="default_loggers">Default loggers</h2>
|
||||
<div class="level2">
|
||||
<ul>
|
||||
|
@ -131,12 +133,12 @@ LLNG provides also a username that can be used by webservers in their access log
|
|||
</ul>
|
||||
|
||||
</div>
|
||||
<!-- EDIT2 SECTION "Default loggers" [1528-1847] -->
|
||||
<!-- EDIT2 SECTION "Default loggers" [1572-1891] -->
|
||||
<h2 class="sectionedit3" id="log_levels">Log levels</h2>
|
||||
<div class="level2">
|
||||
|
||||
</div>
|
||||
<!-- EDIT3 SECTION "Log levels" [1848-1871] -->
|
||||
<!-- EDIT3 SECTION "Log levels" [1892-1915] -->
|
||||
<h3 class="sectionedit4" id="technical_log_levels">Technical log levels</h3>
|
||||
<div class="level3">
|
||||
<ul>
|
||||
|
@ -153,7 +155,7 @@ LLNG provides also a username that can be used by webservers in their access log
|
|||
</ul>
|
||||
|
||||
</div>
|
||||
<!-- EDIT4 SECTION "Technical log levels" [1872-2281] -->
|
||||
<!-- EDIT4 SECTION "Technical log levels" [1916-2325] -->
|
||||
<h3 class="sectionedit5" id="log_levels_for_user_actions">Log levels for user actions</h3>
|
||||
<div class="level3">
|
||||
<ul>
|
||||
|
@ -170,12 +172,12 @@ LLNG provides also a username that can be used by webservers in their access log
|
|||
</ul>
|
||||
|
||||
</div>
|
||||
<!-- EDIT5 SECTION "Log levels for user actions" [2282-2675] -->
|
||||
<!-- EDIT5 SECTION "Log levels for user actions" [2326-2719] -->
|
||||
<h2 class="sectionedit6" id="logger_configuration">Logger configuration</h2>
|
||||
<div class="level2">
|
||||
|
||||
</div>
|
||||
<!-- EDIT6 SECTION "Logger configuration" [2676-2709] -->
|
||||
<!-- EDIT6 SECTION "Logger configuration" [2720-2753] -->
|
||||
<h3 class="sectionedit7" id="std_logger">Std logger</h3>
|
||||
<div class="level3">
|
||||
|
||||
|
@ -184,7 +186,7 @@ Nothing to configure except logLevel.
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT7 SECTION "Std logger" [2710-2770] -->
|
||||
<!-- EDIT7 SECTION "Std logger" [2754-2814] -->
|
||||
<h3 class="sectionedit8" id="apache2_logger">Apache2 logger</h3>
|
||||
<div class="level3">
|
||||
|
||||
|
@ -197,7 +199,7 @@ See <a href="http://httpd.apache.org/docs/current/mod/core.html#loglevel" class=
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT8 SECTION "Apache2 logger" [2771-3006] -->
|
||||
<!-- EDIT8 SECTION "Apache2 logger" [2815-3050] -->
|
||||
<h3 class="sectionedit9" id="syslog">Syslog</h3>
|
||||
<div class="level3">
|
||||
|
||||
|
@ -208,7 +210,7 @@ You can choose facility in lemonldap-ng.ini file. Default values:
|
|||
<span class="re1">userSyslogFacility</span> <span class="sy0">=</span><span class="re2"> auth</span></pre>
|
||||
|
||||
</div>
|
||||
<!-- EDIT9 SECTION "Syslog" [3007-3165] -->
|
||||
<!-- EDIT9 SECTION "Syslog" [3051-3209] -->
|
||||
<h3 class="sectionedit10" id="log4perl">Log4perl</h3>
|
||||
<div class="level3">
|
||||
|
||||
|
@ -220,7 +222,7 @@ You can indicate the Log4perl configuration file and the classes to use. Default
|
|||
<span class="re1">log4perlUserLogger</span> <span class="sy0">=</span><span class="re2"> LLNG.user</span></pre>
|
||||
|
||||
</div>
|
||||
<!-- EDIT10 SECTION "Log4perl" [3166-3392] -->
|
||||
<!-- EDIT10 SECTION "Log4perl" [3210-3436] -->
|
||||
<h3 class="sectionedit11" id="sentry">Sentry</h3>
|
||||
<div class="level3">
|
||||
|
||||
|
@ -231,7 +233,7 @@ You just have to give your DSN:
|
|||
<div class="noteimportant">This experimental logger requires <a href="https://metacpan.org/pod/Sentry::Raven" class="urlextern" title="https://metacpan.org/pod/Sentry::Raven" rel="nofollow">Sentry::Raven</a> Perl module.
|
||||
</div>
|
||||
</div>
|
||||
<!-- EDIT11 SECTION "Sentry" [3393-3614] -->
|
||||
<!-- EDIT11 SECTION "Sentry" [3437-3658] -->
|
||||
<h3 class="sectionedit12" id="dispatch">Dispatch</h3>
|
||||
<div class="level3">
|
||||
|
||||
|
@ -249,6 +251,6 @@ Use it to use more than one logger. Example:
|
|||
<div class="noteimportant">At least <code>logDispatchError</code> <em>(or <code>userLogDispatchError</code> for user logs)</em> must be defined. All sub level will be dispatched on it, until another lever is declared. In the above example, Sentry collects <code>error</code> and <code>warn</code> levels and all user actions, while syslog stores technical <code>notice</code>, <code>info</code> and <code>debug</code> logs.
|
||||
</div>
|
||||
</div>
|
||||
<!-- EDIT12 SECTION "Dispatch" [3615-] --></div>
|
||||
<!-- EDIT12 SECTION "Dispatch" [3659-] --></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
<meta charset="utf-8" />
|
||||
<title>documentation:2.0:monitoring</title>
|
||||
<meta name="generator" content="DokuWiki"/>
|
||||
<meta name="robots" content="index,follow"/>
|
||||
<meta name="robots" content="noindex,nofollow"/>
|
||||
<meta name="keywords" content="documentation,2.0,monitoring"/>
|
||||
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
||||
<link rel="start" href="monitoring.html"/>
|
||||
|
@ -45,19 +45,19 @@
|
|||
<div class="dokuwiki export container">
|
||||
|
||||
<p>
|
||||
Handler can be monitor using MRTG. See <a href="mrtg.html" class="wikilink1" title="documentation:2.0:mrtg">MRTG monitoring</a>.
|
||||
Handler can be monitored by using MRTG. See <a href="mrtg.html" class="wikilink1" title="documentation:2.0:mrtg">MRTG monitoring</a>.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Portal can also publish its status using REST. To enable it, go to the manager, general parameters, advanced parameters. Then enable portal status.
|
||||
Portal can also publish its status using REST. To enable it, go to the manager, general parameters, plugins. Then enable “publish portal status” option.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Then protect <a href="http://auth.yourdomain/portalStatus" class="urlextern" title="http://auth.yourdomain/portalStatus" rel="nofollow">http://auth.yourdomain/portalStatus</a> in your webserver configuration.
|
||||
Then protect <a href="http://auth.yourdomain/portalStatus" class="urlextern" title="http://auth.yourdomain/portalStatus" rel="nofollow">http://auth.yourdomain/portalStatus</a> in webserver configuration.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
This REST <abbr title="Uniform Resource Locator">URL</abbr> just publish a hash containing number of sessions of each type.
|
||||
This REST <abbr title="Uniform Resource Locator">URL</abbr> just publishes a hash containing number of sessions of each type.
|
||||
</p>
|
||||
</div>
|
||||
</body>
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
<meta charset="utf-8" />
|
||||
<title>documentation:2.0:parameterlist</title>
|
||||
<meta name="generator" content="DokuWiki"/>
|
||||
<meta name="robots" content="noindex,nofollow"/>
|
||||
<meta name="robots" content="index,follow"/>
|
||||
<meta name="keywords" content="documentation,2.0,parameterlist"/>
|
||||
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
||||
<link rel="start" href="parameterlist.html"/>
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
<meta charset="utf-8" />
|
||||
<title>documentation:2.0:prereq</title>
|
||||
<meta name="generator" content="DokuWiki"/>
|
||||
<meta name="robots" content="index,follow"/>
|
||||
<meta name="robots" content="noindex,nofollow"/>
|
||||
<meta name="keywords" content="documentation,2.0,prereq"/>
|
||||
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
||||
<link rel="start" href="prereq.html"/>
|
||||
|
@ -55,6 +55,7 @@
|
|||
<li class="level2"><div class="li"><a href="#core">Core</a></div></li>
|
||||
<li class="level2"><div class="li"><a href="#deprecated_features">Deprecated features</a></div></li>
|
||||
<li class="level2"><div class="li"><a href="#saml2">SAML2</a></div></li>
|
||||
<li class="level2"><div class="li"><a href="#second_factor">Second factor</a></div></li>
|
||||
<li class="level2"><div class="li"><a href="#specific_authentication_backends">Specific authentication backends</a></div></li>
|
||||
<li class="level2"><div class="li"><a href="#smtpreset_password_by_mail">SMTP / Reset password by mail</a></div></li>
|
||||
<li class="level2"><div class="li"><a href="#unit_tests">Unit tests</a></div></li>
|
||||
|
@ -63,7 +64,7 @@
|
|||
<li class="level1"><div class="li"><a href="#other">Other</a></div></li>
|
||||
<li class="level1"><div class="li"><a href="#install_dependencies_on_your_system">Install dependencies on your system</a></div>
|
||||
<ul class="toc">
|
||||
<li class="level2"><div class="li"><a href="#apt-get">APT-GET</a></div></li>
|
||||
<li class="level2"><div class="li"><a href="#apt">APT</a></div></li>
|
||||
<li class="level2"><div class="li"><a href="#yum">YUM</a></div></li>
|
||||
</ul></li>
|
||||
</ul>
|
||||
|
@ -103,10 +104,10 @@ For Apache2, you can use all workers mpm-worker, mpm-prefork and mpm-event. Mpm-
|
|||
<!-- EDIT2 SECTION "Web Server" [48-610] -->
|
||||
<h2 class="sectionedit3" id="perl">Perl</h2>
|
||||
<div class="level2">
|
||||
<div class="noteclassic">Here the list of Perl modules used in LemonLDAP::NG. Core modules must be installed on the system. Other modules must be installed only if you planned to use the related feature.
|
||||
<div class="noteclassic">Here the list of Perl modules used in LemonLDAP::NG. Core modules must be installed on the system. Other modules are required only if you plan to use related features.
|
||||
</div>
|
||||
</div>
|
||||
<!-- EDIT3 SECTION "Perl" [611-821] -->
|
||||
<!-- EDIT3 SECTION "Perl" [611-810] -->
|
||||
<h3 class="sectionedit4" id="core">Core</h3>
|
||||
<div class="level3">
|
||||
<ul>
|
||||
|
@ -181,7 +182,7 @@ For Apache2, you can use all workers mpm-worker, mpm-prefork and mpm-event. Mpm-
|
|||
</ul>
|
||||
|
||||
</div>
|
||||
<!-- EDIT4 SECTION "Core" [822-1445] -->
|
||||
<!-- EDIT4 SECTION "Core" [811-1434] -->
|
||||
<h3 class="sectionedit5" id="deprecated_features">Deprecated features</h3>
|
||||
<div class="level3">
|
||||
<ul>
|
||||
|
@ -204,7 +205,7 @@ For Apache2, you can use all workers mpm-worker, mpm-prefork and mpm-event. Mpm-
|
|||
</ul>
|
||||
|
||||
</div>
|
||||
<!-- EDIT5 SECTION "Deprecated features" [1446-1614] -->
|
||||
<!-- EDIT5 SECTION "Deprecated features" [1435-1603] -->
|
||||
<h3 class="sectionedit6" id="saml2">SAML2</h3>
|
||||
<div class="level3">
|
||||
<ul>
|
||||
|
@ -217,8 +218,19 @@ For Apache2, you can use all workers mpm-worker, mpm-prefork and mpm-event. Mpm-
|
|||
</ul>
|
||||
|
||||
</div>
|
||||
<!-- EDIT6 SECTION "SAML2" [1615-1700] -->
|
||||
<h3 class="sectionedit7" id="specific_authentication_backends">Specific authentication backends</h3>
|
||||
<!-- EDIT6 SECTION "SAML2" [1604-1689] -->
|
||||
<h3 class="sectionedit7" id="second_factor">Second factor</h3>
|
||||
<div class="level3">
|
||||
<ul>
|
||||
<li class="level1"><div class="li"> Crypt::U2F::Server::Simple (U2F keys)</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> Convert::Base32 (TOTP)</div>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
</div>
|
||||
<!-- EDIT7 SECTION "Second factor" [1690-1783] -->
|
||||
<h3 class="sectionedit8" id="specific_authentication_backends">Specific authentication backends</h3>
|
||||
<div class="level3">
|
||||
<ul>
|
||||
<li class="level1"><div class="li"> Facebook:</div>
|
||||
|
@ -260,32 +272,38 @@ For Apache2, you can use all workers mpm-worker, mpm-prefork and mpm-event. Mpm-
|
|||
</ul>
|
||||
|
||||
</div>
|
||||
<!-- EDIT7 SECTION "Specific authentication backends" [1701-1929] -->
|
||||
<h3 class="sectionedit8" id="smtpreset_password_by_mail">SMTP / Reset password by mail</h3>
|
||||
<!-- EDIT8 SECTION "Specific authentication backends" [1784-2012] -->
|
||||
<h3 class="sectionedit9" id="smtpreset_password_by_mail">SMTP / Reset password by mail</h3>
|
||||
<div class="level3">
|
||||
<ul>
|
||||
<li class="level1"><div class="li"> Email::Sender</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> String::Random</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> Net::SMTP</div>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
</div>
|
||||
<!-- EDIT8 SECTION "SMTP / Reset password by mail" [1930-2008] -->
|
||||
<h3 class="sectionedit9" id="unit_tests">Unit tests</h3>
|
||||
<!-- EDIT9 SECTION "SMTP / Reset password by mail" [2013-2105] -->
|
||||
<h3 class="sectionedit10" id="unit_tests">Unit tests</h3>
|
||||
<div class="level3">
|
||||
<ul>
|
||||
<li class="level1"><div class="li"> Test::POD</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> Test::MockObject</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> Crypt::U2F::Server</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> Authen::U2F::Tester</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> YAML</div>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
</div>
|
||||
<!-- EDIT9 SECTION "Unit tests" [2009-2075] -->
|
||||
<h2 class="sectionedit10" id="other">Other</h2>
|
||||
<!-- EDIT10 SECTION "Unit tests" [2106-2219] -->
|
||||
<h2 class="sectionedit11" id="other">Other</h2>
|
||||
<div class="level2">
|
||||
<ul>
|
||||
<li class="level1"><div class="li"> Jquery (javascript framework) is included in tarball and RPMs, but is a dependency on Debian official releases</div>
|
||||
|
@ -293,13 +311,14 @@ For Apache2, you can use all workers mpm-worker, mpm-prefork and mpm-event. Mpm-
|
|||
</ul>
|
||||
|
||||
</div>
|
||||
<!-- EDIT10 SECTION "Other" [2076-2210] -->
|
||||
<h2 class="sectionedit11" id="install_dependencies_on_your_system">Install dependencies on your system</h2>
|
||||
<!-- EDIT11 SECTION "Other" [2220-2354] -->
|
||||
<h2 class="sectionedit12" id="install_dependencies_on_your_system">Install dependencies on your system</h2>
|
||||
<div class="level2">
|
||||
|
||||
<div class="notewarning">You don't need to install them if you use <abbr title="LemonLDAP::NG">LL::NG</abbr> packages. With <code>apt</code> or <code>yum</code>, dependencies will be automatically installed.
|
||||
</div>
|
||||
<!-- EDIT11 SECTION "Install dependencies on your system" [2211-2260] -->
|
||||
<h3 class="sectionedit12" id="apt-get">APT-GET</h3>
|
||||
</div>
|
||||
<!-- EDIT12 SECTION "Install dependencies on your system" [2355-2554] -->
|
||||
<h3 class="sectionedit13" id="apt">APT</h3>
|
||||
<div class="level3">
|
||||
|
||||
<p>
|
||||
|
@ -318,10 +337,10 @@ For Nginx:
|
|||
<pre class="code">apt install nginx nginx-extras</pre>
|
||||
|
||||
</div>
|
||||
<!-- EDIT12 SECTION "APT-GET" [2261-3043] -->
|
||||
<h3 class="sectionedit13" id="yum">YUM</h3>
|
||||
<!-- EDIT13 SECTION "APT" [2555-3333] -->
|
||||
<h3 class="sectionedit14" id="yum">YUM</h3>
|
||||
<div class="level3">
|
||||
<div class="notetip">You need <a href="http://fedoraproject.org/wiki/EPEL/" class="urlextern" title="http://fedoraproject.org/wiki/EPEL/" rel="nofollow">EPEL</a> repository. See how you can activate this repository: <a href="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse" class="urlextern" title="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse" rel="nofollow">http://fedoraproject.org/wiki/EPEL/FAQ#howtouse</a>
|
||||
<div class="notetip">You need <a href="http://fedoraproject.org/wiki/EPEL/" class="urlextern" title="http://fedoraproject.org/wiki/EPEL/" rel="nofollow">EPEL</a> repository. See below how to enable this repository: <a href="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse" class="urlextern" title="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse" rel="nofollow">http://fedoraproject.org/wiki/EPEL/FAQ#howtouse</a>
|
||||
</div>
|
||||
<p>
|
||||
Perl dependencies:
|
||||
|
@ -340,6 +359,6 @@ For Nginx:
|
|||
<div class="noteimportant">As you need a recent version of Nginx, the best is to install <a href="https://www.nginx.com/resources/wiki/start/topics/tutorials/install/#official-red-hat-centos-packages" class="urlextern" title="https://www.nginx.com/resources/wiki/start/topics/tutorials/install/#official-red-hat-centos-packages" rel="nofollow">Nginx official packages</a>.
|
||||
</div>
|
||||
</div>
|
||||
<!-- EDIT13 SECTION "YUM" [3044-] --></div>
|
||||
<!-- EDIT14 SECTION "YUM" [3334-] --></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -229,7 +229,8 @@ You will find in LLNG Nginx configuration files some comments that explain how t
|
|||
<p>
|
||||
lemonldap-ng-uwsgi-app installs a uWSGI application: <code>/etc/uwsgi/apps-available/llng-server.yaml</code>. To enable it, link it in <code>apps-enabled</code> and restart your uWSGI daemon:
|
||||
</p>
|
||||
<pre class="code shell">cd /etc/uwsgi/apps-enabled
|
||||
<pre class="code shell">apt-get install uwsgi uwsgi-plugin-psgi
|
||||
cd /etc/uwsgi/apps-enabled
|
||||
ln -s ../apps-available/llng-server.yaml
|
||||
service uwsgi restart</pre>
|
||||
|
||||
|
@ -238,7 +239,7 @@ Then adapt your Nginx configuration to use this uWSGI app.
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT5 SECTION "Using uWSGI" [3413-4230] -->
|
||||
<!-- EDIT5 SECTION "Using uWSGI" [3413-4270] -->
|
||||
<h2 class="sectionedit6" id="protect_a_psgi_application">Protect a PSGI application</h2>
|
||||
<div class="level2">
|
||||
|
||||
|
@ -282,6 +283,6 @@ builder <span class="br0">{</span>
|
|||
</dd></dl>
|
||||
|
||||
</div>
|
||||
<!-- EDIT6 SECTION "Protect a PSGI application" [4231-] --></div>
|
||||
<!-- EDIT6 SECTION "Protect a PSGI application" [4271-] --></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -90,7 +90,7 @@
|
|||
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
|
||||
|
||||
<ul class="nav navbar-nav">
|
||||
<li><a href="/documentation/2.0/restserverplugin?do=login&sectok=ca8b27b06771874f4f7205ded14cfc7c" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
|
||||
<li><a href="/documentation/2.0/restserverplugin?do=login&sectok=b080493cd401ddb4d6ec6dbe57503dcd" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
|
||||
|
||||
</div>
|
||||
|
||||
|
@ -241,7 +241,7 @@ You've followed a link to a topic that doesn't exist yet. If permissio
|
|||
|
||||
</div><!-- /site -->
|
||||
|
||||
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&1529961311" width="2" height="1" alt="" /></div>
|
||||
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&1531599550" width="2" height="1" alt="" /></div>
|
||||
<div id="screen__mode" class="no">
|
||||
<span class="visible-xs"></span>
|
||||
<span class="visible-sm"></span>
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
<meta charset="utf-8" />
|
||||
<title>documentation:2.0:secondfactor</title>
|
||||
<meta name="generator" content="DokuWiki"/>
|
||||
<meta name="robots" content="noindex,nofollow"/>
|
||||
<meta name="robots" content="index,follow"/>
|
||||
<meta name="keywords" content="documentation,2.0,secondfactor"/>
|
||||
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
||||
<link rel="start" href="secondfactor.html"/>
|
||||
|
@ -66,14 +66,14 @@
|
|||
<div class="level1">
|
||||
|
||||
<p>
|
||||
Two-Factor Authentication <em>(as known as 2FA)</em> is a kind (subset) of <a href="https://en.wikipedia.org/wiki/Multi-factor_authentication" class="urlextern" title="https://en.wikipedia.org/wiki/Multi-factor_authentication" rel="nofollow">multi-factor authentication</a>. It is a method to confirm a user's claimed identity by using a combination of two different factors :
|
||||
Two-Factor Authentication <em>(as known as 2FA)</em> is a kind (subset) of <a href="https://en.wikipedia.org/wiki/Multi-factor_authentication" class="urlextern" title="https://en.wikipedia.org/wiki/Multi-factor_authentication" rel="nofollow">multi-factor authentication</a>. It is a method to confirm a user's claimed identity by using a combination of two different factors between:
|
||||
</p>
|
||||
<ol>
|
||||
<li class="level1"><div class="li"> something they know <em>(login / password, …)</em>,</div>
|
||||
<li class="level1"><div class="li"> something they know <em>(login / password, …)</em></div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> something they have <em>(U2F Key, smartphone, …) or </em> </div>
|
||||
<li class="level1"><div class="li"> something they have <em>(U2F Key, smartphone, …) </em> </div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> something they are <em>(biometrics like fingerprints, …)</em>.</div>
|
||||
<li class="level1"><div class="li"> something they are <em>(biometrics like fingerprints, …)</em></div>
|
||||
</li>
|
||||
</ol>
|
||||
|
||||
|
@ -83,20 +83,20 @@ Since 2.0, LLNG provides some second factor plugins that can be used to complete
|
|||
<ul>
|
||||
<li class="level1"><div class="li"> <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">U2F tokens</a></div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <a href="totp2f.html" class="wikilink1" title="documentation:2.0:totp2f">TOTP</a> <em>(to use with <a href="https://freeotp.github.io/" class="urlextern" title="https://freeotp.github.io/" rel="nofollow">FreeOTP</a>, ||<a href="https://en.wikipedia.org/wiki/Google_Authenticator" class="urlextern" title="https://en.wikipedia.org/wiki/Google_Authenticator" rel="nofollow">https://en.wikipedia.org/wiki/Google_Authenticator</a>|Google-Authenticator]],…)</em></div>
|
||||
<li class="level1"><div class="li"> <a href="totp2f.html" class="wikilink1" title="documentation:2.0:totp2f">TOTP</a> <em>(to use with <a href="https://freeotp.github.io/" class="urlextern" title="https://freeotp.github.io/" rel="nofollow">FreeOTP</a>, <a href="https://en.wikipedia.org/wiki/Google_Authenticator" class="urlextern" title="https://en.wikipedia.org/wiki/Google_Authenticator" rel="nofollow">Google-Authenticator</a>,…)</em></div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <a href="utotp2f.html" class="wikilink1" title="documentation:2.0:utotp2f">U2F-or-TOTP</a> <em>(enable both U2F and TOTP)</em></div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <a href="yubikey2f.html" class="wikilink1" title="documentation:2.0:yubikey2f">Yubikey tokens</a> <em> provide by Yubico</em> </div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <a href="rest2f.html" class="wikilink1" title="documentation:2.0:rest2f">REST</a> <em>(to call an external command)</em> </div>
|
||||
<li class="level1"><div class="li"> <a href="rest2f.html" class="wikilink1" title="documentation:2.0:rest2f">REST</a> <em>(Remote REST app)</em> </div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <a href="external2f.html" class="wikilink1" title="documentation:2.0:external2f">External 2F</a> <em>(Remote REST app) </em> </div>
|
||||
<li class="level1"><div class="li"> <a href="external2f.html" class="wikilink1" title="documentation:2.0:external2f">External 2F</a> <em>(to call an external command)</em> </div>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
</div>
|
||||
<!-- EDIT1 SECTION "Second Factors" [1-993] -->
|
||||
<!-- EDIT1 SECTION "Second Factors" [1-994] -->
|
||||
<h2 class="sectionedit2" id="providing_tokens_from_an_external_source">Providing tokens from an external source</h2>
|
||||
<div class="level2">
|
||||
|
||||
|
@ -106,25 +106,25 @@ If you don't want to use self-registration features for U2F, TOTP and so on
|
|||
<pre class="code json">[ {"type" : "TOTP", "name" : "MyTOTP", …}, {<other_token>}, …]</pre>
|
||||
|
||||
</div>
|
||||
<!-- EDIT2 SECTION "Providing tokens from an external source" [994-1387] -->
|
||||
<!-- EDIT2 SECTION "Providing tokens from an external source" [995-1388] -->
|
||||
<h3 class="sectionedit3" id="u2f_tokens">U2F Tokens</h3>
|
||||
<div class="level3">
|
||||
<pre class="code json">{"name" : "MyU2FKey" , "type" : "U2F" , "_userKey" : "########" , "_keyHandle":"########" , "epoch":"1524078936"}</pre>
|
||||
|
||||
</div>
|
||||
<!-- EDIT3 SECTION "U2F Tokens" [1388-1545] -->
|
||||
<!-- EDIT3 SECTION "U2F Tokens" [1389-1546] -->
|
||||
<h3 class="sectionedit4" id="totp_tokens">TOTP Tokens</h3>
|
||||
<div class="level3">
|
||||
<pre class="code json">{"name" : "MyTOTP" , "type" : "TOTP" , "_secret" : "########" , "epoch" : "1523817955"}</pre>
|
||||
|
||||
</div>
|
||||
<!-- EDIT4 SECTION "TOTP Tokens" [1546-1678] -->
|
||||
<!-- EDIT4 SECTION "TOTP Tokens" [1547-1679] -->
|
||||
<h3 class="sectionedit5" id="yubikey_tokens">Yubikey Tokens</h3>
|
||||
<div class="level3">
|
||||
<pre class="code json">{"name" : "MyYubikey" , "type" : "UBK" , "_yubikey" : "########" , "epoch" : "1523817715"}</pre>
|
||||
|
||||
</div>
|
||||
<!-- EDIT5 SECTION "Yubikey Tokens" [1679-1817] -->
|
||||
<!-- EDIT5 SECTION "Yubikey Tokens" [1680-1818] -->
|
||||
<h2 class="sectionedit6" id="developer_corner">Developer corner</h2>
|
||||
<div class="level2">
|
||||
|
||||
|
@ -141,6 +141,6 @@ To enable manager Second Factor Administration Module, set <code>enabledModules<
|
|||
<span class="re1">enabledModules</span> <span class="sy0">=</span><span class="re2"> conf, sessions, notifications, 2ndFA</span></pre>
|
||||
|
||||
</div>
|
||||
<!-- EDIT6 SECTION "Developer corner" [1818-] --></div>
|
||||
<!-- EDIT6 SECTION "Developer corner" [1819-] --></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -183,9 +183,9 @@ If you use <a href="soapsessionbackend.html" class="wikilink1" title="documentat
|
|||
<div class="level3">
|
||||
|
||||
<p>
|
||||
<a href="writingrulesand_headers.html#rules" class="wikilink1" title="documentation:2.0:writingrulesand_headers">Rules</a> are applied in alphabetical order (comment and regular expression). The first rule that matches is applied.
|
||||
<a href="writingrulesand_headers.html#rules" class="wikilink1" title="documentation:2.0:writingrulesand_headers">Rules</a> are applied in alphabetical order (comment and regular expression). The first matching rule is applied.
|
||||
</p>
|
||||
<div class="noteimportant">The “default” rule is only applied if no other rule match
|
||||
<div class="noteimportant">The “default” rule is only applied if no other rule matchs
|
||||
</div>
|
||||
<p>
|
||||
The Manager let you define comments in rules, to order them:
|
||||
|
@ -211,7 +211,7 @@ For example, if these rules are used without comments:
|
|||
<td class="col0"> ^/pub/ </td><td class="col1"> accept </td><td class="col2"> </td>
|
||||
</tr>
|
||||
</table></div>
|
||||
<!-- EDIT10 TABLE [3378-3488] -->
|
||||
<!-- EDIT10 TABLE [3375-3485] -->
|
||||
<p>
|
||||
Then the second rule will be applied first, so every authenticated user will access to <code>/pub/admin</code> directory.
|
||||
</p>
|
||||
|
@ -232,8 +232,8 @@ Use comment to correct this:
|
|||
<td class="col0"> ^/pub/ </td><td class="col1"> accept </td><td class="col2"> 2_pub </td>
|
||||
</tr>
|
||||
</table></div>
|
||||
<!-- EDIT11 TABLE [3633-3757] --><div class="notetip"><ul>
|
||||
<li class="level1"><div class="li"> Reload the Manager to see the order that will be used</div>
|
||||
<!-- EDIT11 TABLE [3630-3754] --><div class="notetip"><ul>
|
||||
<li class="level1"><div class="li"> Reload the Manager to see the effective order</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> Use rule comments to order your rules</div>
|
||||
</li>
|
||||
|
@ -241,7 +241,7 @@ Use comment to correct this:
|
|||
|
||||
</div>
|
||||
</div>
|
||||
<!-- EDIT9 SECTION "Order your rules" [2962-3878] -->
|
||||
<!-- EDIT9 SECTION "Order your rules" [2962-3867] -->
|
||||
<h3 class="sectionedit12" id="be_careful_with_url_parameters">Be careful with URL parameters</h3>
|
||||
<div class="level3">
|
||||
|
||||
|
@ -265,7 +265,7 @@ For example with this rule on the <code>access</code> parameter:
|
|||
<td class="col0"> default </td><td class="col1"> accept </td><td class="col2"> </td>
|
||||
</tr>
|
||||
</table></div>
|
||||
<!-- EDIT13 TABLE [4115-4249] -->
|
||||
<!-- EDIT13 TABLE [4104-4238] -->
|
||||
<p>
|
||||
Then a user that try to access to one of the following <em class="u">will be granted</em> !
|
||||
</p>
|
||||
|
@ -295,11 +295,11 @@ You can use the following rules instead:
|
|||
<td class="col0"> default </td><td class="col1"> accept </td><td class="col2"> </td>
|
||||
</tr>
|
||||
</table></div>
|
||||
<!-- EDIT14 TABLE [4447-4650] --><div class="notetip"><strong>(?i)</strong> means case no sensitive.
|
||||
<!-- EDIT14 TABLE [4436-4639] --><div class="notetip"><strong>(?i)</strong> means case no sensitive.
|
||||
</div><div class="notewarning">Remember that rules written on GET parameters must be tested.
|
||||
</div>
|
||||
</div>
|
||||
<!-- EDIT12 SECTION "Be careful with URL parameters" [3879-4787] -->
|
||||
<!-- EDIT12 SECTION "Be careful with URL parameters" [3868-4776] -->
|
||||
<h3 class="sectionedit15" id="encoded_characters">Encoded characters</h3>
|
||||
<div class="level3">
|
||||
|
||||
|
@ -308,7 +308,7 @@ Some characters are encoded in URLs by the browser (such as space,…). To avoid
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT15 SECTION "Encoded characters" [4788-5041] -->
|
||||
<!-- EDIT15 SECTION "Encoded characters" [4777-5030] -->
|
||||
<h2 class="sectionedit16" id="secure_reverse-proxies">Secure reverse-proxies</h2>
|
||||
<div class="level2">
|
||||
|
||||
|
@ -354,7 +354,7 @@ It is recommended to secure the channel between reverse-proxies and application
|
|||
</ul>
|
||||
|
||||
</div>
|
||||
<!-- EDIT16 SECTION "Secure reverse-proxies" [5042-6710] -->
|
||||
<!-- EDIT16 SECTION "Secure reverse-proxies" [5031-6699] -->
|
||||
<h2 class="sectionedit17" id="configure_security_settings">Configure security settings</h2>
|
||||
<div class="level2">
|
||||
|
||||
|
@ -381,12 +381,12 @@ Go in Manager, <code>General parameters</code> » <code>Advanced parameters</cod
|
|||
</ul>
|
||||
|
||||
</div>
|
||||
<!-- EDIT17 SECTION "Configure security settings" [6711-8044] -->
|
||||
<!-- EDIT17 SECTION "Configure security settings" [6700-8033] -->
|
||||
<h2 class="sectionedit18" id="fail2ban">Fail2ban</h2>
|
||||
<div class="level2">
|
||||
|
||||
<p>
|
||||
For block brute force attack with fail2ban
|
||||
To prevent brute force attack with fail2ban
|
||||
</p>
|
||||
|
||||
<p>
|
||||
|
@ -433,7 +433,7 @@ Restart fail2ban
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT18 SECTION "Fail2ban" [8045-9098] -->
|
||||
<!-- EDIT18 SECTION "Fail2ban" [8034-9088] -->
|
||||
<h2 class="sectionedit19" id="sessions_identifier">Sessions identifier</h2>
|
||||
<div class="level2">
|
||||
|
||||
|
@ -442,11 +442,11 @@ You can change the module used for sessions identifier generation. To do, add <c
|
|||
</p>
|
||||
|
||||
<p>
|
||||
We recommend the use of <code>Lemonldap::NG::Common::Apache::Session::Generate::SHA256</code>.
|
||||
We recommend to use : <code>Lemonldap::NG::Common::Apache::Session::Generate::SHA256</code>.
|
||||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT19 SECTION "Sessions identifier" [9099-9363] -->
|
||||
<!-- EDIT19 SECTION "Sessions identifier" [9089-9351] -->
|
||||
<h2 class="sectionedit20" id="saml">SAML</h2>
|
||||
<div class="level2">
|
||||
|
||||
|
@ -455,6 +455,6 @@ See <a href="samlservice.html#security_parameters" class="wikilink1" title="docu
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT20 SECTION "SAML" [9364-] --></div>
|
||||
<!-- EDIT20 SECTION "SAML" [9352-] --></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
<meta charset="utf-8" />
|
||||
<title>documentation:2.0:servertoserver</title>
|
||||
<meta name="generator" content="DokuWiki"/>
|
||||
<meta name="robots" content="noindex,nofollow"/>
|
||||
<meta name="robots" content="index,follow"/>
|
||||
<meta name="keywords" content="documentation,2.0,servertoserver"/>
|
||||
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
||||
<link rel="start" href="servertoserver.html"/>
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
<meta charset="utf-8" />
|
||||
<title>documentation:2.0:start</title>
|
||||
<meta name="generator" content="DokuWiki"/>
|
||||
<meta name="robots" content="noindex,nofollow"/>
|
||||
<meta name="robots" content="index,follow"/>
|
||||
<meta name="keywords" content="documentation,2.0,start"/>
|
||||
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
||||
<link rel="start" href="start.html"/>
|
||||
|
@ -49,7 +49,7 @@
|
|||
<div>
|
||||
|
||||
<ul class="toc">
|
||||
<li class="level1"><div class="li"><a href="#presentation">Présentation</a></div></li>
|
||||
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
|
||||
<li class="level1"><div class="li"><a href="#installation">Installation</a></div>
|
||||
<ul class="toc">
|
||||
<li class="level2"><div class="li"><a href="#before_installation">Before installation</a></div></li>
|
||||
|
@ -95,7 +95,7 @@
|
|||
|
||||
</div>
|
||||
<!-- EDIT1 SECTION "Documentation for LemonLDAP::NG 2.0" [1-51] -->
|
||||
<h2 class="sectionedit2" id="presentation">Présentation</h2>
|
||||
<h2 class="sectionedit2" id="presentation">Presentation</h2>
|
||||
<div class="level2">
|
||||
<ul>
|
||||
<li class="level1"><div class="li"> <a href="documentation/presentation.html" class="wikilink1" title="documentation:presentation">Presentation</a></div>
|
||||
|
@ -109,12 +109,12 @@
|
|||
</ul>
|
||||
|
||||
</div>
|
||||
<!-- EDIT2 SECTION "Présentation" [52-270] -->
|
||||
<!-- EDIT2 SECTION "Presentation" [52-269] -->
|
||||
<h2 class="sectionedit3" id="installation">Installation</h2>
|
||||
<div class="level2">
|
||||
|
||||
</div>
|
||||
<!-- EDIT3 SECTION "Installation" [271-296] -->
|
||||
<!-- EDIT3 SECTION "Installation" [270-295] -->
|
||||
<h3 class="sectionedit4" id="before_installation">Before installation</h3>
|
||||
<div class="level3">
|
||||
|
||||
|
@ -135,7 +135,7 @@
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT4 SECTION "Before installation" [297-561] -->
|
||||
<!-- EDIT4 SECTION "Before installation" [296-560] -->
|
||||
<h3 class="sectionedit5" id="installation1">Installation</h3>
|
||||
<div class="level3">
|
||||
|
||||
|
@ -164,7 +164,7 @@
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT5 SECTION "Installation" [562-1104] -->
|
||||
<!-- EDIT5 SECTION "Installation" [561-1103] -->
|
||||
<h3 class="sectionedit6" id="after_installation">After installation</h3>
|
||||
<div class="level3">
|
||||
|
||||
|
@ -187,12 +187,12 @@
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT6 SECTION "After installation" [1105-1538] -->
|
||||
<!-- EDIT6 SECTION "After installation" [1104-1537] -->
|
||||
<h2 class="sectionedit7" id="configuration">Configuration</h2>
|
||||
<div class="level2">
|
||||
|
||||
</div>
|
||||
<!-- EDIT7 SECTION "Configuration" [1539-1565] -->
|
||||
<!-- EDIT7 SECTION "Configuration" [1538-1564] -->
|
||||
<h3 class="sectionedit8" id="first_steps">First steps</h3>
|
||||
<div class="level3">
|
||||
|
||||
|
@ -221,7 +221,7 @@
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT8 SECTION "First steps" [1566-2025] -->
|
||||
<!-- EDIT8 SECTION "First steps" [1565-2024] -->
|
||||
<h3 class="sectionedit9" id="portal">Portal</h3>
|
||||
<div class="level3">
|
||||
|
||||
|
@ -380,7 +380,7 @@
|
|||
<td class="col0"> <a href="autosignin.html" class="wikilink1" title="documentation:2.0:autosignin">Auto Signin</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"> ✔ </td><td class="col2"></td><td class="col3"></td>
|
||||
</tr>
|
||||
</table></div>
|
||||
<!-- EDIT10 TABLE [2562-4917] -->
|
||||
<!-- EDIT10 TABLE [2561-4916] -->
|
||||
<p>
|
||||
</div></div>
|
||||
</p>
|
||||
|
@ -424,13 +424,13 @@
|
|||
<td class="col0"> <a href="issuerdbget.html" class="wikilink1" title="documentation:2.0:issuerdbget">Get parameters provider</a> <em>(for poor applications)</em> </td><td class="col1 leftalign"> </td><td class="col2 centeralign"> ✔ </td>
|
||||
</tr>
|
||||
</table></div>
|
||||
<!-- EDIT11 TABLE [5263-5624] -->
|
||||
<!-- EDIT11 TABLE [5262-5623] -->
|
||||
<p>
|
||||
</div></div>
|
||||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT9 SECTION "Portal" [2026-5652] -->
|
||||
<!-- EDIT9 SECTION "Portal" [2025-5651] -->
|
||||
<h3 class="sectionedit12" id="handlers">Handlers</h3>
|
||||
<div class="level3">
|
||||
|
||||
|
@ -474,7 +474,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
|
|||
<td class="col0"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra PreAuth</a> </td><td class="col1 centeralign"> ✔ </td><td class="col2 centeralign"> ✔ </td><td class="col3 centeralign"> ✔ </td><td class="col4 leftalign"> </td><td class="col5 leftalign"> </td>
|
||||
</tr>
|
||||
</table></div>
|
||||
<!-- EDIT13 TABLE [5927-7105] -->
|
||||
<!-- EDIT13 TABLE [5926-7104] -->
|
||||
<p>
|
||||
<em>(*): <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:nodehandler">Node.js handler</a> has not yet reached the same level of functionalities.</em>
|
||||
</p>
|
||||
|
@ -484,7 +484,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT12 SECTION "Handlers" [5653-7230] -->
|
||||
<!-- EDIT12 SECTION "Handlers" [5652-7229] -->
|
||||
<h3 class="sectionedit14" id="llng_databases">LLNG databases</h3>
|
||||
<div class="level3">
|
||||
|
||||
|
@ -533,7 +533,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
|
|||
<td class="col0 centeralign"> <a href="localconfbackend.html" class="wikilink1" title="documentation:2.0:localconfbackend">Local</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 leftalign"> </td><td class="col2 leftalign"> Use only lemonldap-ng.ini parameters. </td>
|
||||
</tr>
|
||||
</table></div>
|
||||
<!-- EDIT15 TABLE [7535-8621] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
|
||||
<!-- EDIT15 TABLE [7534-8620] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
|
||||
</div>
|
||||
<p>
|
||||
</div></div>
|
||||
|
@ -588,13 +588,13 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
|
|||
<strong>Can be used to secure another backend</strong> for remote servers. </td>
|
||||
</tr>
|
||||
</table></div>
|
||||
<!-- EDIT16 TABLE [9486-11166] -->
|
||||
<!-- EDIT16 TABLE [9485-11165] -->
|
||||
<p>
|
||||
</div></div>
|
||||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT14 SECTION "LLNG databases" [7231-11194] -->
|
||||
<!-- EDIT14 SECTION "LLNG databases" [7230-11193] -->
|
||||
<h2 class="sectionedit17" id="applications_protection">Applications protection</h2>
|
||||
<div class="level2">
|
||||
|
||||
|
@ -623,7 +623,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT17 SECTION "Applications protection" [11195-11685] -->
|
||||
<!-- EDIT17 SECTION "Applications protection" [11194-11684] -->
|
||||
<h3 class="sectionedit18" id="well_known_compatible_applications">Well known compatible applications</h3>
|
||||
<div class="level3">
|
||||
<div class="noteclassic">Here is a list of well known applications that are compatible with <abbr title="LemonLDAP::NG">LL::NG</abbr>. A full list is available on <a href="applications.html" class="wikilink1" title="documentation:2.0:applications">vendor applications page</a>.
|
||||
|
@ -721,7 +721,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT18 SECTION "Well known compatible applications" [11686-13899] -->
|
||||
<!-- EDIT18 SECTION "Well known compatible applications" [11685-13898] -->
|
||||
<h2 class="sectionedit19" id="advanced_features">Advanced features</h2>
|
||||
<div class="level2">
|
||||
|
||||
|
@ -778,7 +778,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT19 SECTION "Advanced features" [13900-15082] -->
|
||||
<!-- EDIT19 SECTION "Advanced features" [13899-15081] -->
|
||||
<h2 class="sectionedit20" id="mini_howtos">Mini howtos</h2>
|
||||
<div class="level2">
|
||||
|
||||
|
@ -811,7 +811,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT20 SECTION "Mini howtos" [15083-15856] -->
|
||||
<!-- EDIT20 SECTION "Mini howtos" [15082-15855] -->
|
||||
<h2 class="sectionedit21" id="exploitation">Exploitation</h2>
|
||||
<div class="level2">
|
||||
|
||||
|
@ -846,7 +846,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT21 SECTION "Exploitation" [15857-16371] -->
|
||||
<!-- EDIT21 SECTION "Exploitation" [15856-16370] -->
|
||||
<h2 class="sectionedit22" id="bug_report">Bug report</h2>
|
||||
<div class="level2">
|
||||
|
||||
|
@ -855,7 +855,7 @@ See <a href="bugreport.html" class="wikilink1" title="bugreport">How to report a
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT22 SECTION "Bug report" [16372-16436] -->
|
||||
<!-- EDIT22 SECTION "Bug report" [16371-16435] -->
|
||||
<h2 class="sectionedit23" id="developer_corner">Developer corner</h2>
|
||||
<div class="level2">
|
||||
|
||||
|
@ -914,6 +914,6 @@ If you don't want to publish your translation <em>(<code>XX</code> must be
|
|||
</ul>
|
||||
|
||||
</div>
|
||||
<!-- EDIT23 SECTION "Developer corner" [16437-] --></div>
|
||||
<!-- EDIT23 SECTION "Developer corner" [16436-] --></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
<meta charset="utf-8" />
|
||||
<title>documentation:2.0:totp2f</title>
|
||||
<meta name="generator" content="DokuWiki"/>
|
||||
<meta name="robots" content="index,follow"/>
|
||||
<meta name="robots" content="noindex,nofollow"/>
|
||||
<meta name="keywords" content="documentation,2.0,totp2f"/>
|
||||
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
||||
<link rel="start" href="totp2f.html"/>
|
||||
|
@ -49,6 +49,7 @@
|
|||
<div>
|
||||
|
||||
<ul class="toc">
|
||||
<li class="level1"><div class="li"><a href="#prerequisites_and_dependencies">Prerequisites and dependencies</a></div></li>
|
||||
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div></li>
|
||||
<li class="level1"><div class="li"><a href="#enrollment">Enrollment</a></div></li>
|
||||
<li class="level1"><div class="li"><a href="#assistance">Assistance</a></div></li>
|
||||
|
@ -58,7 +59,7 @@
|
|||
</div>
|
||||
<!-- TOC END -->
|
||||
|
||||
<h1 class="sectionedit1" id="totp_2nd_factor_authentication_u2f">TOTP 2nd Factor Authentication (U2F)</h1>
|
||||
<h1 class="sectionedit1" id="totp_2nd_factor_authentication">TOTP 2nd Factor Authentication</h1>
|
||||
<div class="level1">
|
||||
|
||||
<p>
|
||||
|
@ -71,8 +72,24 @@ LLNG can propose to users to register this kind of software to increase authenti
|
|||
<div class="notetip">Note that it's a second factor, not an authentication module. Users are authenticated both by login form and TOTP.
|
||||
</div>
|
||||
</div>
|
||||
<!-- EDIT1 SECTION "TOTP 2nd Factor Authentication (U2F)" [1-633] -->
|
||||
<h2 class="sectionedit2" id="configuration">Configuration</h2>
|
||||
<!-- EDIT1 SECTION "TOTP 2nd Factor Authentication" [1-627] -->
|
||||
<h2 class="sectionedit2" id="prerequisites_and_dependencies">Prerequisites and dependencies</h2>
|
||||
<div class="level2">
|
||||
|
||||
<p>
|
||||
This feature uses libconvert-base32-perl. Before enable it, on Debian you must install libconvert-base32-perl by :
|
||||
</p>
|
||||
<pre class="code">apt update
|
||||
apt install libconvert-base32-perl</pre>
|
||||
|
||||
<p>
|
||||
Or from CPAN repository :
|
||||
</p>
|
||||
<pre class="code">cpanm Convert::Base32</pre>
|
||||
|
||||
</div>
|
||||
<!-- EDIT2 SECTION "Prerequisites and dependencies" [628-912] -->
|
||||
<h2 class="sectionedit3" id="configuration">Configuration</h2>
|
||||
<div class="level2">
|
||||
|
||||
<p>
|
||||
|
@ -101,8 +118,8 @@ In the manager (advanced parameters), you just have to enable it:
|
|||
<div class="noteimportant">If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule that <code>$_2fDevices =~ /“type”:\s*“TOTP”/s</code> is set, else TOTP will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
|
||||
</div>
|
||||
</div>
|
||||
<!-- EDIT2 SECTION "Configuration" [634-1964] -->
|
||||
<h2 class="sectionedit3" id="enrollment">Enrollment</h2>
|
||||
<!-- EDIT3 SECTION "Configuration" [913-2243] -->
|
||||
<h2 class="sectionedit4" id="enrollment">Enrollment</h2>
|
||||
<div class="level2">
|
||||
|
||||
<p>
|
||||
|
@ -110,8 +127,8 @@ If you've enabled self registration, users can register their keys by using
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT3 SECTION "Enrollment" [1965-2092] -->
|
||||
<h2 class="sectionedit4" id="assistance">Assistance</h2>
|
||||
<!-- EDIT4 SECTION "Enrollment" [2244-2371] -->
|
||||
<h2 class="sectionedit5" id="assistance">Assistance</h2>
|
||||
<div class="level2">
|
||||
|
||||
<p>
|
||||
|
@ -124,8 +141,8 @@ To enable manager Second Factor Administration Module, set <code>enabledModules<
|
|||
<span class="re1">enabledModules</span> <span class="sy0">=</span><span class="re2"> conf, sessions, notifications, 2ndFA</span></pre>
|
||||
|
||||
</div>
|
||||
<!-- EDIT4 SECTION "Assistance" [2093-2407] -->
|
||||
<h2 class="sectionedit5" id="developer_corner">Developer corner</h2>
|
||||
<!-- EDIT5 SECTION "Assistance" [2372-2686] -->
|
||||
<h2 class="sectionedit6" id="developer_corner">Developer corner</h2>
|
||||
<div class="level2">
|
||||
|
||||
<p>
|
||||
|
@ -134,6 +151,6 @@ If you have another TOTP registration interface, you have to set these keys in S
|
|||
<pre class="code file json">[{"name" : "MyTOTP" , "type" : "TOTP" , "_secret" : "########" , "epoch":"1524078936"}, ...]</pre>
|
||||
|
||||
</div>
|
||||
<!-- EDIT5 SECTION "Developer corner" [2408-] --></div>
|
||||
<!-- EDIT6 SECTION "Developer corner" [2687-] --></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -136,17 +136,13 @@ If you have enabled self registration, users can register their U2F keys using <
|
|||
<div class="level2">
|
||||
|
||||
<p>
|
||||
If a user lost its key, you can delete the 2F device from the manager Second Factor module :
|
||||
</p>
|
||||
|
||||
<p>
|
||||
* To enable manager Second Factor Administration Module, set <code>enabledModules</code> key in your <code>lemonldap-ng.ini</code> file :
|
||||
If a user lost its key, you can delete the 2F device from the manager Second Factor module. To enable manager Second Factor Administration Module, set <code>enabledModules</code> key in your <code>lemonldap-ng.ini</code> file :
|
||||
</p>
|
||||
<pre class="code ini"><span class="re0"><span class="br0">[</span>portal<span class="br0">]</span></span>
|
||||
<span class="re1">enabledModules</span> <span class="sy0">=</span><span class="re2"> conf, sessions, notifications, 2ndFA</span></pre>
|
||||
|
||||
</div>
|
||||
<!-- EDIT6 SECTION "Assistance" [2308-2630] -->
|
||||
<!-- EDIT6 SECTION "Assistance" [2308-2625] -->
|
||||
<h2 class="sectionedit7" id="developer_corner">Developer corner</h2>
|
||||
<div class="level2">
|
||||
|
||||
|
@ -161,6 +157,6 @@ Note that both “origin” and “appId” are fixed to portal <abbr title="Uni
|
|||
</p>
|
||||
|
||||
</div>
|
||||
<!-- EDIT7 SECTION "Developer corner" [2631-] --></div>
|
||||
<!-- EDIT7 SECTION "Developer corner" [2626-] --></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
<meta charset="utf-8" />
|
||||
<title>documentation:2.0:upgrade</title>
|
||||
<meta name="generator" content="DokuWiki"/>
|
||||
<meta name="robots" content="noindex,nofollow"/>
|
||||
<meta name="robots" content="index,follow"/>
|
||||
<meta name="keywords" content="documentation,2.0,upgrade"/>
|
||||
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
||||
<link rel="start" href="upgrade.html"/>
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
<meta charset="utf-8" />
|
||||
<title>documentation:2.0:utotp2f</title>
|
||||
<meta name="generator" content="DokuWiki"/>
|
||||
<meta name="robots" content="noindex,nofollow"/>
|
||||
<meta name="robots" content="index,follow"/>
|
||||
<meta name="keywords" content="documentation,2.0,utotp2f"/>
|
||||
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
||||
<link rel="start" href="utotp2f.html"/>
|
||||
|
|
Loading…
Reference in New Issue