Update trunk doc to 1.1

2010-12-12 21:29:56 +00:00 · 2010-12-12 21:29:56 +00:00 · 80b8461384
commit 80b8461384
parent be0a046b63
91 changed files with 14292 additions and 9 deletions
--- a/build/lemonldap-ng/Makefile
+++ b/build/lemonldap-ng/Makefile
@ -502,7 +502,7 @@ manager_cpan:	manager_conf
 documentation:
 	@rm -f doc/pages/documentation/latest
 	@cd doc/ && ../scripts/doc.pl
-	@rm -rf doc/pages/documentation/latest doc/pages/wiki doc/pages/playground
+	@rm -rf doc/pages/documentation/{latest,1.0} doc/pages/wiki doc/pages/playground
 	@ln -s $$(perl -e '$$h{sprintf("%03d\.%03d\.%03d",split/\./,$$_)}=$$_ foreach(@ARGV); \
 		foreach(sort keys %h){$$last="$$h{$$_}\n"};print $$last;' \
 		$$(find doc/pages/documentation/ -maxdepth 1 -mindepth 1 -type d ! \
--- a/build/lemonldap-ng/doc/index/alphabetical.html
+++ b/build/lemonldap-ng/doc/index/alphabetical.html
--- a/build/lemonldap-ng/doc/pages/documentation.html
+++ b/build/lemonldap-ng/doc/pages/documentation.html
@ -60,7 +60,7 @@
 </p>

 <p>
-<div style="width:100px;height:50px;float:left;">
+<div style="width:100px;height:80px;float:left;">
 <a href="/_detail/icons/windowlist.png?id=documentation" class="media" title="icons:windowlist.png"><img src="../media/icons/windowlist.png" class="media" alt="" /></a>
 </div>

@ -68,6 +68,8 @@
 <ul>
 <li class="level1"><div class="li"> All versions:</div>
 <ul>
+<li class="level2"><div class="li"> <a href="documentation/1.1/start.html" class="wikilink1" title="documentation:1.1:start">Version 1.1</a> (development version) </div>
+</li>
 <li class="level2"><div class="li"> <a href="documentation/1.0/start.html" class="wikilink1" title="documentation:1.0:start">Version 1.0</a></div>
 </li>
 <li class="level2"><div class="li"> <a href="http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/Documentation" class="urlextern" title="http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/Documentation"  rel="nofollow">Version 0.9.4</a> (old wiki)</div>
@ -77,7 +79,7 @@
 </ul>

 </div>
-<!-- SECTION "Installation and configuration" [325-720] -->
+<!-- SECTION "Installation and configuration" [325-784] -->
 <h2><a name="development" id="development">Development</a></h2>
 <div class="level2">

@ -114,7 +116,7 @@
 </ul>

 </div>
-<!-- SECTION "Development" [721-1645] -->
+<!-- SECTION "Development" [785-1709] -->
 <h3><a name="translators" id="translators">Translators</a></h3>
 <div class="level3">

@ -124,7 +126,7 @@ See <a href="translations.html" class="wikilink1" title="translations">translati
 </p>

 </div>
-<!-- SECTION "Translators" [1646-1691] -->
+<!-- SECTION "Translators" [1710-1755] -->
 <h2><a name="other" id="other">Other</a></h2>
 <div class="level2">

@ -143,4 +145,4 @@ See <a href="translations.html" class="wikilink1" title="translations">translati
 </ul>

 </div>
-<!-- SECTION "Other" [1692-] --></div><!-- closes <div class="dokuwiki export">-->
+<!-- SECTION "Other" [1756-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/activedirectoryminihowto.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/activedirectoryminihowto.html
@ -0,0 +1,70 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="using_lemonldapng_with_active-directory" id="using_lemonldapng_with_active-directory">Using Lemonldap::NG with Active-Directory</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "Using Lemonldap::NG with Active-Directory" [1-57] -->
+<h2><a name="using_active-directory_as_authentication_backend" id="using_active-directory_as_authentication_backend">Using Active-Directory as authentication backend</a></h2>
+<div class="level2">
+
+<p>
+
+To use Active-Directory as <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> backend, you must change few things in the manager :
+</p>
+<ul>
+<li class="level1"><div class="li"> Use “<acronym title="Lightweight Directory Access Protocol">LDAP</acronym>” as authentication and userDB backends,</div>
+</li>
+<li class="level1"><div class="li"> Configure authentication filter <em>(“General Parameters » Authentication modules » <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> parameters » Filters”)</em> with:</div>
+</li>
+</ul>
+<pre class="code">
+(&amp;(sAMAccountName=$user)(objectClass=person))
+</pre>
+<ul>
+<li class="level1"><div class="li"> Export sAMAccountName in a variable declared in <a href="../../documentation/1.1/exportedvars.html" class="wikilink1" title="documentation:1.1:exportedvars">exported variables</a></div>
+</li>
+<li class="level1"><div class="li"> Change the user attribute to store in Apache logs <em>(“General Parameters » Logs » REMOTE_USER”)</em>: use the variable declared above</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Using Active-Directory as authentication backend" [58-670] -->
+<h2><a name="using_kerberos" id="using_kerberos">Using Kerberos</a></h2>
+<div class="level2">
+
+<p>
+
+Two steps here:
+</p>
+<ul>
+<li class="level1"><div class="li"> Choose “Apache” as authentication module <em>(“General Parameters » Authentication modules » Authentication module”)</em></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/authapache.html" class="wikilink1" title="documentation:1.1:authapache">Configure the Apache server</a> that host the portal</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Using Kerberos" [671-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/applications.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/applications.html
@ -0,0 +1,145 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="applications" id="applications">Applications</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "Applications" [1-28] -->
+<h2><a name="known_supported_applications" id="known_supported_applications">Known supported applications</a></h2>
+<div class="level2">
+
+<p>
+
+Applications listed bellow are known to be easy to integrate in <acronym title="LemonLDAP::NG">LL::NG</acronym>. As <acronym title="LemonLDAP::NG">LL::NG</acronym> works like classic WebSSO (like Siteminder™), many other applications are easy to integrate.
+</p>
+
+</div>
+<!-- SECTION "Known supported applications" [29-249] -->
+<h3><a name="mail_agenda_groupware" id="mail_agenda_groupware">Mail, Agenda, Groupware</a></h3>
+<div class="level3">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  OBM  </th><th class="col1 centeralign">  Sympa  </th><th class="col2 centeralign">  Zimbra  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  <a href="../../documentation/1.1/applications/obm.html" class="media" title="documentation:1.1:applications:obm"><img src="../../../media/applications/obm_logo.png" class="media" alt="" /></a>  </td><td class="col1 leftalign"> <a href="../../documentation/1.1/applications/sympa.html" class="media" title="documentation:1.1:applications:sympa"><img src="../../../media/applications/sympa_logo.png" class="media" alt="" /></a>  </td><td class="col2 rightalign">  <a href="../../documentation/1.1/applications/zimbra.html" class="media" title="documentation:1.1:applications:zimbra"><img src="../../../media/applications/zimbra_logo.png" class="media" alt="" /></a> </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Mail, Agenda, Groupware" [250-497] -->
+<h3><a name="wiki" id="wiki">Wiki</a></h3>
+<div class="level3">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  Dokuwiki  </th><th class="col1 centeralign">  Mediawiki  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 leftalign"> <a href="../../documentation/1.1/applications/dokuwiki.html" class="media" title="documentation:1.1:applications:dokuwiki"><img src="../../../media/applications/dokuwiki_logo.png" class="media" alt="" /></a>  </td><td class="col1 centeralign">  <a href="../../documentation/1.1/applications/mediawiki.html" class="media" title="documentation:1.1:applications:mediawiki"><img src="../../../media/applications/mediawiki_logo.png" class="media" alt="" /></a>  </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Wiki" [498-680] -->
+<h3><a name="cms_portal" id="cms_portal">CMS, Portal</a></h3>
+<div class="level3">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  Drupal  </th><th class="col1 centeralign">  Liferay  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  <a href="../../documentation/1.1/applications/drupal.html" class="media" title="documentation:1.1:applications:drupal"><img src="../../../media/applications/drupal_logo.png" class="media" alt="" /></a>  </td><td class="col1 centeralign">   <a href="../../documentation/1.1/applications/liferay.html" class="media" title="documentation:1.1:applications:liferay"><img src="../../../media/applications/liferay_logo.png" class="media" alt="" /></a>  </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "CMS, Portal" [681-860] -->
+<h3><a name="bugtracker_service_management" id="bugtracker_service_management">Bugtracker, Service Management</a></h3>
+<div class="level3">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  Bugzilla  </th><th class="col1 leftalign"> GLPI  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  <a href="../../documentation/1.1/applications/bugzilla.html" class="media" title="documentation:1.1:applications:bugzilla"><img src="../../../media/applications/bugzilla_logo.png" class="media" alt="" /></a>  </td><td class="col1 centeralign">  <a href="https://forge.indepnet.net/projects/glpi/wiki/GLPI-SSO" class="media" title="https://forge.indepnet.net/projects/glpi/wiki/GLPI-SSO"  rel="nofollow"><img src="../../../media/applications/glpi_logo.png" class="media" alt="" width="100" /></a>  </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Bugtracker, Service Management" [861-1094] -->
+<h3><a name="other" id="other">Other</a></h3>
+<div class="level3">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  GRR  </th><th class="col1 leftalign"> phpLDAPadmin  </th><th class="col2 centeralign">  LinShare  </th><th class="col3 centeralign">  SAP  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  <a href="http://grr.mutualibre.org/documentation/body.php?id=35" class="media" title="http://grr.mutualibre.org/documentation/body.php?id=35"  rel="nofollow"><img src="../../../media/applications/grr_logo.png" class="media" alt="" /></a>  </td><td class="col1 centeralign">  <a href="../../documentation/1.1/applications/phpldapadmin.html" class="media" title="documentation:1.1:applications:phpldapadmin"><img src="../../../media/applications/phpldapadmin_logo.png" class="media" alt="" /></a>  </td><td class="col2 centeralign">  <a href="http://www.linpki.org/projects/linshare/wiki/HttpHeaderSSOEN" class="media" title="http://www.linpki.org/projects/linshare/wiki/HttpHeaderSSOEN"  rel="nofollow"><img src="../../../media/applications/linshare_logo.png" class="media" alt="" /></a>  </td><td class="col3 centeralign">  <a href="http://help.sap.com/saphelp_nw70/helpdata/en/d0/a3d940c2653126e10000000a1550b0/frameset.htm" class="media" title="http://help.sap.com/saphelp_nw70/helpdata/en/d0/a3d940c2653126e10000000a1550b0/frameset.htm"  rel="nofollow"><img src="../../../media/applications/saplogo.gif" class="media" title="SAP" alt="SAP" /></a>  </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Other" [1095-1570] -->
+<h2><a name="connectors" id="connectors">Connectors</a></h2>
+<div class="level2">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> Auth-Basic  </th><th class="col1 centeralign">  Spring  (ACEGI)  </th><th class="col2 centeralign">  Tomcat  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  <a href="../../documentation/1.1/applications/authbasic.html" class="media" title="documentation:1.1:applications:authbasic"><img src="../../../media/applications/http_logo.png" class="media" alt="" /></a>  </td><td class="col1 centeralign">  <a href="../../documentation/1.1/applications/spring.html" class="media" title="documentation:1.1:applications:spring"><img src="../../../media/applications/spring_logo.png" class="media" alt="" /></a>  </td><td class="col2 rightalign">  <a href="../../documentation/1.1/applications/tomcat.html" class="media" title="documentation:1.1:applications:tomcat"><img src="../../../media/applications/tomcat_logo.png" class="media" alt="" /></a> </td>
+	</tr>
+	<tr class="row2 roweven">
+		<th class="col0 centeralign" colspan="3">  Some applications using it  </th>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0"> <a href="http://en.wikipedia.org/wiki/Outlook_Web_App" class="urlextern" title="http://en.wikipedia.org/wiki/Outlook_Web_App"  rel="nofollow">Outlook Web App</a> <br/>
+<a href="http://en.wikipedia.org/wiki/IBM_Lotus_iNotes" class="urlextern" title="http://en.wikipedia.org/wiki/IBM_Lotus_iNotes"  rel="nofollow">IBM Lotus iNotes</a> </td><td class="col1"> </td><td class="col2 leftalign"> <a href="http://www.lambdaprobe.org" class="urlextern" title="http://www.lambdaprobe.org"  rel="nofollow">Probe</a> <br/>
+<a href="http://fr.lutece.paris.fr" class="urlextern" title="http://fr.lutece.paris.fr"  rel="nofollow">Lutece</a>  </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Connectors" [1571-2095] -->
+<h2><a name="saml_connectors" id="saml_connectors">SAML connectors</a></h2>
+<div class="level2">
+
+<p>
+
+<p><div class="noteclassic">This requires to configure <acronym title="LemonLDAP::NG">LL::NG</acronym> as an <a href="../../documentation/1.1/idpsaml.html" class="wikilink1" title="documentation:1.1:idpsaml">SAML Identity Provider</a>.
+</div></p>
+
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  Google Apps  </th><th class="col1 centeralign">  Zimbra  </th><th class="col2 centeralign">  SAP  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  <a href="../../documentation/1.1/applications/googleapps.html" class="media" title="documentation:1.1:applications:googleapps"><img src="../../../media/applications/googleapps_logo.png" class="media" alt="" /></a>  </td><td class="col1 centeralign">  <a href="http://blog.zimbra.com/blog/archives/2010/06/using-saml-assertions-to-access-zimbra.html" class="media" title="http://blog.zimbra.com/blog/archives/2010/06/using-saml-assertions-to-access-zimbra.html"  rel="nofollow"><img src="../../../media/applications/zimbra_logo.png" class="media" alt="" /></a>  </td><td class="col2 centeralign">  <a href="http://help.sap.com/saphelp_nw04/helpdata/en/94/695b3ebd564644e10000000a114084/content.htm" class="media" title="http://help.sap.com/saphelp_nw04/helpdata/en/94/695b3ebd564644e10000000a114084/content.htm"  rel="nofollow"><img src="../../../media/applications/saplogo.gif" class="media" title="SAP" alt="SAP" /></a>  </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "SAML connectors" [2096-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/applications/authbasic.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/applications/authbasic.html
@ -0,0 +1,100 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="http_basic_authentication" id="http_basic_authentication">HTTP Basic Authentication</a></h1>
+<div class="level1">
+
+<p>
+
+<a href="/_detail/applications/http_logo.png?id=documentation%3A1.1%3Aapplications%3Aauthbasic" class="media" title="applications:http_logo.png"><img src="../../../../media/applications/http_logo.png" class="mediacenter" alt="" /></a>
+</p>
+
+</div>
+<!-- SECTION "HTTP Basic Authentication" [1-77] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+Extract from the <a href="http://en.wikipedia.org/wiki/Basic_access_authentication" class="urlextern" title="http://en.wikipedia.org/wiki/Basic_access_authentication"  rel="nofollow">Wikipedia article</a>:
+</p>
+
+<p>
+<blockquote>
+In the context of an <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> transaction, the basic access authentication is a method designed to allow a web browser, or other client program, to provide credentials – in the form of a user name and password – when making a request.
+</p>
+
+<p>
+Before transmission, the username and password are encoded as a sequence of base-64 characters. For example, the user name Aladdin and password open sesame would be combined as Aladdin:open sesame – which is equivalent to QWxhZGRpbjpvcGVuIHNlc2FtZQ== when encoded in Base64. Little effort is required to translate the encoded string back into the user name and password, and many popular security tools will decode the strings “on the fly”.
+</blockquote>
+</p>
+
+<p>
+So <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> Basic Autentication is managed trough an <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> header (<code>Authorization</code>), that can be forged by <acronym title="LemonLDAP::NG">LL::NG</acronym>, with this precautions:
+</p>
+<ul>
+<li class="level1"><div class="li"> Data should not contains accents or special characters, as <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> protocol only allow <acronym title="American Standard Code for Information Interchange">ASCII</acronym> values in header (but depending on the <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> server, you can use <acronym title="International Organization for Standardization">ISO</acronym> encoded values)</div>
+</li>
+<li class="level1"><div class="li"> You need to forward the password, which can be the user main password (if <a href="../../../documentation/1.1/passwordstore.html" class="wikilink1" title="documentation:1.1:passwordstore">password is stored in session</a>, or any user attribute (if you keep secondary passwords in users database).</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Presentation" [78-1452] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+The Basic Authentication relies on a specific <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> header, as described above. So you have just to declare this header for the virtual host in Manager.
+</p>
+
+<p>
+For example, to forward login (<code>$uid</code>) and password (<code>$_password</code> if <a href="../../../documentation/1.1/passwordstore.html" class="wikilink1" title="documentation:1.1:passwordstore">password is stored in session</a>):
+
+</p>
+<pre class="code">
+Authorization =&gt; &quot;Basic &quot;.encode_base64(&quot;$uid:$_password&quot;)
+</pre>
+
+<p>
+<acronym title="LemonLDAP::NG">LL::NG</acronym> provides a special function named <a href="../../../documentation/1.1/extendedfunctions.html#basic" class="wikilink1" title="documentation:1.1:extendedfunctions">basic</a> to build this header.
+</p>
+
+<p>
+So the above example can also be written like this:
+
+</p>
+<pre class="code">
+Authorization =&gt; basic($uid,$_password)
+</pre>
+
+<p>
+<p><div class="notetip">The <code>basic</code> function will also force conversion from UTF-8 to <acronym title="International Organization for Standardization">ISO</acronym>-8859-1, which should be accepted by most of <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> servers.
+</div></p>
+
+</p>
+
+</div>
+<!-- SECTION "Configuration" [1453-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/applications/bugzilla.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/applications/bugzilla.html
@ -0,0 +1,129 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="bugzilla" id="bugzilla">Bugzilla</a></h1>
+<div class="level1">
+
+<p>
+
+<a href="/_detail/applications/bugzilla_logo.png?id=documentation%3A1.1%3Aapplications%3Abugzilla" class="media" title="applications:bugzilla_logo.png"><img src="../../../../media/applications/bugzilla_logo.png" class="mediacenter" alt="" /></a>
+</p>
+
+</div>
+<!-- SECTION "Bugzilla" [1-64] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<a href="http://www.bugzilla.org" class="urlextern" title="http://www.bugzilla.org"  rel="nofollow">Bugzilla</a> is server software designed to help you manage software development.
+</p>
+
+<p>
+Bugzilla can authenticate a user with <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> headers, and auto-create its account with a few information:
+</p>
+<ul>
+<li class="level1"><div class="li"> User ID</div>
+</li>
+<li class="level1"><div class="li"> Email</div>
+</li>
+<li class="level1"><div class="li"> Real name</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Presentation" [65-338] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Configuration" [339-365] -->
+<h3><a name="bugzilla_administration" id="bugzilla_administration">Bugzilla administration</a></h3>
+<div class="level3">
+
+<p>
+
+In Bugzilla administration interface, go in <code>Parameters</code> » <code>User authentication</code>
+</p>
+
+<p>
+Then set:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>auth_env_id</strong>: <acronym title="Hyper Text Transfer Protocol">HTTP</acronym>_AUTH_USER</div>
+</li>
+<li class="level1"><div class="li"> <strong>auth_env_email</strong>: <acronym title="Hyper Text Transfer Protocol">HTTP</acronym>_AUTH_MAIL</div>
+</li>
+<li class="level1"><div class="li"> <strong>auth_env_realname</strong>: <acronym title="Hyper Text Transfer Protocol">HTTP</acronym>_AUTH_CN</div>
+</li>
+<li class="level1"><div class="li"> <strong>user_info_class</strong>: Env or Env,<acronym title="Common Gateway Interface">CGI</acronym></div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Bugzilla administration" [366-653] -->
+<h3><a name="bugzilla_virtual_host_in_apache" id="bugzilla_virtual_host_in_apache">Bugzilla virtual host in Apache</a></h3>
+<div class="level3">
+
+<p>
+
+Configure Bugzilla virtual host like other <a href="../../../documentation/1.1/configvhost.html" class="wikilink1" title="documentation:1.1:configvhost">protected virtual host</a>.
+</p>
+<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
+       <span class="kw1">ServerName</span> bugzilla.example.com
+&nbsp;
+       PerlHeaderParserHandler My::Package
+&nbsp;
+       ...
+&nbsp;
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+</div>
+<!-- SECTION "Bugzilla virtual host in Apache" [654-942] -->
+<h3><a name="bugzilla_virtual_host_in_manager" id="bugzilla_virtual_host_in_manager">Bugzilla virtual host in Manager</a></h3>
+<div class="level3">
+
+<p>
+
+Go to the Manager and <a href="../../../documentation/1.1/configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:1.1:configvhost">create a new virtual host</a> for Bugzilla.
+</p>
+
+<p>
+Configure the <a href="../../../documentation/1.1/writingrulesand_headers.html#rules" class="wikilink1" title="documentation:1.1:writingrulesand_headers">access rules</a>.
+</p>
+
+<p>
+Configure the following <a href="../../../documentation/1.1/writingrulesand_headers.html#headers" class="wikilink1" title="documentation:1.1:writingrulesand_headers">headers</a>.
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Auth-User</strong>: $uid</div>
+</li>
+<li class="level1"><div class="li"> <strong>Auth-Mail</strong>: $mail</div>
+</li>
+<li class="level1"><div class="li"> <strong>Auth-Cn</strong>: $cn</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Bugzilla virtual host in Manager" [943-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/applications/dokuwiki.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/applications/dokuwiki.html
@ -0,0 +1,125 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="dokuwiki" id="dokuwiki">Dokuwiki</a></h1>
+<div class="level1">
+
+<p>
+
+<a href="/_detail/applications/dokuwiki_logo.png?id=documentation%3A1.1%3Aapplications%3Adokuwiki" class="media" title="applications:dokuwiki_logo.png"><img src="../../../../media/applications/dokuwiki_logo.png" class="mediacenter" alt="" /></a>
+</p>
+
+</div>
+<!-- SECTION "Dokuwiki" [1-64] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<a href="http://www.dokuwiki.org/" class="urlextern" title="http://www.dokuwiki.org/"  rel="nofollow">DokuWiki</a> is a standards compliant, simple to use Wiki, mainly aimed at creating documentation of any kind. It is targeted at developer teams, workgroups and small companies. It has a simple but powerful syntax which makes sure the data files remain readable outside the Wiki and eases the creation of structured texts. All data is stored in plain text files – no database is required.
+</p>
+
+<p>
+<p><div class="notetip">LemonLDAP::NG wiki uses Dokuwiki!
+</div></p>
+</p>
+
+<p>
+You will need to install a Dokuwiki plugin, available on <a href="../../../download.html#contributions" class="wikilink1" title="download">download page</a>. The plugin will check the <code>REMOTE_USER</code> environment variable to get the connected user.
+</p>
+
+</div>
+<!-- SECTION "Presentation" [65-750] -->
+<h2><a name="installation" id="installation">Installation</a></h2>
+<div class="level2">
+
+<p>
+
+<a href="../../../download.html#contributions" class="wikilink1" title="download">Download</a> the plugin and copy the files in dokuwiki <code>inc/auth/</code> directory:
+
+</p>
+<pre class="code">
+cp lemonldap.class.php inc/auth/
+cp lemonldapuserdatabackend.class.php inc/auth/
+</pre>
+
+</div>
+<!-- SECTION "Installation" [751-977] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Configuration" [978-1004] -->
+<h3><a name="dokuwiki_local_configuration" id="dokuwiki_local_configuration">Dokuwiki local configuration</a></h3>
+<div class="level3">
+
+<p>
+
+Edit Dokuwiki local configuration (<code>conf/local.php</code>) and set <code>lemonldap</code> as authentication type:
+</p>
+<pre class="code file php"><span class="re0">$conf</span><span class="br0">&#91;</span>authtype<span class="br0">&#93;</span> <span class="sy0">=</span> lemonldap<span class="sy0">;</span></pre>
+
+</div>
+<!-- SECTION "Dokuwiki local configuration" [1005-1194] -->
+<h3><a name="dokuwiki_virtual_host_in_apache" id="dokuwiki_virtual_host_in_apache">Dokuwiki virtual host in Apache</a></h3>
+<div class="level3">
+
+<p>
+
+Configure Dokuwiki virtual host like other <a href="../../../documentation/1.1/configvhost.html" class="wikilink1" title="documentation:1.1:configvhost">protected virtual host</a>.
+</p>
+<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
+       <span class="kw1">ServerName</span> dokuwiki.example.com
+&nbsp;
+       PerlHeaderParserHandler My::Package
+&nbsp;
+       ...
+&nbsp;
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+<p>
+<p><div class="noteimportant">If you are protecting Dokuwiki with <acronym title="LemonLDAP::NG">LL::NG</acronym> as reverse proxy, <a href="../../../documentation/1.1/header_remote_user_conversion.html" class="wikilink1" title="documentation:1.1:header_remote_user_conversion">convert header into REMOTE_USER environment variable</a>.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Dokuwiki virtual host in Apache" [1195-1658] -->
+<h3><a name="dokuwiki_virtual_host_in_manager" id="dokuwiki_virtual_host_in_manager">Dokuwiki virtual host in Manager</a></h3>
+<div class="level3">
+
+<p>
+
+Go to the Manager and <a href="../../../documentation/1.1/configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:1.1:configvhost">create a new virtual host</a> for Dokuwiki.
+</p>
+
+<p>
+Just configure the <a href="../../../documentation/1.1/writingrulesand_headers.html#rules" class="wikilink1" title="documentation:1.1:writingrulesand_headers">access rules</a>.
+</p>
+
+<p>
+If using <acronym title="LemonLDAP::NG">LL::NG</acronym> as reverse proxy, configure the <code>Auth-User</code> <a href="../../../documentation/1.1/writingrulesand_headers.html#headers" class="wikilink1" title="documentation:1.1:writingrulesand_headers">header</a>, else no headers are needed.
+</p>
+
+</div>
+<!-- SECTION "Dokuwiki virtual host in Manager" [1659-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/applications/drupal.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/applications/drupal.html
@ -0,0 +1,159 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="drupal" id="drupal">Drupal</a></h1>
+<div class="level1">
+
+<p>
+
+<a href="/_detail/applications/drupal_logo.png?id=documentation%3A1.1%3Aapplications%3Adrupal" class="media" title="applications:drupal_logo.png"><img src="../../../../media/applications/drupal_logo.png" class="mediacenter" alt="" /></a>
+</p>
+
+</div>
+<!-- SECTION "Drupal" [1-60] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<a href="http://drupal.org" class="urlextern" title="http://drupal.org"  rel="nofollow">Drupal</a> is a <acronym title="Content Management System">CMS</acronym> written in <acronym title="Hypertext Preprocessor">PHP</acronym>. It can works with external modules to extends its functionalities. One of this module can be used to delegate authentication server to the web server: <a href="http://drupal.org/project/Webserver_auth" class="urlextern" title="http://drupal.org/project/Webserver_auth"  rel="nofollow">Webserver Auth</a>.
+</p>
+
+</div>
+<!-- SECTION "Presentation" [61-353] -->
+<h2><a name="installation" id="installation">Installation</a></h2>
+<div class="level2">
+
+<p>
+
+Install <a href="http://drupal.org/project/Webserver_auth" class="urlextern" title="http://drupal.org/project/Webserver_auth"  rel="nofollow">Webserver Auth</a> module, by downloading it, and unarchive it in the drupal modules/ directory.
+</p>
+
+</div>
+<!-- SECTION "Installation" [354-526] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Configuration" [527-553] -->
+<h3><a name="drupal_module_activation" id="drupal_module_activation">Drupal module activation</a></h3>
+<div class="level3">
+
+<p>
+
+Go on Drupal administration interface and enable the Webserver Auth module.
+</p>
+
+</div>
+<!-- SECTION "Drupal module activation" [554-666] -->
+<h3><a name="drupal_virtual_host_in_apache" id="drupal_virtual_host_in_apache">Drupal virtual host in Apache</a></h3>
+<div class="level3">
+
+<p>
+
+Configure Drupal virtual host like other <a href="../../../documentation/1.1/configvhost.html" class="wikilink1" title="documentation:1.1:configvhost">protected virtual host</a>.
+</p>
+<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
+       <span class="kw1">ServerName</span> drupal.example.com
+&nbsp;
+       PerlHeaderParserHandler My::Package
+&nbsp;
+       ...
+&nbsp;
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+<p>
+<p><div class="noteimportant">If you are protecting Drupal with <acronym title="LemonLDAP::NG">LL::NG</acronym> as reverse proxy, <a href="../../../documentation/1.1/header_remote_user_conversion.html" class="wikilink1" title="documentation:1.1:header_remote_user_conversion">convert header into REMOTE_USER environment variable</a>.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Drupal virtual host in Apache" [667-1122] -->
+<h3><a name="drupal_virtual_host_in_manager" id="drupal_virtual_host_in_manager">Drupal virtual host in Manager</a></h3>
+<div class="level3">
+
+<p>
+
+Go to the Manager and <a href="../../../documentation/1.1/configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:1.1:configvhost">create a new virtual host</a> for Drupal.
+</p>
+
+<p>
+Just configure the <a href="../../../documentation/1.1/writingrulesand_headers.html#rules" class="wikilink1" title="documentation:1.1:writingrulesand_headers">access rules</a>.
+</p>
+
+<p>
+If using <acronym title="LemonLDAP::NG">LL::NG</acronym> as reverse proxy, configure the <code>Auth-User</code> <a href="../../../documentation/1.1/writingrulesand_headers.html#headers" class="wikilink1" title="documentation:1.1:writingrulesand_headers">header</a>, else no headers are needed.
+</p>
+
+</div>
+<!-- SECTION "Drupal virtual host in Manager" [1123-1476] -->
+<h3><a name="protect_only_the_administration_pages" id="protect_only_the_administration_pages">Protect only the administration pages</a></h3>
+<div class="level3">
+
+<p>
+
+With the above solution, all the Drupal site will be protected, so no anonymous access will be allowed.
+</p>
+
+<p>
+<p><div class="noteimportant">You cannot use the <code>unprotect</code> rule because Drupal navigation is based on query strings (?q=admin, ?q=user, etc.), and unprotect rule only works on <acronym title="Uniform Resource Locator">URL</acronym> patterns.
+</div></p>
+</p>
+
+<p>
+You can create a special virtual host and use <a href="http://httpd.apache.org/docs/current/mod/mod_rewrite.html" class="urlextern" title="http://httpd.apache.org/docs/current/mod/mod_rewrite.html"  rel="nofollow">Apache rewrite module</a> to switch between open and protected hosts:
+</p>
+<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
+    <span class="kw1">ServerName</span> drupal.example.com
+&nbsp;
+    <span class="co1"># DocumentRoot</span>
+    <span class="kw1">DocumentRoot</span> /var/www/html/drupal/
+    <span class="kw1">DirectoryIndex</span> index.php
+&nbsp;
+    <span class="co1"># Redirect admin pages</span>
+    <span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
+    <span class="kw1">RewriteCond</span>  %{QUERY_STRING} q=(admin|user)
+    <span class="kw1">RewriteRule</span> ^/(.*)$ http://admindrupal.example.com/$1 [R]
+&nbsp;
+    <span class="kw1">LogLevel</span> warn
+    <span class="kw1">ErrorLog</span> /var/log/httpd/drupal-error.log
+    <span class="kw1">CustomLog</span> /var/log/httpd/drupal-access.log combined
+&lt;/<span class="kw3">VirtualHost</span>&gt;
+&lt;<span class="kw3">VirtualHost</span> *:80&gt;
+    <span class="kw1">ServerName</span> admindrupal.example.com
+&nbsp;
+    <span class="co1"># SSO protection</span>
+    PerlHeaderParserHandler My::Package
+&nbsp;
+    <span class="co1"># DocumentRoot</span>
+    <span class="kw1">DocumentRoot</span> /var/www/html/drupal/
+    <span class="kw1">DirectoryIndex</span> index.php
+&nbsp;
+    <span class="kw1">LogLevel</span> warn
+    <span class="kw1">ErrorLog</span> /var/log/httpd/admindrupal-error.log
+    <span class="kw1">CustomLog</span> /var/log/httpd/admindrupal-access.log combined
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+</div>
+<!-- SECTION "Protect only the administration pages" [1477-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/applications/googleapps.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/applications/googleapps.html
@ -0,0 +1,233 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="google_apps" id="google_apps">Google Apps</a></h1>
+<div class="level1">
+
+<p>
+
+<a href="/_detail/applications/googleapps_logo.png?id=documentation%3A1.1%3Aapplications%3Agoogleapps" class="media" title="applications:googleapps_logo.png"><img src="../../../../media/applications/googleapps_logo.png" class="mediacenter" alt="" /></a>
+</p>
+
+</div>
+<!-- SECTION "Google Apps" [1-69] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<a href="http://www.google.com/apps/" class="urlextern" title="http://www.google.com/apps/"  rel="nofollow">Google Apps</a> can use <acronym title="Security Assertion Markup Language">SAML</acronym> to authenticate users, behaving as an <acronym title="Security Assertion Markup Language">SAML</acronym> service provider, as explained <a href="http://code.google.com/googleapps/domain/sso/saml_reference_implementation.html" class="urlextern" title="http://code.google.com/googleapps/domain/sso/saml_reference_implementation.html"  rel="nofollow">here</a>.
+</p>
+
+<p>
+To work with <acronym title="LemonLDAP::NG">LL::NG</acronym> it requires:
+</p>
+<ul>
+<li class="level1"><div class="li"> An <a href="http://www.google.com/apps/intl/en/business/index.html" class="urlextern" title="http://www.google.com/apps/intl/en/business/index.html"  rel="nofollow">enterprise Google Apps account</a></div>
+</li>
+<li class="level1"><div class="li"> <acronym title="LemonLDAP::NG">LL::NG</acronym> configured as <a href="../../../documentation/1.1/idpsaml.html" class="wikilink1" title="documentation:1.1:idpsaml">SAML Identity Provider</a></div>
+</li>
+<li class="level1"><div class="li"> Registered users on Google Apps with the same email than those used by <acronym title="LemonLDAP::NG">LL::NG</acronym> (email will be the NameID exchanged between Google Apps and <acronym title="LemonLDAP::NG">LL::NG</acronym>)</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Presentation" [70-660] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Configuration" [661-687] -->
+<h3><a name="google_apps_control_panel" id="google_apps_control_panel">Google Apps control panel</a></h3>
+<div class="level3">
+
+<p>
+
+<p><div class="noteclassic">This part is based on <a href="http://simplesamlphp.org/docs/1.6/simplesamlphp-googleapps" class="urlextern" title="http://simplesamlphp.org/docs/1.6/simplesamlphp-googleapps"  rel="nofollow">SimpleSAMLPHP documentation</a>.
+</div></p>
+</p>
+
+<p>
+As administrator, go in Google Apps control panel and click on Advanced tools:
+</p>
+
+<p>
+<a href="/_detail/documentation/googleapps-menu.png?id=documentation%3A1.1%3Aapplications%3Agoogleapps" class="media" title="documentation:googleapps-menu.png"><img src="../../../../media/documentation/googleapps-menu.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+Then select <code>Set up single sign-on (<acronym title="Single Sign On">SSO</acronym>)</code>:
+</p>
+
+<p>
+<a href="/_detail/documentation/googleapps-sso.png?id=documentation%3A1.1%3Aapplications%3Agoogleapps" class="media" title="documentation:googleapps-sso.png"><img src="../../../../media/documentation/googleapps-sso.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+Now configure all <acronym title="Security Assertion Markup Language">SAML</acronym> parameters:
+</p>
+
+<p>
+<a href="/_detail/documentation/googleapps-ssoconfig.png?id=documentation%3A1.1%3Aapplications%3Agoogleapps" class="media" title="documentation:googleapps-ssoconfig.png"><img src="../../../../media/documentation/googleapps-ssoconfig.png" class="mediacenter" alt="" /></a>
+
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Enable Single Sign-On</strong>: check the box. Uncheck it to disable <acronym title="Security Assertion Markup Language">SAML</acronym> authentication (for example, if your Identity Provider is down).</div>
+</li>
+<li class="level1"><div class="li"> <strong>Sign-in page <acronym title="Uniform Resource Locator">URL</acronym></strong>: <acronym title="Single Sign On">SSO</acronym> access point (<acronym title="Hyper Text Transfer Protocol">HTTP</acronym>-Redirect binding). Example: <a href="http://auth.example.com/saml/singleSignOn" class="urlextern" title="http://auth.example.com/saml/singleSignOn"  rel="nofollow">http://auth.example.com/saml/singleSignOn</a></div>
+</li>
+<li class="level1"><div class="li"> <strong>Sign-out page <acronym title="Uniform Resource Locator">URL</acronym></strong>: this in not the SLO access point (Google Apps does not support SLO), but the main logout page. Example: <a href="http://auth.example.com/?logout=1" class="urlextern" title="http://auth.example.com/?logout=1"  rel="nofollow">http://auth.example.com/?logout=1</a></div>
+</li>
+<li class="level1"><div class="li"> <strong>Change password <acronym title="Uniform Resource Locator">URL</acronym></strong>: where users can change their password. Example: <a href="http://auth.example.com" class="urlextern" title="http://auth.example.com"  rel="nofollow">http://auth.example.com</a></div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Google Apps control panel" [688-1671] -->
+<h3><a name="certificate" id="certificate">Certificate</a></h3>
+<div class="level3">
+
+<p>
+
+For the certificate, you can build it from the signing private key registered in Manager. Select the key, and export it (button <code>Download this file</code>):
+</p>
+
+<p>
+<a href="/_detail/documentation/googleapps-export-priv-key.png?id=documentation%3A1.1%3Aapplications%3Agoogleapps" class="media" title="documentation:googleapps-export-priv-key.png"><img src="../../../../media/documentation/googleapps-export-priv-key.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+After choosing the file name (for example lemonldapn-ng-priv.key), download the key on your disk.
+</p>
+
+<p>
+Then use openssl to generate an auto-signed certificate:
+
+</p>
+<pre class="code">
+openssl req -new -key lemonldap-ng-priv.key -out cert.csr
+openssl x509 -req -days 3650 -in cert.csr -signkey lemonldap-ng-priv.key -out cert.pem
+</pre>
+
+<p>
+You can now the upload the certificate (<code>cert.pem</code>) on Google Apps.
+</p>
+
+</div>
+<!-- SECTION "Certificate" [1672-2290] -->
+<h3><a name="new_service_provider" id="new_service_provider">New Service Provider</a></h3>
+<div class="level3">
+
+<p>
+
+You should have configured <acronym title="LemonLDAP::NG">LL::NG</acronym> as an <a href="../../../documentation/1.1/idpsaml.html" class="wikilink1" title="documentation:1.1:idpsaml">SAML Identity Provider</a>,
+</p>
+
+<p>
+Now we will add Google Apps as a new <acronym title="Security Assertion Markup Language">SAML</acronym> Service Provider:
+</p>
+<ol>
+<li class="level1"><div class="li"> In Manager, click on <acronym title="Security Assertion Markup Language">SAML</acronym> service providers and the button <code>New service provider</code>.</div>
+</li>
+<li class="level1"><div class="li"> Set GoogleApps as Service Provider name.</div>
+</li>
+<li class="level1"><div class="li"> Set <code>Email</code> in <code>Options</code> » <code>Authentication Response</code> » <code>Default NameID format</code></div>
+</li>
+<li class="level1"><div class="li"> Disable all signature flags in <code>Options</code> » <code>Signature</code>, except <code>Sign <acronym title="Single Sign On">SSO</acronym> message</code> which should be to <code>On</code></div>
+</li>
+<li class="level1"><div class="li"> Select <code>Metadata</code>, and unprotect the field to paste the following value:</div>
+</li>
+</ol>
+<pre class="code file xml"><span class="sc3"><span class="re1">&lt;md:EntityDescriptor</span> <span class="re0">entityID</span>=<span class="st0">&quot;google.com&quot;</span> <span class="re0">xmlns</span>=<span class="st0">&quot;urn:oasis:names:tc:SAML:2.0:metadata&quot;</span> <span class="re0">xmlns:ds</span>=<span class="st0">&quot;http://www.w3.org/2000/09/xmldsig#&quot;</span> <span class="re0">xmlns:md</span>=<span class="st0">&quot;urn:oasis:names:tc:SAML:2.0:metadata&quot;</span><span class="re2">&gt;</span></span>
+  <span class="sc3"><span class="re1">&lt;SPSSODescriptor</span> <span class="re0">protocolSupportEnumeration</span>=<span class="st0">&quot;urn:oasis:names:tc:SAML:2.0:protocol&quot;</span><span class="re2">&gt;</span></span>
+    <span class="sc3"><span class="re1">&lt;AssertionConsumerService</span> <span class="re0">Binding</span>=<span class="st0">&quot;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&quot;</span> <span class="re0">Location</span>=<span class="st0">&quot;https://www.google.com/a/mydomain.org/acs&quot;</span> <span class="re0">index</span>=<span class="st0">&quot;1&quot;</span> <span class="re2">/&gt;</span></span>
+    <span class="sc3"><span class="re1">&lt;NameIDFormat<span class="re2">&gt;</span></span></span>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress<span class="sc3"><span class="re1">&lt;/NameIDFormat<span class="re2">&gt;</span></span></span>
+  <span class="sc3"><span class="re1">&lt;/SPSSODescriptor<span class="re2">&gt;</span></span></span>
+<span class="sc3"><span class="re1">&lt;/md:EntityDescriptor<span class="re2">&gt;</span></span></span></pre>
+
+<p>
+<p><div class="noteimportant">Change <strong>mydomain.org</strong> (in <code>AssertionConsumerService</code> markup, parameter <code>Location</code>) into your Google Apps domain.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "New Service Provider" [2291-3603] -->
+<h3><a name="application_menu" id="application_menu">Application menu</a></h3>
+<div class="level3">
+
+<p>
+
+You can add a link in <a href="../../../documentation/1.1/portalmenu.html#categories_and_applications" class="wikilink1" title="documentation:1.1:portalmenu">application menu</a> to display Google Apps to users.
+</p>
+
+<p>
+<a href="/_detail/documentation/googleapps-manager-application.png?id=documentation%3A1.1%3Aapplications%3Agoogleapps" class="media" title="documentation:googleapps-manager-application.png"><img src="../../../../media/documentation/googleapps-manager-application.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+You need to adapt some parameters:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Address</strong>: set one of Google Apps <acronym title="Uniform Resource Locator">URL</acronym> (all Google Apps product a distinct <acronym title="Uniform Resource Locator">URL</acronym>), for example <a href="http://www.google.com/calendar/hosted/mydomain.org/render" class="urlextern" title="http://www.google.com/calendar/hosted/mydomain.org/render"  rel="nofollow">http://www.google.com/calendar/hosted/mydomain.org/render</a></div>
+</li>
+<li class="level1"><div class="li"> <strong>Display</strong>: As Google Apps is not a protected application, set to <code>On</code> to always display it</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="noteimportant">Change <strong>mydomain.org</strong> into your Google Apps domain
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Application menu" [3604-4175] -->
+<h3><a name="logout" id="logout">Logout</a></h3>
+<div class="level3">
+
+<p>
+
+Google Apps does not support Single Logout (SLO).
+</p>
+
+<p>
+Google Apps has a configuration parameter to redirect user on a specific <acronym title="Uniform Resource Locator">URL</acronym> after Google Apps logout (see <a href="#google_apps_control_panel" title="documentation:1.1:applications:googleapps &crarr;" class="wikilink1">Google Apps control panel</a>).
+</p>
+
+<p>
+To manage the other way (<acronym title="LemonLDAP::NG">LL::NG</acronym> → Google Apps), you can add a dedicated <a href="../../../documentation/1.1/logoutforward.html" class="wikilink1" title="documentation:1.1:logoutforward">logout forward rule</a>:
+
+</p>
+<pre class="code">
+GoogleApps =&gt; http://www.google.com/calendar/hosted/mydomain.org/logout
+</pre>
+
+<p>
+<p><div class="noteimportant">Change <strong>mydomain.org</strong> into your Google Apps domain
+</div></p>
+
+</p>
+
+</div>
+<!-- SECTION "Logout" [4176-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/applications/liferay.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/applications/liferay.html
@ -0,0 +1,199 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="liferay" id="liferay">Liferay</a></h1>
+<div class="level1">
+
+<p>
+
+<a href="/_detail/applications/liferay_logo.png?id=documentation%3A1.1%3Aapplications%3Aliferay" class="media" title="applications:liferay_logo.png"><img src="../../../../media/applications/liferay_logo.png" class="mediacenter" alt="" /></a>
+</p>
+
+</div>
+<!-- SECTION "Liferay" [1-62] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<a href="http://www.liferay.com/" class="urlextern" title="http://www.liferay.com/"  rel="nofollow">Liferay</a> is an enterprise portal.
+</p>
+
+<p>
+Liferay can use <acronym title="LemonLDAP::NG">LL::NG</acronym> as an <acronym title="Single Sign On">SSO</acronym> provider but you have to manage how users are created:
+</p>
+<ul>
+<li class="level1"><div class="li"> By hand in Liferay administration screens</div>
+</li>
+<li class="level1"><div class="li"> Imported from an <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> directory</div>
+</li>
+</ul>
+
+<p>
+
+Of course, integration will be full if you use the <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> directory as users backend for <acronym title="LemonLDAP::NG">LL::NG</acronym> and Liferay.
+</p>
+
+<p>
+<p><div class="noteimportant">If the user is not created, or can not be created via <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> import, the connection to Liferay will be refused. With <acronym title="Lightweight Directory Access Protocol">LDAP</acronym>, login, mail, first name and last name are required attributes. If one is missing, the user is not created.
+</div></p>
+</p>
+
+<p>
+This documentation just explains how to set up the <acronym title="Single Sign On">SSO</acronym> part. Please refer to Liferay documentation to enable <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> provisionning.
+</p>
+
+</div>
+<!-- SECTION "Presentation" [63-811] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Configuration" [812-838] -->
+<h3><a name="liferay_administration" id="liferay_administration">Liferay administration</a></h3>
+<div class="level3">
+
+<p>
+
+Access to Liferay (first time):
+</p>
+
+<p>
+<a href="/_detail/documentation/liferay_1.png?id=documentation%3A1.1%3Aapplications%3Aliferay" class="media" title="documentation:liferay_1.png"><img src="../../../../media/documentation/liferay_1.png" class="mediacenter" alt="" width="600" /></a>
+</p>
+
+<p>
+Login as administrator:
+</p>
+
+<p>
+<a href="/_detail/documentation/liferay_2.png?id=documentation%3A1.1%3Aapplications%3Aliferay" class="media" title="documentation:liferay_2.png"><img src="../../../../media/documentation/liferay_2.png" class="mediacenter" alt="" width="600" /></a>
+</p>
+
+<p>
+Go to <code>My Account</code>:
+</p>
+
+<p>
+<a href="/_detail/documentation/liferay_3.png?id=documentation%3A1.1%3Aapplications%3Aliferay" class="media" title="documentation:liferay_3.png"><img src="../../../../media/documentation/liferay_3.png" class="mediacenter" alt="" width="600" /></a>
+</p>
+
+<p>
+Go to <code>Portal</code> » <code>Settings</code>:
+</p>
+
+<p>
+<a href="/_detail/documentation/liferay_4.png?id=documentation%3A1.1%3Aapplications%3Aliferay" class="media" title="documentation:liferay_4.png"><img src="../../../../media/documentation/liferay_4.png" class="mediacenter" alt="" width="600" /></a>
+</p>
+
+<p>
+Go to <code>Configuration</code> » <code>Authentication</code>:
+</p>
+
+<p>
+<a href="/_detail/documentation/liferay_5.png?id=documentation%3A1.1%3Aapplications%3Aliferay" class="media" title="documentation:liferay_5.png"><img src="../../../../media/documentation/liferay_5.png" class="mediacenter" alt="" width="600" /></a>
+</p>
+
+<p>
+In <code>General</code>, fill at least the following information:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>How do users authenticate?</strong>: by login</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">We advice to deactivate other options, cause users will use <acronym title="LemonLDAP::NG">LL::NG</acronym> portal to modify or reset their password.
+</div></p>
+</p>
+
+<p>
+<a href="/_detail/documentation/liferay_6.png?id=documentation%3A1.1%3Aapplications%3Aliferay" class="media" title="documentation:liferay_6.png"><img src="../../../../media/documentation/liferay_6.png" class="mediacenter" alt="" width="600" /></a>
+</p>
+
+<p>
+Then use the <code>SiteMinder</code> tab to configure <acronym title="Single Sign On">SSO</acronym>:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Enabled</strong>: Yes</div>
+</li>
+<li class="level1"><div class="li"> <strong>Import from <acronym title="Lightweight Directory Access Protocol">LDAP</acronym></strong>: Yes (see <a href="#presentation" title="documentation:1.1:applications:liferay &crarr;" class="wikilink1">presentation</a>)</div>
+</li>
+<li class="level1"><div class="li"> <strong>User Header</strong>: Auth-User (case sensitive)</div>
+</li>
+</ul>
+
+<p>
+
+<a href="/_detail/documentation/liferay_7.png?id=documentation%3A1.1%3Aapplications%3Aliferay" class="media" title="documentation:liferay_7.png"><img src="../../../../media/documentation/liferay_7.png" class="mediacenter" alt="" width="600" /></a>
+</p>
+
+<p>
+<p><div class="noteimportant">Do not forget to save your changes!
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Liferay administration" [839-1800] -->
+<h3><a name="liferay_virtual_host_in_apache" id="liferay_virtual_host_in_apache">Liferay virtual host in Apache</a></h3>
+<div class="level3">
+
+<p>
+
+Configure Liferay virtual host like other <a href="../../../documentation/1.1/configvhost.html" class="wikilink1" title="documentation:1.1:configvhost">protected virtual host</a>.
+</p>
+<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
+       <span class="kw1">ServerName</span> liferay.example.com
+&nbsp;
+       PerlHeaderParserHandler My::Package
+&nbsp;
+       ...
+&nbsp;
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+</div>
+<!-- SECTION "Liferay virtual host in Apache" [1801-2086] -->
+<h3><a name="liferay_virtual_host_in_manager" id="liferay_virtual_host_in_manager">Liferay virtual host in Manager</a></h3>
+<div class="level3">
+
+<p>
+
+Go to the Manager and <a href="../../../documentation/1.1/configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:1.1:configvhost">create a new virtual host</a> for Liferay.
+</p>
+
+<p>
+Just configure the <a href="../../../documentation/1.1/writingrulesand_headers.html#rules" class="wikilink1" title="documentation:1.1:writingrulesand_headers">access rules</a>. You can add a rule for logout:
+
+</p>
+<pre class="code">
+ ^/c/portal/logout =&gt; logout_sso
+</pre>
+
+<p>
+Configure the <code>Auth-User</code> <a href="../../../documentation/1.1/writingrulesand_headers.html#headers" class="wikilink1" title="documentation:1.1:writingrulesand_headers">header</a>.
+</p>
+
+</div>
+<!-- SECTION "Liferay virtual host in Manager" [2087-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/applications/mediawiki.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/applications/mediawiki.html
@ -0,0 +1,159 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="mediawiki" id="mediawiki">MediaWiki</a></h1>
+<div class="level1">
+
+<p>
+
+<a href="/_detail/applications/mediawiki_logo.png?id=documentation%3A1.1%3Aapplications%3Amediawiki" class="media" title="applications:mediawiki_logo.png"><img src="../../../../media/applications/mediawiki_logo.png" class="mediacenter" alt="" /></a>
+</p>
+
+</div>
+<!-- SECTION "MediaWiki" [1-66] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<a href="http://www.mediawiki.org" class="urlextern" title="http://www.mediawiki.org"  rel="nofollow">MediaWiki</a> is a wiki software, used by the well known <a href="http://www.wikipedia.org" class="urlextern" title="http://www.wikipedia.org"  rel="nofollow">Wikipedia</a>.
+</p>
+
+<p>
+Several extensions allows to configure <acronym title="Single Sign On">SSO</acronym> on MediaWiki:
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER" class="urlextern" title="http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER"  rel="nofollow">Automatic REMOTE_USER</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="http://www.mediawiki.org/wiki/Extension:Siteminder_Authentication" class="urlextern" title="http://www.mediawiki.org/wiki/Extension:Siteminder_Authentication"  rel="nofollow">Siteminder Authentication</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="http://www.mediawiki.org/wiki/Extension:HttpAuth" class="urlextern" title="http://www.mediawiki.org/wiki/Extension:HttpAuth"  rel="nofollow">HTTP Auth</a></div>
+</li>
+</ul>
+
+<p>
+
+We will explain how to use the latest: <a href="http://www.mediawiki.org/wiki/Extension:HttpAuth" class="urlextern" title="http://www.mediawiki.org/wiki/Extension:HttpAuth"  rel="nofollow">HTTP Auth</a>.
+</p>
+
+</div>
+<!-- SECTION "Presentation" [67-635] -->
+<h2><a name="installation" id="installation">Installation</a></h2>
+<div class="level2">
+
+<p>
+
+The <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> Auth extension is presented here: <a href="http://www.mediawiki.org/wiki/Extension:HttpAuth" class="urlextern" title="http://www.mediawiki.org/wiki/Extension:HttpAuth"  rel="nofollow">http://www.mediawiki.org/wiki/Extension:HttpAuth</a>
+</p>
+
+<p>
+You can download the code here: <a href="http://github.com/oremj/mediawiki-http-auth/downloads" class="urlextern" title="http://github.com/oremj/mediawiki-http-auth/downloads"  rel="nofollow">http://github.com/oremj/mediawiki-http-auth/downloads</a>
+</p>
+
+<p>
+You have to install <code>HttpAuthPlugin.php</code> in the <code>extensions/</code> directory of your MediaWiki installation:
+
+</p>
+<pre class="code">
+cp HttpAuthPlugin.php extenstions/
+</pre>
+
+</div>
+<!-- SECTION "Installation" [636-1008] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Configuration" [1009-1035] -->
+<h3><a name="mediwiki_local_configuration" id="mediwiki_local_configuration">MediWiki local configuration</a></h3>
+<div class="level3">
+
+<p>
+
+Then edit MediaWiki local settings
+
+</p>
+<pre class="code">
+vi LocalSettings.php
+</pre>
+<pre class="code file php"><a href="http://www.php.net/session_start"><span class="kw3">session_start</span></a><span class="br0">&#40;</span><span class="br0">&#41;</span><span class="sy0">;</span>
+&nbsp;
+<span class="re0">$_SERVER</span><span class="br0">&#91;</span><span class="st_h">'PHP_AUTH_USER'</span><span class="br0">&#93;</span> <span class="sy0">=</span> <span class="re0">$_SERVER</span><span class="br0">&#91;</span><span class="st_h">'REMOTE_USER'</span><span class="br0">&#93;</span><span class="sy0">;</span>
+&nbsp;
+<span class="kw1">if</span> <span class="br0">&#40;</span><span class="br0">&#40;</span><span class="sy0">!</span><a href="http://www.php.net/empty"><span class="kw3">empty</span></a><span class="br0">&#40;</span><span class="re0">$_SERVER</span><span class="br0">&#91;</span><span class="st_h">'PHP_AUTH_USER'</span><span class="br0">&#93;</span><span class="br0">&#41;</span> <span class="sy0">&amp;&amp;</span> <span class="sy0">!</span><a href="http://www.php.net/empty"><span class="kw3">empty</span></a><span class="br0">&#40;</span><span class="re0">$_SERVER</span><span class="br0">&#91;</span><span class="st_h">'REMOTE_USER'</span><span class="br0">&#93;</span><span class="br0">&#41;</span><span class="br0">&#41;</span> <span class="sy0">||</span> <span class="re0">$_COOKIE</span><span class="br0">&#91;</span><span class="re0">$wgDBserver</span> <span class="sy0">.</span> <span class="st_h">'UserID'</span><span class="br0">&#93;</span><span class="br0">&#41;</span> <span class="br0">&#123;</span>
+        <span class="kw1">require_once</span><span class="br0">&#40;</span><span class="st0">&quot;<span class="es4">$IP</span>/extensions/HttpAuthPlugin.php&quot;</span><span class="br0">&#41;</span><span class="sy0">;</span>
+        <span class="re0">$wgAuth</span> <span class="sy0">=</span> <span class="kw2">new</span> HttpAuthPlugin<span class="br0">&#40;</span><span class="br0">&#41;</span><span class="sy0">;</span>
+        <span class="co2"># For MediaWiki &lt; 1.13
+</span>        <span class="re0">$wgHooks</span><span class="br0">&#91;</span><span class="st_h">'AutoAuthenticate'</span><span class="br0">&#93;</span><span class="br0">&#91;</span><span class="br0">&#93;</span> <span class="sy0">=</span> <a href="http://www.php.net/array"><span class="kw3">array</span></a><span class="br0">&#40;</span><span class="re0">$wgAuth</span><span class="sy0">,</span><span class="st_h">'autoAuthenticate'</span><span class="br0">&#41;</span><span class="sy0">;</span>
+        <span class="co2"># For MediaWiki &gt;= 1.13
+</span>        <span class="co2">#$wgHooks['UserLoadFromSession'][] = array($wgAuth,'autoAuthenticate');
+</span><span class="br0">&#125;</span></pre>
+
+</div>
+<!-- SECTION "MediWiki local configuration" [1036-1672] -->
+<h3><a name="mediawiki_virtual_host_in_apache" id="mediawiki_virtual_host_in_apache">MediaWiki virtual host in Apache</a></h3>
+<div class="level3">
+
+<p>
+
+Configure MediaWiki virtual host like other <a href="../../../documentation/1.1/configvhost.html" class="wikilink1" title="documentation:1.1:configvhost">protected virtual host</a>.
+</p>
+<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
+       <span class="kw1">ServerName</span> mediawiki.example.com
+&nbsp;
+       PerlHeaderParserHandler My::Package
+&nbsp;
+       ...
+&nbsp;
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+<p>
+<p><div class="noteimportant">If you are protecting MediaWiki with <acronym title="LemonLDAP::NG">LL::NG</acronym> as reverse proxy, <a href="../../../documentation/1.1/header_remote_user_conversion.html" class="wikilink1" title="documentation:1.1:header_remote_user_conversion">convert header into REMOTE_USER environment variable</a>.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "MediaWiki virtual host in Apache" [1673-2140] -->
+<h3><a name="mediawiki_virtual_host_in_manager" id="mediawiki_virtual_host_in_manager">MediaWiki virtual host in Manager</a></h3>
+<div class="level3">
+
+<p>
+
+Go to the Manager and <a href="../../../documentation/1.1/configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:1.1:configvhost">create a new virtual host</a> for MediaWiki.
+</p>
+
+<p>
+Just configure the <a href="../../../documentation/1.1/writingrulesand_headers.html#rules" class="wikilink1" title="documentation:1.1:writingrulesand_headers">access rules</a>. You can also add a rule for logout:
+
+</p>
+<pre class="code">
+Userlogout =&gt; logout_sso
+</pre>
+
+<p>
+If using <acronym title="LemonLDAP::NG">LL::NG</acronym> as reverse proxy, configure the <code>Auth-User</code> <a href="../../../documentation/1.1/writingrulesand_headers.html#headers" class="wikilink1" title="documentation:1.1:writingrulesand_headers">header</a>, else no headers are needed.
+</p>
+
+</div>
+<!-- SECTION "MediaWiki virtual host in Manager" [2141-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/applications/obm.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/applications/obm.html
@ -0,0 +1,330 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="obm" id="obm">OBM</a></h1>
+<div class="level1">
+
+<p>
+
+<a href="/_detail/applications/obm_logo.png?id=documentation%3A1.1%3Aapplications%3Aobm" class="media" title="applications:obm_logo.png"><img src="../../../../media/applications/obm_logo.png" class="mediacenter" alt="" /></a>
+</p>
+
+</div>
+<!-- SECTION "OBM" [1-54] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<a href="http://obm.org" class="urlextern" title="http://obm.org"  rel="nofollow">OBM</a> is enterprise-class messaging and collaboration platform for workgroup or enterprises with many thousands users. OBM includes Groupware, messaging server, CRM, <acronym title="Lightweight Directory Access Protocol">LDAP</acronym>, Windows Domain, smartphone and <acronym title="Personal Digital Assistant">PDA</acronym> synchronization…
+</p>
+
+<p>
+OBM is shipped with a <acronym title="LemonLDAP::NG">LL::NG</acronym> plugin with these features:
+</p>
+<ul>
+<li class="level1"><div class="li"> <acronym title="Single Sign On">SSO</acronym> on OBM web interface</div>
+</li>
+<li class="level1"><div class="li"> Logout</div>
+</li>
+<li class="level1"><div class="li"> User provisioning (account auto creation at first connection)</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Presentation" [55-488] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Configuration" [489-515] -->
+<h3><a name="obm1" id="obm1">OBM</a></h3>
+<div class="level3">
+
+<p>
+
+To enable <acronym title="LemonLDAP::NG">LL::NG</acronym> authentication plugin, go in <code>/etc/obm/obm_conf.inc</code>:
+</p>
+<pre class="code file php"><span class="re0">$auth_kind</span> <span class="sy0">=</span> <span class="st_h">'LemonLDAP'</span><span class="sy0">;</span>
+&nbsp;
+<span class="re0">$lemonldap_config</span> <span class="sy0">=</span> <a href="http://www.php.net/array"><span class="kw3">Array</span></a><span class="br0">&#40;</span>
+                <span class="st0">&quot;auto_update&quot;</span>           <span class="sy0">=&gt;</span> <span class="kw4">true</span><span class="sy0">,</span>
+                <span class="st0">&quot;auto_update_force_user&quot;</span> <span class="sy0">=&gt;</span> <span class="kw4">true</span><span class="sy0">,</span>
+                <span class="st0">&quot;auto_update_force_group&quot;</span> <span class="sy0">=&gt;</span> <span class="kw4">false</span><span class="sy0">,</span>
+                <span class="st0">&quot;url_logout&quot;</span>            <span class="sy0">=&gt;</span> <span class="st0">&quot;https://OBMURL/logout&quot;</span><span class="sy0">,</span>
+                <span class="st0">&quot;server_ip_address&quot;</span>     <span class="sy0">=&gt;</span> <span class="st0">&quot;localhost&quot;</span><span class="sy0">,</span>
+                <span class="st0">&quot;server_ip_check&quot;</span>       <span class="sy0">=&gt;</span> <span class="kw4">false</span><span class="sy0">,</span>
+                <span class="st0">&quot;debug_level&quot;</span>           <span class="sy0">=&gt;</span> <span class="st0">&quot;NONE&quot;</span><span class="sy0">,</span>
+<span class="co1">//                &quot;debug_header_name&quot;     =&gt; &quot;HTTP_OBM_UID&quot;,</span>
+<span class="co1">//                &quot;group_header_name&quot;     =&gt; &quot;HTTP_OBM_GROUPS&quot;,</span>
+                <span class="st0">&quot;headers_map&quot;</span>           <span class="sy0">=&gt;</span> <a href="http://www.php.net/array"><span class="kw3">Array</span></a><span class="br0">&#40;</span>
+                        <span class="co1">//&quot;userobm_gid&quot;                   =&gt; &quot;HTTP_OBM_GID&quot;,</span>
+                        <span class="co1">//&quot;userobm_domain_id&quot;           =&gt; ,</span>
+                        <span class="st0">&quot;userobm_login&quot;</span>                 <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_UID&quot;</span><span class="sy0">,</span>
+                        <span class="st0">&quot;userobm_password&quot;</span>              <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_USERPASSWORD&quot;</span><span class="sy0">,</span>
+                        <span class="co1">//&quot;userobm_password_type&quot;       =&gt; ,</span>
+                        <span class="st0">&quot;userobm_perms&quot;</span>                 <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_PERMS&quot;</span><span class="sy0">,</span>
+                        <span class="co1">//&quot;userobm_kind&quot;                =&gt; ,</span>
+                        <span class="st0">&quot;userobm_lastname&quot;</span>              <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_SN&quot;</span><span class="sy0">,</span>
+                        <span class="st0">&quot;userobm_firstname&quot;</span>             <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_GIVENNAME&quot;</span><span class="sy0">,</span>
+<span class="co1">//                        &quot;userobm_title&quot;                 =&gt; &quot;HTTP_OBM_TITLE&quot;,</span>
+                        <span class="st0">&quot;userobm_email&quot;</span>                 <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_MAIL&quot;</span><span class="sy0">,</span>
+                        <span class="st0">&quot;userobm_datebegin&quot;</span>             <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_DATEBEGIN&quot;</span><span class="sy0">,</span>
+                        <span class="co1">//&quot;userobm_account_dateexp&quot;     =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_delegation_target&quot;   =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_delegation&quot;          =&gt; ,</span>
+                        <span class="st0">&quot;userobm_description&quot;</span>           <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_DESCRIPTION&quot;</span><span class="sy0">,</span>
+                        <span class="co1">//&quot;userobm_archive&quot;             =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_hidden&quot;              =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_status&quot;              =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_local&quot;               =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_photo_id&quot;            =&gt; ,</span>
+                        <span class="st0">&quot;userobm_phone&quot;</span>                 <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_TELEPHONENUMBER&quot;</span><span class="sy0">,</span>
+                        <span class="co1">//&quot;userobom_phone2&quot;             =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_mobile&quot;              =&gt; ,</span>
+                        <span class="st0">&quot;userobm_fax&quot;</span>                   <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_FACSIMILETELEPHONENUMBER&quot;</span><span class="sy0">,</span>
+                        <span class="co1">//&quot;userobm_fax2&quot;                =&gt; ,</span>
+                        <span class="st0">&quot;userobm_company&quot;</span>               <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_O&quot;</span><span class="sy0">,</span>
+                        <span class="co1">//&quot;userobm_direction&quot;           =&gt; ,</span>
+                        <span class="st0">&quot;userobm_service&quot;</span>               <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_OU&quot;</span><span class="sy0">,</span>
+                        <span class="st0">&quot;userobm_address1&quot;</span>              <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_POSTALADDRESS&quot;</span><span class="sy0">,</span>
+                        <span class="co1">//&quot;userobm_address2&quot;            =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_address3&quot;            =&gt; ,</span>
+                        <span class="st0">&quot;userobm_zipcode&quot;</span>               <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_POSTALCODE&quot;</span><span class="sy0">,</span>
+                        <span class="st0">&quot;userobm_town&quot;</span>                  <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_L&quot;</span><span class="sy0">,</span>
+                        <span class="st0">&quot;userobm_zipcode&quot;</span>               <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_POSTALCODE&quot;</span><span class="sy0">,</span>
+                        <span class="st0">&quot;userobm_town&quot;</span>                  <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_L&quot;</span><span class="sy0">,</span>
+                        <span class="co1">//&quot;userobm_expresspostal&quot;       =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_host_id&quot;             =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_web_perms&quot;           =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_web_list&quot;            =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_web_all&quot;             =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_mail_perms&quot;          =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_mail_ext_perms&quot;      =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_mail_server_id&quot;      =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_mail_server_hostname&quot; =&gt; ,</span>
+                        <span class="st0">&quot;userobm_mail_quota&quot;</span>            <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_MAILQUOTA&quot;</span><span class="sy0">,</span>
+                        <span class="co1">//&quot;userobm_nomade_perms&quot;        =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_nomade_enable&quot;       =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_nomade_local_copy&quot;   =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_email_nomade&quot;        =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_vacation_enable&quot;     =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_vacation_datebegin&quot;  =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_vacation_dateend&quot;    =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_vacation_message&quot;    =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_samba_perms&quot;         =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_samba_home&quot;          =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_samba_home_drive&quot;    =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_samba_logon_script&quot;  =&gt; ,</span>
+                        <span class="co1">// ---- Unused values ? ----</span>
+                        <span class="st0">&quot;userobm_ext_id&quot;</span>                <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_SERIALNUMBER&quot;</span><span class="sy0">,</span>
+                        <span class="co1">//&quot;userobm_system&quot;              =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_nomade_datebegin&quot;    =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_nomade_dateend&quot;      =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_location&quot;            =&gt; ,</span>
+                        <span class="co1">//&quot;userobm_education&quot;           =&gt; ,</span>
+                        <span class="br0">&#41;</span><span class="sy0">,</span>
+        <span class="br0">&#41;</span><span class="sy0">;</span></pre>
+
+<p>
+Parameters:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>url_logout</strong>: <acronym title="Uniform Resource Locator">URL</acronym> used by OBM to logout, will be caught by <acronym title="LemonLDAP::NG">LL::NG</acronym></div>
+</li>
+<li class="level1"><div class="li"> <strong>headers_map</strong>: map OBM internal field to <acronym title="LemonLDAP::NG">LL::NG</acronym> header</div>
+</li>
+</ul>
+
+<p>
+
+Edit also OBM Apache configuration to enable <acronym title="LemonLDAP::NG">LL::NG</acronym> Handler:
+</p>
+<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
+    <span class="kw1">ServerName</span> obm.example.com
+&nbsp;
+    <span class="co1"># SSO protection</span>
+    PerlHeaderParserHandler My::Package
+&nbsp;
+    <span class="kw1">DocumentRoot</span> /usr/share/obm/php
+&nbsp;
+    ...
+&nbsp;
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+<p>
+<p><div class="noteimportant">OBM Apache configuration must be loaded <strong>after</strong> <acronym title="LemonLDAP::NG">LL::NG</acronym> <a href="../../../documentation/1.1/configlocation.html#apache" class="wikilink1" title="documentation:1.1:configlocation">Apache configuration</a>.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "OBM" [516-6167] -->
+<h3><a name="llng" id="llng">LL::NG</a></h3>
+<div class="level3">
+
+</div>
+
+<h4><a name="attributes_and_macros" id="attributes_and_macros">Attributes and macros</a></h4>
+<div class="level4">
+
+<p>
+
+You will need to collect all attributes needed to create a user in OBM, this includes:
+</p>
+<ul>
+<li class="level1"><div class="li"> First name</div>
+</li>
+<li class="level1"><div class="li"> Last name</div>
+</li>
+<li class="level1"><div class="li"> Login</div>
+</li>
+<li class="level1"><div class="li"> Mail</div>
+</li>
+<li class="level1"><div class="li"> …</div>
+</li>
+</ul>
+
+<p>
+
+To add these attributes, go in Manager, <code>Variables</code> » <code>Exported Variables</code>.
+</p>
+
+<p>
+<p><div class="noteimportant">If you plan to forward user&#039;s password to OBM, then you have to <a href="../../../documentation/1.1/passwordstore.html" class="wikilink1" title="documentation:1.1:passwordstore">keep the password in session</a>.
+</div></p>
+</p>
+
+<p>
+You may also create these macros to manage OBM administrator account (<code>Variables</code> » <code>Macros</code>):
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0">field </th><th class="col1">value </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0"> uidR </td><td class="col1 leftalign"> ($uid =~ /^admin0/i)[0] ? &quot;admin0\@global.virt&quot; : $uid  </td>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0 leftalign"> mailR  </td><td class="col1 leftalign"> ($uid =~ /^admin0/i)[0] ? &quot;&quot; : ($mail =~ /^([^@]+)/)[0] . &quot;\@example.com&quot;   </td>
+	</tr>
+</table>
+
+</div>
+
+<h4><a name="virtual_host" id="virtual_host">Virtual host</a></h4>
+<div class="level4">
+
+<p>
+
+Create OBM virtual host (for example obm.example.com) in <acronym title="LemonLDAP::NG">LL::NG</acronym> configuration: <code>Virtual Hosts</code> » <code>New virtual host</code>.
+</p>
+
+<p>
+Then edit rules and headers.
+</p>
+
+</div>
+
+<h5><a name="rules" id="rules">Rules</a></h5>
+<div class="level5">
+
+<p>
+
+Define at least:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Default rule</strong>: who can access to the application</div>
+</li>
+<li class="level1"><div class="li"> <strong>Logout rule</strong>: catch OBM logout</div>
+</li>
+<li class="level1"><div class="li"> <strong>Exceptions</strong>: allow anonymous access for specific URLs (connectors, etc.)</div>
+</li>
+</ul>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0">field </th><th class="col1">value </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0">^/logout</td><td class="col1">logout_sso</td>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0">^/obm-sync</td><td class="col1">unprotect</td>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0">^/minig</td><td class="col1">unprotect</td>
+	</tr>
+	<tr class="row4 roweven">
+		<td class="col0">^/Microsoft-Server-ActiveSync</td><td class="col1">unprotect</td>
+	</tr>
+	<tr class="row5 rowodd">
+		<td class="col0">^/caldav</td><td class="col1">unprotect</td>
+	</tr>
+	<tr class="row6 roweven">
+		<td class="col0">default</td><td class="col1">accept (or whatever you want)</td>
+	</tr>
+</table>
+
+</div>
+
+<h5><a name="headers" id="headers">Headers</a></h5>
+<div class="level5">
+
+<p>
+
+Define headers used in OBM mapping, for example:
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0">field </th><th class="col1">valeur </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0">OBM_GIVENNAME</td><td class="col1">$givenName</td>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0">OBM_GROUPS</td><td class="col1">$groups</td>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0">OBM_UID</td><td class="col1">$uidR</td>
+	</tr>
+	<tr class="row4 roweven">
+		<td class="col0">OBM_MAIL</td><td class="col1">$mailR</td>
+	</tr>
+	<tr class="row5 rowodd">
+		<td class="col0">OBM_USERPASSWORD</td><td class="col1">$_password</td>
+	</tr>
+</table>
+
+</div>
+
+<h4><a name="other" id="other">Other</a></h4>
+<div class="level4">
+
+<p>
+
+Do not forget to add OBM in <a href="../../../documentation/1.1/portalmenu.html#categories_and_applications" class="wikilink1" title="documentation:1.1:portalmenu">applications menu</a>.
+
+</p>
+
+</div>
+<!-- SECTION "LL::NG" [6168-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/applications/phpldapadmin.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/applications/phpldapadmin.html
@ -0,0 +1,108 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="phpldapadmin" id="phpldapadmin">phpLDAPadmin</a></h1>
+<div class="level1">
+
+<p>
+
+<a href="/_detail/applications/phpldapadmin_logo.png?id=documentation%3A1.1%3Aapplications%3Aphpldapadmin" class="media" title="applications:phpldapadmin_logo.png"><img src="../../../../media/applications/phpldapadmin_logo.png" class="mediacenter" alt="" /></a>
+</p>
+
+</div>
+<!-- SECTION "phpLDAPadmin" [1-72] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<a href="http://phpldapadmin.sourceforge.net" class="urlextern" title="http://phpldapadmin.sourceforge.net"  rel="nofollow">phpLDAPadmin</a> is an <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> administration tool written in <acronym title="Hypertext Preprocessor">PHP</acronym>.
+</p>
+
+<p>
+phpLDAPadmin will connect to the directory with a static <acronym title="Distinguished Name">DN</acronym> and password, and so will not request authentication anymore. The access to phpLDAPadmin will be protected by LemonLDAP::NG with specific access rules.
+</p>
+
+<p>
+<p><div class="notewarning">phpLDAPadmin will have no idea of the user connected to the WebSSO. So a simple user can have admin rights on the <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> directory if your access rules are too lazy.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Presentation" [73-598] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Configuration" [599-625] -->
+<h3><a name="phpldapadmin_local_configuration" id="phpldapadmin_local_configuration">phpLDAPadmin local configuration</a></h3>
+<div class="level3">
+
+<p>
+
+Just set the authentication type to <code>config</code> and indicate <acronym title="Distinguished Name">DN</acronym> and password inside the file <code>config.php</code>:
+</p>
+<pre class="code file php"><span class="re0">$ldapservers</span><span class="sy0">-&gt;</span><span class="me1">SetValue</span><span class="br0">&#40;</span><span class="re0">$i</span><span class="sy0">,</span><span class="st_h">'server'</span><span class="sy0">,</span><span class="st_h">'auth_type'</span><span class="sy0">,</span><span class="st_h">'config'</span><span class="br0">&#41;</span><span class="sy0">;</span>
+<span class="re0">$ldapservers</span><span class="sy0">-&gt;</span><span class="me1">SetValue</span><span class="br0">&#40;</span><span class="re0">$i</span><span class="sy0">,</span><span class="st_h">'login'</span><span class="sy0">,</span><span class="st_h">'dn'</span><span class="sy0">,</span><span class="st_h">'cn=Manager,dc=example,dc=com'</span><span class="br0">&#41;</span><span class="sy0">;</span>
+<span class="re0">$ldapservers</span><span class="sy0">-&gt;</span><span class="me1">SetValue</span><span class="br0">&#40;</span><span class="re0">$i</span><span class="sy0">,</span><span class="st_h">'login'</span><span class="sy0">,</span><span class="st_h">'pass'</span><span class="sy0">,</span><span class="st_h">'secret'</span><span class="br0">&#41;</span><span class="sy0">;</span></pre>
+
+</div>
+<!-- SECTION "phpLDAPadmin local configuration" [626-980] -->
+<h3><a name="phpldapadmin_virtual_host_in_apache" id="phpldapadmin_virtual_host_in_apache">phpLDAPadmin virtual host in Apache</a></h3>
+<div class="level3">
+
+<p>
+
+Configure phpLDAPadmin virtual host like other <a href="../../../documentation/1.1/configvhost.html" class="wikilink1" title="documentation:1.1:configvhost">protected virtual host</a>.
+</p>
+<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
+       <span class="kw1">ServerName</span> phpldapadmin.example.com
+&nbsp;
+       PerlHeaderParserHandler My::Package
+&nbsp;
+       ...
+&nbsp;
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+</div>
+<!-- SECTION "phpLDAPadmin virtual host in Apache" [981-1281] -->
+<h3><a name="phpldapadmin_virtual_host_in_manager" id="phpldapadmin_virtual_host_in_manager">phpLDAPadmin virtual host in Manager</a></h3>
+<div class="level3">
+
+<p>
+
+Go to the Manager and <a href="../../../documentation/1.1/configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:1.1:configvhost">create a new virtual host</a> for phpLDAPadmin.
+</p>
+
+<p>
+Just configure the <a href="../../../documentation/1.1/writingrulesand_headers.html#rules" class="wikilink1" title="documentation:1.1:writingrulesand_headers">access rules</a>.
+</p>
+
+<p>
+No <a href="../../../documentation/1.1/writingrulesand_headers.html#headers" class="wikilink1" title="documentation:1.1:writingrulesand_headers">headers</a> are required.
+
+</p>
+
+</div>
+<!-- SECTION "phpLDAPadmin virtual host in Manager" [1282-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/applications/spring.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/applications/spring.html
@ -0,0 +1,78 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="spring_security_acegi" id="spring_security_acegi">Spring Security (ACEGI)</a></h1>
+<div class="level1">
+
+<p>
+
+<a href="/_detail/applications/spring_logo.png?id=documentation%3A1.1%3Aapplications%3Aspring" class="media" title="applications:spring_logo.png"><img src="../../../../media/applications/spring_logo.png" class="mediacenter" alt="" /></a>
+</p>
+
+</div>
+<!-- SECTION "Spring Security (ACEGI)" [1-77] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+<a href="http://static.springsource.org/spring-security/site/" class="urlextern" title="http://static.springsource.org/spring-security/site/"  rel="nofollow">Spring Security</a> is the new ACEGI name. This is a well known security framework for J2EE applications.
+</p>
+
+<p>
+Spring Security provides a default <code>pre-authentication</code> mechanism that can be used to connect your J2EE application to <acronym title="LemonLDAP::NG">LL::NG</acronym>.
+</p>
+
+</div>
+<!-- SECTION "Presentation" [78-394] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+You can find all suitable information here: <a href="http://static.springsource.org/spring-security/site/docs/3.0.x/reference/preauth.html" class="urlextern" title="http://static.springsource.org/spring-security/site/docs/3.0.x/reference/preauth.html"  rel="nofollow">http://static.springsource.org/spring-security/site/docs/3.0.x/reference/preauth.html</a>
+</p>
+
+<p>
+To summarize, to get the user connected trough the <code>Auth-User</code> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> Header, use this Sping Security configuration:
+</p>
+<pre class="code file xml"><span class="sc3"><span class="re1">&lt;bean</span> <span class="re0">id</span>=<span class="st0">&quot;LemonLDAPNGFilter&quot;</span> <span class="re0">class</span>=</span>
+<span class="sc3"><span class="st0">&quot;org.springframework.security.web.authentication.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter&quot;</span><span class="re2">&gt;</span></span>
+    <span class="sc3"><span class="re1">&lt;security:custom-filter</span> <span class="re0">position</span>=<span class="st0">&quot;PRE_AUTH_FILTER&quot;</span> <span class="re2">/&gt;</span></span>
+    <span class="sc3"><span class="re1">&lt;property</span> <span class="re0">name</span>=<span class="st0">&quot;principalRequestHeader&quot;</span> <span class="re0">value</span>=<span class="st0">&quot;Auth-User&quot;</span><span class="re2">/&gt;</span></span>
+    <span class="sc3"><span class="re1">&lt;property</span> <span class="re0">name</span>=<span class="st0">&quot;authenticationManager&quot;</span> <span class="re0">ref</span>=<span class="st0">&quot;authenticationManager&quot;</span> <span class="re2">/&gt;</span></span>
+<span class="sc3"><span class="re1">&lt;/bean<span class="re2">&gt;</span></span></span>
+&nbsp;
+<span class="sc3"><span class="re1">&lt;bean</span> <span class="re0">id</span>=<span class="st0">&quot;preauthAuthProvider&quot;</span> <span class="re0">class</span>=<span class="st0">&quot;org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider&quot;</span><span class="re2">&gt;</span></span>
+  <span class="sc3"><span class="re1">&lt;security:custom-authentication-provider</span> <span class="re2">/&gt;</span></span>
+    <span class="sc3"><span class="re1">&lt;property</span> <span class="re0">name</span>=<span class="st0">&quot;preAuthenticatedUserDetailsService&quot;</span><span class="re2">&gt;</span></span>
+    <span class="sc3"><span class="re1">&lt;bean</span> <span class="re0">id</span>=<span class="st0">&quot;userDetailsServiceWrapper&quot;</span> <span class="re0">class</span>=<span class="st0">&quot;org.springframework.security.userdetails.UserDetailsByNameServiceWrapper&quot;</span><span class="re2">&gt;</span></span>
+      <span class="sc3"><span class="re1">&lt;property</span> <span class="re0">name</span>=<span class="st0">&quot;userDetailsService&quot;</span> <span class="re0">ref</span>=<span class="st0">&quot;userDetailsService&quot;</span><span class="re2">/&gt;</span></span>
+    <span class="sc3"><span class="re1">&lt;/bean<span class="re2">&gt;</span></span></span>
+  <span class="sc3"><span class="re1">&lt;/property<span class="re2">&gt;</span></span></span>
+<span class="sc3"><span class="re1">&lt;/bean<span class="re2">&gt;</span></span></span>
+&nbsp;
+<span class="sc3"><span class="re1">&lt;security:authentication-manager</span> <span class="re0">alias</span>=<span class="st0">&quot;authenticationManager&quot;</span> <span class="re2">/&gt;</span></span></pre>
+
+</div>
+<!-- SECTION "Configuration" [395-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/applications/sympa.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/applications/sympa.html
@ -0,0 +1,214 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="sympa" id="sympa">Sympa</a></h1>
+<div class="level1">
+
+<p>
+
+<a href="/_detail/applications/sympa_logo.png?id=documentation%3A1.1%3Aapplications%3Asympa" class="media" title="applications:sympa_logo.png"><img src="../../../../media/applications/sympa_logo.png" class="mediacenter" alt="" /></a>
+</p>
+
+</div>
+<!-- SECTION "Sympa" [1-58] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<a href="http://www.sympa.org" class="urlextern" title="http://www.sympa.org"  rel="nofollow">Sympa</a> is a mailing list manager.
+</p>
+
+<p>
+There are two ways to configure <acronym title="Single Sign On">SSO</acronym> with Sympa:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Auto login</strong>: a special <acronym title="LemonLDAP::NG">LL::NG</acronym> Handler will generate Sympa cookie</div>
+</li>
+<li class="level1"><div class="li"> <strong>Magic authentication</strong>: a special <acronym title="Single Sign On">SSO</acronym> <acronym title="Uniform Resource Locator">URL</acronym> is protected by <acronym title="LemonLDAP::NG">LL::NG</acronym>, Sympa will display a button for users who wants to use this feature.</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">
+How to choose? Here are some advices:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Auto login</strong> is very secure, as Sympa cookie is only exchanged between <acronym title="LemonLDAP::NG">LL::NG</acronym> Handler and Sympa (user cannot see it)</div>
+</li>
+<li class="level1"><div class="li"> <strong>Magic authentication</strong> allows to mix standard Sympa authentication and <acronym title="Single Sign On">SSO</acronym> </div>
+</li>
+</ul>
+
+<p>
+
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Presentation" [59-668] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+Choose one of the following method:
+</p>
+
+</div>
+<!-- SECTION "Configuration" [669-732] -->
+<h3><a name="auto_login" id="auto_login">Auto login</a></h3>
+<div class="level3">
+
+</div>
+
+<h4><a name="sympa_virtual_host_in_apache" id="sympa_virtual_host_in_apache">Sympa virtual host in Apache</a></h4>
+<div class="level4">
+
+<p>
+
+Configure Sympa virtual host like other <a href="../../../documentation/1.1/configvhost.html" class="wikilink1" title="documentation:1.1:configvhost">protected virtual host</a> but use Sympa Handler instead of default Handler.
+</p>
+<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
+       <span class="kw1">ServerName</span> sympa.example.com
+&nbsp;
+       <span class="co1"># Load Sympa Handler</span>
+       PerlRequire __HANDLERDIR__/MyHandlerSympa.pm
+       PerlHeaderParserHandler My::Sympa
+&nbsp;
+       ...
+&nbsp;
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+</div>
+
+<h4><a name="sympa_virtual_host_in_manager" id="sympa_virtual_host_in_manager">Sympa virtual host in Manager</a></h4>
+<div class="level4">
+
+<p>
+
+Go to the Manager and <a href="../../../documentation/1.1/configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:1.1:configvhost">create a new virtual host</a> for Sympa.
+</p>
+
+<p>
+Just configure the <a href="../../../documentation/1.1/writingrulesand_headers.html#rules" class="wikilink1" title="documentation:1.1:writingrulesand_headers">access rules</a>.
+</p>
+
+</div>
+
+<h4><a name="sympa_handler_parameters" id="sympa_handler_parameters">Sympa Handler parameters</a></h4>
+<div class="level4">
+
+<p>
+
+Go in Manager, <code>Default parameters</code> » <code>Advanced parameters</code> » <code>Special handlers</code> » <code>Sympa</code>, and edit the different keys:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Shared key</strong>: correspond to the cookie parameter of sympa.conf</div>
+</li>
+<li class="level1"><div class="li"> <strong>Mail session key</strong>: session field where to find user mail (by default: mail)</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Auto login" [733-1691] -->
+<h3><a name="magic_authentication" id="magic_authentication">Magic authentication</a></h3>
+<div class="level3">
+
+</div>
+
+<h4><a name="sympa_configuration" id="sympa_configuration">Sympa configuration</a></h4>
+<div class="level4">
+
+<p>
+
+Edit the file “auth.conf”, for example:
+
+</p>
+<pre class="code">
+vi /etc/sympa/auth.conf
+</pre>
+
+<p>
+And fill it:
+
+</p>
+<pre class="file">
+generic_sso
+        service_name                   LemonLDAP::NG
+        service_id                          lemonldapng
+        email_http_header            HTTP_MAIL
+        netid_http_header             HTTP_AUTH_USER
+        internal_email_by_netid    1
+        logout_url                          http://sympa.example.com/wws/logout
+</pre>
+
+</div>
+
+<h4><a name="sympa_virtual_host_in_apache1" id="sympa_virtual_host_in_apache1">Sympa virtual host in Apache</a></h4>
+<div class="level4">
+
+<p>
+
+Configure Sympa virtual host like other <a href="../../../documentation/1.1/configvhost.html" class="wikilink1" title="documentation:1.1:configvhost">protected virtual host</a> but protect only magic authentication <acronym title="Uniform Resource Locator">URL</acronym>.
+</p>
+<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
+       <span class="kw1">ServerName</span> sympa.example.com
+&nbsp;
+       &lt;<span class="kw3">Location</span> /wws/sso_login/lemonldapng&gt;
+       PerlHeaderParserHandler My::Package
+       &lt;/<span class="kw3">Location</span>&gt;
+&nbsp;
+       ...
+&nbsp;
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+<p>
+<p><div class="notetip">The location <acronym title="Uniform Resource Locator">URL</acronym> is based on the <code>service_id</code> defined in Sympa apache configuration.
+</div></p>
+</p>
+
+</div>
+
+<h4><a name="sympa_virtual_host_in_manager1" id="sympa_virtual_host_in_manager1">Sympa virtual host in Manager</a></h4>
+<div class="level4">
+
+<p>
+
+Go to the Manager and <a href="../../../documentation/1.1/configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:1.1:configvhost">create a new virtual host</a> for Sympa.
+</p>
+
+<p>
+Configure the <a href="../../../documentation/1.1/writingrulesand_headers.html#rules" class="wikilink1" title="documentation:1.1:writingrulesand_headers">access rules</a>  and define the following <a href="../../../documentation/1.1/writingrulesand_headers.html#headers" class="wikilink1" title="documentation:1.1:writingrulesand_headers">headers</a>:
+</p>
+<ul>
+<li class="level1"><div class="li"> Auth-User</div>
+</li>
+<li class="level1"><div class="li"> Mail</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Magic authentication" [1692-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/applications/tomcat.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/applications/tomcat.html
@ -0,0 +1,179 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="apache_tomcat" id="apache_tomcat">Apache Tomcat</a></h1>
+<div class="level1">
+
+<p>
+
+<a href="/_detail/applications/tomcat_logo.png?id=documentation%3A1.1%3Aapplications%3Atomcat" class="media" title="applications:tomcat_logo.png"><img src="../../../../media/applications/tomcat_logo.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+<p><div class="noteimportant">The Tomcat  Valve is only available for tomcat 5.5 or greater.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Apache Tomcat" [1-154] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<a href="http://tomcat.apache.org/" class="urlextern" title="http://tomcat.apache.org/"  rel="nofollow">Apache Tomcat</a> is an open source software implementation of the Java Servlet and JavaServer Pages technologies.
+</p>
+
+<p>
+As J2EE servlet container, Tomcat provides standard security feature, like authentication: the application deployed in Tomcat can delegate its authentication to Tomcat.
+</p>
+
+<p>
+By default, Tomcat provides a file called <code>users.xml</code> to manage authentication:
+
+</p>
+<pre class="code file xml"><span class="sc3"><span class="re1">&lt;?xml</span> <span class="re0">version</span>=<span class="st0">'1.0'</span> <span class="re0">encoding</span>=<span class="st0">'utf-8'</span><span class="re2">?&gt;</span></span>
+<span class="sc3"><span class="re1">&lt;tomcat-users<span class="re2">&gt;</span></span></span>
+  <span class="sc3"><span class="re1">&lt;role</span> <span class="re0">rolename</span>=<span class="st0">&quot;tomcat&quot;</span><span class="re2">/&gt;</span></span>
+  <span class="sc3"><span class="re1">&lt;role</span> <span class="re0">rolename</span>=<span class="st0">&quot;role1&quot;</span><span class="re2">/&gt;</span></span>
+  <span class="sc3"><span class="re1">&lt;user</span> <span class="re0">username</span>=<span class="st0">&quot;tomcat&quot;</span> <span class="re0">password</span>=<span class="st0">&quot;tomcat&quot;</span> <span class="re0">roles</span>=<span class="st0">&quot;tomcat&quot;</span><span class="re2">/&gt;</span></span>
+  <span class="sc3"><span class="re1">&lt;user</span> <span class="re0">username</span>=<span class="st0">&quot;role1&quot;</span> <span class="re0">password</span>=<span class="st0">&quot;tomcat&quot;</span> <span class="re0">roles</span>=<span class="st0">&quot;role1&quot;</span><span class="re2">/&gt;</span></span>
+  <span class="sc3"><span class="re1">&lt;user</span> <span class="re0">username</span>=<span class="st0">&quot;both&quot;</span> <span class="re0">password</span>=<span class="st0">&quot;tomcat&quot;</span> <span class="re0">roles</span>=<span class="st0">&quot;tomcat,role1&quot;</span><span class="re2">/&gt;</span></span>
+<span class="sc3"><span class="re1">&lt;/tomcat-users<span class="re2">&gt;</span></span></span>
+&nbsp;</pre>
+
+<p>
+<acronym title="LemonLDAP::NG">LL::NG</acronym> provides a valve, available on <a href="../../../download.html#contributions" class="wikilink1" title="download">download page</a>. This valve will check an <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> header to set the authenticated user on the J2EE container.
+</p>
+
+</div>
+<!-- SECTION "Presentation" [155-1077] -->
+<h2><a name="installation" id="installation">Installation</a></h2>
+<div class="level2">
+
+<p>
+
+Copy <code>ValveLemonLDAPNG.jar</code> in <code>&lt;TOMCAT_HOME&gt;/server/lib</code>:
+
+</p>
+<pre class="code">
+cp ValveLemonLDAPNG.jar server/lib/
+</pre>
+
+<p>
+<p><div class="notetip">If needed, you can <a href="#compilation" title="documentation:1.1:applications:tomcat &crarr;" class="wikilink1">recompile the valve from the sources</a>.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Installation" [1078-1310] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+Add on your <code>server.xml</code> file a new valve entry like this (in host section):
+
+</p>
+<pre class="code file xml"><span class="sc3"><span class="re1">&lt;Valve</span> <span class="re0">className</span>=<span class="st0">&quot;org.lemonLDAPNG.SSOValve&quot;</span> <span class="re0">userKey</span>=<span class="st0">&quot;AUTH-USER&quot;</span> <span class="re0">roleKey</span>=<span class="st0">&quot;AUTH-ROLE&quot;</span> <span class="re0">roleSeparator</span>=<span class="st0">&quot;,&quot;</span> <span class="re0">allows</span>=<span class="st0">&quot;127.0.0.1&quot;</span><span class="re2">/&gt;</span></span></pre>
+
+<p>
+Configure attributes:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>userKey</strong>: key in the <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> header containing user login.</div>
+</li>
+<li class="level1"><div class="li"> <strong>roleKey</strong>: key in the <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> header containing roles. If <acronym title="LemonLDAP::NG">LL::NG</acronym> send some roles split by some commas, configure <strong>roleSeparator</strong>.</div>
+</li>
+<li class="level1"><div class="li"> <strong>roleSeparator</strong> (optional): role values separator.</div>
+</li>
+<li class="level1"><div class="li"> <strong>allows</strong> (optional): Define allowed remote <acronym title="Internet Protocol">IP</acronym> (use ”,” separator for multiple <acronym title="Internet Protocol">IP</acronym>). Just set the <acronym title="LemonLDAP::NG">LL::NG</acronym> Handler <acronym title="Internet Protocol">IP</acronym> on this attribute in order to add more security. If this attribute is missed all hosts are allowed.</div>
+</li>
+<li class="level1"><div class="li"> <strong>passThrough</strong> (optional): Allow anonymous access or not. When it takes “false”, <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> headers have to be sent by <acronym title="LemonLDAP::NG">LL::NG</acronym> to make authentication. So, if the user is not recognized or <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> headers not present, a 403 error is sent.</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">For debugging, this valve can print some helpful information in debug level. See <a href="http://tomcat.apache.org/tomcat-5.5-doc/logging.html" class="urlextern" title="http://tomcat.apache.org/tomcat-5.5-doc/logging.html"  rel="nofollow">how configure logging in Tomcat</a> . 
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Configuration" [1311-2481] -->
+<h2><a name="compilation" id="compilation">Compilation</a></h2>
+<div class="level2">
+
+<p>
+
+The sources are  available on <a href="../../../download.html#contributions" class="wikilink1" title="download">download page</a>.
+</p>
+
+<p>
+Required :
+</p>
+<ul>
+<li class="level1"><div class="li"> ant</div>
+</li>
+<li class="level1"><div class="li"> jre &gt; 1.4</div>
+</li>
+<li class="level1"><div class="li"> tomcat &gt;= 5.5</div>
+</li>
+</ul>
+
+<p>
+
+Configure your tomcat home in <code>build.properties</code> files.
+</p>
+
+<p>
+<p><div class="noteimportant">
+Be careful for Windows user, path must contains ”/”. Example:
+
+</p>
+<pre class="code">
+c:/my hardisk/tomcat/
+</pre>
+
+<p>
+
+
+</div></p>
+</p>
+
+<p>
+Next run ant command:
+
+</p>
+<pre class="code">
+ant
+</pre>
+
+<p>
+<code>ValveLemonLDAPNG.jar</code> is created under <code>/dist</code> directory. 
+
+</p>
+
+</div>
+<!-- SECTION "Compilation" [2482-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/applications/zimbra.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/applications/zimbra.html
@ -0,0 +1,153 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="zimbra" id="zimbra">Zimbra</a></h1>
+<div class="level1">
+
+<p>
+
+<a href="/_detail/applications/zimbra_logo.png?id=documentation%3A1.1%3Aapplications%3Azimbra" class="media" title="applications:zimbra_logo.png"><img src="../../../../media/applications/zimbra_logo.png" class="mediacenter" alt="" /></a>
+</p>
+
+</div>
+<!-- SECTION "Zimbra" [1-60] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<a href="http://www.zimbra.com/" class="urlextern" title="http://www.zimbra.com/"  rel="nofollow">Zimbra</a> is open source server software for email and collaboration - email, group calendar, contacts, instant messaging, file storage and web document management. The Zimbra email and calendar server is available for Linux, Mac <acronym title="Operating System">OS</acronym> X and virtualization platforms. Zimbra syncs to smartphones (iPhone, BlackBerry) and desktop clients like Outlook and Thunderbird. Zimbra also features archiving and discovery for compliance. Zimbra can be deployed on-premises or as a hosted email solution.
+</p>
+
+<p>
+Zimbra use a specific <a href="http://wiki.zimbra.com/index.php?title=Preauth" class="urlextern" title="http://wiki.zimbra.com/index.php?title=Preauth"  rel="nofollow">preauthentication protocol</a> to provide <acronym title="Single Sign On">SSO</acronym> on its application. This protocol is implementated in an <acronym title="LemonLDAP::NG">LL::NG</acronym> specific Handler.
+</p>
+
+<p>
+<p><div class="notetip">Zimbra can also be connected to <acronym title="LemonLDAP::NG">LL::NG</acronym> via <a href="../../../documentation/1.1/idpsaml.html" class="wikilink1" title="documentation:1.1:idpsaml">SAML protocol</a> (see <a href="http://blog.zimbra.com/blog/archives/2010/06/using-saml-assertions-to-access-zimbra.html" class="urlextern" title="http://blog.zimbra.com/blog/archives/2010/06/using-saml-assertions-to-access-zimbra.html"  rel="nofollow">Zimbra blog</a>).
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Presentation" [61-1001] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+The integration with <acronym title="LemonLDAP::NG">LL::NG</acronym> is the following:
+</p>
+<ul>
+<li class="level1"><div class="li"> A special <acronym title="Uniform Resource Locator">URL</acronym> is declared in application menu (like <a href="http://zimbra.example.com/zimbrasso" class="urlextern" title="http://zimbra.example.com/zimbrasso"  rel="nofollow">http://zimbra.example.com/zimbrasso</a>)</div>
+</li>
+<li class="level1"><div class="li"> A Zimbra Handler is called</div>
+</li>
+<li class="level1"><div class="li"> Handler build the preauth request and redirect user on Zimbra preauth <acronym title="Uniform Resource Locator">URL</acronym></div>
+</li>
+<li class="level1"><div class="li"> Then Zimbra do the <acronym title="Single Sign On">SSO</acronym> by setting a cookie in user&#039;s browser</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Configuration" [1002-1342] -->
+<h3><a name="zimbra_preauth_key" id="zimbra_preauth_key">Zimbra preauth key</a></h3>
+<div class="level3">
+
+<p>
+
+You need to get a preauth key from Zimbra server.
+</p>
+
+<p>
+See <a href="http://wiki.zimbra.com/index.php?title=Preauth#Preparing_a_domain_for_preauth" class="urlextern" title="http://wiki.zimbra.com/index.php?title=Preauth#Preparing_a_domain_for_preauth"  rel="nofollow">how to do this</a> on Zimbra wiki.
+</p>
+
+</div>
+<!-- SECTION "Zimbra preauth key" [1343-1541] -->
+<h3><a name="zimbra_application_in_menu" id="zimbra_application_in_menu">Zimbra application in menu</a></h3>
+<div class="level3">
+
+<p>
+
+Choose for example <a href="http://zimbra.example.com/zimbrasso" class="urlextern" title="http://zimbra.example.com/zimbrasso"  rel="nofollow">http://zimbra.example.com/zimbrasso</a> as <acronym title="Single Sign On">SSO</acronym> <acronym title="Uniform Resource Locator">URL</acronym> and <a href="../../../documentation/1.1/portalmenu.html#categories_and_applications" class="wikilink1" title="documentation:1.1:portalmenu">set it in application menu</a>.
+</p>
+
+</div>
+<!-- SECTION "Zimbra application in menu" [1542-1723] -->
+<h3><a name="zimbra_virtual_host_in_apache" id="zimbra_virtual_host_in_apache">Zimbra virtual host in Apache</a></h3>
+<div class="level3">
+
+<p>
+
+You will configure Zimbra virtual host like other <a href="../../../documentation/1.1/configvhost.html" class="wikilink1" title="documentation:1.1:configvhost">protected virtual host</a> but you will use Zimbra Handler instead of default Handler.
+</p>
+<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *&gt;
+        <span class="kw1">ServerName</span> zimbra.example.com
+&nbsp;
+       <span class="co1"># Load Zimbra Handler</span>
+       PerlRequire __HANDLERDIR__/MyHandlerZimbra.pm
+       PerlHeaderParserHandler My::Zimbra
+&nbsp;
+       ...
+&nbsp;
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+</div>
+<!-- SECTION "Zimbra virtual host in Apache" [1724-2153] -->
+<h3><a name="zimbra_virtual_host_in_manager" id="zimbra_virtual_host_in_manager">Zimbra virtual host in Manager</a></h3>
+<div class="level3">
+
+<p>
+
+Go to the Manager and <a href="../../../documentation/1.1/configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:1.1:configvhost">create a new virtual host</a> for Zimbra.
+</p>
+
+<p>
+Just configure the <a href="../../../documentation/1.1/writingrulesand_headers.html#rules" class="wikilink1" title="documentation:1.1:writingrulesand_headers">access rules</a>.
+</p>
+
+</div>
+<!-- SECTION "Zimbra virtual host in Manager" [2154-2370] -->
+<h3><a name="zimbra_handler_parameters" id="zimbra_handler_parameters">Zimbra Handler parameters</a></h3>
+<div class="level3">
+
+<p>
+
+Go in Manager, <code>Default parameters</code> » <code>Advanced parameters</code> » <code>Special handlers</code> » <code>Zimbra</code>, and edit the different keys:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Preauthentication key</strong>: the one you grab from zmprov command</div>
+</li>
+<li class="level1"><div class="li"> <strong>Account session key</strong>: session field used as Zimbra user account (by default: uid)</div>
+</li>
+<li class="level1"><div class="li"> <strong>Account type</strong>: for Zimbra this can be name, id or foreignKey (by default: id)</div>
+</li>
+<li class="level1"><div class="li"> <strong>Preauthentication <acronym title="Uniform Resource Locator">URL</acronym></strong>: Zimbra preauthentication <acronym title="Uniform Resource Locator">URL</acronym>, either with full <acronym title="Uniform Resource Locator">URL</acronym> (ex: <a href="http://zimbra.lan/service/preauth" class="urlextern" title="http://zimbra.lan/service/preauth"  rel="nofollow">http://zimbra.lan/service/preauth</a>), either only with path (ex: /service/preauth) (by default: /service/preauth)</div>
+</li>
+<li class="level1"><div class="li"> <strong>Local <acronym title="Single Sign On">SSO</acronym> <acronym title="Uniform Resource Locator">URL</acronym> pattern</strong>: regular expression to match the <acronym title="Single Sign On">SSO</acronym> <acronym title="Uniform Resource Locator">URL</acronym> (by default: ^/zimbrasso$)</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Zimbra Handler parameters" [2371-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/authapache.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/authapache.html
@ -0,0 +1,230 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="apache" id="apache">Apache</a></h1>
+<div class="level1">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  ✔  </td><td class="col1"> </td><td class="col2"> </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Apache" [1-73] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> can delegate authentication to Apache, so it is possible to use any <a href="http://httpd.apache.org/docs/current/howto/auth.html" class="urlextern" title="http://httpd.apache.org/docs/current/howto/auth.html"  rel="nofollow">Apache authentication module</a>, for example:
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="http://modauthkerb.sourceforge.net/" class="urlextern" title="http://modauthkerb.sourceforge.net/"  rel="nofollow">Kerberos</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="http://search.cpan.org/~speeves/Apache2-AuthenNTLM-0.02/AuthenNTLM.pm" class="urlextern" title="http://search.cpan.org/~speeves/Apache2-AuthenNTLM-0.02/AuthenNTLM.pm"  rel="nofollow">NTLM</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="http://freeradius.org/mod_auth_radius/" class="urlextern" title="http://freeradius.org/mod_auth_radius/"  rel="nofollow">Radius</a></div>
+</li>
+<li class="level1"><div class="li"> …</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">Apache authentication module will set the <code>REMOTE_USER</code> environment variable, which will be used by <acronym title="LemonLDAP::NG">LL::NG</acronym> to get authenticated user.
+</div></p>
+</p>
+
+<p>
+<p><div class="noteclassic">This documentation will focus on Kerberos authentication module, that can allow for example to set transparent authentication for Active Directory users (as Active Directory is a Kerberos server).
+</div></p>
+</p>
+
+<p>
+The following sample parameters will be used:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>EXAMPLE.COM</strong>: Kerberos realm</div>
+</li>
+<li class="level1"><div class="li"> <strong><acronym title="Hyper Text Transfer Protocol">HTTP</acronym></strong>: Service name</div>
+</li>
+<li class="level1"><div class="li"> <strong>auth.example.com</strong>: <acronym title="Domain Name System">DNS</acronym> of the portal</div>
+</li>
+<li class="level1"><div class="li"> <strong>ad.example.com</strong>: <acronym title="Domain Name System">DNS</acronym> of Active Directory</div>
+</li>
+<li class="level1"><div class="li"> <strong>cn=ssokerberos,cn=users,dc=example,dc=com</strong>: <acronym title="Distinguished Name">DN</acronym> of AD technical account</div>
+</li>
+<li class="level1"><div class="li"> <strong>complicatedpassword</strong>: Password of AD technical account</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Presentation" [74-1180] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Configuration" [1181-1207] -->
+<h3><a name="apache_kerberos_module" id="apache_kerberos_module">Apache Kerberos module</a></h3>
+<div class="level3">
+
+<p>
+
+The module can be found <a href="http://modauthkerb.sourceforge.net/" class="urlextern" title="http://modauthkerb.sourceforge.net/"  rel="nofollow">here</a>.
+</p>
+
+<p>
+On CentOS/RHEL:
+
+</p>
+<pre class="code shell">yum install mod_auth_kerb</pre>
+
+<p>
+On Debian/Ubuntu:
+
+</p>
+<pre class="code shell">apt-get install libapache2-mod-auth-kerb</pre>
+
+<p>
+The module must be loaded by Apache (LoadModule directive).
+</p>
+
+</div>
+<!-- SECTION "Apache Kerberos module" [1208-1518] -->
+<h3><a name="kerberos_client_for_linux" id="kerberos_client_for_linux">Kerberos client for Linux</a></h3>
+<div class="level3">
+
+<p>
+
+Edit <code>/etc/krb5.conf</code>:
+</p>
+<pre class="file">
+[libdefaults]
+ default_realm = EXAMPLE.COM
+
+[realms]
+ EXAMPLE.COM = {
+  kdc = ad.example.com
+  admin_server = ad.example.com
+ }
+
+[domain_realm]
+ .example.com = EXAMPLE.COM
+ example.com = EXAMPLE.COM
+</pre>
+
+</div>
+<!-- SECTION "Kerberos client for Linux" [1519-1796] -->
+<h3><a name="connection_between_linux_and_active_directory" id="connection_between_linux_and_active_directory">Connection between Linux and Active Directory</a></h3>
+<div class="level3">
+
+<p>
+
+You have to run this command on Active Directory:
+</p>
+<pre class="code">
+ktpass -princ HTTP/auth.example.com@EXAMPLE.COM -mapuser EXAMPLE.COM\ssokerberos -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -mapOp set +DesOnly -pass complicatedpassword -out c:\auth.keytab
+</pre>
+
+<p>
+The file <code>auth.keytab</code> should then be copied (with a secure media) to the Linux server (for example in <code>/etc/lemonldap-ng</code>).
+</p>
+
+<p>
+Then on Linux server:
+</p>
+<pre class="code shell">kinit HTTP/auth.example.com
+kvno HTTP/auth.example.com@EXAMPLE.COM
+klist -e
+kinit -k -t /etc/lemonldap-ng/auth.keytab HTTP/auth.example.com</pre>
+
+</div>
+<!-- SECTION "Connection between Linux and Active Directory" [1797-2427] -->
+<h3><a name="configuration_of_lemonldapng" id="configuration_of_lemonldapng">Configuration of LemonLDAP::NG</a></h3>
+<div class="level3">
+
+<p>
+
+In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Apache for authentication.
+</p>
+
+<p>
+<p><div class="notetip">You can then choose any other module for users and password.
+</div></p>
+</p>
+
+<p>
+You can also configure the authentication level for this module.
+</p>
+
+</div>
+<!-- SECTION "Configuration of LemonLDAP::NG" [2428-2723] -->
+<h3><a name="configuration_of_apache_virtual_host" id="configuration_of_apache_virtual_host">Configuration of Apache virtual host</a></h3>
+<div class="level3">
+
+<p>
+
+Modify the portal virtual host:
+</p>
+<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *&gt;
+    <span class="kw1">ServerName</span> auth.example.com
+&nbsp;
+   <span class="kw1">DocumentRoot</span> /var/lib/lemonldap-ng/portal/
+&nbsp;
+  &lt;<span class="kw3">Directory</span> /var/lib/lemonldap-ng/portal/&gt;
+    <span class="kw1">Order</span> <span class="kw1">allow</span>,<span class="kw1">deny</span>
+    <span class="kw1">Allow</span> from <span class="kw2">all</span>
+    <span class="kw1">Options</span> +ExecCGI
+&nbsp;
+    &lt;<span class="kw3">IfModule</span> auth_kerb_module&gt;
+      <span class="kw1">AuthType</span> Kerberos
+      KrbMethodNegotiate <span class="kw2">On</span>
+      KrbMethodK5Passwd <span class="kw2">Off</span>
+      KrbAuthRealms EXAMPLE.COM
+      Krb5KeyTab /etc/lemonldap-ng/auth.keytab
+      KrbVerifyKDC <span class="kw2">Off</span>
+      KrbServiceName HTTP
+      <span class="kw1">require</span> valid-<span class="kw1">user</span>
+    &lt;/<span class="kw3">IfModule</span>&gt;
+&nbsp;
+  &lt;/<span class="kw3">Directory</span>&gt;
+&nbsp;
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+</div>
+<!-- SECTION "Configuration of Apache virtual host" [2724-3351] -->
+<h3><a name="time_to_test" id="time_to_test">Time to test</a></h3>
+<div class="level3">
+
+<p>
+
+Configure <acronym title="Internet Explorer">IE</acronym> or Firefox to trust <code><a href="http://auth.example.com" class="urlextern" title="http://auth.example.com"  rel="nofollow">http://auth.example.com</a></code>, and then it should work!
+
+</p>
+
+</div>
+<!-- SECTION "Time to test" [3352-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/authcas.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/authcas.html
@ -0,0 +1,166 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="cas" id="cas">CAS</a></h1>
+<div class="level1">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  ✔  </td><td class="col1"> </td><td class="col2"> </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "CAS" [1-70] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> can delegate authentication to a <acronym title="Central Authentication Service">CAS</acronym> server. This requires <a href="http://sourcesup.cru.fr/projects/perlcas/" class="urlextern" title="http://sourcesup.cru.fr/projects/perlcas/"  rel="nofollow">Perl CAS module</a>.
+</p>
+
+<p>
+<p><div class="notetip"><acronym title="LemonLDAP::NG">LL::NG</acronym> can also act as <a href="../../documentation/1.1/idpcas.html" class="wikilink1" title="documentation:1.1:idpcas">CAS server</a>, that allows to interconnect two <acronym title="LemonLDAP::NG">LL::NG</acronym> systems.
+</div></p>
+</p>
+
+<p>
+<acronym title="LemonLDAP::NG">LL::NG</acronym> can also request proxy tickets for its protected services. Proxy tickets will be collected at authentication phase and stored in user session under the form:
+</p>
+
+<p>
+<code>_casPT</code><strong>serviceID</strong> = <strong>Proxy ticket value</strong>
+</p>
+
+<p>
+They can then be forwarded to applications trough <a href="../../documentation/1.1/writingrulesand_headers.html#headers" class="wikilink1" title="documentation:1.1:writingrulesand_headers">HTTP headers</a>.
+</p>
+
+<p>
+<p><div class="notetip"><acronym title="Central Authentication Service">CAS</acronym> authentication will automatically add a <a href="../../documentation/1.1/logoutforward.html" class="wikilink1" title="documentation:1.1:logoutforward">logout forward rule</a> on <acronym title="Central Authentication Service">CAS</acronym> server logout <acronym title="Uniform Resource Locator">URL</acronym> in order to close <acronym title="Central Authentication Service">CAS</acronym> session on <acronym title="LemonLDAP::NG">LL::NG</acronym> logout.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Presentation" [71-828] -->
+<h2><a name="perl-cas_module_installation" id="perl-cas_module_installation">Perl-CAS module installation</a></h2>
+<div class="level2">
+
+<p>
+
+Download the latest version:
+
+</p>
+<pre class="code">
+wget https://sourcesup.cru.fr/frs/download.php/2476/AuthCAS-1.4.tar.gz
+</pre>
+
+<p>
+Extract and build the module:
+
+</p>
+<pre class="code">
+tar zxvf AuthCAS-1.4.tar.gz 
+cd AuthCAS-1.4/
+perl Makefile.PL
+make
+make test
+</pre>
+
+<p>
+Install the module:
+
+</p>
+<pre class="code">
+sudo make install
+</pre>
+
+</div>
+<!-- SECTION "Perl-CAS module installation" [829-1162] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose <acronym title="Central Authentication Service">CAS</acronym> for authentication.
+</p>
+
+<p>
+<p><div class="notetip">You can then choose any other module for users and password.
+</div></p>
+</p>
+
+<p>
+Then, go in <code><acronym title="Central Authentication Service">CAS</acronym> parameters</code>:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Server <acronym title="Uniform Resource Locator">URL</acronym></strong>: <acronym title="Central Authentication Service">CAS</acronym> server <acronym title="Uniform Resource Locator">URL</acronym> (must use https://)</div>
+</li>
+<li class="level1"><div class="li"> <strong>CA file</strong>: CA certificate used to validate <acronym title="Central Authentication Service">CAS</acronym> server certificate</div>
+</li>
+<li class="level1"><div class="li"> <strong>Renew authentication</strong>: force authentication renewal on <acronym title="Central Authentication Service">CAS</acronym> server</div>
+</li>
+<li class="level1"><div class="li"> <strong>Gateways authentication</strong>: force transparent authentication on <acronym title="Central Authentication Service">CAS</acronym> server</div>
+</li>
+<li class="level1"><div class="li"> <strong><acronym title="Proxy Granting Ticket">PGT</acronym> file</strong>: temporary file where proxy tickets are stored (by default, <code>/tmp/pgt.txt</code>)</div>
+</li>
+<li class="level1"><div class="li"> <strong>Proxied services</strong>: list of services for which a proxy ticket is requested:</div>
+<ul>
+<li class="level2"><div class="li"> <strong>Key</strong>: Service ID</div>
+</li>
+<li class="level2"><div class="li"> <strong>Value</strong> Service <acronym title="Uniform Resource Locator">URL</acronym> (<acronym title="Central Authentication Service">CAS</acronym> service identifier)</div>
+</li>
+</ul>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">If no proxied services defined, <acronym title="Central Authentication Service">CAS</acronym> authentication will not activate the <acronym title="Central Authentication Service">CAS</acronym> proxy mode.
+</div></p>
+</p>
+
+<p>
+<p><div class="noteimportant">
+If you activate proxy mode, you must create the <acronym title="Proxy Granting Ticket">PGT</acronym> file on your system, for example:
+
+</p>
+<pre class="code">
+touch /tmp/pgt.txt
+</pre>
+
+<p>
+
+
+</div></p>
+
+</p>
+
+</div>
+<!-- SECTION "Configuration" [1163-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/authchoice.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/authchoice.html
@ -0,0 +1,135 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="backend_choice_by_users" id="backend_choice_by_users">Backend choice by users</a></h1>
+<div class="level1">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  ✔  </td><td class="col1 centeralign">  ✔  </td><td class="col2 centeralign">  ✔  </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Backend choice by users" [1-103] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+By default, only the configured authentication backend is available for users.
+</p>
+
+<p>
+Contrary to <a href="../../documentation/1.1/authmulti.html" class="wikilink1" title="documentation:1.1:authmulti">multiple backend stacking</a>, backend choice will present all available authentication methods to users, who will choose the one they want.
+</p>
+
+<p>
+The choice will concern three backends:
+</p>
+<ul>
+<li class="level1"><div class="li"> Authentication</div>
+</li>
+<li class="level1"><div class="li"> Users</div>
+</li>
+<li class="level1"><div class="li"> Password</div>
+</li>
+</ul>
+
+<p>
+
+The choosen backends will be registered in session:
+</p>
+<ul>
+<li class="level1"><div class="li"> <code>$_auth</code></div>
+</li>
+<li class="level1"><div class="li"> <code>$_userDB</code></div>
+</li>
+<li class="level1"><div class="li"> <code>$_passwordDB</code></div>
+</li>
+</ul>
+
+<p>
+
+Authentication choice will also be registered in session:
+</p>
+<ul>
+<li class="level1"><div class="li"> <code>$_authChoice</code></div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Presentation" [104-642] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Choice for authentication.
+</p>
+
+<p>
+<p><div class="noteimportant">When <code>Choice</code> is selected for authentication, values for Users and Password modules are not used anymore. Also, all backends parameters are displayed.
+</div></p>
+</p>
+
+<p>
+Then, go in <code>Choice Parameters</code>:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong><acronym title="Uniform Resource Locator">URL</acronym> parameter</strong>: parameter name used to set choice value (default: <code>lmAuth</code>)</div>
+</li>
+<li class="level1"><div class="li"> <strong>Allowed modules</strong>: click on <code>New choice</code> to add a choice.</div>
+</li>
+</ul>
+
+<p>
+
+<a href="/_detail/documentation/manager-authchoice.png?id=documentation%3A1.1%3Aauthchoice" class="media" title="documentation:manager-authchoice.png"><img src="../../../media/documentation/manager-authchoice.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+Define here:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Key name</strong>: Text displayed on choice tab.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Authentication module</strong></div>
+</li>
+<li class="level1"><div class="li"> <strong>User module</strong></div>
+</li>
+<li class="level1"><div class="li"> <strong>Password module</strong></div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">You can prefix the key name with a digit to order them. The digit will not be shown on portal page.
+</div></p>
+
+</p>
+
+</div>
+<!-- SECTION "Configuration" [643-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/authdbi.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/authdbi.html
@ -0,0 +1,265 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="databases" id="databases">Databases</a></h1>
+<div class="level1">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  ✔  </td><td class="col1 centeralign">  ✔  </td><td class="col2 centeralign">  ✔  </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Databases" [1-89] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Presentation" [90-115] -->
+<h3><a name="drivers" id="drivers">Drivers</a></h3>
+<div class="level3">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> can use a lot of databases as authentication, users and password backend:
+</p>
+<ul>
+<li class="level1"><div class="li"> MySQL</div>
+</li>
+<li class="level1"><div class="li"> PostGreSQL</div>
+</li>
+<li class="level1"><div class="li"> Oracle</div>
+</li>
+<li class="level1"><div class="li"> …</div>
+</li>
+</ul>
+
+<p>
+
+Indeed, any <a href="http://search.cpan.org/search?query=DBD%3A%3A&amp;mode=module" class="urlextern" title="http://search.cpan.org/search?query=DBD%3A%3A&amp;mode=module"  rel="nofollow">Perl DBD driver</a> can be used.
+</p>
+
+</div>
+<!-- SECTION "Drivers" [116-364] -->
+<h3><a name="schema" id="schema">Schema</a></h3>
+<div class="level3">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> can use two tables:
+</p>
+<ul>
+<li class="level1"><div class="li"> Authentication table: where login and password are stored</div>
+</li>
+<li class="level1"><div class="li"> User table: where user data are stored (mail, name, etc.)</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">Authentication table and user table can be the same.
+</div></p>
+</p>
+
+<p>
+The password can be in plain text, or encoded with a standard <acronym title="Structured Query Language">SQL</acronym> method:
+</p>
+<ul>
+<li class="level1"><div class="li"> SHA</div>
+</li>
+<li class="level1"><div class="li"> SHA1</div>
+</li>
+<li class="level1"><div class="li"> MD5</div>
+</li>
+</ul>
+
+</div>
+
+<h4><a name="example_1two_tables" id="example_1two_tables">Example 1: two tables</a></h4>
+<div class="level4">
+
+</div>
+
+<h5><a name="authentication_table" id="authentication_table">Authentication table</a></h5>
+<div class="level5">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0"> id </th><th class="col1"> login </th><th class="col2"> password </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0"> 0 </td><td class="col1"> coudot </td><td class="col2"> 1f777a6581e478499f4284e54fe2d4a4e513dfff </td>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0"> 1 </td><td class="col1"> xguimard </td><td class="col2"> a15a18c8bb17e6f67886a9af1898c018b9f5a072 </td>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0"> 2 </td><td class="col1"> tchemineau </td><td class="col2"> 1f777a6581e478499f4284e54fe2d4a4e513dfff </td>
+	</tr>
+</table>
+
+</div>
+
+<h5><a name="user_table" id="user_table">User table</a></h5>
+<div class="level5">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0"> id </th><th class="col1"> user </th><th class="col2"> name </th><th class="col3"> mail </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0"> 0 </td><td class="col1"> coudot </td><td class="col2"> Clément OUDOT </td><td class="col3"> coudot@example.com </td>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0"> 1 </td><td class="col1"> tchemineau </td><td class="col2"> Thomas CHEMINEAU </td><td class="col3"> tchemineau@example.com </td>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0"> 2 </td><td class="col1"> xguimard </td><td class="col2"> Xavier GUIMARD </td><td class="col3"> xguimard@example.com </td>
+	</tr>
+</table>
+
+</div>
+
+<h4><a name="example_2single_table" id="example_2single_table">Example 2: single table</a></h4>
+<div class="level4">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0"> id </th><th class="col1"> user </th><th class="col2"> password </th><th class="col3"> name </th><th class="col4"> mail </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0"> 0 </td><td class="col1"> coudot </td><td class="col2"> 1f777a6581e478499f4284e54fe2d4a4e513dfff </td><td class="col3"> Clément OUDOT </td><td class="col4"> coudot@example.com </td>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0"> 1 </td><td class="col1"> tchemineau </td><td class="col2"> 1f777a6581e478499f4284e54fe2d4a4e513dfff </td><td class="col3"> Thomas CHEMINEAU </td><td class="col4"> tchemineau@example.com </td>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0"> 2 </td><td class="col1"> xguimard </td><td class="col2"> a15a18c8bb17e6f67886a9af1898c018b9f5a072 </td><td class="col3"> Xavier GUIMARD </td><td class="col4"> xguimard@example.com </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Schema" [365-1566] -->
+<h3><a name="sql" id="sql">SQL</a></h3>
+<div class="level3">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> will operate some <acronym title="Structured Query Language">SQL</acronym> queries:
+</p>
+<ul>
+<li class="level1"><div class="li"> Authentication: select row in authentication table matching user and password</div>
+</li>
+<li class="level1"><div class="li"> Search user: select row in user table matching user</div>
+</li>
+<li class="level1"><div class="li"> Change password: update password column in authentication table matching user</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "SQL" [1567-1840] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Database (<acronym title="Database Interface">DBI</acronym>) for authentication, users and/or password modules.
+</p>
+
+</div>
+<!-- SECTION "Configuration" [1841-2015] -->
+<h3><a name="authentication_level" id="authentication_level">Authentication level</a></h3>
+<div class="level3">
+
+<p>
+
+The authentication level given to users authenticated with this module.
+</p>
+
+<p>
+<p><div class="noteimportant">
+As <acronym title="Database Interface">DBI</acronym> is a login/password based module, the authentication level can be:
+</p>
+<ul>
+<li class="level1"><div class="li"> increased (+1) if portal is protected by <acronym title="Secure Sockets Layer">SSL</acronym> (HTTPS)</div>
+</li>
+<li class="level1"><div class="li"> decreased (-1) if the portal autocompletion is allowed (see <a href="../../documentation/1.1/portalcustom.html" class="wikilink1" title="documentation:1.1:portalcustom">portal customization</a>)</div>
+</li>
+</ul>
+
+<p>
+
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Authentication level" [2016-2380] -->
+<h3><a name="connection" id="connection">Connection</a></h3>
+<div class="level3">
+
+<p>
+
+<p><div class="notetip">Connection settings can be configured differently for authentication process and user process. This allows to use different databases for these process. By default, if user process connection settings are empty, authentication process connection settings will be used.
+</div></p>
+
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Chain</strong>: <acronym title="Database Interface">DBI</acronym> chain, including database driver name and database name (for example: dbi:mysql:database=lemonldapng;host=localhost).</div>
+</li>
+<li class="level1"><div class="li"> <strong>User</strong>: Connection user</div>
+</li>
+<li class="level1"><div class="li"> <strong>Password</strong>: Connection password</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Connection" [2381-2895] -->
+<h3><a name="schema1" id="schema1">Schema</a></h3>
+<div class="level3">
+<ul>
+<li class="level1"><div class="li"> <strong>Authentication table</strong>: authentication table name</div>
+</li>
+<li class="level1"><div class="li"> <strong>User table</strong>: user table name</div>
+</li>
+<li class="level1"><div class="li"> <strong>Login field name</strong>: name of authentication table column hosting login</div>
+</li>
+<li class="level1"><div class="li"> <strong>Password field name</strong>: name of authentication table column hosting password</div>
+</li>
+<li class="level1"><div class="li"> <strong>Mail field name</strong>: name of authentication table column hosting mail (for password reset)</div>
+</li>
+<li class="level1"><div class="li"> <strong>Login field name in user table</strong>: name of user table column hosting login</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Schema" [2896-3339] -->
+<h3><a name="password" id="password">Password</a></h3>
+<div class="level3">
+<ul>
+<li class="level1"><div class="li"> <strong>Hash schema</strong>: <acronym title="Structured Query Language">SQL</acronym> method for hashing password. Can be left blank for plain text passwords.</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Password" [3340-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/authldap.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/authldap.html
@ -0,0 +1,305 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="ldap" id="ldap">LDAP</a></h1>
+<div class="level1">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  ✔  </td><td class="col1 centeralign">  ✔  </td><td class="col2 centeralign">  ✔  </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "LDAP" [1-84] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> can use an <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> directory to:
+</p>
+<ul>
+<li class="level1"><div class="li"> authenticate user</div>
+</li>
+<li class="level1"><div class="li"> get user attributes</div>
+</li>
+<li class="level1"><div class="li"> get groups where user is registered</div>
+</li>
+<li class="level1"><div class="li"> change password (with server side password policy management)</div>
+</li>
+</ul>
+
+<p>
+
+This works with every <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> v2 or v3 server, including Active Directory.
+</p>
+
+<p>
+<acronym title="LemonLDAP::NG">LL::NG</acronym> is compatible with <a href="https://opends.dev.java.net/public/standards/draft-behera-ldap-password-policy.txt" class="urlextern" title="https://opends.dev.java.net/public/standards/draft-behera-ldap-password-policy.txt"  rel="nofollow">LDAP password policy</a>:
+</p>
+<ul>
+<li class="level1"><div class="li"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> server can check password strength, and <acronym title="LemonLDAP::NG">LL::NG</acronym> portal will display correct errors (password too short, password in history, etc.)</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> sever can block brute-force attacks, and <acronym title="LemonLDAP::NG">LL::NG</acronym> will display that account is locked</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> server can force password change on first connection, and <acronym title="LemonLDAP::NG">LL::NG</acronym> portal will display a password change form before opening <acronym title="Single Sign On">SSO</acronym> session</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Presentation" [85-885] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> for authentication, users and/or password modules.
+</p>
+
+</div>
+<!-- SECTION "Configuration" [886-1050] -->
+<h3><a name="authentication_level" id="authentication_level">Authentication level</a></h3>
+<div class="level3">
+
+<p>
+
+The authentication level given to users authenticated with this module.
+</p>
+
+<p>
+<p><div class="noteimportant">
+As <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> is a login/password based module, the authentication level can be:
+</p>
+<ul>
+<li class="level1"><div class="li"> increased (+1) if portal is protected by <acronym title="Secure Sockets Layer">SSL</acronym> (HTTPS)</div>
+</li>
+<li class="level1"><div class="li"> decreased (-1) if the portal autocompletion is allowed (see <a href="../../documentation/1.1/portalcustom.html" class="wikilink1" title="documentation:1.1:portalcustom">portal customization</a>)</div>
+</li>
+</ul>
+
+<p>
+
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Authentication level" [1051-1416] -->
+<h3><a name="connection" id="connection">Connection</a></h3>
+<div class="level3">
+<ul>
+<li class="level1"><div class="li"> <strong>Server host</strong>: <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> server hostname or <acronym title="Uniform Resource Identifier">URI</acronym> (by default: localhost). Accept some specificities:</div>
+<ul>
+<li class="level2"><div class="li"> More than one server can be set here separated by spaces or commas. They will be tested in the specified order.</div>
+</li>
+<li class="level2"><div class="li"> To use TLS, set <code>ldap+tls://server</code> and to use LDAPS, set <code>ldaps://server</code> instead of server name.</div>
+</li>
+<li class="level2"><div class="li"> If you use TLS, you can set any of the <a href="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod" class="urlextern" title="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod"  rel="nofollow">Net::LDAP</a> start_tls() sub like <code>ldap+tls://server/verify=none&amp;capath=/etc/ssl</code>. You can also use caFile and caPath parameters.</div>
+</li>
+</ul>
+</li>
+<li class="level1"><div class="li"> <strong>Server port</strong>: TCP port used by <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> server. Can be overridden by an <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> <acronym title="Uniform Resource Identifier">URI</acronym> in server host.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Users search base</strong>: Base of search in the <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> directory.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Account</strong>: <acronym title="Distinguished Name">DN</acronym> used to connect to <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> server. By default, anonymous bind is used.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Password</strong>: password to used to connect to <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> server. By default, anonymous bind is used.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Timeout</strong>: server idle timeout.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Version</strong>: <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> protocol version.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Binary attributes</strong>: regular expression matching binary attributes (see <a href="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod" class="urlextern" title="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod"  rel="nofollow">Net::LDAP</a> documentation).</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Connection" [1417-2608] -->
+<h3><a name="filters" id="filters">Filters</a></h3>
+<div class="level3">
+
+<p>
+
+<p><div class="notetip">In <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> filters, $user is replaced by user login, and $mail by user email.
+</div></p>
+
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Default filter</strong>: default <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> fitler for searches, should not be modified.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Authentication filter</strong>: Filter to find user from its login (default: <code>(&amp;(uid=$user)(objectClass=inetOrgPerson))</code>)</div>
+</li>
+<li class="level1"><div class="li"> <strong>Mail filter</strong>: Filter to find user from its mail (default: <code>(&amp;(mail=$mail)(objectClass=inetOrgPerson))</code>)</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">
+For Active Directory, use this as authentication filter:
+
+</p>
+<pre class="code">
+(&amp;(sAMAccountName=$user)(objectClass=person))
+</pre>
+
+<p>
+
+And this as mail filter:
+
+</p>
+<pre class="code">
+(&amp;(mail=$mail)(objectClass=person))
+</pre>
+
+<p>
+
+
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Filters" [2609-3253] -->
+<h3><a name="groups" id="groups">Groups</a></h3>
+<div class="level3">
+<ul>
+<li class="level1"><div class="li"> <strong>Search base</strong>: <acronym title="Distinguished Name">DN</acronym> of groups branch. If no value, disable group searching.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Object class</strong>: objectClass of the groups (default: groupOfNames).</div>
+</li>
+<li class="level1"><div class="li"> <strong>Target attribute</strong>: name of the attribute in the groups storing the link to the user (default: member).</div>
+</li>
+<li class="level1"><div class="li"> <strong>User source attribute</strong>: name of the attribute in users entries used in the link (default: dn).</div>
+</li>
+<li class="level1"><div class="li"> <strong>Searched attributes</strong>: name(s) of the attribute storing the name of the group, spaces separated (default: cn).</div>
+</li>
+<li class="level1"><div class="li"> <strong>Recursive</strong>: activate recursive group functionality (default: 0). If enabled, if the user group is a member of another group (group of groups), all parents groups will be stored as user&#039;s groups.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Group source attribute</strong>: name of the attribute in groups entries used in the link, for recursive group search (default: dn).</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Groups" [3254-4088] -->
+<h3><a name="password" id="password">Password</a></h3>
+<div class="level3">
+<ul>
+<li class="level1"><div class="li"> <strong>Password policy control</strong>: enable to use <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> password policy. This requires at least Net::<acronym title="Lightweight Directory Access Protocol">LDAP</acronym> 0.38.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Password modify extended operation</strong>: enable to use the <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> extended operation <code>password modify</code> instead of standard modify operation.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Change as user</strong>: enable to perform password modification with credentials of connected user. This requires to request user old password (see <a href="../../documentation/1.1/portalcustom.html" class="wikilink1" title="documentation:1.1:portalcustom">portal customization</a>).</div>
+</li>
+<li class="level1"><div class="li"> <strong><acronym title="Lightweight Directory Access Protocol">LDAP</acronym> password encoding</strong>: can allow to manage old <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> servers using specific encoding for passwords (default: utf-8).</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Password" [4089-4674] -->
+<h2><a name="schema_extension" id="schema_extension">Schema extension</a></h2>
+<div class="level2">
+
+<p>
+
+Standards attributes, like uid, cn or mail, are often enough to configure access rules and headers.
+</p>
+
+<p>
+But sometimes other data are needed (in particular to use <a href="../../documentation/1.1/extendedfunctions.html" class="wikilink1" title="documentation:1.1:extendedfunctions">extended functions</a>):
+</p>
+<ul>
+<li class="level1"><div class="li"> An application name (to allow access by applications and not by group of users)</div>
+</li>
+<li class="level1"><div class="li"> A start date and an end date (to open or close the service even the entry already exists)</div>
+</li>
+<li class="level1"><div class="li"> A time profile (allowed hours and day of the week)</div>
+</li>
+<li class="level1"><div class="li"> One or more roles (to send to the protected applications)</div>
+</li>
+</ul>
+
+<p>
+
+Of course, standard <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> attributes can be used to store these data, but <acronym title="LemonLDAP::NG">LL::NG</acronym> also provides an <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> schema extension to manage them.
+</p>
+
+</div>
+<!-- SECTION "Schema extension" [4675-5338] -->
+<h3><a name="oid_prefix" id="oid_prefix">OID prefix</a></h3>
+<div class="level3">
+
+<p>
+Extended attributes and object classes use this prefix: 1.3.6.1.4.1.10943.10.2.
+</p>
+
+<p>
+The prefix 1.3.6.1.4.1.10943 is owned by <a href="http://www.linagora.com" class="urlextern" title="http://www.linagora.com"  rel="nofollow">LINAGORA</a> (See <a href="http://www.iana.org/assignments/enterprise-numbers" class="urlextern" title="http://www.iana.org/assignments/enterprise-numbers"  rel="nofollow">http://www.iana.org/assignments/enterprise-numbers</a>).
+</p>
+
+</div>
+<!-- SECTION "OID prefix" [5339-5583] -->
+<h3><a name="openldap_schema" id="openldap_schema">OpenLDAP schema</a></h3>
+<div class="level3">
+
+<p>
+
+Just add this file to OpenLDAP schemas by including it in <code>slapd.conf</code>:
+
+</p>
+<pre class="file">
+include /usr/share/lemonldap-ng/ressources/sso.schema
+</pre>
+
+<p>
+This will provide the auxiliary object class <code>ssoUser</code> with attributes:
+</p>
+<ul>
+<li class="level1"><div class="li"> ssoName</div>
+</li>
+<li class="level1"><div class="li"> ssoRoles</div>
+</li>
+<li class="level1"><div class="li"> ssoLogonHours</div>
+</li>
+<li class="level1"><div class="li"> ssoStartDate</div>
+</li>
+<li class="level1"><div class="li"> ssoEndDate</div>
+</li>
+</ul>
+
+<p>
+
+You can add this object class to any entry of your directory.
+</p>
+
+<p>
+<p><div class="noteimportant">To get attributes values in session, declare them in <a href="../../documentation/1.1/exportedvars.html" class="wikilink1" title="documentation:1.1:exportedvars">exported variables</a>
+</div></p>
+
+</p>
+
+</div>
+<!-- SECTION "OpenLDAP schema" [5584-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/authmulti.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/authmulti.html
@ -0,0 +1,178 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="stack_multiple_backends_authmulti" id="stack_multiple_backends_authmulti">Stack multiple backends (AuthMulti)</a></h1>
+<div class="level1">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  ✔  </td><td class="col1 centeralign">  ✔  </td><td class="col2"> </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Stack multiple backends (AuthMulti)" [1-109] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+This backend allows to chain authentication method, for example to failback to <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> authentication if Remote authentication failed…
+</p>
+
+</div>
+<!-- SECTION "Presentation" [110-270] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+You have to use “Multi” as authentication module. This scheme expect a parameter, which is the authentication chain.
+</p>
+
+<p>
+For example:
+
+</p>
+<pre class="code">
+Multi CAS;LDAP
+</pre>
+
+<p>
+If <acronym title="Central Authentication Service">CAS</acronym> failed, <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> will be used.
+</p>
+
+<p>
+You can also add a condition. Example:
+</p>
+<pre class="code">
+Multi Remote $ENV{REMOTE_ADDR}=~/^192/;LDAP $ENV{REMOTE_ADDR}!~/^192/&#039;
+</pre>
+
+<p>
+<p><div class="notetip">If Multi is used for authentication and user database, it will try to use the same module. Example, if you have “<acronym title="Database Interface">DBI</acronym>;<acronym title="Lightweight Directory Access Protocol">LDAP</acronym>” and <acronym title="Database Interface">DBI</acronym> failed for authentication, Multi will try first to call <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> as user database.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Configuration" [271-849] -->
+<h3><a name="advanced_configuration" id="advanced_configuration">Advanced configuration</a></h3>
+<div class="level3">
+
+<p>
+
+The “Multi” system can :
+</p>
+<ul>
+<li class="level1"><div class="li"> stack several times the same module with a different name</div>
+</li>
+<li class="level1"><div class="li"> overload any <acronym title="LemonLDAP::NG">LL::NG</acronym> <a href="../../documentation/1.1/parameterlist.html" class="wikilink1" title="documentation:1.1:parameterlist">parameter</a> when a specific backend is used</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">Overloading is not available trough the manager
+</div></p>
+</p>
+
+<p>
+To stack several times the same module, use ”#name” with different names. Example:
+
+</p>
+<pre class="code">
+Multi LDAP#Openldap; LDAP#ActiveDirectory
+</pre>
+
+<p>
+Then you can have different <a href="../../documentation/1.1/parameterlist.html" class="wikilink1" title="documentation:1.1:parameterlist">parameters</a> for each stored in a <acronym title="Practical Extraction and Report Language">Perl</acronym> hash entry named multi:
+
+</p>
+<pre class="code perl">multi <span class="sy0">=&gt;</span> <span class="br0">&#123;</span>
+    <span class="st_h">'LDAP#Openldap'</span> <span class="sy0">=&gt;</span> <span class="br0">&#123;</span>
+      ldapServer <span class="sy0">=&gt;</span> <span class="st_h">'ldap1.example.com'</span><span class="sy0">,</span>
+      LDAPFilter <span class="sy0">=&gt;</span> <span class="st_h">'(uid=$user)'</span><span class="sy0">,</span>
+    <span class="br0">&#125;</span><span class="sy0">,</span>
+    <span class="st_h">'LDAP#ActiveDirectory'</span> <span class="sy0">=&gt;</span> <span class="br0">&#123;</span>
+      ldapServer <span class="sy0">=&gt;</span> <span class="st_h">'ldaps://ad.example.com'</span><span class="sy0">,</span>
+      LDAPFilter <span class="sy0">=&gt;</span> <span class="st_h">'(&amp;(sAMAccountName=$user)(objectClass=person))'</span><span class="sy0">,</span>
+    <span class="br0">&#125;</span>
+<span class="br0">&#125;</span><span class="sy0">,</span></pre>
+
+<p>
+This key must be stored directly in portal index.pl file or in lemonldap-ng.ini:
+</p>
+<ul>
+<li class="level1"><div class="li"> for index.pl, set it in new():</div>
+</li>
+</ul>
+<pre class="code perl"><span class="kw1">my</span> <span class="re0">$portal</span> <span class="sy0">=</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">SharedConf</span><span class="sy0">-&gt;</span><span class="me1">new</span><span class="br0">&#40;</span><span class="br0">&#123;</span>
+multi <span class="sy0">=&gt;</span> <span class="br0">&#123;</span>
+    <span class="st_h">'LDAP#Openldap'</span> <span class="sy0">=&gt;</span> <span class="br0">&#123;</span>
+      ldapServer <span class="sy0">=&gt;</span> <span class="st_h">'ldap1.example.com'</span><span class="sy0">,</span>
+      LDAPFilter <span class="sy0">=&gt;</span> <span class="st_h">'(uid=$user)'</span><span class="sy0">,</span>
+    <span class="br0">&#125;</span><span class="sy0">,</span>
+    <span class="st_h">'LDAP#ActiveDirectory'</span> <span class="sy0">=&gt;</span> <span class="br0">&#123;</span>
+      ldapServer <span class="sy0">=&gt;</span> <span class="st_h">'ldaps://ad.example.com'</span><span class="sy0">,</span>
+      LDAPFilter <span class="sy0">=&gt;</span> <span class="st_h">'(&amp;(sAMAccountName=$user)(objectClass=person))'</span><span class="sy0">,</span>
+    <span class="br0">&#125;</span>
+<span class="br0">&#125;</span><span class="sy0">,</span>
+<span class="br0">&#125;</span><span class="br0">&#41;</span></pre>
+<ul>
+<li class="level1"><div class="li"> or to use lemonldap-ng.ini, install it (one line only) in [portal] section:</div>
+</li>
+</ul>
+<pre class="code ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
+<span class="re1">multi</span> <span class="sy0">=</span><span class="re2"> <span class="br0">&#123;</span>'LDAP#Openldap'<span class="sy0">=</span>&gt;<span class="br0">&#123;</span>ldapServer<span class="sy0">=</span>&gt;'ldap1.example.com',LDAPFilter<span class="sy0">=</span>&gt;'<span class="br0">&#40;</span>uid<span class="sy0">=</span>$user<span class="br0">&#41;</span>'<span class="br0">&#125;</span>,'LDAP#ActiveDirectory'<span class="sy0">=</span>&gt;<span class="br0">&#123;</span>ldapServer<span class="sy0">=</span>&gt;'ldaps://ad.example.com',LDAPFilter<span class="sy0">=</span>&gt;'<span class="br0">&#40;</span>&amp;<span class="br0">&#40;</span>sAMAccountName<span class="sy0">=</span>$user<span class="br0">&#41;</span><span class="br0">&#40;</span>objectClass<span class="sy0">=</span>person<span class="br0">&#41;</span><span class="br0">&#41;</span>'<span class="br0">&#125;</span><span class="br0">&#125;</span></span></pre>
+
+</div>
+<!-- SECTION "Advanced configuration" [850-2452] -->
+<h2><a name="known_problems" id="known_problems">Known problems</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Known problems" [2453-2480] -->
+<h3><a name="authapache_authentication" id="authapache_authentication">AuthApache authentication</a></h3>
+<div class="level3">
+
+<p>
+
+When using this module, <acronym title="LemonLDAP::NG">LL::NG</acronym> portal will be called only if Apache does not return “401 Authentication required”, but this is not the Apache behaviour: if the auth module fails, Apache returns 401. We&#039;re studying a future solution for this…
+</p>
+
+</div>
+<!-- SECTION "AuthApache authentication" [2481-2762] -->
+<h3><a name="ssl_authentication" id="ssl_authentication">SSL authentication</a></h3>
+<div class="level3">
+
+<p>
+
+To chain <acronym title="Secure Sockets Layer">SSL</acronym>, you have to set “SSLRequire optional” in Apache configuration, else users will be authenticated by <acronym title="Secure Sockets Layer">SSL</acronym> only. 
+
+</p>
+
+</div>
+<!-- SECTION "SSL authentication" [2763-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/authnull.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/authnull.html
@ -0,0 +1,78 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="null" id="null">Null</a></h1>
+<div class="level1">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  ✔  </td><td class="col1 centeralign">  ✔  </td><td class="col2 centeralign">  ✔  </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Null" [1-84] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> Null backend is a transparent backend:
+</p>
+<ul>
+<li class="level1"><div class="li"> Authentication: will create session without prompting any credentials (but will register client <acronym title="Internet Protocol">IP</acronym> and creation date)</div>
+</li>
+<li class="level1"><div class="li"> Users: will not collect any data (but you can still register environment variables in session)</div>
+</li>
+<li class="level1"><div class="li"> Password: will not change any password</div>
+</li>
+</ul>
+
+<p>
+
+You can use Null backend to bypass some authentication process steps.
+</p>
+
+</div>
+<!-- SECTION "Presentation" [85-492] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Null for authentication, users or password module.
+</p>
+
+<p>
+Then, go in <code>Null parameters</code>:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module.</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Configuration" [493-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/authopenid.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/authopenid.html
@ -0,0 +1,128 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="openid" id="openid">OpenID</a></h1>
+<div class="level1">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  ✔  </td><td class="col1 centeralign">  ✔  </td><td class="col2"> </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "OpenID" [1-79] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> can delegate authentication to an OpenID server. This requires <a href="http://search.cpan.org/~mart/Net-OpenID-Consumer/" class="urlextern" title="http://search.cpan.org/~mart/Net-OpenID-Consumer/"  rel="nofollow">Perl OpenID consumer module</a> with at least version 1.0.
+</p>
+
+<p>
+<p><div class="notetip"><acronym title="LemonLDAP::NG">LL::NG</acronym> can also act as <a href="../../documentation/1.1/idpopenid.html" class="wikilink1" title="documentation:1.1:idpopenid">OpenID server</a>, that allows to interconnect two <acronym title="LemonLDAP::NG">LL::NG</acronym> systems.
+</div></p>
+</p>
+
+<p>
+<acronym title="LemonLDAP::NG">LL::NG</acronym> will then display a form with an OpenID input, wher users will type their OpenID login.
+</p>
+
+<p>
+<p><div class="notetip">OpenID authentication can proposed as an alternate authentication scheme using the <a href="../../documentation/1.1/authchoice.html" class="wikilink1" title="documentation:1.1:authchoice">authentication choice</a> method.
+</div></p>
+</p>
+
+<p>
+<acronym title="LemonLDAP::NG">LL::NG</acronym> can use a white list or a black list to filter allowed OpenID domains.
+</p>
+
+<p>
+If OpenID is used as users database, attributes will be requested to the server with SREG extention.
+</p>
+
+</div>
+<!-- SECTION "Presentation" [80-826] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose OpenID for authentication and/or users.
+</p>
+
+<p>
+Then, go in <code>OpenID parameters</code>:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Secret token</strong>: used to check integrity of OpenID response.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Authorizated domain</strong>:</div>
+<ul>
+<li class="level2"><div class="li"> <strong>List type</strong>: choose white list to define allowed domains or black list to define forbidden domains</div>
+</li>
+<li class="level2"><div class="li"> <strong>List</strong>: domains list (comma separated values)</div>
+</li>
+</ul>
+</li>
+</ul>
+
+<p>
+
+To configure requested attributes, go in <code>Variables</code> &gt; <code>Exported variables</code> and define attributes:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Key</strong>: internal session key, can be prefixed by <code>!</code> to make the attribute required</div>
+</li>
+<li class="level1"><div class="li"> <strong>Value</strong>: SREG attribute name:</div>
+<ul>
+<li class="level2"><div class="li"> fullname</div>
+</li>
+<li class="level2"><div class="li"> nickname</div>
+</li>
+<li class="level2"><div class="li"> language</div>
+</li>
+<li class="level2"><div class="li"> postcode</div>
+</li>
+<li class="level2"><div class="li"> timezone</div>
+</li>
+<li class="level2"><div class="li"> country</div>
+</li>
+<li class="level2"><div class="li"> gender</div>
+</li>
+<li class="level2"><div class="li"> email</div>
+</li>
+<li class="level2"><div class="li"> dob</div>
+</li>
+</ul>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Configuration" [827-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/authproxy.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/authproxy.html
@ -0,0 +1,88 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="proxy" id="proxy">Proxy</a></h1>
+<div class="level1">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  ✔  </td><td class="col1 centeralign">  ✔  </td><td class="col2"> </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Proxy" [1-79] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> is able to transfer (trough <acronym title="Simple Object Access Protocol">SOAP</acronym>) authentication credentials to another <acronym title="LemonLDAP::NG">LL::NG</acronym> portal, like a proxy.
+</p>
+
+<p>
+The difference with <a href="../../documentation/1.1/authremote.html" class="wikilink1" title="documentation:1.1:authremote">remote authentication</a> is that the client will never be redirect to the main <acronym title="LemonLDAP::NG">LL::NG</acronym> portal. This configuration is usable if you want to expose your internal <acronym title="Single Sign On">SSO</acronym> portal to another network (DMZ).
+</p>
+
+</div>
+<!-- SECTION "Presentation" [80-443] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Configuration" [444-470] -->
+<h3><a name="external_portal" id="external_portal">External portal</a></h3>
+<div class="level3">
+
+<p>
+
+In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Proxy for authentication and users.
+</p>
+
+<p>
+Then, go in <code>Proxy parameters</code>:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Portal <acronym title="Uniform Resource Locator">URL</acronym></strong>: <acronym title="Uniform Resource Locator">URL</acronym> of internal portal</div>
+</li>
+<li class="level1"><div class="li"> <strong>Cookie name</strong> (optional): name of the cookie of internal portal, if different from external portal</div>
+</li>
+<li class="level1"><div class="li"> <strong><acronym title="Simple Object Access Protocol">SOAP</acronym> sessions end point</strong> (optional): <acronym title="Simple Object Access Protocol">SOAP</acronym> end point, if not based on internal portal <acronym title="Uniform Resource Locator">URL</acronym> with <code>index.pl/sessions</code> suffix</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "External portal" [471-928] -->
+<h3><a name="internal_portal" id="internal_portal">Internal portal</a></h3>
+<div class="level3">
+
+<p>
+
+The portal must be configured to accept <acronym title="Simple Object Access Protocol">SOAP</acronym> authentication requests. See <a href="../../documentation/1.1/soapsessionbackend.html" class="wikilink1" title="documentation:1.1:soapsessionbackend">SOAP session backend</a> documentation.
+</p>
+
+</div>
+<!-- SECTION "Internal portal" [929-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/authremote.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/authremote.html
@ -0,0 +1,179 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="remote" id="remote">Remote</a></h1>
+<div class="level1">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  ✔  </td><td class="col1 centeralign">  ✔  </td><td class="col2"> </td>
+	</tr>
+</table>
+
+<p>
+
+<p><div class="notetip">This module is a <acronym title="LemonLDAP::NG">LL::NG</acronym> specific identity federation protocol. You may rather use standards protocols like <a href="../../documentation/1.1/idpsaml.html" class="wikilink1" title="documentation:1.1:idpsaml">SAML</a>, <a href="../../documentation/1.1/idpopenid.html" class="wikilink1" title="documentation:1.1:idpopenid">OpenID</a> or <a href="../../documentation/1.1/idpcas.html" class="wikilink1" title="documentation:1.1:idpcas">CAS</a>.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Remote" [1-263] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+<ul>
+<li class="level1"><div class="li"> The main portal is configured to use <acronym title="Cross Domain Authentication">CDA</acronym>. The secondary portal is declared in the Manager of the main <acronym title="LemonLDAP::NG">LL::NG</acronym> structure (else user will be rejected).</div>
+</li>
+<li class="level1"><div class="li"> The portal of the secondary <acronym title="LemonLDAP::NG">LL::NG</acronym> structure is configured to delegate authentication to a remote portal. A request to the main session database is done (trough <a href="../../documentation/1.1/soapsessionbackend.html" class="wikilink1" title="documentation:1.1:soapsessionbackend">SOAP session backend</a>) to be sure that the session exists.</div>
+</li>
+<li class="level1"><div class="li"> If <code>exportedAttr</code> is set, only those attributes are copied in the session database of the secondary <acronym title="LemonLDAP::NG">LL::NG</acronym> structure. Else, all data are copied in the session database.</div>
+</li>
+</ul>
+
+<p>
+
+<a href="/_detail/documentation/remote-principle.png?id=documentation%3A1.1%3Aauthremote" class="media" title="documentation:remote-principle.png"><img src="../../../media/documentation/remote-principle.png" class="mediacenter" alt="" /></a>
+
+</p>
+<ol>
+<li class="level1"><div class="li"> User tries to access to an application in the secondary <acronym title="LemonLDAP::NG">LL::NG</acronym> structure without having a session in this area</div>
+</li>
+<li class="level1"><div class="li"> Redirection to the portal of the secondary area (transparent)</div>
+</li>
+<li class="level1"><div class="li"> Redirection to the portal of the main area and normal authentication (if not done before)</div>
+</li>
+<li class="level1"><div class="li"> Redirection to the portal of the secondary area (transparent)</div>
+</li>
+<li class="level1"><div class="li"> Secondary portal check if remote session is available. It can be done via direct access to the session database or using <acronym title="Simple Object Access Protocol">SOAP</acronym> access. Then it creates the session (with attribute filter)</div>
+</li>
+<li class="level1"><div class="li"> User can now access to the protected application</div>
+</li>
+</ol>
+
+<p>
+
+<p><div class="noteclassic">Note that if the user is already authenticated on the first portal, all redirections are transparent.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Presentation" [264-1609] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Configuration" [1610-1636] -->
+<h3><a name="main_llng_structure" id="main_llng_structure">Main LL::NG structure</a></h3>
+<div class="level3">
+
+<p>
+
+Go in Manager, and:
+</p>
+<ul>
+<li class="level1"><div class="li"> activate <acronym title="Cross Domain Authentication">CDA</acronym> in <code>General Parameters</code> » <code>Cookies</code> » <code>Multiple domains</code></div>
+</li>
+<li class="level1"><div class="li"> declare secondary portal in <code>General Parameters</code> » <code>Advanced Parameters</code> » <code>Security</code> » <code>Trusted domains</code></div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Main LL::NG structure" [1637-1893] -->
+<h3><a name="secondary_llng_structure" id="secondary_llng_structure">Secondary LL::NG structure</a></h3>
+<div class="level3">
+
+<p>
+
+Configure the portal to use the remote <acronym title="LemonLDAP::NG">LL::NG</acronym> structure.
+</p>
+
+<p>
+In Manager, go in <code>General Parameters</code> » <code>Authentication modules</code> and choose Proxy for authentication and users.
+</p>
+
+<p>
+Then, go in <code>Remote parameters</code>: 
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Portal <acronym title="Uniform Resource Locator">URL</acronym></strong>: remote portal <acronym title="Uniform Resource Locator">URL</acronym></div>
+</li>
+<li class="level1"><div class="li"> <strong>Cookie name</strong> (optional): name of the cookie of primary portal, if different from secondary portal</div>
+</li>
+<li class="level1"><div class="li"> <strong>Sessions module</strong>: set <code>Lemonldap::NG::Common::Apache::Session::<acronym title="Simple Object Access Protocol">SOAP</acronym></code> for <a href="../../documentation/1.1/soapsessionbackend.html" class="wikilink1" title="documentation:1.1:soapsessionbackend">SOAP session backend</a>.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Sessions module options</strong>:</div>
+<ul>
+<li class="level2"><div class="li"> <strong>proxy</strong>: <acronym title="Simple Object Access Protocol">SOAP</acronym> sessions end point (see <a href="../../documentation/1.1/soapsessionbackend.html" class="wikilink1" title="documentation:1.1:soapsessionbackend">SOAP session backend</a> documentation)</div>
+</li>
+</ul>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Secondary LL::NG structure" [1894-2553] -->
+<h3><a name="exampleinteroperability_between_2_organizations" id="exampleinteroperability_between_2_organizations">Example: interoperability between 2 organizations</a></h3>
+<div class="level3">
+
+<p>
+
+Using this, we can do a very simple interoperability system between 2 organizations using two <acronym title="LemonLDAP::NG">LL::NG</acronym> structures:
+</p>
+<ul>
+<li class="level1"><div class="li"> each area has 2 portals:</div>
+<ul>
+<li class="level2"><div class="li"> One standard portal</div>
+</li>
+<li class="level2"><div class="li"> One remote portal that delegates authentication to the second organization (just an other file on the same server)</div>
+</li>
+</ul>
+</li>
+<li class="level1"><div class="li"> The normal portal has a link included in the authentication form pointing to the remote portal for the users of the other organization</div>
+</li>
+</ul>
+
+<p>
+
+So on each main portal, internal users can access normally, and users issued from the other organization have just to click on the link:
+</p>
+
+<p>
+<a href="/_detail/documentation/remote-interoperability.png?id=documentation%3A1.1%3Aauthremote" class="media" title="documentation:remote-interoperability.png"><img src="../../../media/documentation/remote-interoperability.png" class="mediacenter" alt="" /></a>
+
+</p>
+<ol>
+<li class="level1"><div class="li"> One user tries to access to the portal</div>
+</li>
+<li class="level1"><div class="li"> External user clicks to be redirected to the remote type portal</div>
+</li>
+<li class="level1"><div class="li"> After redirection, normal authentication in the remote portal</div>
+</li>
+<li class="level1"><div class="li"> Redirection to the remote type portal</div>
+</li>
+<li class="level1"><div class="li"> Validation of the session: external user has now a local session</div>
+</li>
+</ol>
+
+</div>
+<!-- SECTION "Example: interoperability between 2 organizations" [2554-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/authsaml.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/authsaml.html
@ -0,0 +1,284 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="saml" id="saml">SAML</a></h1>
+<div class="level1">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  ✔  </td><td class="col1 centeralign">  ✔  </td><td class="col2"> </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "SAML" [1-78] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> can use SAML2 to get user identity and grab some attributes defined in user profile on its Identity Provider (IDP). In this case, <acronym title="LemonLDAP::NG">LL::NG</acronym> acts like an SAML2 Service Provider (SP).
+</p>
+
+<p>
+Several IDPs are allowed, in this case the user will choose the IDP he wants. You can preselect IDP with an IDP resolution rule.
+</p>
+
+<p>
+For each IDP, you can configure attributes that are collected. Some can be mandatory, so if they are not returned by IDP, the session will not open.
+</p>
+
+<p>
+<p><div class="notetip"><acronym title="LemonLDAP::NG">LL::NG</acronym> can also act as <a href="../../documentation/1.1/idpsaml.html" class="wikilink1" title="documentation:1.1:idpsaml">SAML IDP</a>, that allows to interconnect two <acronym title="LemonLDAP::NG">LL::NG</acronym> systems.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Presentation" [79-682] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Configuration" [683-709] -->
+<h3><a name="saml_service" id="saml_service">SAML Service</a></h3>
+<div class="level3">
+
+<p>
+
+See <a href="../../documentation/1.1/samlservice.html" class="wikilink1" title="documentation:1.1:samlservice">SAML service</a> configuration chapter.
+</p>
+
+</div>
+<!-- SECTION "SAML Service" [710-790] -->
+<h3><a name="authentication_and_userdb" id="authentication_and_userdb">Authentication and UserDB</a></h3>
+<div class="level3">
+
+<p>
+
+In <code>General Parameters</code> &gt; <code>Authentication modules</code>, set:
+</p>
+<ul>
+<li class="level1"><div class="li"> Authentication module: <acronym title="Security Assertion Markup Language">SAML</acronym></div>
+</li>
+<li class="level1"><div class="li">  Users module: <acronym title="Security Assertion Markup Language">SAML</acronym></div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">As passwords will not be managed by <acronym title="LemonLDAP::NG">LL::NG</acronym>, you can disable <a href="../../documentation/1.1/portalmenu.html#menu_modules" class="wikilink1" title="documentation:1.1:portalmenu">menu password module</a>.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Authentication and UserDB" [791-1074] -->
+<h3><a name="register_lemonldapng_on_partner_identity_provider" id="register_lemonldapng_on_partner_identity_provider">Register LemonLDAP::NG on partner Identity Provider</a></h3>
+<div class="level3">
+
+<p>
+
+After configuring <acronym title="Security Assertion Markup Language">SAML</acronym> Service, you can export metadata to your partner Identity Provider.
+</p>
+
+<p>
+They are available at the EntityID <acronym title="Uniform Resource Locator">URL</acronym>, by default: <a href="http://auth.example.com/saml/metadata" class="urlextern" title="http://auth.example.com/saml/metadata"  rel="nofollow">http://auth.example.com/saml/metadata</a>.
+</p>
+
+</div>
+<!-- SECTION "Register LemonLDAP::NG on partner Identity Provider" [1075-1321] -->
+<h3><a name="register_partner_identity_provider_on_lemonldapng" id="register_partner_identity_provider_on_lemonldapng">Register partner Identity Provider on LemonLDAP::NG</a></h3>
+<div class="level3">
+
+<p>
+
+In the Manager, select node <code><acronym title="Security Assertion Markup Language">SAML</acronym> identity providers</code> and click on <code>New identity provider</code>:
+</p>
+
+<p>
+<a href="/_detail/documentation/manager-saml-idp-new.png?id=documentation%3A1.1%3Aauthsaml" class="media" title="documentation:manager-saml-idp-new.png"><img src="../../../media/documentation/manager-saml-idp-new.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+The IDP name is asked, enter it and click OK.
+</p>
+
+<p>
+Now you have access to the IDP parameters list:
+</p>
+
+<p>
+<a href="/_detail/documentation/manager-saml-idp-list.png?id=documentation%3A1.1%3Aauthsaml" class="media" title="documentation:manager-saml-idp-list.png"><img src="../../../media/documentation/manager-saml-idp-list.png" class="mediacenter" alt="" /></a>
+</p>
+
+</div>
+
+<h4><a name="metadata" id="metadata">Metadata</a></h4>
+<div class="level4">
+
+<p>
+
+You must register IDP metadata here. You can do it either by uploading the file, or get it from IDP metadata <acronym title="Uniform Resource Locator">URL</acronym> (this require a network link between your server and the IDP):
+</p>
+
+<p>
+<a href="/_detail/documentation/manager-saml-idp-metadata.png?id=documentation%3A1.1%3Aauthsaml" class="media" title="documentation:manager-saml-idp-metadata.png"><img src="../../../media/documentation/manager-saml-idp-metadata.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+<p><div class="notetip">You can also copy/paste the metadata: just click on the Edit button. When the text is pasted, click on the Apply button to keep the value.
+</div></p>
+</p>
+
+</div>
+
+<h4><a name="exported_attributes" id="exported_attributes">Exported attributes</a></h4>
+<div class="level4">
+
+<p>
+
+For each attribute, you can set:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Key name</strong>: name of the key in LemonLDAP::NG session (for example “uid” will then be used as $uid in access rules)</div>
+</li>
+<li class="level1"><div class="li"> <strong>Mandatory</strong>: if set to On, then session will not open if this attribute is not given by IDP.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Name</strong>: <acronym title="Security Assertion Markup Language">SAML</acronym> attribute name.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Friendly Name</strong>: optional, <acronym title="Security Assertion Markup Language">SAML</acronym> attribute friendly name.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Format</strong> (optional): <acronym title="Security Assertion Markup Language">SAML</acronym> attribute format.</div>
+</li>
+</ul>
+
+<p>
+
+<a href="/_detail/documentation/manager-saml-idp-attribute.png?id=documentation%3A1.1%3Aauthsaml" class="media" title="documentation:manager-saml-idp-attribute.png"><img src="../../../media/documentation/manager-saml-idp-attribute.png" class="mediacenter" alt="" /></a>
+</p>
+
+</div>
+
+<h4><a name="options" id="options">Options</a></h4>
+<div class="level4">
+
+</div>
+
+<h5><a name="general_options" id="general_options">General options</a></h5>
+<div class="level5">
+<ul>
+<li class="level1"><div class="li"> <strong>Resolution Rule</strong>: rule that will be applied to preselect an IDP for a user. You have access to all environment variable, like user <acronym title="Internet Protocol">IP</acronym> address.</div>
+</li>
+</ul>
+
+<p>
+
+For example, to preselect this IDP for users coming from 129.168.0.0/16 network:
+
+</p>
+<pre class="code">
+$ENV{REMOTE_ADDR} =~ /^192\.168/
+</pre>
+
+</div>
+
+<h5><a name="authentication_request" id="authentication_request">Authentication request</a></h5>
+<div class="level5">
+<ul>
+<li class="level1"><div class="li"> <strong>NameID format</strong>: force NameID format here (email, persistent, transient, etc.). If no value, will use first NameID Format activated in metadata.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Force authentication</strong>: set ForceAuthn flag in authentication request</div>
+</li>
+<li class="level1"><div class="li"> <strong>Passive authentication</strong>: set IsPassive flag in authentication request</div>
+</li>
+<li class="level1"><div class="li"> <strong>Allow proxied authentication</strong>: allow an authentication response to be issued from another IDP that the one we register (proxy IDP). If you disallow this, you should also disallow direct login form IDP, because proxy restriction is set in authentication requests.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Allow login from IDP</strong>: allow a user to connect directly from an IDP link. In this case, authentication is not a response to an issued authentication request, and we have less control on conditions.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Requested authentication context</strong>: this context is declared in authentication request. When receiving the request, the real authentication context will be mapped ton an internal authentication level (see <a href="../../documentation/1.1/samlservice.html#authentication_contexts" class="wikilink1" title="documentation:1.1:samlservice">how configure the mapping</a>), that you can check to allow or deny session creation.</div>
+</li>
+</ul>
+
+</div>
+
+<h5><a name="session" id="session">Session</a></h5>
+<div class="level5">
+<ul>
+<li class="level1"><div class="li"> <strong>Adapt session lifetime</strong>: session lifetime will be adapted from <code>SessionNotOnOrAfter</code> value found in authentication response. It means that if the IDP propose to close session earlier than the default LemonLDAP::NG timeout, the session _utime will be modified so that session is erased at the date indicated by the IDP.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Force UTF-8</strong>: this will force UTF-8 conversion of attributes values collected from IDP.</div>
+</li>
+</ul>
+
+</div>
+
+<h5><a name="signature" id="signature">Signature</a></h5>
+<div class="level5">
+
+<p>
+
+These options override service signature options (see <a href="../../documentation/1.1/samlservice.html#general_options" class="wikilink1" title="documentation:1.1:samlservice">SAML service configuration</a>).
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Sign <acronym title="Single Sign On">SSO</acronym> message</strong>: sign <acronym title="Single Sign On">SSO</acronym> message</div>
+</li>
+<li class="level1"><div class="li"> <strong>Check <acronym title="Single Sign On">SSO</acronym> message signature</strong>: check <acronym title="Single Sign On">SSO</acronym> message signature</div>
+</li>
+<li class="level1"><div class="li"> <strong>Sign SLO message</strong>: sign SLO message</div>
+</li>
+<li class="level1"><div class="li"> <strong>Check SLO message signature</strong>: check SLO message signature</div>
+</li>
+</ul>
+
+</div>
+
+<h5><a name="binding" id="binding">Binding</a></h5>
+<div class="level5">
+<ul>
+<li class="level1"><div class="li"> <strong><acronym title="Single Sign On">SSO</acronym> binding</strong>: force binding to use for <acronym title="Single Sign On">SSO</acronym> (http-redirect, http-post, etc.)</div>
+</li>
+<li class="level1"><div class="li"> <strong>SLO binding</strong>: force binding to use for SLO (http-redirect, http-post, etc.)</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="noteclassic">If no binding defined, the default binding in IDP metadata will be used.
+</div></p>
+</p>
+
+</div>
+
+<h5><a name="security" id="security">Security</a></h5>
+<div class="level5">
+<ul>
+<li class="level1"><div class="li"> <strong>Encryption mode</strong>: set the encryption mode for this IDP (None, NameID or Assertion).</div>
+</li>
+<li class="level1"><div class="li"> <strong>Check conditions</strong>: set to Off to disable conditions checking on authentication responses. Use with caution.</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Register partner Identity Provider on LemonLDAP::NG" [1322-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/authslave.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/authslave.html
@ -0,0 +1,90 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="slave" id="slave">Slave</a></h1>
+<div class="level1">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  ✔  </td><td class="col1 centeralign">  ✔  </td><td class="col2"> </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Slave" [1-79] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> Slave backend is a transparent backend to used when <acronym title="LemonLDAP::NG">LL::NG</acronym> portal is protected by another <acronym title="Single Sign On">SSO</acronym>:
+</p>
+<ul>
+<li class="level1"><div class="li"> Authentication: will create session without prompting any credentials (but will register client <acronym title="Internet Protocol">IP</acronym> and creation date)</div>
+</li>
+<li class="level1"><div class="li"> Users: collect datas transfered by <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> headers by the main <acronym title="Single Sign On">SSO</acronym> system</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Presentation" [80-405] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Null for authentication, users or password module.
+</p>
+
+<p>
+Then, go in <code>Slave parameters</code>:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module.</div>
+</li>
+<li class="level1"><div class="li"> <strong>User attribute</strong>: <acronym title="LemonLDAP::NG">LL::NG</acronym> key to use as $_user (see bellow)</div>
+</li>
+</ul>
+
+<p>
+
+You have then to declare <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> headers exported by the main <acronym title="Single Sign On">SSO</acronym> in “Variable » Exported Variables”. Example:
+
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  Key (<acronym title="LemonLDAP::NG">LL::NG</acronym> name)  </th><th class="col1 centeralign">  Value (<acronym title="Hyper Text Transfer Protocol">HTTP</acronym> header name)  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  uid  </td><td class="col1 centeralign">  Auth-User  </td>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0 centeralign">  mail  </td><td class="col1 centeralign">  User-Email  </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Configuration" [406-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/authssl.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/authssl.html
@ -0,0 +1,189 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="ssl" id="ssl">SSL</a></h1>
+<div class="level1">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  ✔  </td><td class="col1"> </td><td class="col2"> </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "SSL" [1-70] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> uses <a href="http://httpd.apache.org/docs/current/mod/mod_ssl.html" class="urlextern" title="http://httpd.apache.org/docs/current/mod/mod_ssl.html"  rel="nofollow">Apache SSL module</a>, like any other <a href="../../documentation/1.1/authapache.html" class="wikilink1" title="documentation:1.1:authapache">Apache authentication module</a>, with extra features:
+</p>
+<ul>
+<li class="level1"><div class="li"> Choice of any certificate attribute as user main login</div>
+</li>
+<li class="level1"><div class="li"> Allow no certificate to chain with other authentication methods</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Presentation" [71-394] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Configuration" [395-421] -->
+<h3><a name="enable_ssl_in_apache" id="enable_ssl_in_apache">Enable SSL in Apache</a></h3>
+<div class="level3">
+
+<p>
+
+You have to install mod_ssl for Apache.
+</p>
+
+<p>
+For CentOS/RHEL:
+
+</p>
+<pre class="code shell">yum install mod_ssl</pre>
+
+<p>
+In Debian/Ubuntu mod_ssl is already shipped in <code>apache2.2-common</code> package.
+</p>
+
+<p>
+<p><div class="notetip">For CentOS/RHEL, We advice to disable the default <acronym title="Secure Sockets Layer">SSL</acronym> virtual host configured in /etc/httpd/conf.d/ssl.conf.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Enable SSL in Apache" [422-758] -->
+<h3><a name="apache_ssl_global_configuration" id="apache_ssl_global_configuration">Apache SSL global configuration</a></h3>
+<div class="level3">
+
+<p>
+
+You can then use this default <acronym title="Secure Sockets Layer">SSL</acronym> configuration, for example in the head of /etc/lemonldap-ng/portal-apache2.conf:
+</p>
+<pre class="code file apache"><span class="kw1">SSLProtocol</span> <span class="kw2">all</span> -SSLv2
+<span class="kw1">SSLCipherSuite</span> HIGH:MEDIUM
+<span class="kw1">SSLCertificateFile</span> /etc/httpd/certs/ow2.cert
+<span class="kw1">SSLCertificateKeyFile</span> /etc/httpd/certs/ow2.key
+<span class="kw1">SSLCACertificateFile</span> /etc/httpd/certs/ow2-ca.cert</pre>
+
+<p>
+<p><div class="noteclassic">
+Put your own files instead of <code>ow2.cert</code>, <code>ow2.key</code>, <code>ow2-ca.cert</code>:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>SSLCertificateFile</strong>: Server certificate</div>
+</li>
+<li class="level1"><div class="li"> <strong>SSLCertificateKeyFile</strong>: Server private key</div>
+</li>
+<li class="level1"><div class="li"> <strong>SSLCACertificateFile</strong>: CA certificate to validate client certificates</div>
+</li>
+</ul>
+
+<p>
+
+</div></p>
+</p>
+
+<p>
+If you specify port in virtual host, then declare <acronym title="Secure Sockets Layer">SSL</acronym> port:
+</p>
+<pre class="code file apache"><span class="kw1">NameVirtualHost</span> *:80
+<span class="kw1">NameVirtualHost</span> *:<span class="nu0">443</span></pre>
+
+</div>
+<!-- SECTION "Apache SSL global configuration" [759-1524] -->
+<h3><a name="apache_portal_ssl_configuration" id="apache_portal_ssl_configuration">Apache portal SSL configuration</a></h3>
+<div class="level3">
+
+<p>
+
+Edit the portal virtual host to enable <acronym title="Secure Sockets Layer">SSL</acronym> double authentication:
+</p>
+<pre class="code file apache"><span class="kw1">SSLEngine</span> <span class="kw2">On</span>
+<span class="kw1">SSLVerifyClient</span> optional
+<span class="kw1">SSLVerifyDepth</span> 10
+<span class="kw1">SSLOptions</span> +StdEnvVars
+<span class="kw1">SSLUserName</span> SSL_CLIENT_S_DN_CN</pre>
+
+<p>
+All <acronym title="Secure Sockets Layer">SSL</acronym> options are documented in <a href="http://httpd.apache.org/docs/current/mod/mod_ssl.html" class="urlextern" title="http://httpd.apache.org/docs/current/mod/mod_ssl.html"  rel="nofollow">Apache mod_ssl page</a>.
+</p>
+
+<p>
+Here are the main options used by <acronym title="LemonLDAP::NG">LL::NG</acronym>:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>SSLVerifyClient</strong>: set to <code>optional</code> to allow user with a bad certificate to access to <acronym title="LemonLDAP::NG">LL::NG</acronym> portal page (to display error or use another authentication method)</div>
+</li>
+<li class="level1"><div class="li"> <strong>SSLOptions</strong>: set to <code>+StdEnvVars</code> to get certificate fields in environment variables</div>
+</li>
+<li class="level1"><div class="li"> <strong>SSLUserName</strong> (optional): certificate field that will be used to identify user in <acronym title="LemonLDAP::NG">LL::NG</acronym> portal virtual host</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Apache portal SSL configuration" [1525-2303] -->
+<h3><a name="configuration_of_lemonldapng" id="configuration_of_lemonldapng">Configuration of LemonLDAP::NG</a></h3>
+<div class="level3">
+
+<p>
+
+In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose <acronym title="Secure Sockets Layer">SSL</acronym> for authentication.
+</p>
+
+<p>
+
+<p><div class="notetip">You can then choose any other module for users and password.
+</div></p>
+</p>
+
+<p>
+Then, go in <code><acronym title="Secure Sockets Layer">SSL</acronym> parameters</code>:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module</div>
+</li>
+<li class="level1"><div class="li"> <strong>Extracted certificate field</strong>: field of the certificate affected to $user internal variable</div>
+</li>
+<li class="level1"><div class="li"> <strong><acronym title="Lightweight Directory Access Protocol">LDAP</acronym> attribute used in filter</strong>: attribute in <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> directory to use in mapping</div>
+</li>
+<li class="level1"><div class="li"> <strong><acronym title="Secure Sockets Layer">SSL</acronym> Required</strong>: if true, do not allow other authentication method if <acronym title="Secure Sockets Layer">SSL</acronym> certificate authentication fails (false by default).</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip"><acronym title="Lightweight Directory Access Protocol">LDAP</acronym> attribute used in filter is not required if you do not use <a href="../../documentation/1.1/authldap.html" class="wikilink1" title="documentation:1.1:authldap">LDAP users database</a>. In this case, the extracted certificate field value will be used to match the user.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Configuration of LemonLDAP::NG" [2304-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/authtwitter.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/authtwitter.html
@ -0,0 +1,84 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="twitter" id="twitter">Twitter</a></h1>
+<div class="level1">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  ✔  </td><td class="col1"> </td><td class="col2"> </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Twitter" [1-75] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<a href="https://twitter.com" class="urlextern" title="https://twitter.com"  rel="nofollow">Twitter</a> is a famous short messaging server. Twitter use <a href="http://en.wikipedia.org/wiki/OAuth" class="urlextern" title="http://en.wikipedia.org/wiki/OAuth"  rel="nofollow">OAuth</a> protocol to allow applications to reuse its own authentication process (it means, if your are connected to Twitter, other applications can trust Twitter and let you in).
+</p>
+
+<p>
+You need <a href="http://search.cpan.org/~mmims/Net-Twitter/" class="urlextern" title="http://search.cpan.org/~mmims/Net-Twitter/"  rel="nofollow">Net::Twitter</a> package, with a very recent version (&gt;3).
+</p>
+
+<p>
+You need to register a new application on Twitter to get <acronym title="Application Programming Interface">API</acronym> key and <acronym title="Application Programming Interface">API</acronym> secret. See <a href="http://dev.twitter.com/pages/api_faq" class="urlextern" title="http://dev.twitter.com/pages/api_faq"  rel="nofollow">Twitter FAQ</a> on how to do that:.
+</p>
+
+</div>
+<!-- SECTION "Presentation" [76-668] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Twitter for authentication module.
+</p>
+
+<p>
+<p><div class="notetip">You can then choose any other module for users and password.
+</div></p>
+</p>
+
+<p>
+Then, go in <code>Twitter parameters</code>:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module.</div>
+</li>
+<li class="level1"><div class="li"> <strong><acronym title="Application Programming Interface">API</acronym> key</strong>: <acronym title="Application Programming Interface">API</acronym> key from Twitter</div>
+</li>
+<li class="level1"><div class="li"> <strong><acronym title="Application Programming Interface">API</acronym> secret</strong>: <acronym title="Application Programming Interface">API</acronym> secret from Twitter</div>
+</li>
+<li class="level1"><div class="li"> <strong>Application name</strong> (optional): Application name (visible in Twitter)</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Configuration" [669-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/browseablesessionbackend.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/browseablesessionbackend.html
@ -0,0 +1,108 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="browseable_session_backend" id="browseable_session_backend">Browseable session backend</a></h1>
+<div class="level1">
+
+<p>
+
+Browseable session backend (<a href="http://search.cpan.org/perldoc?Apache::Session::Browseable" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Browseable"  rel="nofollow">Apache::Session::Browseable</a>) works exactly like Apache::Session::* corresponding module but add indexes that increase <a href="../../documentation/features.html#session_explorer" class="wikilink1" title="documentation:features">session explorer</a> and <a href="../../documentation/features.html#session_restrictions" class="wikilink1" title="documentation:features">session restrictions</a> performances.
+</p>
+
+</div>
+<!-- SECTION "Browseable session backend" [1-400] -->
+<h2><a name="setup" id="setup">Setup</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Setup" [401-419] -->
+<h3><a name="prepare_database" id="prepare_database">Prepare database</a></h3>
+<div class="level3">
+
+<p>
+
+Database must be prepared exactly like in <a href="../../documentation/1.1/sqlsessionbackend.html#prepare_the_database" class="wikilink1" title="documentation:1.1:sqlsessionbackend">SQL session backend</a> except that a field must be added for each data to index. Example with MySQL and index set to uid+ipAddr (recommended)
+</p>
+<pre class="code file sql"><span class="kw1">CREATE</span> <span class="kw1">TABLE</span> sessions <span class="br0">&#40;</span>
+    id char<span class="br0">&#40;</span>32<span class="br0">&#41;</span> <span class="kw1">NOT</span> <span class="kw1">NULL</span> <span class="kw1">PRIMARY</span> <span class="kw1">KEY</span><span class="sy0">,</span>
+    a_session blob<span class="sy0">,</span>
+    uid varchar<span class="br0">&#40;</span>255<span class="br0">&#41;</span><span class="sy0">,</span>
+    ipAddr varchar<span class="br0">&#40;</span>15<span class="br0">&#41;</span><span class="sy0">,</span>
+    <span class="kw1">KEY</span> uid <span class="br0">&#40;</span>uid<span class="br0">&#41;</span><span class="sy0">,</span>
+    <span class="kw1">KEY</span> ipAddr <span class="br0">&#40;</span>ipAddr<span class="br0">&#41;</span>
+    <span class="br0">&#41;</span>;</pre>
+
+</div>
+<!-- SECTION "Prepare database" [420-870] -->
+<h3><a name="manager" id="manager">Manager</a></h3>
+<div class="level3">
+
+<p>
+
+Go in the Manager and set the session module (for example <a href="http://search.cpan.org/perldoc?Apache::Session::Browseable::MySQL" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Browseable::MySQL"  rel="nofollow">Apache::Session::Browseable::MySQL</a> for MySQL) in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
+
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign" colspan="3">  Required parameters  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<th class="col0 centeralign">  Name  </th><th class="col1 centeralign">  Comment  </th><th class="col2 centeralign">  Example  </th>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0 centeralign">  <strong>DataSource</strong>  </td><td class="col1"> The <a href="http://search.cpan.org/perldoc?DBI" class="urlextern" title="http://search.cpan.org/perldoc?DBI"  rel="nofollow">DBI</a> string </td><td class="col2"> dbi:mysql:dbname=sessions </td>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0 centeralign">  <strong>UserName</strong>  </td><td class="col1"> The database username </td><td class="col2"> lemonldapng </td>
+	</tr>
+	<tr class="row4 roweven">
+		<td class="col0 centeralign">  <strong>Password</strong>  </td><td class="col1"> The database password </td><td class="col2"> mysuperpassword </td>
+	</tr>
+	<tr class="row5 rowodd">
+		<td class="col0 centeralign">  <strong>Index</strong>  </td><td class="col1"> Index </td><td class="col2"> uid ipAddr </td>
+	</tr>
+</table>
+
+<p>
+
+<p><div class="notetip">Apache::Session::Browseable::MySQL doesn&#039;t use locks so performances are keeped.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Manager" [871-1633] -->
+<h2><a name="security" id="security">Security</a></h2>
+<div class="level2">
+
+<p>
+
+Restrict network access to the database.
+</p>
+
+<p>
+You can also use different user/password for your servers by overriding parameters <code>globalStorage</code> and <code>globalStorageOptions</code> in lemonldap-ng.ini file.
+</p>
+
+</div>
+<!-- SECTION "Security" [1634-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/cda.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/cda.html
@ -0,0 +1,78 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="cross_domain_authentication" id="cross_domain_authentication">Cross Domain Authentication</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "Cross Domain Authentication" [1-43] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+<div class="plugin_include_content" id="plugin_include__documentation:presentation">
+<div class="level3">
+
+<p>
+
+<p><div class="noteclassic">For security reason, a cookie provided for a domain cannot be sent to another domain. To extend <acronym title="Single Sign On">SSO</acronym> on several domains, a cross-domain mechanism is implemented in LemonLDAP::NG.
+</div></p>
+
+</p>
+<ol>
+<li class="level1"><div class="li"> User owns <a href="../../documentation/latest/ssocookie.html#sso_cookie" class="wikilink1" title="documentation:latest:ssocookie">SSO cookies</a> on the main domain (see <a href="../../documentation/presentation.html#login" class="wikilink1" title="documentation:presentation">Login kinematics</a>)</div>
+</li>
+<li class="level1"><div class="li"> User tries to access a protected application in a different domain</div>
+</li>
+<li class="level1"><div class="li"> Handler does not see <a href="../../documentation/latest/ssocookie.html#sso_cookie" class="wikilink1" title="documentation:latest:ssocookie">SSO cookies</a> (because it is not in main domain) and redirects user on Portal</div>
+</li>
+<li class="level1"><div class="li"> Portal recognizes the user with its <a href="../../documentation/latest/ssocookie.html#sso_cookie" class="wikilink1" title="documentation:latest:ssocookie">SSO cookies</a>, and see he is coming from a different domain</div>
+</li>
+<li class="level1"><div class="li"> Portal redirects user on protected application with his session ID as <acronym title="Uniform Resource Locator">URL</acronym> parameter</div>
+</li>
+<li class="level1"><div class="li"> Handler detects <acronym title="Uniform Resource Locator">URL</acronym> parameter and create a <a href="../../documentation/latest/ssocookie.html#sso_cookie" class="wikilink1" title="documentation:latest:ssocookie">SSO cookies</a> on its domain, with session ID as value</div>
+</li>
+</ol>
+
+</div>
+</div>
+<div class="level2">
+
+</div>
+<!-- SECTION "Presentation" [44-138] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+Go in Manager, <code>General Parameters</code> » <code>Cookies</code> » <code>Multiple domains</code> and set to <code>On</code>.
+</p>
+
+<p>
+To use this feature only locally, edit <code>lemonldap-ng.ini</code> in section [all]:
+
+</p>
+<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>all<span class="br0">&#93;</span></span>
+<span class="re1">cda</span> <span class="sy0">=</span><span class="re2"> 1</span></pre>
+
+</div>
+<!-- SECTION "Configuration" [139-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/changeconfbackend.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/changeconfbackend.html
@ -0,0 +1,90 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="how_to_change_configuration_backend" id="how_to_change_configuration_backend">How to change configuration backend</a></h1>
+<div class="level1">
+
+<p>
+
+LemonLDAP::NG provides a script to change configuration backend easily keeping history. It is set in LemonLDAP::NG utilities directory (<code>convertConfig</code>).
+</p>
+
+</div>
+<!-- SECTION "How to change configuration backend" [1-208] -->
+<h2><a name="how_it_works" id="how_it_works">How it works</a></h2>
+<div class="level2">
+
+<p>
+
+The <code>convertConfig</code> utility reads 2 <acronym title="LemonLDAP::NG">LL::NG</acronym> configuration files (<code>lemonldap-ng.ini</code>):
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Current</strong>: to extract all configuration history</div>
+</li>
+<li class="level1"><div class="li"> <strong>New</strong>: to write all configuration history</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "How it works" [209-426] -->
+<h2><a name="let_s_go" id="let_s_go">Let&#039;s go</a></h2>
+<div class="level2">
+<ul>
+<li class="level1"><div class="li"> Prepare your new lemonldap-ng.ini file</div>
+</li>
+<li class="level1"><div class="li"> Configure your new backend (create <acronym title="Structured Query Language">SQL</acronym> database,…)</div>
+</li>
+<li class="level1"><div class="li"> Launch that:</div>
+</li>
+</ul>
+<pre class="code shell">convertConfig --current=/etc/lemonldap-ng/lemonldap-ng.ini --new=/new/lemonldap-ng.ini</pre>
+<ul>
+<li class="level1"><div class="li"> Install the new lemonldap-ng.ini file in all <acronym title="LemonLDAP::NG">LL::NG</acronym> components</div>
+</li>
+<li class="level1"><div class="li"> Restart all your Apache servers</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Let's go" [427-777] -->
+<h2><a name="see_also" id="see_also">See also</a></h2>
+<div class="level2">
+
+<p>
+
+Documentation is available for configuration backends :
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/sqlconfbackend.html" class="wikilink1" title="documentation:1.1:sqlconfbackend">SQL</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/fileconfbackend.html" class="wikilink1" title="documentation:1.1:fileconfbackend">File</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/ldapconfbackend.html" class="wikilink1" title="documentation:1.1:ldapconfbackend">LDAP</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/soapconfbackend.html" class="wikilink1" title="documentation:1.1:soapconfbackend">SOAP proxy mechanism</a></div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "See also" [778-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/configlocation.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/configlocation.html
@ -0,0 +1,511 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="configuration_overview" id="configuration_overview">Configuration overview</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "Configuration overview" [1-38] -->
+<h2><a name="backends" id="backends">Backends</a></h2>
+<div class="level2">
+
+<p>
+
+LemonLDAP::NG configuration is stored in a backend that allows all modules to access it.
+</p>
+
+<p>
+<p><div class="noteimportant">Note that all <acronym title="LemonLDAP::NG">LL::NG</acronym> components must have access :
+</p>
+<ul>
+<li class="level1"><div class="li"> to the configuration backend</div>
+</li>
+<li class="level1"><div class="li"> to the sessions storage backend</div>
+</li>
+</ul>
+
+<p>
+
+Detailled configuration backends documentation is available <a href="../../documentation/1.1/start.html#configuration_database" class="wikilink1" title="documentation:1.1:start">here</a>.
+</div></p>
+</p>
+
+<p>
+By default, configuration is stored in <a href="../../documentation/1.1/fileconfbackend.html" class="wikilink1" title="documentation:1.1:fileconfbackend">files</a>, so access trough network is not possible. To allow this, use <a href="../../documentation/1.1/soapconfbackend.html" class="wikilink1" title="documentation:1.1:soapconfbackend">SOAP</a> for configuration access, or use a network service like <a href="../../documentation/1.1/sqlconfbackend.html" class="wikilink1" title="documentation:1.1:sqlconfbackend">SQL database</a> or <a href="../../documentation/1.1/ldapconfbackend.html" class="wikilink1" title="documentation:1.1:ldapconfbackend">LDAP directory</a>.
+</p>
+
+<p>
+Configuration backend can be set in the <a href="#local_file" title="documentation:1.1:configlocation &crarr;" class="wikilink1">local configuration file</a>, in <code>configuration</code> section.
+</p>
+
+<p>
+For example, to configure the <code>File</code> configuration backend:
+</p>
+<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>configuration<span class="br0">&#93;</span></span>
+<span class="re1">type</span><span class="sy0">=</span><span class="re2">File</span>
+<span class="re1">dirName</span> <span class="sy0">=</span><span class="re2"> /usr/local/lemonldap-ng/data/conf</span></pre>
+
+<p>
+<p><div class="notetip">See <a href="../../documentation/1.1/changeconfbackend.html" class="wikilink1" title="documentation:1.1:changeconfbackend">How to change configuration backend</a> to known how to change this.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Backends" [39-1049] -->
+<h2><a name="manager" id="manager">Manager</a></h2>
+<div class="level2">
+
+<p>
+
+Most of configuration can be done trough LemonLDAP::NG Manager (by default <a href="http://manager.example.com" class="urlextern" title="http://manager.example.com"  rel="nofollow">http://manager.example.com</a>).
+</p>
+
+<p>
+By default, Manager is protected to allow only localhost. This can be changed in <code>etc/manager-apache2.conf</code>:
+</p>
+<pre class="code file apache">    &lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/manager/&gt;
+        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
+        <span class="kw1">Deny</span> from <span class="kw2">all</span>
+        <span class="kw1">Allow</span> from 127.0.0.0/8
+        <span class="kw1">Options</span> +ExecCGI
+    &lt;/<span class="kw3">Directory</span>&gt;</pre>
+
+<p>
+<p><div class="notetip">See <a href="../../documentation/1.1/managerprotection.html" class="wikilink1" title="documentation:1.1:managerprotection">Manager protection documentation</a> to know how to use Apache modules or <acronym title="LemonLDAP::NG">LL::NG</acronym> to manage access to Manager.
+</div></p>
+</p>
+
+<p>
+The Manager displays main branches:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>General Parameters</strong>: authentication modules, portal, etc.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Variables</strong>: user information, macros and groups used to fill <acronym title="Single Sign On">SSO</acronym> session</div>
+</li>
+<li class="level1"><div class="li"> <strong>Virtual Hosts</strong>: access rules, headers, etc.</div>
+</li>
+<li class="level1"><div class="li"> <strong><acronym title="Security Assertion Markup Language">SAML</acronym> 2 Service</strong>: <acronym title="Security Assertion Markup Language">SAML</acronym> metadata administration</div>
+</li>
+<li class="level1"><div class="li"> <strong><acronym title="Security Assertion Markup Language">SAML</acronym> identity providers</strong>: Registered IDP</div>
+</li>
+<li class="level1"><div class="li"> <strong><acronym title="Security Assertion Markup Language">SAML</acronym> service providers</strong>: Registered SP</div>
+</li>
+</ul>
+
+<p>
+
+LemonLDAP::NG configuration is mainly a key/value structure, so Manager will present all keys into a structured tree. A click on a key will display the associated value.
+</p>
+
+<p>
+<p><div class="noteimportant">When modifying a value, always click on the <code>Apply</code> button if available, to be sure the value is saved.
+</div></p>
+</p>
+
+<p>
+When all modifications are done, click on <code>Save</code> to store configuration.
+</p>
+
+<p>
+<p><div class="notewarning">LemonLDAP::NG will do some checks on configuration and display errors and warnings if any. Configuration <strong>is not saved</strong> if errors occur.
+</div></p>
+</p>
+
+<p>
+You can change the graphical aspect of the Manager, by clicking on the <code>Menu style</code> button. It will open a dialog to choose:
+</p>
+<ul>
+<li class="level1"><div class="li"> Menu organization: tree or accordion</div>
+</li>
+<li class="level1"><div class="li"> Theme (<a href="http://jqueryui.com/themeroller/" class="urlextern" title="http://jqueryui.com/themeroller/"  rel="nofollow">jQuery UI theme</a>).</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">
+Menu style preferences are stored in cookies (1 year duration). You can fix default values by editing these values in <code>lemonldap-ng.ini</code>, section <code>manager</code>:
+</p>
+<ul>
+<li class="level1"><div class="li"> managerCss</div>
+</li>
+<li class="level1"><div class="li"> managerCssTheme</div>
+</li>
+</ul>
+
+<p>
+
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Manager" [1050-3005] -->
+<h2><a name="apache" id="apache">Apache</a></h2>
+<div class="level2">
+
+<p>
+
+<p><div class="noteimportant">LemonLDAP::NG does not manage Apache configuration
+</div></p>
+</p>
+
+<p>
+LemonLDAP::NG ships 3 Apache configuration files:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>portal-apache2.conf</strong>: Portal virtual host, with <acronym title="Simple Object Access Protocol">SOAP</acronym> and Issuer end points</div>
+</li>
+<li class="level1"><div class="li"> <strong>manager-apache2.conf</strong>: Manager virtual host</div>
+</li>
+<li class="level1"><div class="li"> <strong>handler-apache2.conf</strong> : Handler declaration, reload and sample virtual hosts</div>
+</li>
+</ul>
+
+<p>
+
+These files must be included in Apache configuration, either with <code>Include</code> directives in <code>httpd.conf</code> (see <a href="../../documentation/quickstart.html#apache" class="wikilink1" title="documentation:quickstart">quick start example</a>), or with symbolic links in Apache configuration directory (like <code>/etc/httpd/conf.d</code>).
+</p>
+
+<p>
+<p><div class="notewarning">Mod <acronym title="Practical Extraction and Report Language">Perl</acronym> must be loaded before LemonLDAP::NG, so include configuration after the mod_perl <code>LoadModule</code> directive.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Apache" [3006-3765] -->
+<h3><a name="portal" id="portal">Portal</a></h3>
+<div class="level3">
+
+<p>
+
+In Portal virtual host, you will find several configuration parts:
+
+</p>
+<ul>
+<li class="level1"><div class="li"> Standard virtual host directives, to serve portal pages:</div>
+</li>
+</ul>
+<pre class="code file apache">    <span class="kw1">ServerName</span> auth.example.com
+&nbsp;
+    <span class="co1"># DocumentRoot</span>
+    <span class="kw1">DocumentRoot</span> /usr/local/lemonldap-ng/htdocs/portal/
+    &lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/portal/&gt;
+        <span class="kw1">Order</span> <span class="kw1">allow</span>,<span class="kw1">deny</span>
+        <span class="kw1">Allow</span> from <span class="kw2">all</span>
+        <span class="kw1">Options</span> +ExecCGI
+    &lt;/<span class="kw3">Directory</span>&gt;
+&nbsp;
+    <span class="co1"># Perl script</span>
+    &lt;<span class="kw3">Files</span> *.pl&gt;
+        <span class="kw1">SetHandler</span> perl-<span class="kw1">script</span>
+        PerlResponseHandler ModPerl::Registry
+    &lt;/<span class="kw3">Files</span>&gt;
+&nbsp;
+    <span class="co1"># Directory index</span>
+    &lt;<span class="kw3">IfModule</span> mod_dir.c&gt;
+        <span class="kw1">DirectoryIndex</span> index.pl index.html
+    &lt;/<span class="kw3">IfModule</span>&gt;</pre>
+<ul>
+<li class="level1"><div class="li"> <acronym title="Simple Object Access Protocol">SOAP</acronym> end points (inactivated by default):</div>
+</li>
+</ul>
+<pre class="code file apache">    <span class="co1"># SOAP functions for sessions management (disabled by default)</span>
+    &lt;<span class="kw3">Location</span> /index.pl/adminSessions&gt;
+        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
+        <span class="kw1">Deny</span> from <span class="kw2">all</span>
+    &lt;/<span class="kw3">Location</span>&gt;
+&nbsp;
+    <span class="co1"># SOAP functions for sessions access (disabled by default)</span>
+    &lt;<span class="kw3">Location</span> /index.pl/sessions&gt;
+        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
+        <span class="kw1">Deny</span> from <span class="kw2">all</span>
+    &lt;/<span class="kw3">Location</span>&gt;
+&nbsp;
+    <span class="co1"># SOAP functions for configuration access (disabled by default)</span>
+    &lt;<span class="kw3">Location</span> /index.pl/config&gt;
+        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
+        <span class="kw1">Deny</span> from <span class="kw2">all</span>
+    &lt;/<span class="kw3">Location</span>&gt;
+&nbsp;
+    <span class="co1"># SOAP functions for notification insertion (disabled by default)</span>
+    &lt;<span class="kw3">Location</span> /index.pl/notification&gt;
+        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
+        <span class="kw1">Deny</span> from <span class="kw2">all</span>
+    &lt;/<span class="kw3">Location</span>&gt;</pre>
+<ul>
+<li class="level1"><div class="li"> Issuer rewrite rules (requires <code>mod_rewrite</code>):</div>
+</li>
+</ul>
+<pre class="code file apache">    <span class="co1"># SAML2 Issuer</span>
+    &lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
+        <span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
+        <span class="kw1">RewriteRule</span> ^/saml/metadata /metadata.pl
+        <span class="kw1">RewriteRule</span> ^/saml/.* /index.pl
+    &lt;/<span class="kw3">IfModule</span>&gt;
+&nbsp;
+    <span class="co1"># CAS Issuer</span>
+    &lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
+        <span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
+        <span class="kw1">RewriteRule</span> ^/cas/.* /index.pl
+    &lt;/<span class="kw3">IfModule</span>&gt;
+&nbsp;
+    <span class="co1"># OpenID Issuer</span>
+    &lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
+        <span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
+        <span class="kw1">RewriteRule</span> ^/openidserver/.* /index.pl
+    &lt;/<span class="kw3">IfModule</span>&gt;</pre>
+<ul>
+<li class="level1"><div class="li"> Some <acronym title="Practical Extraction and Report Language">Perl</acronym> optimizations:</div>
+</li>
+</ul>
+<pre class="code file apache"><span class="co1"># Best performance under ModPerl::Registry</span>
+<span class="co1"># Uncomment this to increase performance of Portal</span>
+&lt;Perl&gt;
+    <span class="kw1">require</span> Lemonldap::NG::Portal::SharedConf;
+    Lemonldap::NG::Portal::SharedConf-&gt;compile(
+        qw(delete <span class="kw1">header</span> cache read_from_client cookie <span class="kw1">redirect</span> unescapeHTML));
+    <span class="co1"># Uncomment this line if you use Lemonldap::NG menu</span>
+    <span class="kw1">require</span> Lemonldap::NG::Portal::Menu;
+    <span class="co1"># Uncomment this line if you use portal SOAP capabilities</span>
+    <span class="kw1">require</span> SOAP::Lite;
+&lt;/Perl&gt;</pre>
+
+</div>
+<!-- SECTION "Portal" [3766-6199] -->
+<h3><a name="manager1" id="manager1">Manager</a></h3>
+<div class="level3">
+
+<p>
+
+Manager virtual host is used to serve configuration interface and local documentation.
+
+</p>
+<ul>
+<li class="level1"><div class="li"> Configuration interface access is protected:</div>
+</li>
+</ul>
+<pre class="code file apache">    <span class="kw1">DocumentRoot</span> /usr/local/lemonldap-ng/htdocs/manager/
+    &lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/manager/&gt;
+        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
+        <span class="kw1">Deny</span> from <span class="kw2">all</span>
+        <span class="kw1">Allow</span> from 127.0.0.0/8
+        <span class="kw1">Options</span> +ExecCGI
+    &lt;/<span class="kw3">Directory</span>&gt;</pre>
+<ul>
+<li class="level1"><div class="li"> Local documentation is open to all:</div>
+</li>
+</ul>
+<pre class="code file apache">    <span class="kw1">Alias</span> /doc/ /usr/local/lemonldap-ng/htdocs/doc/
+    &lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/doc/&gt;
+        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
+        <span class="kw1">Allow</span> from <span class="kw2">all</span>
+    &lt;/<span class="kw3">Directory</span>&gt;</pre>
+
+</div>
+<!-- SECTION "Manager" [6200-6845] -->
+<h3><a name="handler" id="handler">Handler</a></h3>
+<div class="level3">
+<ul>
+<li class="level1"><div class="li"> Load Handler in Apache memory:</div>
+</li>
+</ul>
+<pre class="code file apache">PerlOptions +GlobalRequest
+PerlRequire /usr/local/lemonldap-ng/handler/MyHandler.pm</pre>
+
+<p>
+<p><div class="noteimportant">The Handler must be loaded before any protected virtual host.
+</div></p>
+
+</p>
+<ul>
+<li class="level1"><div class="li"> Catch error pages:</div>
+</li>
+</ul>
+<pre class="code file apache"><span class="kw1">ErrorDocument</span> 403 http://auth.example.com/?lmError=403
+<span class="kw1">ErrorDocument</span> <span class="nu0">500</span> http://auth.example.com/?lmError=<span class="nu0">500</span></pre>
+<ul>
+<li class="level1"><div class="li"> Reload virtual host:</div>
+</li>
+</ul>
+<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
+    <span class="kw1">ServerName</span> reload.example.com
+&nbsp;
+    <span class="co1"># Configuration reload mechanism (only 1 per physical server is</span>
+    <span class="co1"># needed): choose your URL to avoid restarting Apache when</span>
+    <span class="co1"># configuration change</span>
+    &lt;<span class="kw3">Location</span> /reload&gt;
+        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
+        <span class="kw1">Deny</span> from <span class="kw2">all</span>
+        <span class="kw1">Allow</span> from 127.0.0.0/8
+        PerlHeaderParserHandler My::Package-&gt;refresh
+    &lt;/<span class="kw3">Location</span>&gt;
+&nbsp;
+    <span class="co1"># Uncomment this to activate status module</span>
+    <span class="co1">#&lt;Location /status&gt;</span>
+    <span class="co1">#    Order deny,allow</span>
+    <span class="co1">#    Deny from all</span>
+    <span class="co1">#    Allow from 127.0.0.0/8</span>
+    <span class="co1">#    PerlHeaderParserHandler My::Package-&gt;status</span>
+    <span class="co1">#&lt;/Location&gt;</span>
+&nbsp;
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+<p>
+Then, to protect a standard virutal host, the only configuration line to add is:
+</p>
+<pre class="code file apache">PerlHeaderParserHandler My::Package</pre>
+
+</div>
+<!-- SECTION "Handler" [6846-8061] -->
+<h2><a name="configuration_reload" id="configuration_reload">Configuration reload</a></h2>
+<div class="level2">
+
+<p>
+
+<p><div class="noteclassic">As Handlers keep configuration in cache, when configuration change, it should be updated in Handlers. An Apache restart will work, but LemonLDAP::NG offers the mean to reload them trough an <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> request. Configuration reload will then be effective in less than 10 minutes.
+</div></p>
+</p>
+
+<p>
+After configuration is saved by Manager, LemonLDAP::NG will try to reload configuration on distant Handlers. This can be configured in LemonLDAP::NG ini file, in the section <code>apply</code>:
+</p>
+<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>apply<span class="br0">&#93;</span></span>
+&nbsp;
+# URL used to reload configuration
+reload.example.com<span class="sy0">=</span><span class="re2">http://reload.example.com/reload</span>
+<span class="co0">;reloaddist.example.com=http://reloaddist.example.com/reload</span></pre>
+
+<p>
+<p><div class="notetip">You only need a reload <acronym title="Uniform Resource Locator">URL</acronym> per physical servers, as Handlers share the same configuration cache on each physical server.
+</div></p>
+</p>
+
+<p>
+The <code>reload</code> target is managed in Apache configuration, inside a virtual host protected by LemonLDAP::NG Handler, for example:
+</p>
+<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
+    <span class="kw1">ServerName</span> reload.example.com
+&nbsp;
+    &lt;<span class="kw3">Location</span> /reload&gt;
+        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
+        <span class="kw1">Deny</span> from <span class="kw2">all</span>
+        <span class="kw1">Allow</span> from 127.0.0.0/8
+        PerlHeaderParserHandler My::Package-&gt;refresh
+    &lt;/<span class="kw3">Location</span>&gt;
+&nbsp;
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+<p>
+<p><div class="noteimportant">You must allow access to Manager <acronym title="Internet Protocol">IP</acronym>.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Configuration reload" [8062-9338] -->
+<h2><a name="local_file" id="local_file">Local file</a></h2>
+<div class="level2">
+
+<p>
+
+LemonLDAP::NG configuration can be managed in a local file with <a href="http://en.wikipedia.org/wiki/INI_file" class="urlextern" title="http://en.wikipedia.org/wiki/INI_file"  rel="nofollow">INI format</a>. This file is called <code>lemonldap-ng.ini</code> and has the following sections:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>configuration</strong>: where configuration is stored</div>
+</li>
+<li class="level1"><div class="li"> <strong>apply</strong>: reload <acronym title="Uniform Resource Locator">URL</acronym> for distant Hanlders</div>
+</li>
+<li class="level1"><div class="li"> <strong>all</strong>: parameters for all modules</div>
+</li>
+<li class="level1"><div class="li"> <strong>portal</strong>: parameters only for Portal</div>
+</li>
+<li class="level1"><div class="li"> <strong>manager</strong>: parameters only for Manager</div>
+</li>
+<li class="level1"><div class="li"> <strong>handler</strong>: parameters only for Handler</div>
+</li>
+</ul>
+
+<p>
+
+When you set a parameter in <code>lemonldap-ng.ini</code>, it will override the parameter from the global configuration.
+</p>
+
+<p>
+For example, to override configured skin for portal:
+</p>
+<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
+<span class="re1">portalSkin</span> <span class="sy0">=</span><span class="re2"> dark</span></pre>
+
+<p>
+<p><div class="notetip">You need to know the technical name of configuration parameter to do this. You can refer to <a href="../../documentation/1.1/parameterlist.html" class="wikilink1" title="documentation:1.1:parameterlist">parameter list</a> to find it.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Local file" [9339-10196] -->
+<h2><a name="script_files" id="script_files">Script files</a></h2>
+<div class="level2">
+
+<p>
+
+LemonLDAP::NG allows to override any configuration parameter directly in script file. However, it is not advised to edit such files, as they are part of the program, and will be erased at next upgrade.
+</p>
+
+<p>
+<p><div class="notetip">You also need to know the technical name of configuration parameter to do this. You can refer to <a href="../../documentation/1.1/parameterlist.html" class="wikilink1" title="documentation:1.1:parameterlist">parameter list</a> to find it.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Script files" [10197-10585] -->
+<h3><a name="portal1" id="portal1">Portal</a></h3>
+<div class="level3">
+
+<p>
+
+For example, in portal/index.pl:
+</p>
+<pre class="code file perl"><span class="kw1">my</span> <span class="re0">$portal</span> <span class="sy0">=</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">SharedConf</span><span class="sy0">-&gt;</span><span class="me1">new</span><span class="br0">&#40;</span>
+    <span class="br0">&#123;</span>
+        portalSkin <span class="sy0">=&gt;</span> <span class="st_h">'dark'</span><span class="sy0">,</span>
+    <span class="br0">&#125;</span>
+<span class="br0">&#41;</span><span class="sy0">;</span></pre>
+
+</div>
+<!-- SECTION "Portal" [10586-10756] -->
+<h3><a name="handler1" id="handler1">Handler</a></h3>
+<div class="level3">
+
+<p>
+
+For example, in handler/MyHandler.pm:
+</p>
+<pre class="code file perl">__PACKAGE__<span class="sy0">-&gt;</span><span class="me1">init</span><span class="br0">&#40;</span>
+    <span class="br0">&#123;</span>
+        domain <span class="sy0">=&gt;</span> <span class="st_h">'acme.com'</span><span class="sy0">,</span>
+    <span class="br0">&#125;</span>
+<span class="br0">&#41;</span><span class="sy0">;</span></pre>
+
+</div>
+<!-- SECTION "Handler" [10757-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/configvhost.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/configvhost.html
@ -0,0 +1,182 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="manage_virtual_hosts" id="manage_virtual_hosts">Manage virtual hosts</a></h1>
+<div class="level1">
+
+<p>
+
+LemonLDAP::NG configuration is build around Apache virtual hosts. Each virtual host is a protected resource, with access rules, headers, POST data and options.
+</p>
+
+</div>
+<!-- SECTION "Manage virtual hosts" [1-197] -->
+<h2><a name="apache_configuration" id="apache_configuration">Apache configuration</a></h2>
+<div class="level2">
+
+<p>
+
+To protect a virtual host in Apache, the LemonLDAP::NG Handler must be activated (see <a href="../../documentation/1.1/configlocation.html#apache" class="wikilink1" title="documentation:1.1:configlocation">Apache global configuration</a>).
+</p>
+
+<p>
+Then you can take any virtual host, and simply add this line to protect it:
+</p>
+<pre class="code file apache">PerlHeaderParserHandler My::Package</pre>
+
+<p>
+For example, a protected virtual host for a local application:
+</p>
+<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
+        <span class="kw1">ServerName</span> localsite.example.com
+&nbsp;
+        PerlHeaderParserHandler My::Package
+&nbsp;
+        <span class="kw1">DocumentRoot</span> /var/www/localsite
+&nbsp;
+        <span class="kw1">ErrorLog</span> /var/log/apache2/localsite_error.log
+        <span class="kw1">CustomLog</span> /var/log/apache2/localsite_access.log combined
+&nbsp;
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+<p>
+And a protected virtual host with LemonLDAP::NG as reverse proxy:
+</p>
+<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
+        <span class="kw1">ServerName</span> application.example.com
+&nbsp;
+        PerlHeaderParserHandler My::Package
+&nbsp;
+        <span class="co1"># Reverse-Proxy</span>
+        <span class="kw1">ProxyPass</span> / http://private-name/
+        <span class="co1"># Change &quot;Location&quot; header in redirections</span>
+        <span class="kw1">ProxyPassReverse</span> / http://private-name/
+        <span class="co1"># Change domain cookies</span>
+        <span class="kw1">ProxyPassReverseCookieDomain</span> private-name application.example.com
+&nbsp;
+        <span class="kw1">ErrorLog</span> /var/log/apache2/proxysite_error.log
+        <span class="kw1">CustomLog</span> /var/log/apache2/proxysite_access.log combined
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+<p>
+
+Same with remote server configured with the same host name:
+</p>
+<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
+        <span class="kw1">ServerName</span> application.example.com
+&nbsp;
+        PerlHeaderParserHandler My::Package
+&nbsp;
+        <span class="co1"># Reverse-Proxy</span>
+        <span class="kw1">ProxyPass</span> / http://APPLICATION_IP/
+&nbsp;
+        <span class="kw1">ProxyPreserveHost</span> <span class="kw2">on</span>
+&nbsp;
+        <span class="kw1">ErrorLog</span> /var/log/apache2/proxysite_error.log
+        <span class="kw1">CustomLog</span> /var/log/apache2/proxysite_access.log combined
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+<p>
+<p><div class="noteclassic">The <code>ProxyPreserveHost</code> directive will forward the Host header to the protected application.<br/>
+To learn more about using Apache as reverse-proxy, see <a href="http://httpd.apache.org/docs/current/mod/mod_proxy.html" class="urlextern" title="http://httpd.apache.org/docs/current/mod/mod_proxy.html"  rel="nofollow">Apache documentation</a>.
+
+</div></p>
+</p>
+
+<p>
+<p><div class="notetip">Some applications need the <code>REMOTE_USER</code> environment variable to get the connected user, which is not set in reverse-proxy mode. In this case, see <a href="../../documentation/1.1/header_remote_user_conversion.html" class="wikilink1" title="documentation:1.1:header_remote_user_conversion">how convert header into environment variable</a>.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Apache configuration" [198-2419] -->
+<h2><a name="lemonldapng_configuration" id="lemonldapng_configuration">LemonLDAP::NG configuration</a></h2>
+<div class="level2">
+
+<p>
+
+An apache virtual host protected by LemonLDAP::NG Handler must be registered in LemonLDAP::NG configuration.
+</p>
+
+<p>
+To do this, use the Manager, and go in <code>Virtual Hosts</code> branch. You can add, delete or modify a virtual host here.
+</p>
+
+<p>
+A virtual host contains:
+</p>
+<ul>
+<li class="level1"><div class="li"> Access rules: check user&#039;s right on <acronym title="Uniform Resource Locator">URL</acronym> patterns</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> headers: forge information sent to protected applications</div>
+</li>
+<li class="level1"><div class="li"> POST data: use form replay</div>
+</li>
+<li class="level1"><div class="li"> Options: redirection port and protocol</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "LemonLDAP::NG configuration" [2420-2907] -->
+<h3><a name="access_rules_and_http_headers" id="access_rules_and_http_headers">Access rules and HTTP headers</a></h3>
+<div class="level3">
+
+<p>
+
+See <strong><a href="../../documentation/1.1/writingrulesand_headers.html" class="wikilink1" title="documentation:1.1:writingrulesand_headers">Writing rules and headers</a></strong> to learn how to configure access control and <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> headers sent to application by <acronym title="LemonLDAP::NG">LL::NG</acronym>.
+</p>
+
+</div>
+<!-- SECTION "Access rules and HTTP headers" [2908-3100] -->
+<h3><a name="post_data" id="post_data">POST data</a></h3>
+<div class="level3">
+
+<p>
+
+See <strong><a href="../../documentation/1.1/formreplay.html" class="wikilink1" title="documentation:1.1:formreplay">Form replay</a></strong> to learn how to configure form replay to POST data on protected applications.
+</p>
+
+</div>
+<!-- SECTION "POST data" [3101-3235] -->
+<h3><a name="options" id="options">Options</a></h3>
+<div class="level3">
+
+<p>
+
+Two options are available:
+</p>
+<ul>
+<li class="level1"><div class="li"> Port</div>
+</li>
+<li class="level1"><div class="li"> HTTPS</div>
+</li>
+</ul>
+
+<p>
+
+These options are used to build redirection <acronym title="Uniform Resource Locator">URL</acronym> (when user is not logged, or for <acronym title="Cross Domain Authentication">CDA</acronym> requests). By default, default values are used. These options are only here to override default values.
+</p>
+
+</div>
+<!-- SECTION "Options" [3236-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/customfunctions.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/customfunctions.html
@ -0,0 +1,111 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="custom_functions" id="custom_functions">Custom functions</a></h1>
+<div class="level1">
+
+<p>
+
+Custom functions allow to extend <acronym title="LemonLDAP::NG">LL::NG</acronym>, they can be used in <a href="../../documentation/1.1/writingrulesand_headers.html#headers" class="wikilink1" title="documentation:1.1:writingrulesand_headers">headers</a>, <a href="../../documentation/1.1/writingrulesand_headers.html#rules" class="wikilink1" title="documentation:1.1:writingrulesand_headers">rules</a> or <a href="../../documentation/1.1/formreplay.html" class="wikilink1" title="documentation:1.1:formreplay">form replay data</a>.
+</p>
+
+</div>
+<!-- SECTION "Custom functions" [1-215] -->
+<h2><a name="write_custom_functions_library" id="write_custom_functions_library">Write custom functions library</a></h2>
+<div class="level2">
+
+<p>
+
+Create your <acronym title="Practical Extraction and Report Language">Perl</acronym> module with custom functions. You can name your module as you want, for example <code>SSOExtensions.pm</code>:
+</p>
+<pre class="code">
+vi /root/SSOExtensions.pm
+</pre>
+<pre class="code file perl"><a href="http://perldoc.perl.org/functions/package.html"><span class="kw3">package</span></a> SSOExtensions<span class="sy0">;</span>
+&nbsp;
+<span class="kw2">sub</span> function1 <span class="br0">&#123;</span>
+  <span class="kw1">my</span> <span class="re0">$portal</span> <span class="sy0">=</span> <a href="http://perldoc.perl.org/functions/shift.html"><span class="kw3">shift</span></a><span class="sy0">;</span>
+  <span class="kw1">my</span> <span class="re0">$param</span> <span class="sy0">=</span> <a href="http://perldoc.perl.org/functions/shift.html"><span class="kw3">shift</span></a><span class="sy0">;</span>
+&nbsp;
+  <span class="co1"># Your nice code here</span>
+&nbsp;
+  <a href="http://perldoc.perl.org/functions/return.html"><span class="kw3">return</span></a> <span class="re0">$param</span>
+<span class="br0">&#125;</span>
+&nbsp;
+<span class="nu0">1</span><span class="sy0">;</span></pre>
+
+<p>
+<p><div class="notetip">The first parameter passed to the custom function is the <acronym title="LemonLDAP::NG">LL::NG</acronym> portal object.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Write custom functions library" [216-670] -->
+<h2><a name="import_custom_functions_in_lemonldapng" id="import_custom_functions_in_lemonldapng">Import custom functions in LemonLDAP::NG</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Import custom functions in LemonLDAP::NG" [671-724] -->
+<h3><a name="declare_module_in_apache_configuration" id="declare_module_in_apache_configuration">Declare module in Apache configuration</a></h3>
+<div class="level3">
+
+<p>
+
+Your module has to be loaded by Apache (for example after Handler load):
+</p>
+<pre class="code file apache"><span class="co1"># Perl environment</span>
+PerlRequire /var/lib/lemonldap-ng/handler/MyHandler.pm
+PerlRequire /root/SSOExtensions.pm
+PerlOptions +GlobalRequest</pre>
+
+</div>
+<!-- SECTION "Declare module in Apache configuration" [725-1007] -->
+<h3><a name="declare_custom_functions" id="declare_custom_functions">Declare custom functions</a></h3>
+<div class="level3">
+
+<p>
+
+Go in Manager, <code>General Parameters</code> » <code>Advanced Parameters</code> » <code>Custom functions</code> and set:
+
+</p>
+<pre class="code">
+SSOExtensions::function1
+</pre>
+
+</div>
+<!-- SECTION "Declare custom functions" [1008-1182] -->
+<h2><a name="use_it" id="use_it">Use it</a></h2>
+<div class="level2">
+
+<p>
+
+You can now use your function in a macro, an header or an access rule, for example:
+
+</p>
+<pre class="code">
+Custom-Header =&gt; function1($uid)
+</pre>
+
+</div>
+<!-- SECTION "Use it" [1183-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/error.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/error.html
@ -0,0 +1,164 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="error_messages" id="error_messages">Error messages</a></h1>
+<div class="level1">
+
+<p>
+
+<p><div class="noteclassic">This page do not reference all error messages, but only the frequentest
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Error messages" [1-116] -->
+<h2><a name="lemonldapngcommon" id="lemonldapngcommon">Lemonldap::NG::Common</a></h2>
+<div class="level2">
+<pre class="file">Warning: key is not defined, set it in the manager !</pre>
+
+<p>
+
+→ LemonLDAP::NG uses a key to crypt/decrypt some datas. You have to set its value in Manager. This message is displayed only when you upgrade from a version older than 1.0
+</p>
+<pre class="file">Can&#039;t locate /usr/share/lemonldap-ng/configStorage.pl</pre>
+
+<p>
+
+→ When you upgrade from Debian Lenny with customized index.pl files, you must upgrade them. See <a href="../../documentation/1.1/upgrade.html#debian_lenny_upgrade" class="wikilink1" title="documentation:1.1:upgrade">Debian Lenny upgrade</a>.
+</p>
+
+</div>
+<!-- SECTION "Lemonldap::NG::Common" [117-613] -->
+<h2><a name="lemonldapnghandler" id="lemonldapnghandler">Lemonldap::NG::Handler</a></h2>
+<div class="level2">
+<pre class="file">Unable to clear local cache</pre>
+
+<p>
+
+→ Local cache cannot be cleard, check the localStorage and localStorageOptions or file permissions
+</p>
+<pre class="file">Status module can not be loaded without localStorage parameter</pre>
+
+<p>
+
+→ You tried to activate Status module without localStorage. Configure local cache first.
+</p>
+<pre class="file">No configuration found</pre>
+
+<p>
+
+→ The configuration cannot be loaded. Check configStorage and configStorageOptionsor file permissions.
+</p>
+<pre class="file">User rejected because VirtualHost XXXX has no configuration</pre>
+
+<p>
+
+→ The specified virtual host was not configured in Manager.
+</p>
+<pre class="file">mkdir /tmp/MyNamespace/2: Permission denied ...</pre>
+
+<p>
+
+→ The cache has been created by another user than Apache&#039;s user. Restart Apache to purge it.
+<p><div class="noteimportant">This can happend when you use lmConfigEditor or launch <strong>cron files</strong> with a different user than Apache process. That is why it is important to set APACHEUSER variable when you launch “make install”
+
+</div></p>
+</p>
+<pre class="file">Lemonldap::NG::Handler::SharedConf: No cookie found</pre>
+
+<p>
+
+→ User does not have Lemonldap::NG cookie, handler redirect it to the portal
+</p>
+<pre class="file">The cookie $id isn&#039;t yet available: Object does not exist in the data store</pre>
+
+<p>
+
+→ User session has expired or handler does not have access to the same Apache::Session database than the portal
+</p>
+<pre class="file">Firefox has detected that the server is redirecting the request for this address in a way that will never complete</pre>
+
+<p>
+
+→ Your browser loops between portal and handler, it is probably a cookie problem. Verify that:
+</p>
+<ul>
+<li class="level1"><div class="li"> the portal is in the declared domain</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Cross Domain Authentication">CDA</acronym> is set if the handler is not in the same domain</div>
+</li>
+<li class="level1"><div class="li"> portal is in a https virtualhost if securedCookie is set</div>
+</li>
+<li class="level1"><div class="li"> you&#039;ve restart all Apache server after having change cookie name or domain</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Lemonldap::NG::Handler" [614-2430] -->
+<h2><a name="lemonldapngmanager" id="lemonldapngmanager">Lemonldap::NG::Manager</a></h2>
+<div class="level2">
+<pre class="file">XXXX was not found in tree</pre>
+
+<p>
+
+→ The specified node is not the uploaded tree.
+</p>
+
+</div>
+<!-- SECTION "Lemonldap::NG::Manager" [2431-2556] -->
+<h2><a name="lemonldapngportal" id="lemonldapngportal">Lemonldap::NG::Portal</a></h2>
+<div class="level2">
+<pre class="file">User XXXX was not granted to open session</pre>
+
+<p>
+
+→ Check grantSessionRule parameter.
+</p>
+<pre class="file">XML menu configuration is deprecated. Please use lmMigrateConfFiles2ini to migrate your menu configuration</pre>
+
+<p>
+
+→ You do not use the new configuration syntax for application list. <acronym title="Extensible Markup Language">XML</acronym> file is no more accepted.
+</p>
+<pre class="file">Apache is not configured to authenticate users !</pre>
+
+<p>
+
+→ You use the Apache authentication backend, but Apache is not or bad configured (no REMOTE_USER send to LemonLDAP::NG).
+</p>
+<pre class="file">URL contains a non protected host</pre>
+
+<p>
+
+→ The host is not known by LemonLDAP::NG. Add it to trustedDomains (or set <code>*</code> in trustedDomains to accept all).
+</p>
+<pre class="file">XSS attack detected</pre>
+
+<p>
+
+→ Some <acronym title="Uniform Resource Locator">URL</acronym> parameters contain forbidden characters.
+</p>
+
+</div>
+<!-- SECTION "Lemonldap::NG::Portal" [2557-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/exportedvars.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/exportedvars.html
@ -0,0 +1,113 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="exported_variables" id="exported_variables">Exported variables</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "Exported variables" [1-34] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+Exported variables are the variables available to <a href="../../documentation/1.1/writingrulesand_headers.html" class="wikilink1" title="documentation:1.1:writingrulesand_headers">write rules and headers</a>. They are extracted from the users database by the <a href="../../documentation/1.1/start.html#authentication_users_and_password_databases" class="wikilink1" title="documentation:1.1:start">users module</a>.
+</p>
+
+<p>
+To create a variable, you&#039;ve just to map a user attributes in <acronym title="LemonLDAP::NG">LL::NG</acronym> using <code>Variables</code> » <code>Exported variables</code>. For each variable, The first field is the name which will be used in rules, macros or headers and the second field is the name of the user database field.
+</p>
+
+<p>
+Examples for <a href="../../documentation/1.1/authldap.html" class="wikilink1" title="documentation:1.1:authldap">LDAP</a>:
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  Variable name  </th><th class="col1 centeralign">  <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> attribute  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  uid  </td><td class="col1 centeralign">  uid  </td>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0 centeralign">  number  </td><td class="col1 centeralign">  employeeNumber  </td>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0 centeralign">  name  </td><td class="col1 centeralign">  sn  </td>
+	</tr>
+</table>
+
+<p>
+
+<a href="/_detail/documentation/exportedvars.png?id=documentation%3A1.1%3Aexportedvars" class="media" title="documentation:exportedvars.png"><img src="../../../media/documentation/exportedvars.png" class="mediacenter" title="Exported variables in the Manager" alt="Exported variables in the Manager" width="500" /></a>
+</p>
+
+</div>
+<!-- SECTION "Presentation" [35-771] -->
+<h2><a name="extend_variables_using_macros_and_groups" id="extend_variables_using_macros_and_groups">Extend variables using macros and groups</a></h2>
+<div class="level2">
+<div class="plugin_include_content" id="plugin_include__documentation:1.1:performances">
+<div class="level3">
+
+<p>
+
+Macros and groups are calculated during authentication process by the portal:
+</p>
+<ul>
+<li class="level1"><div class="li"> macros are used to extend (or rewrite) <span class="curid"><a href="../../documentation/1.1/exportedvars.html" class="wikilink1" title="documentation:1.1:exportedvars">exported variables</a></span>. A macro is stored as attributes: it can contain boolean results or any string</div>
+</li>
+<li class="level1"><div class="li"> groups are stored as space-separated strings in the special attribute “groups”: it contains the names of groups whose rules were returned true for the current user</div>
+</li>
+</ul>
+
+<p>
+
+Example for macros:
+
+</p>
+<pre class="code perl"><span class="co1"># boolean macro</span>
+isAdmin <span class="sy0">-&gt;</span> <span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'foo'</span> <span class="kw1">or</span> <span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'bar'</span>
+<span class="co1"># other macro </span>
+displayName <span class="sy0">-&gt;</span> <span class="re0">$givenName</span><span class="sy0">.</span><span class="st0">&quot; &quot;</span><span class="sy0">.</span><span class="re0">$surName</span>
+&nbsp;
+<span class="co1"># Use a boolean macro in a rule</span>
+<span class="sy0">^/</span>admin <span class="sy0">-&gt;</span> <span class="re0">$isAdmin</span>
+<span class="co1"># Use a string macro in a HTTP header</span>
+Display<span class="sy0">-</span>Name <span class="sy0">-&gt;</span> <span class="re0">$displayName</span></pre>
+
+<p>
+Example for groups:
+
+</p>
+<pre class="code perl"><span class="co1"># group</span>
+admin <span class="sy0">-&gt;</span> <span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'foo'</span> <span class="kw1">or</span> <span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'bar'</span>
+&nbsp;
+<span class="co1"># Use a group in a rule</span>
+<span class="sy0">^/</span>admin <span class="sy0">-&gt;</span> <span class="re0">$groups</span> <span class="sy0">=~</span> <span class="sy0">/</span><span class="re0">\badmin</span><span class="re0">\b</span><span class="sy0">/</span></pre>
+
+</div>
+</div>
+<div class="level2">
+
+</div>
+<!-- SECTION "Extend variables using macros and groups" [772-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/extendedfunctions.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/extendedfunctions.html
@ -0,0 +1,292 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="extended_functions" id="extended_functions">Extended functions</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "Extended functions" [1-34] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+When <a href="../../documentation/1.1/writingrulesand_headers.html" class="wikilink1" title="documentation:1.1:writingrulesand_headers">writing rules and headers</a>, you can use <acronym title="Practical Extraction and Report Language">Perl</acronym> expressions that will be evaluated in a jail, to prevent bad code execution.
+</p>
+
+<p>
+This is also true for:
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/portalmenu.html#menu_modules" class="wikilink1" title="documentation:1.1:portalmenu">Menu modules activation rules</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/formreplay.html" class="wikilink1" title="documentation:1.1:formreplay">Form replay data</a></div>
+</li>
+<li class="level1"><div class="li"> Macros</div>
+</li>
+<li class="level1"><div class="li"> Issuer databases use rules</div>
+</li>
+<li class="level1"><div class="li"> etc.</div>
+</li>
+</ul>
+
+<p>
+
+Inside this jail, you can access to:
+</p>
+<ul>
+<li class="level1"><div class="li"> Core <acronym title="Practical Extraction and Report Language">Perl</acronym> subroutines (split, pop, map, etc.)</div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/customfunctions.html" class="wikilink1" title="documentation:1.1:customfunctions">Custom functions</a></div>
+</li>
+<li class="level1"><div class="li"> The <a href="http://perldoc.perl.org/MIME/Base64.html" class="urlextern" title="http://perldoc.perl.org/MIME/Base64.html"  rel="nofollow">encode_base64</a> subroutine</div>
+</li>
+<li class="level1"><div class="li"> All environment variables (trough %ENV)</div>
+</li>
+<li class="level1"><div class="li"> <a href="#functions_list" title="documentation:1.1:extendedfunctions &crarr;" class="wikilink1">Extended functions</a></div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">To know more about the jail, check <a href="http://perldoc.perl.org/Safe.html" class="urlextern" title="http://perldoc.perl.org/Safe.html"  rel="nofollow">Safe module documentation</a>.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Presentation" [35-800] -->
+<h2><a name="functions_list" id="functions_list">Functions list</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Functions list" [801-828] -->
+<h3><a name="checklogonhours" id="checklogonhours">checkLogonHours</a></h3>
+<div class="level3">
+
+<p>
+
+This function will check the day and the hour of current request, and compare it to allowed days and hours. It returns 1 if this match, 0 else.
+</p>
+
+<p>
+By default, the allowed days and hours is an hexadecimal value, representing each hour of the week. A day has 24 hours, and a week 7 days, so the value contains 168 bits, converted into 42 hexadecimal characters. Sunday is the first day.
+</p>
+
+<p>
+For example, for a full access, excepted week-end:
+
+</p>
+<pre class="code">
+000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000
+</pre>
+
+<p>
+<p><div class="notetip">The <a href="../../documentation/1.1/authldap.html#schema_extension" class="wikilink1" title="documentation:1.1:authldap">LDAP schema extension</a> can be used to store this value. You can also use the binary value from the logonHours attribute of Active Directory
+</div></p>
+</p>
+
+<p>
+Functions parameters:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>logon_hours</strong>: string representing allowed logon hours (GMT)</div>
+</li>
+<li class="level1"><div class="li"> <strong>syntax</strong> (optional): <code>hexadecimal</code> (default) or <code>octetstring</code></div>
+</li>
+<li class="level1"><div class="li"> <strong>time_correction</strong> (optional): hours to add or to subtract</div>
+</li>
+<li class="level1"><div class="li"> <strong>default_access</strong> (optional): what result to return if <strong>logon_hours</strong> is empty</div>
+</li>
+</ul>
+
+<p>
+
+Simple usage example:
+
+</p>
+<pre class="code">
+checkLogonHours($ssoLogonHours)
+</pre>
+
+<p>
+If you use the binary value (Active Directory), use this:
+
+</p>
+<pre class="code">
+checkLogonHours($ssoLogonHours, &#039;octetstring&#039;)
+</pre>
+
+<p>
+You can also configure jetlag (if all of your users use the same timezone):
+
+</p>
+<pre class="code">
+checkLogonHours($ssoLogonHours, &#039;&#039;, &#039;+2&#039;)
+</pre>
+
+<p>
+If you manage different timezones, you have to take the jetlag into account in ssoLogonHours values, or use the $_timezone parameter. This parameter is set by the portal and use javascript to get the connected user timezone. It should works on every browser:
+
+</p>
+<pre class="code">
+checkLogonHours($ssoLogonHours, &#039;&#039;, $_timezone)
+</pre>
+
+<p>
+You can modify the default behavior for people without value in ssoLogonHours. Indeed, by default, users without logon hours values are rejected. You can allow these users instead of reject them:
+
+</p>
+<pre class="code">
+checkLogonHours($ssoLogonHours, &#039;&#039;, &#039;&#039;, &#039;1&#039;)
+</pre>
+
+</div>
+<!-- SECTION "checkLogonHours" [829-2756] -->
+<h3><a name="checkdate" id="checkdate">checkDate</a></h3>
+<div class="level3">
+
+<p>
+
+This function will check the date of current request, and compare it to a start date and an end date. It returns 1 if this match, 0 else.
+</p>
+
+<p>
+<p><div class="notetip">The <a href="../../documentation/1.1/authldap.html#schema_extension" class="wikilink1" title="documentation:1.1:authldap">LDAP schema extension</a> can be used to store these values
+</div></p>
+</p>
+
+<p>
+The date format is the <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> date syntax, for example for the 1st March 2009:
+
+</p>
+<pre class="code">
+20090301000000Z
+</pre>
+
+<p>
+Functions parameters:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>start</strong>: Start date (GMT)</div>
+</li>
+<li class="level1"><div class="li"> <strong>end</strong>: End date (GMT)</div>
+</li>
+<li class="level1"><div class="li"> <strong>default_access</strong> (optional): what result to return if <strong>start</strong> and <strong>end</strong> are empty</div>
+</li>
+</ul>
+
+<p>
+
+Simple usage example:
+
+</p>
+<pre class="code">
+checkDate($ssoStartDate, $ssoEndDate)
+</pre>
+
+</div>
+<!-- SECTION "checkDate" [2757-3384] -->
+<h3><a name="basic" id="basic">basic</a></h3>
+<div class="level3">
+
+<p>
+
+This function builds the <code>Authorization</code> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> header used in <a href="../../documentation/1.1/applications/authbasic.html" class="wikilink1" title="documentation:1.1:applications:authbasic">HTTP Basic authentication scheme</a>. It will force conversion from UTF-8 to <acronym title="International Organization for Standardization">ISO</acronym>-8859-1 of user and password data.
+</p>
+
+<p>
+Functions parameters:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>user</strong></div>
+</li>
+<li class="level1"><div class="li"> <strong>password</strong></div>
+</li>
+</ul>
+
+<p>
+
+Simple usage example:
+
+</p>
+<pre class="code">
+basic($uid,$_password)
+</pre>
+
+</div>
+<!-- SECTION "basic" [3385-3718] -->
+<h3><a name="unicode2iso" id="unicode2iso">unicode2iso</a></h3>
+<div class="level3">
+
+<p>
+
+This function convert a string from UTF-8 to <acronym title="International Organization for Standardization">ISO</acronym>-8859-1.
+</p>
+
+<p>
+Functions parameters:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>string</strong></div>
+</li>
+</ul>
+
+<p>
+
+Simple usage example:
+
+</p>
+<pre class="code">
+unicode2iso($name)
+</pre>
+
+</div>
+<!-- SECTION "unicode2iso" [3719-3894] -->
+<h3><a name="iso2unicode" id="iso2unicode">iso2unicode</a></h3>
+<div class="level3">
+
+<p>
+
+This function convert a string from <acronym title="International Organization for Standardization">ISO</acronym>-8859-1 to UTF-8.
+</p>
+
+<p>
+Functions parameters:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>string</strong></div>
+</li>
+</ul>
+
+<p>
+
+Simple usage example:
+
+</p>
+<pre class="code">
+iso2unicode($name)
+</pre>
+
+</div>
+<!-- SECTION "iso2unicode" [3895-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/federationproxy.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/federationproxy.html
@ -0,0 +1,69 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="llng_as_federation_protocol_proxy" id="llng_as_federation_protocol_proxy">LL::NG as federation protocol proxy</a></h1>
+<div class="level1">
+
+<p>
+<acronym title="LemonLDAP::NG">LL::NG</acronym> can use federation protocols (<acronym title="Security Assertion Markup Language">SAML</acronym>, <acronym title="Central Authentication Service">CAS</acronym>, OpenID) independently to:
+</p>
+<ul>
+<li class="level1"><div class="li"> authenticate users</div>
+</li>
+<li class="level1"><div class="li"> provide identities to other systems</div>
+</li>
+</ul>
+
+<p>
+
+So you can configure it to authenticate users using a federation protocol and simultaneously to provide identities using other(s) federation protocols.
+</p>
+
+<p>
+For example, a <acronym title="LemonLDAP::NG">LL::NG</acronym> server can be:
+</p>
+<ul>
+<li class="level1"><div class="li"> A <a href="../../documentation/1.1/idpcas.html" class="wikilink1" title="documentation:1.1:idpcas">CAS server</a> with <a href="../../documentation/1.1/authsaml.html" class="wikilink1" title="documentation:1.1:authsaml">SAML authentication</a></div>
+</li>
+<li class="level1"><div class="li"> An <a href="../../documentation/1.1/idpopenid.html" class="wikilink1" title="documentation:1.1:idpopenid">OpenID server</a> with <a href="../../documentation/1.1/authcas.html" class="wikilink1" title="documentation:1.1:authcas">CAS authentication</a></div>
+</li>
+<li class="level1"><div class="li"> An <a href="../../documentation/1.1/idpsaml.html" class="wikilink1" title="documentation:1.1:idpsaml">SAML server</a> with <a href="../../documentation/1.1/authopenid.html" class="wikilink1" title="documentation:1.1:authopenid">OpenID authentication</a></div>
+</li>
+<li class="level1"><div class="li"> …</div>
+</li>
+</ul>
+
+<p>
+
+See the following chapters:
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/start.html#authentication_users_and_password_databases" class="wikilink1" title="documentation:1.1:start">Authentication protocols</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/start.html#identity_provider" class="wikilink1" title="documentation:1.1:start">Identity provider</a></div>
+</li>
+</ul>
+
+</div>
+</div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/fileconfbackend.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/fileconfbackend.html
@ -0,0 +1,62 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="file_configuration_backend" id="file_configuration_backend">File configuration backend</a></h1>
+<div class="level1">
+
+<p>
+
+This is the default configuration backend. Datas are stored as key/values (no-strings values are serialized).
+</p>
+
+<p>
+<p><div class="notetip">This configuration storage can be shared between different hosts using:
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/soapconfbackend.html" class="wikilink1" title="documentation:1.1:soapconfbackend">SOAP configuration backend proxy</a></div>
+</li>
+<li class="level1"><div class="li"> any files sharing system (NFS, NAS, SAN,…)</div>
+</li>
+</ul>
+
+<p>
+
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "File configuration backend" [1-350] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+You just have to configure a directory writable by Apache user and set it in [configuration] section in your lemonldap-ng.ini file:
+</p>
+<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>configuration<span class="br0">&#93;</span></span>
+<span class="re1">type</span>  <span class="sy0">=</span><span class="re2"> File</span>
+<span class="re1">dirName</span> <span class="sy0">=</span><span class="re2"> /var/lib/lemonldap-ng/conf</span></pre>
+
+</div>
+<!-- SECTION "Configuration" [351-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/filesessionbackend.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/filesessionbackend.html
@ -0,0 +1,72 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="file_session_backend" id="file_session_backend">File session backend</a></h1>
+<div class="level1">
+
+<p>
+
+File session backend is the more simple session database. Sessions are stored as files in a single directory. Lock files are stored in another directory. It can not be used to share sessions between different servers except if you share directories (with NFS,…).
+</p>
+
+</div>
+<!-- SECTION "File session backend" [1-302] -->
+<h2><a name="setup" id="setup">Setup</a></h2>
+<div class="level2">
+
+<p>
+
+In the manager: set ”<a href="http://search.cpan.org/perldoc?Apache::Session::File" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::File"  rel="nofollow">Apache::Session::File</a>” in “General parameters » Sessions » Session storage » Apache::Session module” and add the following parameters (case sensitive):
+
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign" colspan="3">  Required parameters  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<th class="col0 centeralign">  Name  </th><th class="col1 centeralign">  Comment  </th><th class="col2 centeralign">  Example  </th>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0 centeralign">  <strong>Directory</strong>  </td><td class="col1"> The path to the main directory </td><td class="col2"> /var/lib/lemonldap-ng/sessions </td>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0 centeralign">  <strong>LockDirectory</strong>  </td><td class="col1"> The path to the lock directory </td><td class="col2"> /var/lib/lemonldap-ng/sessions/lock </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Setup" [303-800] -->
+<h2><a name="security" id="security">Security</a></h2>
+<div class="level2">
+
+<p>
+
+Restrict access to the directories only to the Apache server. Example:
+
+</p>
+<pre class="code shell">chmod 750 /var/lib/lemonldap-ng/sessions /var/lib/lemonldap-ng/sessions/lock
+chown www-data:www-data /var/lib/lemonldap-ng/sessions /var/lib/lemonldap-ng/sessions/lock</pre>
+
+</div>
+<!-- SECTION "Security" [801-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/formreplay.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/formreplay.html
@ -0,0 +1,159 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="form_replay" id="form_replay">Form replay</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "Form replay" [1-27] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+Form replay allows you to open a session on a protected application by replaying the form POST without asking anything to the user.
+</p>
+
+<p>
+<p><div class="notewarning">
+This kind of <acronym title="Single Sign On">SSO</acronym> mechanism is not clean, and can lead to problems, like local password blocking, local session not well closed, etc.
+</p>
+
+<p>
+Please always try to find another solution to protect your application with <acronym title="LemonLDAP::NG">LL::NG</acronym>. At least, check if it is not a <a href="../../documentation/1.1/applications.html" class="wikilink1" title="documentation:1.1:applications">known application</a>, or <a href="../../documentation/1.1/selfmadeapplication.html" class="wikilink1" title="documentation:1.1:selfmadeapplication">try to adapt its source code</a>.
+
+</div></p>
+</p>
+
+<p>
+If you configure form replay with <acronym title="LemonLDAP::NG">LL::NG</acronym>, the Handler will catch configured POST <acronym title="Uniform Resource Locator">URL</acronym> and send a POST query to the target page (which can be different of the caught page). Each field can be filled with static values or data from user&#039;s session.
+</p>
+
+<p>
+<p><div class="notetip">
+To post user&#039;s password, you must enable <a href="../../documentation/1.1/passwordstore.html" class="wikilink1" title="documentation:1.1:passwordstore">password storing</a>. In this case you will be able to use <code>$_password</code> to fill any password POST field.
+</div></p>
+</p>
+
+<p>
+<acronym title="LemonLDAP::NG">LL::NG</acronym> can catch a GET request and transform it internally in a POST request. All this work is transparent for the user, he cannot see what data are posted by <acronym title="LemonLDAP::NG">LL::NG</acronym>.
+</p>
+
+</div>
+<!-- SECTION "Presentation" [28-1147] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+You should grab some informations:
+</p>
+<ul>
+<li class="level1"><div class="li"> <acronym title="Uniform Resource Identifier">URI</acronym> of the page which contains the form</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Uniform Resource Identifier">URI</acronym> of the page which receive POST data (optional if it is the same as the page holding the form)</div>
+</li>
+<li class="level1"><div class="li"> All fields name and values</div>
+</li>
+</ul>
+
+<p>
+
+For example:
+</p>
+<ul>
+<li class="level1"><div class="li"> Form page <acronym title="Uniform Resource Identifier">URI</acronym>: /login.php</div>
+</li>
+<li class="level1"><div class="li"> POST data <acronym title="Uniform Resource Identifier">URI</acronym>: /process.php</div>
+</li>
+<li class="level1"><div class="li"> Fields:</div>
+<ul>
+<li class="level2"><div class="li"> login: $uid (uid of the user)</div>
+</li>
+<li class="level2"><div class="li"> password: $_password (password of the user)</div>
+</li>
+<li class="level2"><div class="li"> static: &#039;StaticValue&#039; (a static value)</div>
+</li>
+<li class="level2"><div class="li"> remember: &#039;1&#039; (checked box)</div>
+</li>
+</ul>
+</li>
+</ul>
+
+<p>
+
+Then go in Manager, <code>Virtual Hosts</code> » <em>virtualhost</em> » <code>Form replay</code> and click on <code>Add POST <acronym title="Uniform Resource Locator">URL</acronym></code>.
+</p>
+
+<p>
+<a href="/_detail/documentation/manager-formreplay-newurl.png?id=documentation%3A1.1%3Aformreplay" class="media" title="documentation:manager-formreplay-newurl.png"><img src="../../../media/documentation/manager-formreplay-newurl.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+Fill values here:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>POST <acronym title="Uniform Resource Locator">URL</acronym></strong>: /login.php</div>
+</li>
+<li class="level1"><div class="li"> <strong>Target <acronym title="Uniform Resource Locator">URL</acronym></strong>: /process.php</div>
+</li>
+</ul>
+
+<p>
+
+Then click on <code>New POST data</code> and add all data with their values, for example:
+</p>
+
+<p>
+<a href="/_detail/documentation/manager-formreplay-newdata.png?id=documentation%3A1.1%3Aformreplay" class="media" title="documentation:manager-formreplay-newdata.png"><img src="../../../media/documentation/manager-formreplay-newdata.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+<p><div class="notetip">You can define more than one form replay <acronym title="Uniform Resource Locator">URL</acronym> per virtual host.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Configuration" [1148-2099] -->
+<h2><a name="form_replay_with_apache_mod_proxy" id="form_replay_with_apache_mod_proxy">Form replay with Apache mod_proxy</a></h2>
+<div class="level2">
+
+<p>
+
+Due to a conflict between <acronym title="LemonLDAP::NG">LL::NG</acronym> form replay and Apache mod_proxy (see <a href="http://jira.ow2.org/browse/LEMONLDAP-176" class="urlextern" title="http://jira.ow2.org/browse/LEMONLDAP-176"  rel="nofollow">issue</a>), you cannot use form replay on proxied applications, unless you use <acronym title="LemonLDAP::NG">LL::NG</acronym> internal proxy (based on <acronym title="Practical Extraction and Report Language">Perl</acronym> LWP):
+</p>
+<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span>&gt;
+  <span class="kw1">ServerName</span> test2.example.com
+&nbsp;
+  PerlHeaderParserHandler My::Package
+&nbsp;
+  PerlModule Lemonldap::NG::Handler::Proxy
+  <span class="kw1">SetHandler</span> perl-<span class="kw1">script</span>
+  PerlHandler Lemonldap::NG::Handler::Proxy
+  PerlSetVar LmProxyPass http://APPLICATION/
+  PerlSetVar LmLocationToReplace http://APPLICATION/,http://test2.example.com
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+</div>
+<!-- SECTION "Form replay with Apache mod_proxy" [2100-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/header_remote_user_conversion.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/header_remote_user_conversion.html
@ -0,0 +1,86 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="convert_http_header_into_environment_variable" id="convert_http_header_into_environment_variable">Convert HTTP header into environment variable</a></h1>
+<div class="level1">
+
+<p>
+
+Using <acronym title="LemonLDAP::NG">LL::NG</acronym> in reverse proxy mode, you will not have the <code>REMOTE_USER</code> environment variable set. Indeed, this variable is set by the Handler on the physical server hosting the Handler, and not on other servers where the Handler is not installed.
+</p>
+
+<p>
+Apache <a href="http://httpd.apache.org/docs/current/mod/mod_setenvif.html" class="urlextern" title="http://httpd.apache.org/docs/current/mod/mod_setenvif.html"  rel="nofollow">SetEnvIf module</a> will let you transform the Auth-User <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> header in <code>REMOTE_USER</code> environment variable:
+</p>
+<pre class="code file apache"><span class="kw1">SetEnvIfNoCase</span> Auth-<span class="kw1">User</span> <span class="st0">&quot;(.*)&quot;</span> REMOTE_USER=$<span class="nu0">1</span></pre>
+
+<p>
+This can be used to protect applications relying on <code>REMOTE_USER</code> environment variable in reverse proxy mode. In this case you will have two Apache configuration files:
+
+</p>
+<ul>
+<li class="level1"><div class="li"> Apache configuration file on <acronym title="LemonLDAP::NG">LL::NG</acronym> reverse proxy (hosting <acronym title="LemonLDAP::NG">LL::NG</acronym> Handler):</div>
+</li>
+</ul>
+<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
+        <span class="kw1">ServerName</span> application.example.com
+&nbsp;
+        PerlHeaderParserHandler My::Package
+&nbsp;
+        <span class="kw1">ProxyPreserveHost</span> <span class="kw2">on</span>
+        <span class="kw1">ProxyPass</span> / http://APPLICATION_IP/
+        <span class="kw1">ProxyPassReverse</span> / http://APPLICATION_IP/
+&nbsp;
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+<ul>
+<li class="level1"><div class="li"> Apache configuration file on application server (hosting the application):</div>
+</li>
+</ul>
+<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
+        <span class="kw1">ServerName</span> application.example.com
+&nbsp;
+        <span class="kw1">SetEnvIfNoCase</span> Auth-<span class="kw1">User</span> <span class="st0">&quot;(.*)&quot;</span> REMOTE_USER=$1
+&nbsp;
+        <span class="kw1">DocumentRoot</span> /var/www/application
+&nbsp;
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+<p>
+<p><div class="notetip">
+Sometimes, <acronym title="Hypertext Preprocessor">PHP</acronym> applications also check the <acronym title="Hypertext Preprocessor">PHP</acronym>_AUTH_USER and <acronym title="Hypertext Preprocessor">PHP</acronym>_AUHT_PW environment variables. You can set them the same way:
+
+</p>
+<pre class="code file apache"><span class="kw1">SetEnvIfNoCase</span> Auth-<span class="kw1">User</span> <span class="st0">&quot;(.*)&quot;</span> PHP_AUTH_USER=$1
+<span class="kw1">SetEnvIfNoCase</span> Auth-Password <span class="st0">&quot;(.*)&quot;</span> PHP_AUTH_PW=$<span class="nu0">1</span></pre>
+
+<p>
+
+Of course, you need to <a href="../../documentation/1.1/passwordstore.html" class="wikilink1" title="documentation:1.1:passwordstore">store password in session</a> to fill <acronym title="Hypertext Preprocessor">PHP</acronym>_AUTH_PW.
+
+</div></p>
+
+</p>
+
+</div>
+</div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/highavailability.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/highavailability.html
@ -0,0 +1,57 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="high_availability" id="high_availability">High availability</a></h1>
+<div class="level1">
+
+<p>
+
+LemonLDAP::NG is highly scalable, so easy to insert behind a load-balancer:
+</p>
+<ul>
+<li class="level1"><div class="li"> Portal does not store any data outside the session database, so you can have many portal servers using the same <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> host name</div>
+</li>
+<li class="level1"><div class="li"> All handlers download the whole configuration, so many servers can serve the same virtual hosts</div>
+</li>
+</ul>
+
+<p>
+
+You can for example set up a fail-over cluster with <a href="http://www.linux-ha.org/wiki/Heartbeat" class="urlextern" title="http://www.linux-ha.org/wiki/Heartbeat"  rel="nofollow">Heartbeat</a> and <a href="http://haproxy.1wt.eu/" class="urlextern" title="http://haproxy.1wt.eu/"  rel="nofollow">HAproxy</a>, like this:
+</p>
+
+<p>
+<a href="/_detail/documentation/ha-apache.png?id=documentation%3A1.1%3Ahighavailability" class="media" title="documentation:ha-apache.png"><img src="../../../media/documentation/ha-apache.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+You just have to share configuration and sessions databases between those servers:
+</p>
+
+<p>
+<a href="/_detail/documentation/ha-sessions-configuration.png?id=documentation%3A1.1%3Ahighavailability" class="media" title="documentation:ha-sessions-configuration.png"><img src="../../../media/documentation/ha-sessions-configuration.png" class="mediacenter" alt="" /></a>
+</p>
+
+</div>
+</div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/idpcas.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/idpcas.html
@ -0,0 +1,117 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="cas_server" id="cas_server">CAS server</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "CAS server" [1-26] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> can act as an <acronym title="Central Authentication Service">CAS</acronym> server, that can allow to federate <acronym title="LemonLDAP::NG">LL::NG</acronym> with:
+</p>
+<ul>
+<li class="level1"><div class="li"> Another <acronym title="LemonLDAP::NG">LL::NG</acronym> system configured with <a href="../../documentation/1.1/authcas.html" class="wikilink1" title="documentation:1.1:authcas">CAS authentication</a></div>
+</li>
+<li class="level1"><div class="li"> Any <acronym title="Central Authentication Service">CAS</acronym> consumer</div>
+</li>
+</ul>
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> is compatible with the <acronym title="Central Authentication Service">CAS</acronym> protocol <a href="http://www.jasig.org/cas/protocol" class="urlextern" title="http://www.jasig.org/cas/protocol"  rel="nofollow">versions 1.0 and 2.0</a>. This protocol does not define any attributes exchange mechanism, so only authentication is managed.
+</p>
+
+</div>
+<!-- SECTION "Presentation" [27-424] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+In the Manager, go in <code>General Parameters</code> » <code>Issuer modules</code> » <code><acronym title="Central Authentication Service">CAS</acronym></code> and configure:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Activation</strong>: set to <code>On</code>.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Path</strong>: keep <code>^/cas/</code> unless you have change <a href="../../documentation/1.1/configlocation.html#portal" class="wikilink1" title="documentation:1.1:configlocation">Apache portal configuration</a> file.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Use rule</strong>: a rule to allow user to use this module, set to 1 to always allow.</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">
+For example, to allow only users with a strong authentication level:
+
+</p>
+<pre class="code">
+$authenticationLevel &gt; 2
+</pre>
+
+<p>
+
+
+</div></p>
+</p>
+
+<p>
+<p><div class="noteimportant">
+Apache rewrite rules must have been activated in <a href="../../documentation/1.1/configlocation.html#portal" class="wikilink1" title="documentation:1.1:configlocation">Apache portal configuration</a>:
+
+</p>
+<pre class="code file apache">    &lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
+        <span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
+        <span class="kw1">RewriteRule</span> ^/cas/.* /index.pl
+    &lt;/<span class="kw3">IfModule</span>&gt;</pre>
+
+<p>
+
+
+</div></p>
+</p>
+
+<p>
+Then go in <code>Options</code> to define:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong><acronym title="Central Authentication Service">CAS</acronym> login</strong>: the session key used to fill user login (value will be transmitted to <acronym title="Central Authentication Service">CAS</acronym> clients).</div>
+</li>
+<li class="level1"><div class="li"> <strong><acronym title="Central Authentication Service">CAS</acronym> session module name and options</strong>: choose a specific module if you do not want to mix <acronym title="Central Authentication Service">CAS</acronym> sessions and normal sessions (see <a href="../../documentation/1.1/samlservice.html#saml_sessions_module_name_and_options" class="wikilink1" title="documentation:1.1:samlservice">why</a>).</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">If <code><acronym title="Central Authentication Service">CAS</acronym> login</code> is not set, it uses <code>General Parameters</code> » <code>Logs</code> » <code>REMOTE_USER</code> data, which is set to <code>uid</code> by default
+</div></p>
+
+</p>
+
+</div>
+<!-- SECTION "Configuration" [425-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/idpopenid.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/idpopenid.html
@ -0,0 +1,197 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="openid_server" id="openid_server">OpenID server</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "OpenID server" [1-29] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> can act as an OpenID 2.0 Server, that can allow to federate <acronym title="LemonLDAP::NG">LL::NG</acronym> with:
+</p>
+<ul>
+<li class="level1"><div class="li"> Another <acronym title="LemonLDAP::NG">LL::NG</acronym> system configured with <a href="../../documentation/1.1/authopenid.html" class="wikilink1" title="documentation:1.1:authopenid">OpenID authentication</a></div>
+</li>
+<li class="level1"><div class="li"> Any OpenID consumer</div>
+</li>
+</ul>
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> is compatible with the OpenID Authentication protocol <a href="http://openid.net/specs/openid-authentication-2_0.html" class="urlextern" title="http://openid.net/specs/openid-authentication-2_0.html"  rel="nofollow">version 2.0</a> and <a href="http://openid.net/specs/openid-authentication-1_1.html" class="urlextern" title="http://openid.net/specs/openid-authentication-1_1.html"  rel="nofollow">version 1.0</a>. It can be used just to share authentication or to share user&#039;s attributes following the <a href="http://openid.net/specs/openid-simple-registration-extension-1_0.html" class="urlextern" title="http://openid.net/specs/openid-simple-registration-extension-1_0.html"  rel="nofollow">OpenID Simple Registration Extension 1.0 (SREG)</a> specification.
+</p>
+
+<p>
+When <acronym title="LemonLDAP::NG">LL::NG</acronym> is configured as OpenID identity provider, users can share their authentication using [PORTAL]/openidserver/[login] where:
+</p>
+<ul>
+<li class="level1"><div class="li"> [PORTAL] is the portal <acronym title="Uniform Resource Locator">URL</acronym></div>
+</li>
+<li class="level1"><div class="li"> [login] is the user login (or any other session information, <span class="curid"><a href="../../documentation/1.1/idpopenid.html#configuration" class="wikilink1" title="documentation:1.1:idpopenid">see below</a></span>)</div>
+</li>
+</ul>
+
+<p>
+
+Example:
+
+</p>
+<pre class="code">
+http://auth.example.com/openidserver/foo.bar
+</pre>
+
+</div>
+<!-- SECTION "Presentation" [30-1014] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+In the Manager, go in <code>General Parameters</code> » <code>Issuer modules</code> » <code>OpenID</code> and configure:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Activation</strong>: set to <code>On</code></div>
+</li>
+<li class="level1"><div class="li"> <strong>Path</strong>: keep <code>^/openidserver/</code> unless you have change <a href="../../documentation/1.1/configlocation.html#portal" class="wikilink1" title="documentation:1.1:configlocation">Apache portal configuration</a> file.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Use rule</strong>: a rule to allow user to use this module, set to 1 to always allow.</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">
+For example, to allow only users with a strong authentication level:
+
+</p>
+<pre class="code">
+$authenticationLevel &gt; 2
+</pre>
+
+<p>
+
+
+</div></p>
+</p>
+
+<p>
+<p><div class="noteimportant">
+Apache rewrite rules must have been activated in <a href="../../documentation/1.1/configlocation.html#portal" class="wikilink1" title="documentation:1.1:configlocation">Apache portal configuration</a>:
+
+</p>
+<pre class="code file apache">    &lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
+        <span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
+        <span class="kw1">RewriteRule</span> ^/openidserver/.* /index.pl
+    &lt;/<span class="kw3">IfModule</span>&gt;</pre>
+
+<p>
+
+
+</div></p>
+</p>
+
+<p>
+Then go in <code>Options</code> to define:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Secret token</strong>: a secret token used to secure transmissions between OpenID client and server (<span class="curid"><a href="../../documentation/1.1/idpopenid.html#security" class="wikilink1" title="documentation:1.1:idpopenid">see below</a></span>).</div>
+</li>
+<li class="level1"><div class="li"> <strong>OpenID login</strong>: the session key used to match OpenID login.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Authorized domains</strong>: white list or black list of OpenID client domains (<span class="curid"><a href="../../documentation/1.1/idpopenid.html#security" class="wikilink1" title="documentation:1.1:idpopenid">see below</a></span>).</div>
+</li>
+<li class="level1"><div class="li"> <strong>SREG mapping</strong>: link between SREG attributes and session keys (<span class="curid"><a href="../../documentation/1.1/idpopenid.html#shared_attributes_sreg" class="wikilink1" title="documentation:1.1:idpopenid">see below</a></span>).</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">If <code>OpenID login</code> is not set, it uses <code>General Parameters</code> » <code>Logs</code> » <code>REMOTE_USER</code> data, which is set to <code>uid</code> by default
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Configuration" [1015-2399] -->
+<h3><a name="shared_attributes_sreg" id="shared_attributes_sreg">Shared attributes (SREG)</a></h3>
+<div class="level3">
+
+<p>
+
+<a href="http://openid.net/specs/openid-simple-registration-extension-1_0.html" class="urlextern" title="http://openid.net/specs/openid-simple-registration-extension-1_0.html"  rel="nofollow">SREG</a> permit the share of 8 attributes:
+</p>
+<ul>
+<li class="level1"><div class="li"> Nick name</div>
+</li>
+<li class="level1"><div class="li"> Email</div>
+</li>
+<li class="level1"><div class="li"> Full name</div>
+</li>
+<li class="level1"><div class="li"> Date of birth</div>
+</li>
+<li class="level1"><div class="li"> Gender</div>
+</li>
+<li class="level1"><div class="li"> Postal code</div>
+</li>
+<li class="level1"><div class="li"> Country</div>
+</li>
+<li class="level1"><div class="li"> Language</div>
+</li>
+<li class="level1"><div class="li"> Timezone</div>
+</li>
+</ul>
+
+<p>
+
+Each SREG attribute will be associated to a user session key. A session key can be associated to more than one SREG attribute.
+</p>
+
+<p>
+<p><div class="noteclassic">If the OpenID consumer ask for data, users will be prompted to accept or not the data sharing.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Shared attributes (SREG)" [2400-2907] -->
+<h3><a name="security" id="security">Security</a></h3>
+<div class="level3">
+<ul>
+<li class="level1"><div class="li"> <acronym title="LemonLDAP::NG">LL::NG</acronym> can be configured to restrict OpenID exchange using a white or a black list of domains.</div>
+</li>
+<li class="level1"><div class="li"> If not set, the secret token is calculated using the general encryption key.</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="noteimportant">Note that <a href="../../documentation/1.1/idpsaml.html" class="wikilink1" title="documentation:1.1:idpsaml">SAML</a> protocol is more secured than OpenID, so when your partners are known, prefer <a href="../../documentation/1.1/idpsaml.html" class="wikilink1" title="documentation:1.1:idpsaml">SAML</a>.
+</div></p>
+
+</p>
+
+</div>
+<!-- SECTION "Security" [2908-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/idpsaml.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/idpsaml.html
@ -0,0 +1,234 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="saml_identity_provider" id="saml_identity_provider">SAML Identity Provider</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "SAML Identity Provider" [1-38] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> can act as an <acronym title="Security Assertion Markup Language">SAML</acronym> 2.0 Identity Provider, that can allow to federate <acronym title="LemonLDAP::NG">LL::NG</acronym> with:
+</p>
+<ul>
+<li class="level1"><div class="li"> Another <acronym title="LemonLDAP::NG">LL::NG</acronym> system configured with <a href="../../documentation/1.1/authsaml.html" class="wikilink1" title="documentation:1.1:authsaml">SAML authentication</a></div>
+</li>
+<li class="level1"><div class="li"> Any <acronym title="Security Assertion Markup Language">SAML</acronym> Service Provider, for example:</div>
+</li>
+</ul>
+<div class="plugin_include_content" id="plugin_include__documentation:1.1:applications">
+<div class="level2">
+
+<p>
+
+<p><div class="noteclassic">This requires to configure <acronym title="LemonLDAP::NG">LL::NG</acronym> as an <span class="curid"><a href="../../documentation/1.1/idpsaml.html" class="wikilink1" title="documentation:1.1:idpsaml">SAML Identity Provider</a></span>.
+</div></p>
+
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  Google Apps  </th><th class="col1 centeralign">  Zimbra  </th><th class="col2 centeralign">  SAP  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  <a href="../../documentation/1.1/applications/googleapps.html" class="media" title="documentation:1.1:applications:googleapps"><img src="../../../media/applications/googleapps_logo.png" class="media" alt="" /></a>  </td><td class="col1 centeralign">  <a href="http://blog.zimbra.com/blog/archives/2010/06/using-saml-assertions-to-access-zimbra.html" class="media" title="http://blog.zimbra.com/blog/archives/2010/06/using-saml-assertions-to-access-zimbra.html"  rel="nofollow"><img src="../../../media/applications/zimbra_logo.png" class="media" alt="" /></a>  </td><td class="col2 centeralign">  <a href="http://help.sap.com/saphelp_nw04/helpdata/en/94/695b3ebd564644e10000000a114084/content.htm" class="media" title="http://help.sap.com/saphelp_nw04/helpdata/en/94/695b3ebd564644e10000000a114084/content.htm"  rel="nofollow"><img src="../../../media/applications/saplogo.gif" class="media" title="SAP" alt="SAP" /></a>  </td>
+	</tr>
+</table>
+
+</div>
+</div>
+<div class="level2">
+
+</div>
+<!-- SECTION "Presentation" [39-323] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Configuration" [324-350] -->
+<h3><a name="saml_service" id="saml_service">SAML Service</a></h3>
+<div class="level3">
+
+<p>
+
+See <a href="../../documentation/1.1/samlservice.html" class="wikilink1" title="documentation:1.1:samlservice">SAML service</a> configuration chapter.
+</p>
+
+</div>
+<!-- SECTION "SAML Service" [351-431] -->
+<h3><a name="issuerdb" id="issuerdb">IssuerDB</a></h3>
+<div class="level3">
+
+<p>
+
+Go in <code>General Parameters</code> » <code>Issuer modules</code> » <code><acronym title="Security Assertion Markup Language">SAML</acronym></code> and configure:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Activation</strong>: set to <code>On</code>.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Path</strong>: keep <code>^/saml/</code> unless you have change <acronym title="Security Assertion Markup Language">SAML</acronym> end points suffix in <a href="../../documentation/1.1/samlservice.html" class="wikilink1" title="documentation:1.1:samlservice">SAML service configuration</a>.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Use rule</strong>: a rule to allow user to use this module, set to <code>1</code> to always allow.</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">
+For example, to allow only users with a strong authentication level:
+
+</p>
+<pre class="code">
+$authenticationLevel &gt; 2
+</pre>
+
+<p>
+
+
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "IssuerDB" [432-907] -->
+<h3><a name="register_lemonldapng_on_partner_service_provider" id="register_lemonldapng_on_partner_service_provider">Register LemonLDAP::NG on partner Service Provider</a></h3>
+<div class="level3">
+
+<p>
+
+After configuring <acronym title="Security Assertion Markup Language">SAML</acronym> Service, you can export metadata to your partner Service Provider.
+</p>
+
+<p>
+They are available at the EntityID <acronym title="Uniform Resource Locator">URL</acronym>, by default: <a href="http://auth.example.com/saml/metadata" class="urlextern" title="http://auth.example.com/saml/metadata"  rel="nofollow">http://auth.example.com/saml/metadata</a>.
+</p>
+
+</div>
+<!-- SECTION "Register LemonLDAP::NG on partner Service Provider" [908-1152] -->
+<h3><a name="register_partner_service_provider_on_lemonldapng" id="register_partner_service_provider_on_lemonldapng">Register partner Service Provider on LemonLDAP::NG</a></h3>
+<div class="level3">
+
+<p>
+
+In the Manager, select node <acronym title="Security Assertion Markup Language">SAML</acronym> service providers and click on New service provider:
+</p>
+
+<p>
+<a href="/_detail/documentation/manager-saml-sp-new.png?id=documentation%3A1.1%3Aidpsaml" class="media" title="documentation:manager-saml-sp-new.png"><img src="../../../media/documentation/manager-saml-sp-new.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+The SP name is asked, enter it and click OK.
+</p>
+
+<p>
+Now you have access to the SP parameters list.
+</p>
+
+</div>
+
+<h4><a name="metadata" id="metadata">Metadata</a></h4>
+<div class="level4">
+
+<p>
+
+You must register SP metadata here. You can do it either by uploading the file, or get it from SP metadata <acronym title="Uniform Resource Locator">URL</acronym> (this require a network link between your server and the SP).
+</p>
+
+<p>
+<p><div class="notetip">You can also copy/paste the metadata: just click on the Edit button. When the text is pasted, click on the Apply button to keep the value.
+</div></p>
+</p>
+
+</div>
+
+<h4><a name="exported_attributes" id="exported_attributes">Exported attributes</a></h4>
+<div class="level4">
+
+<p>
+
+For each attribute, you can set:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Key name</strong>: name of the key in LemonLDAP::NG session</div>
+</li>
+<li class="level1"><div class="li"> <strong>Mandatory</strong>: if set to “On”, then this attribute will be sent in authentication response. Else it just will be sent trough an attribute response, if explicitly requested in an attribute request.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Name</strong>: <acronym title="Security Assertion Markup Language">SAML</acronym> attribute name.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Friendly Name</strong>: optional, <acronym title="Security Assertion Markup Language">SAML</acronym> attribute friendly name.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Format</strong>: optional, <acronym title="Security Assertion Markup Language">SAML</acronym> attribute format.</div>
+</li>
+</ul>
+
+</div>
+
+<h4><a name="options" id="options">Options</a></h4>
+<div class="level4">
+
+</div>
+
+<h5><a name="authentication_response" id="authentication_response">Authentication response</a></h5>
+<div class="level5">
+<ul>
+<li class="level1"><div class="li"> <strong>Default NameID format</strong>: if no NameID format is requested, or the NameID format undefined, this NameID format will be used. If no value, the default NameID format is Email.</div>
+</li>
+<li class="level1"><div class="li"> <strong>One Time Use</strong>: set the OneTimeUse flag in authentication response.</div>
+</li>
+</ul>
+
+</div>
+
+<h5><a name="signature" id="signature">Signature</a></h5>
+<div class="level5">
+
+<p>
+
+These options override service signature options (see <a href="../../documentation/1.1/samlservice.html#general_options" class="wikilink1" title="documentation:1.1:samlservice">SAML service configuration</a>).
+
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Sign <acronym title="Single Sign On">SSO</acronym> message</strong>: sign <acronym title="Single Sign On">SSO</acronym> message</div>
+</li>
+<li class="level1"><div class="li"> <strong>Check <acronym title="Single Sign On">SSO</acronym> message signature</strong>: check <acronym title="Single Sign On">SSO</acronym> message signature</div>
+</li>
+<li class="level1"><div class="li"> <strong>Sign SLO message</strong>: sign SLO message</div>
+</li>
+<li class="level1"><div class="li"> <strong>Check SLO message signature</strong>: check SLO message signature</div>
+</li>
+</ul>
+
+</div>
+
+<h5><a name="security" id="security">Security</a></h5>
+<div class="level5">
+<ul>
+<li class="level1"><div class="li"> <strong>Encryption mode</strong>: set the encryption mode for this IDP (None, NameID or Assertion).</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Register partner Service Provider on LemonLDAP::NG" [1153-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/installdeb.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/installdeb.html
@ -0,0 +1,268 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="installation_on_debianubuntu_with_packages" id="installation_on_debianubuntu_with_packages">Installation on Debian/Ubuntu with packages</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "Installation on Debian/Ubuntu with packages" [1-59] -->
+<h2><a name="organization" id="organization">Organization</a></h2>
+<div class="level2">
+
+<p>
+
+LemonLDAP::NG provides these packages:
+</p>
+<ul>
+<li class="level1"><div class="li"> lemonldap-ng: meta-package, contains no file but dependencies on other packages</div>
+</li>
+<li class="level1"><div class="li"> lemonldap-ng-doc: contains <acronym title="HyperText Markup Language">HTML</acronym> documentation and project docs (README, etc.)</div>
+</li>
+<li class="level1"><div class="li"> liblemonldap-ng-conf-perl: configuration and common files</div>
+</li>
+<li class="level1"><div class="li"> liblemonldap-ng-handler-perl: Handler files</div>
+</li>
+<li class="level1"><div class="li"> liblemonldap-ng-manager-perl: Manager files</div>
+</li>
+<li class="level1"><div class="li"> liblemonldap-ng-portal-perl: Portal files</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Organization" [60-495] -->
+<h2><a name="get_the_packages" id="get_the_packages">Get the packages</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Get the packages" [496-525] -->
+<h3><a name="official_repository" id="official_repository">Official repository</a></h3>
+<div class="level3">
+
+<p>
+
+If you run Debian testing or unstable, the packages are directly installable:
+
+</p>
+<pre class="code">
+apt-cache search lemonldap-ng
+</pre>
+
+<p>
+<p><div class="noteimportant">Packages from <a href="http://packages.debian.org/search?keywords=lemonldap-ng" class="urlextern" title="http://packages.debian.org/search?keywords=lemonldap-ng"  rel="nofollow">Debian repository</a> may not be up to date. Prefer then the other solutions (see below).
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Official repository" [526-864] -->
+<h3><a name="llng_repository" id="llng_repository">LL::NG repository</a></h3>
+<div class="level3">
+
+<p>
+
+You can add this repository to have recent packages:
+
+</p>
+<pre class="code">
+vi /etc/apt/sources.list.d/lemonldap-ng.list
+</pre>
+<pre class="file">
+# LemonLDAP::NG repository
+deb     http://lemonldap-ng.org/deb squeeze main
+deb-src http://lemonldap-ng.org/deb squeeze main
+</pre>
+
+<p>
+Run this to update packages cache:
+
+</p>
+<pre class="code">
+apt-get update
+</pre>
+
+</div>
+<!-- SECTION "LL::NG repository" [865-1214] -->
+<h3><a name="manual_download" id="manual_download">Manual download</a></h3>
+<div class="level3">
+
+<p>
+
+Packages are available on the <a href="../../download.html" class="wikilink1" title="download">Download page</a>.
+</p>
+
+</div>
+<!-- SECTION "Manual download" [1215-1301] -->
+<h2><a name="install_packages" id="install_packages">Install packages</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Install packages" [1302-1331] -->
+<h3><a name="with_apt-get" id="with_apt-get">With apt-get</a></h3>
+<div class="level3">
+<pre class="code">
+apt-get install lemonldap-ng
+</pre>
+
+</div>
+<!-- SECTION "With apt-get" [1332-1400] -->
+<h3><a name="with_dpkg" id="with_dpkg">With dpkg</a></h3>
+<div class="level3">
+
+<p>
+
+Before installing the packages, install <a href="../../documentation/1.1/prereq.html" class="wikilink1" title="documentation:1.1:prereq">dependencies</a>.
+</p>
+
+<p>
+Then:
+
+</p>
+<pre class="code">
+dpkg -i liblemonldap-ng-* lemonldap-ng*
+</pre>
+
+</div>
+<!-- SECTION "With dpkg" [1401-1549] -->
+<h2><a name="first_configuration_steps" id="first_configuration_steps">First configuration steps</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "First configuration steps" [1550-1588] -->
+<h3><a name="change_default_dns_domain" id="change_default_dns_domain">Change default DNS domain</a></h3>
+<div class="level3">
+
+<p>
+
+By default, <acronym title="Domain Name System">DNS</acronym> domain is <code>example.com</code>. You can change it quick with a sed command. For example, we change it to <code>ow2.org</code>:
+</p>
+<pre class="code shell">sed -i 's/example\.com/ow2.org/g' /etc/lemonldap-ng/* /var/lib/lemonldap-ng/conf/lmConf-1 /var/lib/lemonldap-ng/test/index.pl</pre>
+
+</div>
+<!-- SECTION "Change default DNS domain" [1589-1903] -->
+<h3><a name="enable_llng_sites" id="enable_llng_sites">Enable LL::NG sites</a></h3>
+<div class="level3">
+
+<p>
+
+Enable <acronym title="LemonLDAP::NG">LL::NG</acronym> sites in Apache:
+
+</p>
+<pre class="code shell">a2ensite portal-apache2.conf
+a2ensite manager-apache2.conf</pre>
+
+<p>
+
+Restart Apache:
+
+</p>
+<pre class="code shell">apache2ctl configtest
+apache2ctl restart</pre>
+
+</div>
+<!-- SECTION "Enable LL::NG sites" [1904-2124] -->
+<h3><a name="upgrade" id="upgrade">Upgrade</a></h3>
+<div class="level3">
+
+<p>
+
+If you upgraded <acronym title="LemonLDAP::NG">LL::NG</acronym>, check all <a href="../../documentation/1.1/upgrade.html" class="wikilink1" title="documentation:1.1:upgrade">upgrade notes</a>.
+</p>
+
+<p>
+The upgrade process will also have migrate old configuration files into <code>/etc/lemonldap-ng/lemonldap-ng.ini</code>. This includes the application list which is now set in the <code>applicationList</code> parameter from <code>[portal]</code> section, for example:
+
+</p>
+<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
+<span class="re1">applicationList</span><span class="sy0">=</span><span class="re2"><span class="br0">&#123;</span> 'Menu' <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> type <span class="sy0">=</span>&gt; 'category', 'Example' <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> type <span class="sy0">=</span>&gt; 'category', 'test1' <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> type <span class="sy0">=</span>&gt; 'application', options <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> name <span class="sy0">=</span>&gt; 'Application Test <span class="nu0">1</span>', uri <span class="sy0">=</span>&gt; 'http://test1.example.com/', description <span class="sy0">=</span>&gt; 'A simple application displaying authenticated user', logo <span class="sy0">=</span>&gt; 'wheels.png', display <span class="sy0">=</span>&gt; 'auto',  <span class="br0">&#125;</span>, <span class="br0">&#125;</span>,'test2' <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> type <span class="sy0">=</span>&gt; 'application', options <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> name <span class="sy0">=</span>&gt; 'Application Test <span class="nu0">2</span>', uri <span class="sy0">=</span>&gt; 'http://test2.example.com/', description <span class="sy0">=</span>&gt; 'The same simple application displaying authenticated user', logo <span class="sy0">=</span>&gt; 'wheels.png', display <span class="sy0">=</span>&gt; 'auto',  <span class="br0">&#125;</span>, <span class="br0">&#125;</span>, <span class="br0">&#125;</span>,'Administration' <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> type <span class="sy0">=</span>&gt; 'category', 'manager' <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> type <span class="sy0">=</span>&gt; 'application', options <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> name <span class="sy0">=</span>&gt; 'WebSSO Manager', uri <span class="sy0">=</span>&gt; 'http://manager.example.com/', description <span class="sy0">=</span>&gt; 'Configure LemonLDAP::NG WebSSO', logo <span class="sy0">=</span>&gt; 'tools.png', display <span class="sy0">=</span>&gt; 'on',  <span class="br0">&#125;</span>, <span class="br0">&#125;</span>,'sessions' <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> type <span class="sy0">=</span>&gt; 'application', options <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> name <span class="sy0">=</span>&gt; 'Sessions explorer', uri <span class="sy0">=</span>&gt; 'http://manager.example.com/sessions.pl', description <span class="sy0">=</span>&gt; 'Explore WebSSO sessions', logo <span class="sy0">=</span>&gt; 'tools.png', display <span class="sy0">=</span>&gt; 'on',  <span class="br0">&#125;</span>, <span class="br0">&#125;</span>, <span class="br0">&#125;</span>,'Documentation' <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> type <span class="sy0">=</span>&gt; 'category', 'localdoc' <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> type <span class="sy0">=</span>&gt; 'application', options <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> name <span class="sy0">=</span>&gt; 'Local documentation', uri <span class="sy0">=</span>&gt; 'http://manager.example.com/doc/', description <span class="sy0">=</span>&gt; 'Documentation supplied with LemonLDAP::NG', logo <span class="sy0">=</span>&gt; 'docs.png', display <span class="sy0">=</span>&gt; 'on',  <span class="br0">&#125;</span>, <span class="br0">&#125;</span>,'officialwebsite' <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> type <span class="sy0">=</span>&gt; 'application', options <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> name <span class="sy0">=</span>&gt; 'Offical Website', uri <span class="sy0">=</span>&gt; 'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation', description <span class="sy0">=</span>&gt; 'Official LemonLDAP::NG Website', logo <span class="sy0">=</span>&gt; 'web.png', display <span class="sy0">=</span>&gt; 'on',  <span class="br0">&#125;</span>, <span class="br0">&#125;</span>, <span class="br0">&#125;</span>, <span class="br0">&#125;</span>, <span class="br0">&#125;</span></span></pre>
+
+<p>
+<p><div class="noteimportant">You should now use the Manager to configure all <a href="../../documentation/1.1/portalmenu.html#categories_and_applications" class="wikilink1" title="documentation:1.1:portalmenu">applications and categories</a>, and then comment or remove the <code>applicationList</code> parameter from <code>/etc/lemonldap-ng/lemonldap-ng.ini</code>.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Upgrade" [2125-4283] -->
+<h3><a name="dns" id="dns">DNS</a></h3>
+<div class="level3">
+
+<p>
+
+Configure your <acronym title="Domain Name System">DNS</acronym> server to resolve names with your server <acronym title="Internet Protocol">IP</acronym>.
+</p>
+
+<p>
+<p><div class="notetip">
+For tests with <code>example.com</code>, launch the following :
+
+</p>
+<pre class="code shell">cat /etc/lemonldap-ng/for_etc_hosts &gt;&gt; /etc/hosts</pre>
+
+<p>
+
+
+</div></p>
+</p>
+
+<p>
+Follow the <a href="../../documentation/1.1/start.html#configuration" class="wikilink1" title="documentation:1.1:start">next steps</a>
+</p>
+
+</div>
+<!-- SECTION "DNS" [4284-4556] -->
+<h2><a name="file_location" id="file_location">File location</a></h2>
+<div class="level2">
+<ul>
+<li class="level1"><div class="li"> Configuration is in /etc/lemonldap-ng</div>
+</li>
+<li class="level1"><div class="li"> LemonLDAP::NG configuration (edited by the Manager) is in /var/lib/lemonldap-ng/conf/</div>
+</li>
+<li class="level1"><div class="li"> All <acronym title="Practical Extraction and Report Language">Perl</acronym> modules are in the VENDOR perl directory (/usr/share/perl5/)</div>
+</li>
+<li class="level1"><div class="li"> All <acronym title="Practical Extraction and Report Language">Perl</acronym> scripts/pages are in /var/lib/lemonldap-ng/</div>
+</li>
+<li class="level1"><div class="li"> All lemonldap-ng tools are in /usr/share/lemonldap-ng/bin/</div>
+</li>
+<li class="level1"><div class="li"> All static content (examples, <acronym title="Cascading Style Sheets">CSS</acronym>, images, etc.) is in /usr/share/lemonldap-ng/</div>
+</li>
+<li class="level1"><div class="li"> Apache configuration files are in /etc/lemonldap-ng and linked in /etc/apache2/sites-available</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "File location" [4557-5093] -->
+<h2><a name="build_your_packages" id="build_your_packages">Build your packages</a></h2>
+<div class="level2">
+
+<p>
+
+You can also get the <a href="../../download.html" class="wikilink1" title="download">LemonLDAP::NG archive</a> and make the package yourself:
+
+</p>
+<pre class="code">
+tar xzf lemonldap-ng-*.tar.gz
+cd lemonldap-ng-*
+make debian-packages
+</pre>
+
+</div>
+<!-- SECTION "Build your packages" [5094-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/installrpm.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/installrpm.html
@ -0,0 +1,359 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="installation_on_redhatcentos" id="installation_on_redhatcentos">Installation on RedHat/CentOS</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "Installation on RedHat/CentOS" [1-45] -->
+<h2><a name="organization" id="organization">Organization</a></h2>
+<div class="level2">
+
+<p>
+
+LemonLDAP::NG provides these packages:
+</p>
+<ul>
+<li class="level1"><div class="li"> lemonldap-ng: meta-package, contains no file but dependencies on other packages</div>
+</li>
+<li class="level1"><div class="li"> lemonldap-ng-doc: contains <acronym title="HyperText Markup Language">HTML</acronym> documentation and project docs (README, etc.)</div>
+</li>
+<li class="level1"><div class="li"> lemonldap-ng-conf: contains default configuration (<acronym title="Domain Name System">DNS</acronym> domain: example.com)</div>
+</li>
+<li class="level1"><div class="li"> lemonldap-ng-test: contains sample <acronym title="Common Gateway Interface">CGI</acronym> test page</div>
+</li>
+<li class="level1"><div class="li"> lemonldap-ng-handler: contains Apache Handler implementation (agent)</div>
+</li>
+<li class="level1"><div class="li"> lemonldap-ng-manager: contains administration interface and session explorer</div>
+</li>
+<li class="level1"><div class="li"> lemonldap-ng-portal: contains authentication portal and menu</div>
+</li>
+<li class="level1"><div class="li"> perl-Lemonldap-NG-Common: CPAN - Shared modules</div>
+</li>
+<li class="level1"><div class="li"> perl-Lemonldap-NG-Handler: CPAN - Handler modules</div>
+</li>
+<li class="level1"><div class="li"> perl-Lemonldap-NG-Manager: CPAN - Manager modules</div>
+</li>
+<li class="level1"><div class="li"> perl-Lemonldap-NG-Portal: CPAN - Portal modules</div>
+</li>
+</ul>
+
+<p>
+
+This schema shows the dependencies between modules:
+</p>
+
+<p>
+<a href="/_detail/documentation/lemonldap-ng-packages.png?id=documentation%3A1.1%3Ainstallrpm" class="media" title="documentation:lemonldap-ng-packages.png"><img src="../../../media/documentation/lemonldap-ng-packages.png" class="mediacenter" alt="" /></a>
+</p>
+
+</div>
+<!-- SECTION "Organization" [46-943] -->
+<h2><a name="get_the_packages" id="get_the_packages">Get the packages</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Get the packages" [944-973] -->
+<h3><a name="yum_repository" id="yum_repository">YUM repository</a></h3>
+<div class="level3">
+
+<p>
+
+You can add this YUM repository to get recent packages:
+
+</p>
+<pre class="code">
+vi /etc/yum.repos.d/lemonldap-ng.repo
+</pre>
+<pre class="file">
+[lemonldap-ng]
+name=LemonLDAP::NG packages
+baseurl=http://lemonldap-ng.org/rpm/
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OW2
+</pre>
+
+<p>
+Run this to update packages cache:
+
+</p>
+<pre class="code">
+yum update
+</pre>
+
+<p>
+<p><div class="notewarning">
+You must also install a repository for non-core dependencies. Example with EPEL:
+
+</p>
+<pre class="code shell">rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm</pre>
+
+<p>
+See <a href="../../documentation/1.1/prereq.html#yum" class="wikilink1" title="documentation:1.1:prereq">prerequisites and dependencies</a> chapter for more.
+
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "YUM repository" [974-1617] -->
+<h3><a name="manual_download" id="manual_download">Manual download</a></h3>
+<div class="level3">
+
+<p>
+
+RPMs are available on the <a href="../../download.html" class="wikilink1" title="download">Download page</a>.
+</p>
+
+</div>
+<!-- SECTION "Manual download" [1618-1700] -->
+<h2><a name="package_gpg_signature" id="package_gpg_signature">Package GPG signature</a></h2>
+<div class="level2">
+
+<p>
+
+The GPG key can be downloaded here: <a href="../media/rpm-gpg-key-ow2" class="media mediafile mf_" title="rpm-gpg-key-ow2">rpm-gpg-key-ow2</a>
+</p>
+
+<p>
+Install it to trust RPMs:
+</p>
+<pre class="code">
+rpm --import rpm-gpg-key-ow2
+</pre>
+
+</div>
+<!-- SECTION "Package GPG signature" [1701-1866] -->
+<h2><a name="install_packages" id="install_packages">Install packages</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Install packages" [1867-1896] -->
+<h3><a name="with_yum" id="with_yum">With YUM</a></h3>
+<div class="level3">
+
+<p>
+
+If the packages are stored in a yum repository:
+
+</p>
+<pre class="code shell">yum install lemonldap-ng</pre>
+<pre class="code shell">Transaction Summary
+===================================================
+Install      82 Package(s)
+Upgrade       0 Package(s)
+&nbsp;
+Total download size: 18 M
+Is this ok [y/N]: y</pre>
+
+<p>
+You can also use yum on local RPMs file:
+
+</p>
+<pre class="code">
+yum localinstall lemonldap-ng-* perl-Lemonldap-NG-*
+</pre>
+
+</div>
+<!-- SECTION "With YUM" [1897-2314] -->
+<h3><a name="with_rpm" id="with_rpm">With RPM</a></h3>
+<div class="level3">
+
+<p>
+
+Before installing the packages, install all <a href="../../documentation/1.1/prereq.html" class="wikilink1" title="documentation:1.1:prereq">dependencies</a>.
+</p>
+
+<p>
+You have then to install all the downloaded packages:
+
+</p>
+<pre class="code">
+rpm -Uvh lemonldap-ng-* perl-Lemonldap-NG-*
+</pre>
+
+<p>
+
+<p><div class="notetip">
+You can choose to install only one component by choosing the package <code>lemonldap-ng-portal</code>, <code>lemonldap-ng-handler</code> or <code>lemonldap-ng-manager</code>.
+</p>
+
+<p>
+Install the package <code>lemonldap-ng-conf</code> only on the server which stores configuration.
+
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "With RPM" [2315-2777] -->
+<h2><a name="first_configuration_steps" id="first_configuration_steps">First configuration steps</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "First configuration steps" [2778-2816] -->
+<h3><a name="change_default_dns_domain" id="change_default_dns_domain">Change default DNS domain</a></h3>
+<div class="level3">
+
+<p>
+
+By default, <acronym title="Domain Name System">DNS</acronym> domain is <code>example.com</code>. You can change it quick with a sed command. For example, we change it to <code>ow2.org</code>:
+</p>
+<pre class="code shell">sed -i 's/example\.com/ow2.org/g' /etc/lemonldap-ng/* /var/lib/lemonldap-ng/conf/lmConf-1 /var/lib/lemonldap-ng/test/index.pl</pre>
+
+</div>
+<!-- SECTION "Change default DNS domain" [2817-3131] -->
+<h3><a name="apache_virtual_host" id="apache_virtual_host">Apache virtual host</a></h3>
+<div class="level3">
+
+<p>
+
+If <acronym title="LemonLDAP::NG">LL::NG</acronym> is the only software installed in Apache, the virtual host feature may not have already been activated.
+</p>
+
+<p>
+To do it, uncomment the <code>NameVirtualHost</code> line in <code>/etc/httpd/conf.d/z-lemonldap-ng-handler.conf</code>:
+</p>
+<pre class="code file apache"><span class="kw1">NameVirtualHost</span> *:<span class="nu0">80</span></pre>
+
+<p>
+Check Apache configuration and restart:
+
+</p>
+<pre class="code shell">apachectl configtest
+apachectl restart</pre>
+
+</div>
+<!-- SECTION "Apache virtual host" [3132-3526] -->
+<h3><a name="upgrade" id="upgrade">Upgrade</a></h3>
+<div class="level3">
+
+<p>
+
+If you upgraded <acronym title="LemonLDAP::NG">LL::NG</acronym>, check all <a href="../../documentation/1.1/upgrade.html" class="wikilink1" title="documentation:1.1:upgrade">upgrade notes</a>.
+</p>
+
+<p>
+For apache configuration, you may have to remove the old symbolic link, if not done by the RPM:
+
+</p>
+<pre class="code shell">rm -f /etc/httpd/conf.d/z-lemonldap-ng.conf</pre>
+
+<p>
+Your old Apache configuration should have been saved, you need to port your specificities in new Apache configuration files:
+
+</p>
+<pre class="code shell">vi /etc/lemonldap-ng/apache2.conf.rpmsave</pre>
+
+<p>
+The upgrade process will also have migrate old configuration files into <code>/etc/lemonldap-ng/lemonldap-ng.ini</code>. This includes the application list which is now set in the <code>applicationList</code> parameter from <code>[portal]</code> section, for example:
+
+</p>
+<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
+<span class="re1">applicationList</span><span class="sy0">=</span><span class="re2"><span class="br0">&#123;</span> 'Menu' <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> type <span class="sy0">=</span>&gt; 'category', 'Example' <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> type <span class="sy0">=</span>&gt; 'category', 'test1' <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> type <span class="sy0">=</span>&gt; 'application', options <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> name <span class="sy0">=</span>&gt; 'Application Test <span class="nu0">1</span>', uri <span class="sy0">=</span>&gt; 'http://test1.example.com/', description <span class="sy0">=</span>&gt; 'A simple application displaying authenticated user', logo <span class="sy0">=</span>&gt; 'wheels.png', display <span class="sy0">=</span>&gt; 'auto',  <span class="br0">&#125;</span>, <span class="br0">&#125;</span>,'test2' <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> type <span class="sy0">=</span>&gt; 'application', options <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> name <span class="sy0">=</span>&gt; 'Application Test <span class="nu0">2</span>', uri <span class="sy0">=</span>&gt; 'http://test2.example.com/', description <span class="sy0">=</span>&gt; 'The same simple application displaying authenticated user', logo <span class="sy0">=</span>&gt; 'wheels.png', display <span class="sy0">=</span>&gt; 'auto',  <span class="br0">&#125;</span>, <span class="br0">&#125;</span>, <span class="br0">&#125;</span>,'Administration' <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> type <span class="sy0">=</span>&gt; 'category', 'manager' <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> type <span class="sy0">=</span>&gt; 'application', options <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> name <span class="sy0">=</span>&gt; 'WebSSO Manager', uri <span class="sy0">=</span>&gt; 'http://manager.example.com/', description <span class="sy0">=</span>&gt; 'Configure LemonLDAP::NG WebSSO', logo <span class="sy0">=</span>&gt; 'tools.png', display <span class="sy0">=</span>&gt; 'on',  <span class="br0">&#125;</span>, <span class="br0">&#125;</span>,'sessions' <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> type <span class="sy0">=</span>&gt; 'application', options <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> name <span class="sy0">=</span>&gt; 'Sessions explorer', uri <span class="sy0">=</span>&gt; 'http://manager.example.com/sessions.pl', description <span class="sy0">=</span>&gt; 'Explore WebSSO sessions', logo <span class="sy0">=</span>&gt; 'tools.png', display <span class="sy0">=</span>&gt; 'on',  <span class="br0">&#125;</span>, <span class="br0">&#125;</span>, <span class="br0">&#125;</span>,'Documentation' <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> type <span class="sy0">=</span>&gt; 'category', 'localdoc' <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> type <span class="sy0">=</span>&gt; 'application', options <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> name <span class="sy0">=</span>&gt; 'Local documentation', uri <span class="sy0">=</span>&gt; 'http://manager.example.com/doc/', description <span class="sy0">=</span>&gt; 'Documentation supplied with LemonLDAP::NG', logo <span class="sy0">=</span>&gt; 'docs.png', display <span class="sy0">=</span>&gt; 'on',  <span class="br0">&#125;</span>, <span class="br0">&#125;</span>,'officialwebsite' <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> type <span class="sy0">=</span>&gt; 'application', options <span class="sy0">=</span>&gt; <span class="br0">&#123;</span> name <span class="sy0">=</span>&gt; 'Offical Website', uri <span class="sy0">=</span>&gt; 'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation', description <span class="sy0">=</span>&gt; 'Official LemonLDAP::NG Website', logo <span class="sy0">=</span>&gt; 'web.png', display <span class="sy0">=</span>&gt; 'on',  <span class="br0">&#125;</span>, <span class="br0">&#125;</span>, <span class="br0">&#125;</span>, <span class="br0">&#125;</span>, <span class="br0">&#125;</span></span></pre>
+
+<p>
+<p><div class="noteimportant">You should now use the Manager to configure all <a href="../../documentation/1.1/portalmenu.html#categories_and_applications" class="wikilink1" title="documentation:1.1:portalmenu">applications and categories</a>, and then comment or remove the <code>applicationList</code> parameter from <code>/etc/lemonldap-ng/lemonldap-ng.ini</code>.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Upgrade" [3527-6036] -->
+<h3><a name="dns" id="dns">DNS</a></h3>
+<div class="level3">
+
+<p>
+
+Configure your <acronym title="Domain Name System">DNS</acronym> server to resolve names with your server <acronym title="Internet Protocol">IP</acronym>.
+</p>
+
+<p>
+<p><div class="notetip">
+For tests with <code>example.com</code>, launch the following :
+
+</p>
+<pre class="code shell">cat /etc/lemonldap-ng/for_etc_hosts &gt;&gt; /etc/hosts</pre>
+
+<p>
+
+
+</div></p>
+</p>
+
+<p>
+Follow the <a href="../../documentation/1.1/start.html#configuration" class="wikilink1" title="documentation:1.1:start">next steps</a>
+</p>
+
+</div>
+<!-- SECTION "DNS" [6037-6309] -->
+<h2><a name="file_location" id="file_location">File location</a></h2>
+<div class="level2">
+<ul>
+<li class="level1"><div class="li"> Configuration is in /etc/lemonldap-ng</div>
+</li>
+<li class="level1"><div class="li"> LemonLDAP::NG configuration (edited by the Manager) is in /var/lib/lemonldap-ng/conf/</div>
+</li>
+<li class="level1"><div class="li"> All <acronym title="Practical Extraction and Report Language">Perl</acronym> modules are in the VENDOR perl directory </div>
+</li>
+<li class="level1"><div class="li"> All <acronym title="Practical Extraction and Report Language">Perl</acronym> scripts/pages are in /var/lib/lemonldap-ng/</div>
+</li>
+<li class="level1"><div class="li"> All static content (examples, <acronym title="Cascading Style Sheets">CSS</acronym>, images, etc.) is in /usr/share/lemonldap-ng/</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "File location" [6310-6666] -->
+<h2><a name="build_your_packages" id="build_your_packages">Build your packages</a></h2>
+<div class="level2">
+
+<p>
+
+If you need it, you can rebuild RPMs:
+</p>
+<ul>
+<li class="level1"><div class="li"> Install rpm-build package</div>
+</li>
+<li class="level1"><div class="li"> Install all build dependencies (see BuildRequires in lemonldap-ng.<acronym title="specification">spec</acronym>)</div>
+</li>
+<li class="level1"><div class="li"> Put LemonLDAP::NG tarball in %_topdir/SOURCES</div>
+</li>
+<li class="level1"><div class="li"> Edit ~/.rpmmacros and set your build parameters (example for RHEL5):</div>
+</li>
+</ul>
+<pre class="file">
+%_topdir /home/user/build
+%dist .el5
+%rhel 5
+</pre>
+<ul>
+<li class="level1"><div class="li"> Go to %_topdir</div>
+</li>
+<li class="level1"><div class="li"> Build:</div>
+</li>
+</ul>
+<pre class="code">
+rpmbuild -ta SOURCES/lemonldap-ng-VERSION.tar.gz
+</pre>
+
+</div>
+<!-- SECTION "Build your packages" [6667-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/installtarball.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/installtarball.html
@ -0,0 +1,318 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="installation_from_the_tarball" id="installation_from_the_tarball">Installation from the tarball</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "Installation from the tarball" [1-45] -->
+<h2><a name="get_the_tarball" id="get_the_tarball">Get the tarball</a></h2>
+<div class="level2">
+
+<p>
+
+Get the tarball from <a href="../../download.html" class="wikilink1" title="download">download page</a>. You can also find on this page the SVN tarball if you want to test latest features.
+</p>
+
+<p>
+<p><div class="noteimportant">The content of the SVN tarball is not the same as the official tarball. Please see the next chapter to learn how build an official tarball from SVN files.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Get the tarball" [46-388] -->
+<h2><a name="build_the_tarball_from_svn" id="build_the_tarball_from_svn">Build the tarball from SVN</a></h2>
+<div class="level2">
+
+<p>
+
+Either checkout or export the SVN repository, or extract the SVN tarball to get the SVN files on your disk.
+</p>
+
+<p>
+Then go to build directory:
+
+</p>
+<pre class="code">
+cd trunk/build/lemonldap-ng
+</pre>
+
+<p>
+And run the “dist” target:
+
+</p>
+<pre class="code">
+make dist
+</pre>
+
+<p>
+The generated tarball is in the current directory.
+</p>
+
+</div>
+<!-- SECTION "Build the tarball from SVN" [389-714] -->
+<h2><a name="extraction" id="extraction">Extraction</a></h2>
+<div class="level2">
+
+<p>
+
+Just run the tar command:
+
+</p>
+<pre class="code">
+tar zxvf lemonldap-ng-*.tar.gz
+</pre>
+
+</div>
+<!-- SECTION "Extraction" [715-811] -->
+<h2><a name="installation" id="installation">Installation</a></h2>
+<div class="level2">
+
+<p>
+
+First check and install the <a href="../../documentation/1.1/prereq.html" class="wikilink1" title="documentation:1.1:prereq">prerequisites</a>.
+</p>
+
+<p>
+For full install:
+</p>
+<pre class="code">
+cd lemonldap-ng-*
+make
+make configure
+make test
+sudo make install
+</pre>
+
+<p>
+You can modify location of default storage configuration file in configure target:
+
+</p>
+<pre class="code">
+sudo make configure STORAGECONFFILE=/etc/lemonldap-ng/lemonldap-ng.ini
+</pre>
+
+<p>
+You can choose other Makefile targets:
+</p>
+<ul>
+<li class="level1"><div class="li"> <acronym title="Practical Extraction and Report Language">Perl</acronym> libraries install :</div>
+<ul>
+<li class="level2"><div class="li"> install_libs          (all <acronym title="Practical Extraction and Report Language">Perl</acronym> libraries)</div>
+</li>
+<li class="level2"><div class="li"> install_portal_libs</div>
+</li>
+<li class="level2"><div class="li"> install_manager_libs</div>
+</li>
+<li class="level2"><div class="li"> install_handler_libs</div>
+</li>
+</ul>
+</li>
+<li class="level1"><div class="li"> Binaries install :</div>
+<ul>
+<li class="level2"><div class="li"> install_bin           (/usr/local/lemonldap-ng/bin)</div>
+</li>
+</ul>
+</li>
+<li class="level1"><div class="li"> Web sites install :</div>
+<ul>
+<li class="level2"><div class="li"> install_site          (all sites including install_doc_site)</div>
+</li>
+<li class="level2"><div class="li"> install_portal_site   (/usr/local/lemonldap-ng/htdocs/portal)</div>
+</li>
+<li class="level2"><div class="li"> install_manager_site  (/usr/local/lemonldap-ng/htdocs/manager)</div>
+</li>
+<li class="level2"><div class="li"> install_handler_site  (/usr/local/lemonldap-ng/handler)</div>
+</li>
+</ul>
+</li>
+<li class="level1"><div class="li"> Documentation install :</div>
+<ul>
+<li class="level2"><div class="li"> install_doc_site      (/usr/local/lemonldap-ng/htdocs/doc)</div>
+</li>
+<li class="level2"><div class="li"> install_examples_site (/usr/local/lemonldap-ng/examples)</div>
+</li>
+</ul>
+</li>
+</ul>
+
+<p>
+
+You can also pass parameters to the make install command, with this syntax:
+
+</p>
+<pre class="code">
+sudo make install PARAM=VALUE PARAM=VALUE ...
+</pre>
+
+<p>
+Available parameters are:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>ERASECONFIG</strong>: set to 0 if you want to keep your configuration files (default: 1)</div>
+</li>
+<li class="level1"><div class="li"> <strong>DESTDIR</strong>: only for packaging, install the product in a jailroot (default: ””)</div>
+</li>
+<li class="level1"><div class="li"> <strong>PREFIX</strong>: installation directory (default: /usr/local)</div>
+</li>
+<li class="level1"><div class="li"> <strong>STORAGECONFFILE</strong>: location of default storage configuration file (default: /usr/local/lemonldap-ng/etc/lemonldap-ng.ini)</div>
+</li>
+<li class="level1"><div class="li"> <strong>CRONDIR</strong>: Cronfile directory (default: $PREFIX/etc/lemonldap-ng/cron.d)</div>
+</li>
+<li class="level1"><div class="li"> <strong>APACHEUSER</strong>: user running Apache</div>
+</li>
+<li class="level1"><div class="li"> <strong>APACHEGROUP</strong>: group running Apache</div>
+</li>
+<li class="level1"><div class="li"> <strong>DNSDOMAIN</strong>: Main <acronym title="Domain Name System">DNS</acronym> domain (default: example.com) </div>
+</li>
+<li class="level1"><div class="li"> <strong>LDAPHOST</strong>: <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> server (default: localhost)</div>
+</li>
+<li class="level1"><div class="li"> <strong>LDAPPORT</strong>: <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> port (default: 389)</div>
+</li>
+<li class="level1"><div class="li"> <strong>LDAPSUFFIX</strong>: <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> suffix (default: dc=example,dc=com)</div>
+</li>
+<li class="level1"><div class="li"> <strong>APACHEVERSION</strong>: Apache major version (default: 2)</div>
+</li>
+<li class="level1"><div class="li"> <strong>VHOSTLISTEN</strong>: how listen parameter is configured for virtual hosts in Apache (default: *:80)</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">
+For Debian/Ubuntu, you can use:
+
+</p>
+<pre class="code">
+make debian-install
+</pre>
+
+<p>
+
+or:
+
+</p>
+<pre class="code">
+make ubuntu-install
+</pre>
+
+<p>
+
+See also <a href="../../documentation/1.1/installdeb.html" class="wikilink1" title="documentation:1.1:installdeb">Debian/Ubuntu installation documentation</a>.
+
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Installation" [812-3139] -->
+<h2><a name="link_apache_configuration" id="link_apache_configuration">Link Apache configuration</a></h2>
+<div class="level2">
+
+<p>
+
+By default, Apache configuration files will be installed in <code>/usr/local/lemonldap-ng/etc/</code>. You have to include them in Apache main configuration, for example:
+</p>
+<pre class="code file apache"><span class="kw1">include</span> /usr/local/lemonldap-ng/etc/portal-apache2.conf
+<span class="kw1">include</span> /usr/local/lemonldap-ng/etc/handler-apache2.conf
+<span class="kw1">include</span> /usr/local/lemonldap-ng/etc/manager-apache2.conf</pre>
+
+<p>
+<p><div class="notetip">
+</p>
+<ul>
+<li class="level1"><div class="li"> You can also use symbolic links in <code>conf.d</code> Apache directory.</div>
+</li>
+<li class="level1"><div class="li"> If you have run the Debian/Ubuntu install command, just use:</div>
+</li>
+</ul>
+<pre class="code">
+a2ensite manager-apache2.conf
+a2ensite portal-apache2.conf
+</pre>
+
+<p>
+
+
+</div></p>
+</p>
+
+<p>
+<p><div class="notewarning">Mod <acronym title="Practical Extraction and Report Language">Perl</acronym> <strong>must</strong> be loaded before <acronym title="LemonLDAP::NG">LL::NG</acronym> Apache configuration.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Link Apache configuration" [3140-3847] -->
+<h2><a name="install_cron_jobs" id="install_cron_jobs">Install cron jobs</a></h2>
+<div class="level2">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> use cron jobs to:
+</p>
+<ul>
+<li class="level1"><div class="li"> purge old sessions</div>
+</li>
+<li class="level1"><div class="li"> clean Handler cache</div>
+</li>
+</ul>
+
+<p>
+
+To install them on system:
+</p>
+<pre class="code">
+sudo ln -s /usr/local/lemonldap-ng/etc/cron.d/* /etc/cron.d/
+</pre>
+
+</div>
+<!-- SECTION "Install cron jobs" [3848-4057] -->
+<h2><a name="dns" id="dns">DNS</a></h2>
+<div class="level2">
+
+<p>
+
+Configure your <acronym title="Domain Name System">DNS</acronym> server to resolve names with your server <acronym title="Internet Protocol">IP</acronym>.
+</p>
+
+<p>
+<p><div class="notetip">
+For tests with the configured domain, launch the following :
+
+</p>
+<pre class="code shell">cat /usr/local/lemonldap-ng/etc/lemonldap-ng/for_etc_hosts &gt;&gt; /etc/hosts</pre>
+
+<p>
+
+
+</div></p>
+</p>
+
+<p>
+Follow the <a href="../../documentation/1.1/start.html#configuration" class="wikilink1" title="documentation:1.1:start">next steps</a>.
+
+</p>
+
+</div>
+<!-- SECTION "DNS" [4058-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/ldapconfbackend.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/ldapconfbackend.html
@ -0,0 +1,142 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="ldap_configuration_backend" id="ldap_configuration_backend">LDAP configuration backend</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "LDAP configuration backend" [1-42] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+You can choose to store LemonLDAP::NG configuration in an <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> directory.
+</p>
+
+<p>
+<a href="/_detail/documentation/configuration-ldap.png?id=documentation%3A1.1%3Aldapconfbackend" class="media" title="documentation:configuration-ldap.png"><img src="../../../media/documentation/configuration-ldap.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+Advantages:
+</p>
+<ul>
+<li class="level1"><div class="li"> Easy to share between servers with remote <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> access</div>
+</li>
+<li class="level1"><div class="li"> Easy to duplicate with <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> synchronization services (like SyncRepl in OpenLDAP)</div>
+</li>
+<li class="level1"><div class="li"> Security with <acronym title="Secure Sockets Layer">SSL</acronym>/TLS</div>
+</li>
+<li class="level1"><div class="li"> Access control possible by creating one user for Manager (write) and another for portal and handlers (read)</div>
+</li>
+<li class="level1"><div class="li"> Easy import/export through LDIF files</div>
+</li>
+</ul>
+
+<p>
+
+The configuration will be store under a specific branch, for example <code>ou=conf,ou=applications,dc=example,dc=com</code>.
+</p>
+
+<p>
+Each configuration will be represented as an entry, which structural objectClass is <code>applicationProcess</code>. This objectClass is included in every core schemas.
+</p>
+
+<p>
+The configuration name is the same that files, so lmConf-1, lmConf-2, etc. This name is used in entry <acronym title="Distinguished Name">DN</acronym>, for example <code>cn=lmConf-1,ou=conf,ou=applications,dc=example,dc=com</code>.
+</p>
+
+<p>
+Then each parameter is one value of the attribute <code>description</code>, prefixed by its key. For example <code>{ldapPort}389</code>.
+</p>
+
+<p>
+The LDIF view of such entry can be:
+</p>
+<pre class="file">
+dn: cn=lmConf-1,ou=conf,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: applicationProcess
+cn: lmConf-1
+description: {globalStorage}&#039;Apache::Session::File&#039;
+description: {cookieName}&#039;lemonldap&#039;
+description: {whatToTrace}&#039;$uid&#039;
+...
+</pre>
+
+</div>
+<!-- SECTION "Presentation" [43-1400] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Configuration" [1401-1427] -->
+<h3><a name="ldap_server" id="ldap_server">LDAP server</a></h3>
+<div class="level3">
+
+<p>
+
+Configuration objects use standard object class: <code>applicationProcess</code>. This objectClass allow attributes <code>cn</code> and <code>description</code>. If your <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> server do not manage this objectClass, you have to extend your schema.
+</p>
+
+<p>
+We advice to create a specific <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> account with write access on configuration branch.
+</p>
+
+<p>
+Next create the configuration branch where you want. Just remember its <acronym title="Distinguished Name">DN</acronym> for LemonLDAP::NG configuration. 
+</p>
+
+</div>
+<!-- SECTION "LDAP server" [1428-1867] -->
+<h3><a name="lemonldapng" id="lemonldapng">LemonLDAP::NG</a></h3>
+<div class="level3">
+
+<p>
+
+Configure <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> configuration backend in <code>lemonldap-ng.ini</code>, section <code>[configuration]</code>:
+</p>
+<pre class="code file ini"><span class="re1">type</span> <span class="sy0">=</span><span class="re2"> LDAP</span>
+<span class="re1">ldapServer</span> <span class="sy0">=</span><span class="re2"> ldap://localhost</span>
+<span class="re1">ldapConfBase</span> <span class="sy0">=</span><span class="re2"> ou=conf,ou=applications,dc=example,dc=com</span>
+<span class="re1">ldapBindDN</span> <span class="sy0">=</span><span class="re2"> cn=manager,dc=example,dc=com</span>
+<span class="re1">ldapBindPassword</span> <span class="sy0">=</span><span class="re2"> secret</span></pre>
+
+<p>
+Parameters:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>ldapServer</strong>: <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> <acronym title="Uniform Resource Identifier">URI</acronym> of the server</div>
+</li>
+<li class="level1"><div class="li"> <strong>ldapConfBase</strong>: <acronym title="Distinguished Name">DN</acronym> of configuration branch</div>
+</li>
+<li class="level1"><div class="li"> <strong>ldapBindDN</strong>: <acronym title="Distinguished Name">DN</acronym> used to bind <acronym title="Lightweight Directory Access Protocol">LDAP</acronym></div>
+</li>
+<li class="level1"><div class="li"> <strong>ldapBindPassword</strong>: password used to bind <acronym title="Lightweight Directory Access Protocol">LDAP</acronym></div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "LemonLDAP::NG" [1868-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/ldapminihowto.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/ldapminihowto.html
@ -0,0 +1,66 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="configure_lemonldapng_to_use_ldap_as_main_database" id="configure_lemonldapng_to_use_ldap_as_main_database">Configure LemonLDAP::NG to use LDAP as main database</a></h1>
+<div class="level1">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> use 2 internal databases to store its configuration and sessions.
+</p>
+
+</div>
+<!-- SECTION "Configure LemonLDAP::NG to use LDAP as main database" [1-142] -->
+<h2><a name="use_ldap_for_configuration" id="use_ldap_for_configuration">Use LDAP for configuration</a></h2>
+<div class="level2">
+
+<p>
+
+Steps:
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/ldapconfbackend.html" class="wikilink1" title="documentation:1.1:ldapconfbackend">Prepare the LDAP server and the LL::NG configuration file</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/changeconfbackend.html" class="wikilink1" title="documentation:1.1:changeconfbackend">Convert existing configuration</a></div>
+</li>
+<li class="level1"><div class="li"> Restart all your Apache servers</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Use LDAP for configuration" [143-365] -->
+<h2><a name="use_ldap_for_sessions" id="use_ldap_for_sessions">Use LDAP for sessions</a></h2>
+<div class="level2">
+
+<p>
+
+Steps:
+</p>
+<ul>
+<li class="level1"><div class="li"> Follow <a href="../../documentation/1.1/ldapsessionbackend.html" class="wikilink1" title="documentation:1.1:ldapsessionbackend">LDAP session backend</a> doc</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Use LDAP for sessions" [366-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/ldapsessionbackend.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/ldapsessionbackend.html
@ -0,0 +1,100 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="ldap_session_backend" id="ldap_session_backend">LDAP session backend</a></h1>
+<div class="level1">
+
+<p>
+
+An Apache session module was created by <acronym title="LemonLDAP::NG">LL::NG</acronym> team to store sessions in an <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> directory.
+</p>
+
+<p>
+<p><div class="noteimportant">This module is not part of <acronym title="LemonLDAP::NG">LL::NG</acronym> distibution, and can be found on CPAN: <a href="http://search.cpan.org/dist/Apache-Session-LDAP/" class="urlextern" title="http://search.cpan.org/dist/Apache-Session-LDAP/"  rel="nofollow">Apache::Session::LDAP</a>.
+</div></p>
+</p>
+
+<p>
+<p><div class="notetip">This module is also available in the <code>contribs</code> directory of <acronym title="LemonLDAP::NG">LL::NG</acronym> <a href="http://websvn.ow2.org/listing.php?repname=lemonldap&amp;path=%2Ftrunk%2Fcontribs%2Fapache-session-ldap%2F" class="urlextern" title="http://websvn.ow2.org/listing.php?repname=lemonldap&amp;path=%2Ftrunk%2Fcontribs%2Fapache-session-ldap%2F"  rel="nofollow">subversion repository</a>.
+</div></p>
+</p>
+
+<p>
+Sessions will be stored as <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> entries, like this:
+</p>
+<pre class="file">
+dn: cn=6fb7c4a170a04668771f03b0a4747f46,ou=sessions,dc=example,dc=com
+objectClass: top
+objectClass: applicationProcess
+cn: 6fb7c4a170a04668771f03b0a4747f46
+description: [serialized data]
+</pre>
+
+</div>
+<!-- SECTION "LDAP session backend" [1-775] -->
+<h2><a name="setup" id="setup">Setup</a></h2>
+<div class="level2">
+
+<p>
+
+Go in the Manager and set the <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> session module (<a href="http://search.cpan.org/dist/Apache-Session-LDAP/" class="urlextern" title="http://search.cpan.org/dist/Apache-Session-LDAP/"  rel="nofollow">Apache::Session::LDAP</a>) in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
+
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign" colspan="3">  Required parameters  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<th class="col0 centeralign">  Name  </th><th class="col1 centeralign">  Comment  </th><th class="col2 centeralign">  Example  </th>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0 centeralign">  <strong>ldapServer</strong>  </td><td class="col1"> <acronym title="Uniform Resource Identifier">URI</acronym> of the server </td><td class="col2"> ldap://localhost </td>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0 centeralign">  <strong>ldapConfBase</strong>  </td><td class="col1"> <acronym title="Distinguished Name">DN</acronym> of sessions branch </td><td class="col2"> ou=sessions,dc=example,dc=com </td>
+	</tr>
+	<tr class="row4 roweven">
+		<td class="col0 centeralign">  <strong>ldapBindDN</strong>  </td><td class="col1"> Connection login </td><td class="col2"> cn=admin,dc=example,dc=password </td>
+	</tr>
+	<tr class="row5 rowodd">
+		<td class="col0 centeralign">  <strong>ldapBindPassword</strong>  </td><td class="col1"> Connection password </td><td class="col2"> secret </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Setup" [776-1407] -->
+<h2><a name="security" id="security">Security</a></h2>
+<div class="level2">
+
+<p>
+
+Restrict network access to the <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> directory, and add specific <acronym title="Access Control List">ACL</acronym> to session branch.
+</p>
+
+<p>
+You can also use different user/password for your servers by overriding parameters <code>globalStorage</code> and <code>globalStorageOptions</code> in lemonldap-ng.ini file.
+</p>
+
+</div>
+<!-- SECTION "Security" [1408-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/logoutforward.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/logoutforward.html
@ -0,0 +1,71 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="logout_forward" id="logout_forward">Logout forward</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "Logout forward" [1-30] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+Even if LL:NG can catch logout <acronym title="Uniform Resource Locator">URL</acronym> trough <a href="../../documentation/1.1/writingrulesand_headers.html#rules" class="wikilink1" title="documentation:1.1:writingrulesand_headers">virtual host rules</a>, you can have the need to forward a logout to other applications, to close their local sessions.
+</p>
+
+<p>
+<acronym title="LemonLDAP::NG">LL::NG</acronym> has a logout forward mechanism, that will add a step in logout process, to send logout requests (indeed, GET requests on application logout <acronym title="Uniform Resource Locator">URL</acronym>) inside hidden iframes.
+</p>
+
+<p>
+<p><div class="notetip">The logout request will be sent even if the user did not use the application.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Presentation" [31-521] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+Go in Manager, <code>General parameters</code> » <code>Advanced parameters</code> » <code>Logout forward</code> and click on <code>Add a key</code>, then fill:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Key</strong>: application name</div>
+</li>
+<li class="level1"><div class="li"> <strong>Value</strong>: application logout <acronym title="Uniform Resource Locator">URL</acronym></div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="noteimportant">The request on logout <acronym title="Uniform Resource Locator">URL</acronym> will be sent after user is disconnected, so you should unprotect this <acronym title="Uniform Resource Locator">URL</acronym> if it is protected by an <acronym title="LemonLDAP::NG">LL::NG</acronym> Handler.
+</div></p>
+
+</p>
+
+</div>
+<!-- SECTION "Configuration" [522-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/logs.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/logs.html
@ -0,0 +1,101 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="logs" id="logs">Logs</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "Logs" [1-20] -->
+<h2><a name="apache_logging" id="apache_logging">Apache logging</a></h2>
+<div class="level2">
+
+<p>
+
+By default, LemonLDAP::NG uses Apache logs to store user actions and other messages:
+</p>
+<ul>
+<li class="level1"><div class="li"> Error log: all messages emitted by the program, depending on the configured log level</div>
+</li>
+<li class="level1"><div class="li"> Access log: the issuer of each request is identified</div>
+</li>
+</ul>
+
+<p>
+
+The log level can be set with Apache <code>LogLevel</code> parameter. It can be configured globally, or inside a virtual host.
+</p>
+
+<p>
+See <a href="http://httpd.apache.org/docs/2.2/mod/core.html#loglevel" class="urlextern" title="http://httpd.apache.org/docs/2.2/mod/core.html#loglevel"  rel="nofollow">http://httpd.apache.org/docs/2.2/mod/core.html#loglevel</a> for more information.
+</p>
+
+<p>
+To configure the user identifier in access log, go in Manager, <code>General Parameters</code> &gt; <code>Logging</code> &gt; <code>REMOTE_USER</code>.
+</p>
+
+</div>
+<!-- SECTION "Apache logging" [21-607] -->
+<h2><a name="syslog" id="syslog">Syslog</a></h2>
+<div class="level2">
+
+<p>
+
+LemonLDAP::NG can also use syslog (only for user actions).
+</p>
+
+<p>
+In Manager, set syslog facility in <code>General Parameters</code> &gt; <code>Logging</code> &gt; <code>Syslog facility</code>.
+</p>
+
+<p>
+The messages are stored with the facilities :
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>info</strong> for user actions</div>
+</li>
+<li class="level1"><div class="li"> <strong>notice</strong> for good authentications or external exchange (<acronym title="Security Assertion Markup Language">SAML</acronym>, OpenID,…)</div>
+</li>
+<li class="level1"><div class="li"> <strong>warn</strong> for failed authentications</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Syslog" [608-980] -->
+<h2><a name="override_logging_functions" id="override_logging_functions">Override logging functions</a></h2>
+<div class="level2">
+
+<p>
+
+You can customize logs by redefining userNotice() and userError() methods, directly in <code>lemonldap-ng.ini</code>
+</p>
+
+<p>
+Example:
+</p>
+<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
+<span class="re1">userError</span> <span class="sy0">=</span><span class="re2"> sub <span class="br0">&#123;</span> my <span class="br0">&#40;</span>$self, $message<span class="br0">&#41;</span> <span class="sy0">=</span> @_</span><span class="co0">; ... }</span>
+<span class="re1">userNotice</span> <span class="sy0">=</span><span class="re2"> sub <span class="br0">&#123;</span> my <span class="br0">&#40;</span>$self, $message<span class="br0">&#41;</span> <span class="sy0">=</span> @_</span><span class="co0">; ... }</span></pre>
+
+</div>
+<!-- SECTION "Override logging functions" [981-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/managerprotection.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/managerprotection.html
@ -0,0 +1,136 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="manager_protection" id="manager_protection">Manager protection</a></h1>
+<div class="level1">
+
+<p>
+
+When installing <acronym title="LemonLDAP::NG">LL::NG</acronym>, the Manager can only be accessed from localhost, for security reasons. This How To explains how change this default behavior to protect Manager with Apache or directly with <acronym title="LemonLDAP::NG">LL::NG</acronym>.
+</p>
+
+</div>
+<!-- SECTION "Manager protection" [1-240] -->
+<h2><a name="apache_based_protection" id="apache_based_protection">Apache based protection</a></h2>
+<div class="level2">
+
+<p>
+
+The configuration can be changed in <code>etc/manager-apache2.conf</code>:
+</p>
+
+<p>
+By default, the protection rule is to only accept clients from localhost:
+
+</p>
+<pre class="code file apache">    &lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/manager/&gt;
+        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
+        <span class="kw1">Deny</span> from <span class="kw2">all</span>
+        <span class="kw1">Allow</span> from 127.0.0.0/8
+        <span class="kw1">Options</span> +ExecCGI
+    &lt;/<span class="kw3">Directory</span>&gt;</pre>
+
+<p>
+You can change this to allow other specific <acronym title="Internet Protocol">IP</acronym>, for example:
+
+</p>
+<pre class="code file apache">    &lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/manager/&gt;
+        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
+        <span class="kw1">Deny</span> from <span class="kw2">all</span>
+        <span class="kw1">Allow</span> from 127.0.0.0/8 192.168.100.0/32
+        <span class="kw1">Options</span> +ExecCGI
+    &lt;/<span class="kw3">Directory</span>&gt;</pre>
+
+<p>
+But you will rather prefer to use an Apache authentication module, like for example <a href="http://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html" class="urlextern" title="http://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html"  rel="nofollow">LDAP authentication module</a>:
+
+</p>
+<pre class="code file apache">    &lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/manager/&gt;
+        <span class="kw1">AuthzLDAPAuthoritative</span> <span class="kw2">On</span>
+        <span class="kw1">AuthName</span> <span class="st0">&quot;LL::NG Manager&quot;</span>
+        <span class="kw1">AuthType</span> Basic
+        <span class="kw1">AuthBasicProvider</span> ldap
+        <span class="kw1">AuthLDAPBindDN</span> <span class="st0">&quot;ou=websso,ou=applications,dc=example,dc=com&quot;</span>
+        <span class="kw1">AuthLDAPBindPassword</span> <span class="st0">&quot;secret&quot;</span>
+        <span class="kw1">AuthLDAPURL</span> ldap://localhost:389/ou=users,dc=example,dc=com???(objectClass=inetOrgPerson) TLS
+        <span class="kw1">Require</span> ldap-<span class="kw1">user</span> coudot xguimard tchemineau
+        <span class="kw1">Options</span> +ExecCGI
+    &lt;/<span class="kw3">Directory</span>&gt;</pre>
+
+</div>
+<!-- SECTION "Apache based protection" [241-1577] -->
+<h2><a name="llng_based_protection" id="llng_based_protection">LL::NG based protection</a></h2>
+<div class="level2">
+
+<p>
+
+<p><div class="notewarning">Before enabling Manager protection by <acronym title="LemonLDAP::NG">LL::NG</acronym>, you must have configured how users authenticate on Portal, and test that you can log in without difficulties. Else, you will lock access to Manager and will never access it anymore.
+</div></p>
+</p>
+
+<p>
+Go on Manager, and declare Manager as a new <a href="../../documentation/1.1/configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:1.1:configvhost">virtual host</a>, for example <code>manager.example.com</code>. You can then set the access rule. No headers are needed.
+</p>
+
+<p>
+Save the configuration and exit the Manager.
+</p>
+
+<p>
+<p><div class="notetip">The next time you will access Manager, it will be trough <acronym title="LemonLDAP::NG">LL::NG</acronym>.
+</div></p>
+</p>
+
+<p>
+Enable protection on Manager, by editing <code>lemonldap-ng.ini</code>:
+
+</p>
+<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>manager<span class="br0">&#93;</span></span>
+<span class="re1">protection</span> <span class="sy0">=</span><span class="re2"> manager</span></pre>
+
+<p>
+Remove Apache access control:
+
+</p>
+<pre class="code file apache">    &lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/manager/&gt;
+        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
+        <span class="kw1">Allow</span> from <span class="kw2">all</span>
+        <span class="kw1">Options</span> +ExecCGI
+    &lt;/<span class="kw3">Directory</span>&gt;</pre>
+
+<p>
+Restart Apache and try to log on Manager. You should be redirected to <acronym title="LemonLDAP::NG">LL::NG</acronym> Portal.
+</p>
+
+<p>
+You can then add the Manager as <a href="../../documentation/1.1/portalmenu.html#categories_and_applications" class="wikilink1" title="documentation:1.1:portalmenu">an application in the menu</a>.
+</p>
+
+<p>
+<p><div class="notetip">If for an obscur reason, the WebSSO is not working and you want to access the Manager, remove the protection in <code>lemonldap-ng.ini</code> and reconfigure Apache access control.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "LL::NG based protection" [1578-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/memcachedsessionbackend.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/memcachedsessionbackend.html
@ -0,0 +1,80 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="memcached_session_backend" id="memcached_session_backend">Memcached session backend</a></h1>
+<div class="level1">
+
+<p>
+
+<p><div class="noteimportant"><a href="http://memcached.org/" class="urlextern" title="http://memcached.org/"  rel="nofollow">Memcached</a> can be used with <acronym title="LemonLDAP::NG">LL::NG</acronym>, but some features will not work since Memcached doesn&#039;t provide any parsing system:
+</p>
+<ul>
+<li class="level1"><div class="li"> Session expiration: sessions will never expire (server side)</div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/features.html#session_explorer" class="wikilink1" title="documentation:features">Session explorer</a> will not work</div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/features.html#session_restrictions" class="wikilink1" title="documentation:features">Session restrictions</a> will not work</div>
+</li>
+</ul>
+
+<p>
+
+To keep Memcached performance level and <acronym title="LemonLDAP::NG">LL::NG</acronym> features, you can replace <a href="http://memcached.org/" class="urlextern" title="http://memcached.org/"  rel="nofollow">Memcached</a> by <a href="http://code.google.com/p/redis/" class="urlextern" title="http://code.google.com/p/redis/"  rel="nofollow">Redis</a> using <a href="../../documentation/1.1/nosqlsessionbackend.html" class="wikilink1" title="documentation:1.1:nosqlsessionbackend">NoSQL session backend</a>.
+
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Memcached session backend" [1-652] -->
+<h2><a name="setup" id="setup">Setup</a></h2>
+<div class="level2">
+
+<p>
+
+Install and launch a <a href="http://memcached.org/" class="urlextern" title="http://memcached.org/"  rel="nofollow">Memcached server</a>.
+</p>
+
+<p>
+In the manager: set <a href="http://search.cpan.org/perldoc?Apache::Session::Memcached" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Memcached"  rel="nofollow">Apache::Session::Memcached</a> in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
+
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign" colspan="3">  Required parameters  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<th class="col0 centeralign">  Name  </th><th class="col1 centeralign">  Comment  </th><th class="col2 centeralign">  Example  </th>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0 centeralign">  <strong>Servers</strong>  </td><td class="col1"> Memcached servers </td><td class="col2"> 10.0.0.1:20000 10.0.0.2:20000 </td>
+	</tr>
+</table>
+
+<p>
+
+See <a href="http://search.cpan.org/perldoc?Apache::Session::Memcached" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Memcached"  rel="nofollow">Apache::Session::Memcached</a> for optional parameters.
+</p>
+
+</div>
+<!-- SECTION "Setup" [653-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/mrtg.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/mrtg.html
@ -0,0 +1,67 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="mrtg_monitoring" id="mrtg_monitoring">MRTG monitoring</a></h1>
+<div class="level1">
+
+<p>
+
+<a href="../../documentation/1.1/status.html" class="wikilink1" title="documentation:1.1:status">The status page</a> can be read by <a href="http://oss.oetiker.ch/mrtg/" class="urlextern" title="http://oss.oetiker.ch/mrtg/"  rel="nofollow">MRTG</a> using the script <strong>lmng-mrtg</strong> that can be found in manager example directory.
+</p>
+
+<p>
+MRTG configuration example:
+</p>
+<pre class="code shell">######################################################################
+# Multi Router Traffic Grapher -- Sample Configuration File
+######################################################################
+# This file is for use with mrtg-2.5.4c
+&nbsp;
+# Global configuration
+WorkDir: /var/www/mrtg
+WriteExpires: Yes
+&nbsp;
+Title[^]: Traffic Analysis for
+&nbsp;
+# 128K leased line
+# ----------------
+#Title[leased]: a 128K leased line
+#PageTop[leased]: &lt;H1&gt;Our 128K link to the outside world&lt;/H1&gt;
+#Target[leased]: 1:public@router.localnet
+#MaxBytes[leased]: 16000
+Target[test.example.com]: `/etc/mrtg/lmng-mrtg 172.16.1.2 https://test.example.com/status OK OK`
+Options[test.example.com]: nopercent, growright, nobanner, perminute
+PageTop[test.example.com]: &lt;h1&gt;Requests OK from test.example.com&lt;/h1&gt;
+MaxBytes[test.example.com]: 1000000
+YLegend[test.example.com]: hits/minute
+ShortLegend[test.example.com]: &amp;nbsp; hits/mn
+LegendO[test.example.com]: Hits:
+LegendI[test.example.com]: Hits:
+Legend2[test.example.com]: Hits per minute
+Legend4[test.example.com]: Hits max per minute
+Title[test.example.com]: Hits per minute
+WithPeak[test.example.com]: wmy</pre>
+
+</div>
+</div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/mysqlminihowto.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/mysqlminihowto.html
@ -0,0 +1,72 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="configure_lemonldapng_to_use_mysql_as_main_database" id="configure_lemonldapng_to_use_mysql_as_main_database">Configure LemonLDAP::NG to use MySQL as main database</a></h1>
+<div class="level1">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> use 2 internal databases to store its configuration and sessions.
+</p>
+
+</div>
+<!-- SECTION "Configure LemonLDAP::NG to use MySQL as main database" [1-143] -->
+<h2><a name="use_mysql_for_lemonldapng_configuration" id="use_mysql_for_lemonldapng_configuration">Use MySQL for Lemonldap::NG configuration</a></h2>
+<div class="level2">
+
+<p>
+
+Steps:
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/sqlconfbackend.html" class="wikilink1" title="documentation:1.1:sqlconfbackend">Prepare the database and the LL::NG configuration file</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/changeconfbackend.html" class="wikilink1" title="documentation:1.1:changeconfbackend">Convert existing configuration</a></div>
+</li>
+<li class="level1"><div class="li"> Restart all your Apache servers</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Use MySQL for Lemonldap::NG configuration" [144-377] -->
+<h2><a name="use_mysql_for_lemonldapng_sessions" id="use_mysql_for_lemonldapng_sessions">Use MySQL for Lemonldap::NG sessions</a></h2>
+<div class="level2">
+
+<p>
+
+Steps:
+</p>
+<ul>
+<li class="level1"><div class="li"> Choose one of the following:</div>
+<ul>
+<li class="level2"><div class="li"> <a href="../../documentation/1.1/browseablesessionbackend.html" class="wikilink1" title="documentation:1.1:browseablesessionbackend">Using Apache::Session::Browseable::MySQL</a> (recommended for best performances)</div>
+</li>
+<li class="level2"><div class="li"> <a href="../../documentation/1.1/sqlsessionbackend.html" class="wikilink1" title="documentation:1.1:sqlsessionbackend">Using Apache::Session::MySQL</a> <em>(if you choose this option, then read <a href="../../documentation/1.1/performances.html#apachesession_performances" class="wikilink1" title="documentation:1.1:performances">how to increase MySQL performances</a>)</em></div>
+</li>
+</ul>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Use MySQL for Lemonldap::NG sessions" [378-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/nosqlsessionbackend.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/nosqlsessionbackend.html
@ -0,0 +1,71 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="redis_session_backend" id="redis_session_backend">Redis session backend</a></h1>
+<div class="level1">
+
+<p>
+<a href="http://search.cpan.org/perldoc?Apache::Session::Redis" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Redis"  rel="nofollow">Apache::Session::Redis</a> is the faster shareable session backend
+</p>
+
+</div>
+<!-- SECTION "Redis session backend" [1-158] -->
+<h2><a name="setup" id="setup">Setup</a></h2>
+<div class="level2">
+
+<p>
+
+Install and launch a <a href="http://code.google.com/p/redis/" class="urlextern" title="http://code.google.com/p/redis/"  rel="nofollow">Redis server</a>. Install 
+<a href="http://search.cpan.org/perldoc?Apache::Session::Redis" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Redis"  rel="nofollow">Apache::Session::Redis</a> <acronym title="Practical Extraction and Report Language">Perl</acronym> module.
+</p>
+
+<p>
+In the manager: set <a href="http://search.cpan.org/perldoc?Apache::Session::Redis" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Redis"  rel="nofollow">Apache::Session::Redis</a> in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
+
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign" colspan="3">  Required parameters  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<th class="col0 centeralign">  Name  </th><th class="col1 centeralign">  Comment  </th><th class="col2 centeralign">  Example  </th>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0 centeralign">  <strong>server</strong>  </td><td class="col1"> Redis server </td><td class="col2"> 127.0.0.1:6379 </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Setup" [159-713] -->
+<h2><a name="security" id="security">Security</a></h2>
+<div class="level2">
+
+<p>
+
+Restrict network access to the redis server. For remote servers, you can use <a href="../../documentation/1.1/soapsessionbackend.html" class="wikilink1" title="documentation:1.1:soapsessionbackend">SOAP session backend</a> in cunjunction to increase security for remote server that access through an unsecure network
+
+</p>
+
+</div>
+<!-- SECTION "Security" [714-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/notifications.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/notifications.html
@ -0,0 +1,184 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="notifications_system" id="notifications_system">Notifications system</a></h1>
+<div class="level1">
+
+<p>
+
+Since version 0.9.4, Lemonldap::NG can be used to notify some messages to users: if a user has a message, the message will be displayed when he will access to the portal. If the message contains checkboxes, the user has to check all of them else he can not access to the portal and get his session cookie.
+</p>
+
+</div>
+<!-- SECTION "Notifications system" [1-343] -->
+<h2><a name="installation" id="installation">Installation</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Installation" [344-369] -->
+<h3><a name="activation" id="activation">Activation</a></h3>
+<div class="level3">
+
+<p>
+
+You just have to set “notification” to “activate” in the manager (or notification=1 in lemonldap-ng.ini, section “PORTAL”).
+</p>
+
+</div>
+
+<h4><a name="storage" id="storage">Storage</a></h4>
+<div class="level4">
+
+<p>
+
+By default, notifications will be stored in the same database as configuration:
+* if you use “File” system and your “dirName” is set to /usr/local/lemonldap-ng/conf/, the notifications will be stored in /usr/local/lemonldap-ng/notifications/
+* if you use “<acronym title="Database Interface">DBI</acronym>” system, the notifications will be stored in the same database as configuration and in a table called “notifications”. You have to create the table by yourself&amp;nbsp;
+
+</p>
+<pre class="code sql"><span class="kw1">CREATE</span> <span class="kw1">TABLE</span> <span class="st0">'notifications'</span> <span class="br0">&#40;</span>
+  <span class="st0">'date'</span> datetime <span class="kw1">NOT</span> <span class="kw1">NULL</span><span class="sy0">,</span>
+  <span class="st0">'uid'</span> varchar<span class="br0">&#40;</span>255<span class="br0">&#41;</span> <span class="kw1">NOT</span> <span class="kw1">NULL</span><span class="sy0">,</span>
+  <span class="st0">'ref'</span> varchar<span class="br0">&#40;</span>255<span class="br0">&#41;</span> <span class="kw1">NOT</span> <span class="kw1">NULL</span><span class="sy0">,</span>
+  <span class="st0">'xml'</span> longblob <span class="kw1">NOT</span> <span class="kw1">NULL</span><span class="sy0">,</span>
+  <span class="st0">'done'</span> datetime <span class="kw1">DEFAULT</span> <span class="kw1">NULL</span><span class="sy0">,</span>
+  <span class="kw1">PRIMARY</span> <span class="kw1">KEY</span>  <span class="br0">&#40;</span><span class="st0">'date'</span><span class="sy0">,</span><span class="st0">'uid'</span><span class="sy0">,</span><span class="st0">'ref'</span><span class="br0">&#41;</span>
+<span class="br0">&#41;</span></pre>
+
+<p>
+You can change default parameters using the “notificationStorage” parameter with the same syntax as configStorage.
+</p>
+
+</div>
+<!-- SECTION "Activation" [370-1313] -->
+<h2><a name="using_notification_system" id="using_notification_system">Using notification system</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Using notification system" [1314-1352] -->
+<h3><a name="insert_new_notifications" id="insert_new_notifications">Insert new notifications</a></h3>
+<div class="level3">
+
+<p>
+
+New notifications can be insert using <acronym title="Simple Object Access Protocol">SOAP</acronym> request (described in the WSDL file generated by buildPortalWSDL tool).
+</p>
+
+</div>
+
+<h4><a name="notification_format" id="notification_format">Notification format</a></h4>
+<div class="level4">
+
+<p>
+
+Notifications are <acronym title="Extensible Markup Language">XML</acronym> files containing:
+</p>
+<ul>
+<li class="level1"><div class="li"> ”&lt;notification&gt;” element(s) :</div>
+<ul>
+<li class="level2"><div class="li"> required attributes :</div>
+<ul>
+<li class="level3"><div class="li"> “date” in format YYYY-MM-DD</div>
+</li>
+<li class="level3"><div class="li"> “ref” : a reference that can be used later to know what has been notified and when</div>
+</li>
+<li class="level3"><div class="li"> “uid” : the user (it must correspond to the attibute set in whatToTrace parameter : uid by default)</div>
+</li>
+</ul>
+</li>
+<li class="level2"><div class="li"> sub-elements :</div>
+<ul>
+<li class="level3"><div class="li"> &lt;text&gt; : paragraph to display : will be inserted in <acronym title="HyperText Markup Language">HTML</acronym> page enclosed in &lt;p class=“notifText”&gt;…&lt;/p&gt;</div>
+</li>
+<li class="level3"><div class="li"> &lt;check&gt; : paragraph to display with a checkbox : will be inserted in <acronym title="HyperText Markup Language">HTML</acronym> page enclosed in &lt;p class=“notifCheck”&gt;&lt;input type=“checkbox/&gt;…&lt;/p&gt;</div>
+</li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+
+<p>
+
+All other elements will be removed including <acronym title="HyperText Markup Language">HTML</acronym> elements like &lt;b&gt;;
+</p>
+
+<p>
+Example :
+
+</p>
+<pre class="code xml"><span class="sc3"><span class="re1">&lt;?xml</span> <span class="re0">version</span>=<span class="st0">&quot;1.0&quot;</span> <span class="re0">encoding</span>=<span class="st0">&quot;UTF-8&quot;</span> <span class="re0">standalone</span>=<span class="st0">&quot;no&quot;</span><span class="re2">?&gt;</span></span>
+<span class="sc3"><span class="re1">&lt;root<span class="re2">&gt;</span></span></span>
+<span class="sc3"><span class="re1">&lt;notification</span> <span class="re0">uid</span>=<span class="st0">&quot;foo.bar&quot;</span> <span class="re0">date</span>=<span class="st0">&quot;2009-01-27&quot;</span> <span class="re0">reference</span>=<span class="st0">&quot;ABC&quot;</span><span class="re2">&gt;</span></span>
+<span class="sc3"><span class="re1">&lt;text<span class="re2">&gt;</span></span></span> You have been granted to access to appli-1 <span class="sc3"><span class="re1">&lt;/text<span class="re2">&gt;</span></span></span>
+<span class="sc3"><span class="re1">&lt;text<span class="re2">&gt;</span></span></span> You have been granted to access to appli-2 <span class="sc3"><span class="re1">&lt;/text<span class="re2">&gt;</span></span></span>
+<span class="sc3"><span class="re1">&lt;check<span class="re2">&gt;</span></span></span> I know that I can acces to appli-1 <span class="sc3"><span class="re1">&lt;/check<span class="re2">&gt;</span></span></span>
+<span class="sc3"><span class="re1">&lt;check<span class="re2">&gt;</span></span></span> I know that I can acces to appli-2 <span class="sc3"><span class="re1">&lt;/check<span class="re2">&gt;</span></span></span>
+<span class="sc3"><span class="re1">&lt;/notification<span class="re2">&gt;</span></span></span>
+<span class="sc3"><span class="re1">&lt;/root<span class="re2">&gt;</span></span></span></pre>
+
+</div>
+
+<h4><a name="insertion_example_in_perl" id="insertion_example_in_perl">Insertion example in Perl</a></h4>
+<div class="level4">
+<pre class="code perl"><span class="co1">#!/usr/bin/perl</span>
+&nbsp;
+<span class="kw2">use</span> SOAP<span class="sy0">::</span><span class="me2">Lite</span><span class="sy0">;</span>
+<span class="kw2">use</span> utf8<span class="sy0">;</span>
+&nbsp;
+<span class="kw1">my</span> <span class="re0">$lite</span> <span class="sy0">=</span> SOAP<span class="sy0">::</span><span class="me2">Lite</span>
+        <span class="sy0">-&gt;</span><span class="me1">uri</span><span class="br0">&#40;</span><span class="st_h">'urn:Lemonldap::NG::Common::CGI::SOAPService'</span><span class="br0">&#41;</span>
+        <span class="sy0">-&gt;</span><span class="me1">proxy</span><span class="br0">&#40;</span><span class="st_h">'http://auth.example.com/index.pl/notification'</span><span class="br0">&#41;</span><span class="sy0">;</span>
+&nbsp;
+&nbsp;
+<span class="re0">$r</span> <span class="sy0">=</span> <span class="re0">$lite</span><span class="sy0">-&gt;</span><span class="me1">newNotification</span><span class="br0">&#40;</span><span class="st_h">'&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; standalone=&quot;no&quot;?&gt;
+&lt;root&gt;
+&lt;notification uid=&quot;foo.bar&quot; date=&quot;2009-01-27&quot; reference=&quot;ABC&quot;&gt;
+&lt;text&gt; You have been granted to access to appli-1 &lt;/text&gt;
+&lt;text&gt; You have been granted to access to appli-2 &lt;/text&gt;
+&lt;check&gt; I know that I can acces to appli-1 &lt;/check&gt;
+&lt;check&gt; I know that I can acces to appli-2 &lt;/check&gt;
+&lt;/notification&gt;
+&lt;/root&gt;'</span><span class="br0">&#41;</span><span class="sy0">;</span>
+&nbsp;
+<span class="kw1">if</span> <span class="br0">&#40;</span> <span class="re0">$r</span><span class="sy0">-&gt;</span><span class="me1">fault</span> <span class="br0">&#41;</span> <span class="br0">&#123;</span>
+    <a href="http://perldoc.perl.org/functions/print.html"><span class="kw3">print</span></a> <span class="kw2">STDERR</span> <span class="st0">&quot;SOAP Error: &quot;</span> <span class="sy0">.</span> <span class="re0">$r</span><span class="sy0">-&gt;</span><span class="me1">fault</span><span class="sy0">-&gt;</span><span class="br0">&#123;</span>faultstring<span class="br0">&#125;</span><span class="sy0">;</span>
+<span class="br0">&#125;</span>
+<span class="kw1">else</span> <span class="br0">&#123;</span>
+    <span class="kw1">my</span> <span class="re0">$res</span> <span class="sy0">=</span> <span class="re0">$r</span><span class="sy0">-&gt;</span><span class="me1">result</span><span class="br0">&#40;</span><span class="br0">&#41;</span><span class="sy0">;</span>
+    <a href="http://perldoc.perl.org/functions/print.html"><span class="kw3">print</span></a> <span class="st0">&quot;$res notification(s) have been inserted<span class="es0">\&quot;</span>;
+}</span></pre>
+
+</div>
+<!-- SECTION "Insert new notifications" [1353-3449] -->
+<h3><a name="test_notification" id="test_notification">Test notification</a></h3>
+<div class="level3">
+
+<p>
+
+You&#039;ve simply to insert a notification and connect to the portal using the same UID. You will be prompted.
+</p>
+
+</div>
+<!-- SECTION "Test notification" [3450-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/parameterlist.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/parameterlist.html
@ -0,0 +1,552 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="parameter_list" id="parameter_list">Parameter list</a></h1>
+<div class="level1">
+
+<p>
+
+<p><div class="notetip">
+Click on a column header to sort table.
+The attribute key name can be used directly in <code>lemonldap-ng.ini</code> or in <acronym title="Practical Extraction and Report Language">Perl</acronym> scripts to override configuration parameters (see <a href="../../documentation/1.1/configlocation.html" class="wikilink1" title="documentation:1.1:configlocation">configuration location</a>).
+
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Parameter list" [1-263] -->
+<h2><a name="main_parameters" id="main_parameters">Main parameters</a></h2>
+<div class="level2">
+
+<p>
+
+<div class="sortable sort2"><table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  Full name  </th><th class="col1 centeralign">  Key name  </th><th class="col2 centeralign">  Portal  </th><th class="col3 leftalign"> Handler  </th><th class="col4 leftalign"> Manager  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0"> Activate auto accept timer </td><td class="col1"> activeTimer </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0"> Apache authentication level </td><td class="col1"> apacheAuthnLevel </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0"> Choice modules </td><td class="col1"> authChoiceModules </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row4 roweven">
+		<td class="col0"> Choice <acronym title="Uniform Resource Locator">URL</acronym> parameter </td><td class="col1"> authChoiceParam </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row5 rowodd">
+		<td class="col0"> Authentication backend </td><td class="col1"> authentication </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row6 roweven">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> authentication search filter </td><td class="col1"> AuthLDAPFilter </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row7 rowodd">
+		<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> authentication level </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_authnLevel </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row8 roweven">
+		<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> CA file </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_CAFile </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row9 rowodd">
+		<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> force gateway authentication </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_gateway </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row10 roweven">
+		<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> <acronym title="Proxy Granting Ticket">PGT</acronym> temporary file </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_pgtFile </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row11 rowodd">
+		<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> proxied services </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_proxiedServices </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row12 roweven">
+		<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> force authentication renewal </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_renew </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row13 rowodd">
+		<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> server <acronym title="Uniform Resource Locator">URL</acronym> </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_url </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row14 roweven">
+		<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> Session backend </td><td class="col1"> casStorage </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row15 rowodd">
+		<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> Session backend options </td><td class="col1"> casStorageOptions </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row16 roweven">
+		<td class="col0"> <acronym title="Cross Domain Authentication">CDA</acronym> activation </td><td class="col1"> cda </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4"> </td>
+	</tr>
+	<tr class="row17 rowodd">
+		<td class="col0"> Configuration backend </td><td class="col1"> configStorage </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4 centeralign">  ✔  </td>
+	</tr>
+	<tr class="row18 roweven">
+		<td class="col0"> Cookie expiration </td><td class="col1"> cookieExpiration </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4"> </td>
+	</tr>
+	<tr class="row19 rowodd">
+		<td class="col0"> Name of the cookie </td><td class="col1"> cookieName </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4"> </td>
+	</tr>
+	<tr class="row20 roweven">
+		<td class="col0"> Custom functions </td><td class="col1"> customFunctions </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4 centeralign">  ✔  </td>
+	</tr>
+	<tr class="row21 rowodd">
+		<td class="col0"> Custom <acronym title="Simple Object Access Protocol">SOAP</acronym> Services </td><td class="col1"> CustomSOAPServices </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row22 roweven">
+		<td class="col0"> <acronym title="Database Interface">DBI</acronym> Connection chain </td><td class="col1"> dbiAuthChain </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row23 rowodd">
+		<td class="col0"> <acronym title="Database Interface">DBI</acronym> Login column </td><td class="col1"> dbiAuthLoginCol </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row24 roweven">
+		<td class="col0"> <acronym title="Database Interface">DBI</acronym> authentication level </td><td class="col1"> dbiAuthnLevel </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row25 rowodd">
+		<td class="col0"> <acronym title="Database Interface">DBI</acronym> Connection password </td><td class="col1"> dbiAuthPassword </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row26 roweven">
+		<td class="col0"> <acronym title="Database Interface">DBI</acronym> Password column </td><td class="col1"> dbiAuthPasswordCol </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row27 rowodd">
+		<td class="col0"> <acronym title="Database Interface">DBI</acronym> Password hash </td><td class="col1"> dbiAuthPasswordHash </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row28 roweven">
+		<td class="col0"> <acronym title="Database Interface">DBI</acronym> Authentication table </td><td class="col1"> dbiAuthTable </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row29 rowodd">
+		<td class="col0"> <acronym title="Database Interface">DBI</acronym> Connection user </td><td class="col1"> dbiAuthUser</td><td class="col2 centeralign">   ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row30 roweven">
+		<td class="col0"> <acronym title="Database Interface">DBI</acronym> Mail column </td><td class="col1"> dbiPasswordMailCol </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row31 rowodd">
+		<td class="col0"> <acronym title="Database Interface">DBI</acronym> UserDB connection chain </td><td class="col1"> dbiUserChain </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row32 roweven">
+		<td class="col0"> <acronym title="Database Interface">DBI</acronym> UserDB connection password </td><td class="col1"> dbiUserPassword </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row33 rowodd">
+		<td class="col0"> <acronym title="Database Interface">DBI</acronym> UserDB table </td><td class="col1"> dbiUserTable </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row34 roweven">
+		<td class="col0"> <acronym title="Database Interface">DBI</acronym> UserDB connection user </td><td class="col1"> dbiUserUser </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row35 rowodd">
+		<td class="col0"> Main <acronym title="Domain Name System">DNS</acronym> domain </td><td class="col1"> domain </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4"> </td>
+	</tr>
+	<tr class="row36 roweven">
+		<td class="col0"> Attributes exported in <acronym title="Simple Object Access Protocol">SOAP</acronym> </td><td class="col1 leftalign"> exportedAttr  </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row37 rowodd">
+		<td class="col0 leftalign"> Headers sent	</td><td class="col1"> exportedHeaders </td><td class="col2"> </td><td class="col3 centeralign">  ✔  </td><td class="col4"> </td>
+	</tr>
+	<tr class="row38 roweven">
+		<td class="col0"> Attributes from user backend </td><td class="col1"> exportedVars </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row39 rowodd">
+		<td class="col0"> Session backend </td><td class="col1"> globalStorage </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4"> </td>
+	</tr>
+	<tr class="row40 roweven">
+		<td class="col0"> Session backend options </td><td class="col1"> globalStorageOptions </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4"> </td>
+	</tr>
+	<tr class="row41 rowodd">
+		<td class="col0"> Rule for session granting </td><td class="col1"> grantSessionRule </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row42 roweven">
+		<td class="col0"> Local groups </td><td class="col1 leftalign"> groups  </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row43 rowodd">
+		<td class="col0"> Force HTTPS in redirection </td><td class="col1"> https </td><td class="col2"> </td><td class="col3 centeralign">  ✔  </td><td class="col4"> </td>
+	</tr>
+	<tr class="row44 roweven">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> authentication level </td><td class="col1"> ldapAuthnLevel </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row45 rowodd">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> search base </td><td class="col1"> ldapBase </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row46 roweven">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> change password as user </td><td class="col1"> ldapChangePasswordAsUser </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row47 rowodd">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> main search filter </td><td class="col1"> LDAPFilter </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row48 roweven">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups member attribute </td><td class="col1"> ldapGroupAttributeName </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row49 rowodd">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> group link attribute name </td><td class="col1"> ldapGroupAttributeNameGroup </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row50 roweven">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups name attribute </td><td class="col1"> ldapGroupAttributeNameSearch </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row51 rowodd">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups member link value </td><td class="col1"> ldapGroupAttributeNameUser </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row52 roweven">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups base </td><td class="col1"> ldapGroupBase </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row53 rowodd">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups objectClass </td><td class="col1"> ldapGroupObjectClass </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row54 roweven">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> activate recursive groups </td><td class="col1"> ldapGroupRecursive </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row55 rowodd">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> Port </td><td class="col1"> ldapPort </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row56 roweven">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> password policy control </td><td class="col1"> ldapPpolicyControl </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row57 rowodd">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> password encoding </td><td class="col1"> ldapPwdEnc </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row58 roweven">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> binary attributes </td><td class="col1"> ldapRaw </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row59 rowodd">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> server or Net::<acronym title="Lightweight Directory Access Protocol">LDAP</acronym> connexion string </td><td class="col1"> ldapServer </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row60 roweven">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> extended SetPassword modify </td><td class="col1"> ldapSetPassword </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row61 rowodd">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> timeout </td><td class="col1"> ldapTimeout </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row62 roweven">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> version </td><td class="col1"> ldapVersion </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row63 rowodd">
+		<td class="col0"> Cache backend </td><td class="col1"> localStorage </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4 centeralign">  ✔  </td>
+	</tr>
+	<tr class="row64 roweven">
+		<td class="col0"> Local cache </td><td class="col1"> localStorage </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4 centeralign">  ✔  </td>
+	</tr>
+	<tr class="row65 rowodd">
+		<td class="col0"> Cache backend options </td><td class="col1"> localStorageOptions </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4 centeralign">  ✔  </td>
+	</tr>
+	<tr class="row66 roweven">
+		<td class="col0"> Local cache parameters </td><td class="col1"> localStorageOptions </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4 centeralign">  ✔  </td>
+	</tr>
+	<tr class="row67 rowodd">
+		<td class="col0"> Access rules </td><td class="col1"> locationRules </td><td class="col2"> </td><td class="col3 centeralign">  ✔  </td><td class="col4"> </td>
+	</tr>
+	<tr class="row68 roweven">
+		<td class="col0"> Macros </td><td class="col1 leftalign"> macros  </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row69 rowodd">
+		<td class="col0"> Body for password mail </td><td class="col1"> mailBody </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row70 roweven">
+		<td class="col0"> Body for confirmation mail </td><td class="col1"> mailConfirmBody </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row71 rowodd">
+		<td class="col0"> Subject for confirmation mail </td><td class="col1"> mailConfirmSubject </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row72 roweven">
+		<td class="col0 leftalign"> Mail From address	</td><td class="col1"> mailFrom </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row73 rowodd">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> mail search filter </td><td class="col1"> mailLDAPFilter </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row74 roweven">
+		<td class="col0"> Subject for password mail </td><td class="col1"> mailSubject </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row75 rowodd">
+		<td class="col0"> <acronym title="Uniform Resource Locator">URL</acronym> for mail reset </td><td class="col1"> mailUrl </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row76 roweven">
+		<td class="col0"> Manager menu organization </td><td class="col1"> managerCss </td><td class="col2"> </td><td class="col3"> </td><td class="col4 centeralign">   ✔  </td>
+	</tr>
+	<tr class="row77 rowodd">
+		<td class="col0"> Manager theme </td><td class="col1"> managerCssTheme </td><td class="col2"> </td><td class="col3"> </td><td class="col4 centeralign">   ✔  </td>
+	</tr>
+	<tr class="row78 roweven">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> Bind <acronym title="Distinguished Name">DN</acronym> </td><td class="col1"> managerDn </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row79 rowodd">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> Bind Password </td><td class="col1"> managerPassword </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row80 roweven">
+		<td class="col0"> Manager skin </td><td class="col1"> managerSkin </td><td class="col2"> </td><td class="col3"> </td><td class="col4 centeralign">   ✔  </td>
+	</tr>
+	<tr class="row81 rowodd">
+		<td class="col0"> Manager tree autoClose </td><td class="col1"> managerTreeAutoClose </td><td class="col2"> </td><td class="col3"> </td><td class="col4 centeralign">   ✔  </td>
+	</tr>
+	<tr class="row82 roweven">
+		<td class="col0"> Manager tree JQuery <acronym title="Cascading Style Sheets">CSS</acronym> file </td><td class="col1"> managerTreeJqueryCss </td><td class="col2"> </td><td class="col3"> </td><td class="col4 centeralign">   ✔  </td>
+	</tr>
+	<tr class="row83 rowodd">
+		<td class="col0"> Multi overridden parameters </td><td class="col1"> multi </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row84 roweven">
+		<td class="col0"> Multi values separator </td><td class="col1 leftalign"> multiValuesSeparator  </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4 centeralign">  ✔  </td>
+	</tr>
+	<tr class="row85 rowodd">
+		<td class="col0"> Notification activation </td><td class="col1"> notification </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row86 roweven">
+		<td class="col0"> Notification backend </td><td class="col1"> notificationStorage </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row87 rowodd">
+		<td class="col0"> Notification backend options </td><td class="col1"> notificationStorageOptions </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row88 roweven">
+		<td class="col0"> Display deleted sessions </td><td class="col1"> notifyDeleted </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row89 rowodd">
+		<td class="col0"> Display other sessions </td><td class="col1"> notifyOther </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row90 roweven">
+		<td class="col0"> Null authentication level </td><td class="col1"> nullAuthnLevel </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row91 rowodd">
+		<td class="col0"> OpenID authentication level </td><td class="col1"> openIdAuthnLevel </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row92 roweven">
+		<td class="col0"> OpenID allowed domains </td><td class="col1"> openIdIDPList </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row93 rowodd">
+		<td class="col0"> OpenID secret token </td><td class="col1"> openIdSecret </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row94 roweven">
+		<td class="col0"> Password backend </td><td class="col1"> passwordDB </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row95 rowodd">
+		<td class="col0"> Force port in redirection </td><td class="col1"> port </td><td class="col2"> </td><td class="col3 centeralign">  ✔  </td><td class="col4"> </td>
+	</tr>
+	<tr class="row96 roweven">
+		<td class="col0"> Portal <acronym title="Uniform Resource Locator">URL</acronym> </td><td class="col1"> portal </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4"> </td>
+	</tr>
+	<tr class="row97 rowodd">
+		<td class="col0"> Anti frame protection </td><td class="col1"> portalAntiFrame </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row98 roweven">
+		<td class="col0"> Allow form autocompletion </td><td class="col1"> portalAutocomplete </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row99 rowodd">
+		<td class="col0"> Display applications list </td><td class="col1"> portalDisplayAppslist </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row100 roweven">
+		<td class="col0"> Display change password module </td><td class="col1"> portalDisplayChangePassword </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row101 rowodd">
+		<td class="col0"> Display logout module </td><td class="col1"> portalDisplayLogout </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row102 roweven">
+		<td class="col0"> Display reset password form </td><td class="col1"> portalDisplayResetPassword </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row103 rowodd">
+		<td class="col0"> Open links in new window </td><td class="col1"> portalOpenLinkInNewWindow </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row104 roweven">
+		<td class="col0"> Require old password (change) </td><td class="col1"> portalRequireOldPassword </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row105 rowodd">
+		<td class="col0"> Skin name </td><td class="col1"> portalSkin </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row106 roweven">
+		<td class="col0"> User name session field </td><td class="col1"> portalUserAttr </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row107 rowodd">
+		<td class="col0"> Protection scheme </td><td class="col1"> protection </td><td class="col2"> </td><td class="col3 centeralign">  ✔  </td><td class="col4 centeralign">  ✔  </td>
+	</tr>
+	<tr class="row108 roweven">
+		<td class="col0"> Regular expression for random password </td><td class="col1"> randomPasswordRegexp </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row109 rowodd">
+		<td class="col0"> Delay between check of local configuration </td><td class="col1"> reloadTime </td><td class="col2"> </td><td class="col3 centeralign">  ✔  </td><td class="col4"> </td>
+	</tr>
+	<tr class="row110 roweven">
+		<td class="col0"> Remote cookie name </td><td class="col1"> remoteCookieName </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row111 rowodd">
+		<td class="col0"> Proxy cookie name </td><td class="col1"> remoteCookieName </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row112 roweven">
+		<td class="col0"> Remote Session backend </td><td class="col1"> remoteGlobalStorage </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row113 rowodd">
+		<td class="col0"> Remote Session backend options </td><td class="col1"> remoteGlobalStorageOptions </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row114 roweven">
+		<td class="col0"> Remote portal </td><td class="col1"> remotePortal </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row115 rowodd">
+		<td class="col0"> <acronym title="Security Assertion Markup Language">SAML</acronym> Session backend </td><td class="col1"> samlStorage </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row116 roweven">
+		<td class="col0"> <acronym title="Security Assertion Markup Language">SAML</acronym> Session backend options </td><td class="col1"> samlStorageOptions </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row117 rowodd">
+		<td class="col0"> Cookie security </td><td class="col1"> securedCookie </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4"> </td>
+	</tr>
+	<tr class="row118 roweven">
+		<td class="col0"> Delete other session if <acronym title="Internet Protocol">IP</acronym> differs </td><td class="col1"> singleIP </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row119 rowodd">
+		<td class="col0"> Delete other session </td><td class="col1"> singleSession </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row120 roweven">
+		<td class="col0"> Do not allow several users for 1 <acronym title="Internet Protocol">IP</acronym> </td><td class="col1"> singleUserByIP </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row121 rowodd">
+		<td class="col0"> <acronym title="Simple Mail Transfer Protocol">SMTP</acronym> server </td><td class="col1"> SMTPServer </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row122 roweven">
+		<td class="col0"> <acronym title="Simple Object Access Protocol">SOAP</acronym> activation </td><td class="col1"> Soap </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row123 rowodd">
+		<td class="col0"> Proxy portal <acronym title="Uniform Resource Locator">URL</acronym> </td><td class="col1"> soapAuthService </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row124 roweven">
+		<td class="col0"> Proxy session <acronym title="Simple Object Access Protocol">SOAP</acronym> end point </td><td class="col1"> soapSessionService </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row125 rowodd">
+		<td class="col0"> <acronym title="Secure Sockets Layer">SSL</acronym> authentication level </td><td class="col1"> SSLAuthnLevel </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row126 roweven">
+		<td class="col0"> <acronym title="Secure Sockets Layer">SSL</acronym> map with <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> attribute </td><td class="col1"> SSLLDAPField </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row127 rowodd">
+		<td class="col0"> <acronym title="Secure Sockets Layer">SSL</acronym> force <acronym title="Secure Sockets Layer">SSL</acronym> authentication </td><td class="col1"> SSLRequire </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row128 roweven">
+		<td class="col0"> <acronym title="Secure Sockets Layer">SSL</acronym> user field in certificate </td><td class="col1"> SSLVar </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row129 rowodd">
+		<td class="col0"> Status module activation </td><td class="col1"> status </td><td class="col2"> </td><td class="col3 centeralign">  ✔  </td><td class="col4"> </td>
+	</tr>
+	<tr class="row130 roweven">
+		<td class="col0"> Store password in session </td><td class="col1"> storePassword </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row131 rowodd">
+		<td class="col0"> Sympa mail session key </td><td class="col1"> sympaMailKey </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row132 roweven">
+		<td class="col0"> Sympa shared secret </td><td class="col1"> sympaSecret </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row133 rowodd">
+		<td class="col0"> Syslog facility </td><td class="col1"> syslog </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row134 roweven">
+		<td class="col0"> Session lifetime for cronjob </td><td class="col1"> timeout </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row135 rowodd">
+		<td class="col0"> Trusted domains </td><td class="col1"> trustedDomains </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row136 roweven">
+		<td class="col0"> Twitter application name </td><td class="col1"> twitterAppName </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row137 rowodd">
+		<td class="col0"> Twitter authentication level </td><td class="col1"> twitterAuthnLevel </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row138 roweven">
+		<td class="col0"> Twitter application key </td><td class="col1"> twitterKey </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row139 rowodd">
+		<td class="col0"> Twitter application secret </td><td class="col1"> twitterSecret </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row140 roweven">
+		<td class="col0"> User backend </td><td class="col1"> userDB </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row141 rowodd">
+		<td class="col0"> Use redirect on error </td><td class="col1"> useRedirectOnError </td><td class="col2"> </td><td class="col3 centeralign">  ✔  </td><td class="col4"> </td>
+	</tr>
+	<tr class="row142 roweven">
+		<td class="col0"> <acronym title="Database Interface">DBI</acronym> Pivot from user table </td><td class="col1"> userPivot </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row143 rowodd">
+		<td class="col0"> Use XForwardedFor for <acronym title="Internet Protocol">IP</acronym> </td><td class="col1"> useXForwardedForIP </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4 centeralign">  ✔  </td>
+	</tr>
+	<tr class="row144 roweven">
+		<td class="col0"> Data to store as REMOTE_USER (used also in Apache logs) </td><td class="col1"> whatToTrace </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4"> </td>
+	</tr>
+	<tr class="row145 rowodd">
+		<td class="col0"> Zimbra account session key </td><td class="col1"> zimbraAccountKey </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row146 roweven">
+		<td class="col0"> Zimbra account type </td><td class="col1"> zimbraBy </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row147 rowodd">
+		<td class="col0"> Zimbra preauthentication key </td><td class="col1"> zimbraPreAuthKey </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row148 roweven">
+		<td class="col0"> Zimbra local <acronym title="Single Sign On">SSO</acronym> <acronym title="Uniform Resource Locator">URL</acronym> pattern </td><td class="col1"> zimbraSsoUrl </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+	<tr class="row149 rowodd">
+		<td class="col0"> Zimbra preauthentication <acronym title="Uniform Resource Locator">URL</acronym> </td><td class="col1"> zimbraUrl </td><td class="col2 centeralign">  ✔  </td><td class="col3"> </td><td class="col4"> </td>
+	</tr>
+</table>
+</div>
+</p>
+
+</div>
+<!-- SECTION "Main parameters" [264-8880] -->
+<h2><a name="configuration_backend_parameters" id="configuration_backend_parameters">Configuration backend parameters</a></h2>
+<div class="level2">
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  Full name  </th><th class="col1 centeralign">  Key name  </th><th class="col2 centeralign">  Configuration backend  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0"> <acronym title="Database Interface">DBI</acronym> connection string </td><td class="col1"> dbiChain </td><td class="col2" rowspan="4"> <a href="../../documentation/1.1/sqlconfbackend.html" class="wikilink1" title="documentation:1.1:sqlconfbackend">CDBI / RDBI</a> </td>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0"> <acronym title="Database Interface">DBI</acronym> user </td><td class="col1"> dbiUser </td>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0"> <acronym title="Database Interface">DBI</acronym> password </td><td class="col1"> dbiPassword </td>
+	</tr>
+	<tr class="row4 roweven">
+		<td class="col0"> <acronym title="Database Interface">DBI</acronym> table name </td><td class="col1"> dbiTable </td>
+	</tr>
+	<tr class="row5 rowodd">
+		<td class="col0"> Storage directory </td><td class="col1"> dirName </td><td class="col2"> <a href="../../documentation/1.1/fileconfbackend.html" class="wikilink1" title="documentation:1.1:fileconfbackend">File</a> </td>
+	</tr>
+	<tr class="row6 roweven">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> server </td><td class="col1"> ldapServer </td><td class="col2" rowspan="7"> <a href="../../documentation/1.1/ldapconfbackend.html" class="wikilink1" title="documentation:1.1:ldapconfbackend">LDAP</a> </td>
+	</tr>
+	<tr class="row7 rowodd">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> port </td><td class="col1"> ldapPort </td>
+	</tr>
+	<tr class="row8 roweven">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> base </td><td class="col1"> ldapConfBase </td>
+	</tr>
+	<tr class="row9 rowodd">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> bind dn </td><td class="col1"> ldapBindDN </td>
+	</tr>
+	<tr class="row10 roweven">
+		<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> bind password </td><td class="col1"> ldapBindPassword </td>
+	</tr>
+	<tr class="row11 rowodd">
+		<td class="col0"> Certificate authorities file </td><td class="col1"> caFile </td>
+	</tr>
+	<tr class="row12 roweven">
+		<td class="col0"> Certificate authorities directory </td><td class="col1"> caPath </td>
+	</tr>
+	<tr class="row13 rowodd">
+		<td class="col0"> <acronym title="Simple Object Access Protocol">SOAP</acronym> server location (<acronym title="Uniform Resource Locator">URL</acronym>) </td><td class="col1"> proxy </td><td class="col2" rowspan="2"> <a href="../../documentation/1.1/soapconfbackend.html" class="wikilink1" title="documentation:1.1:soapconfbackend">SOAP</a> </td>
+	</tr>
+	<tr class="row14 roweven">
+		<td class="col0"> <a href="http://search.cpan.org/perldoc?LWP::UserAgent" class="urlextern" title="http://search.cpan.org/perldoc?LWP::UserAgent"  rel="nofollow">LWP::UserAgent</a> parameters </td><td class="col1"> proxyOptions </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Configuration backend parameters" [8881-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/passwordstore.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/passwordstore.html
@ -0,0 +1,88 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="store_user_password_in_session" id="store_user_password_in_session">Store user password in session</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "Store user password in session" [1-46] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+Password is not a common attribute. Indeed, in most of the cases, it is not stored in clear text in the backend (<acronym title="Lightweight Directory Access Protocol">LDAP</acronym> or database).
+</p>
+
+<p>
+So, to keep user password in session, you cannot just export the password variable in session. To bypass this, <acronym title="LemonLDAP::NG">LL::NG</acronym> can remember what password was given by user on authentication phase.
+</p>
+
+<p>
+<p><div class="noteimportant">
+</p>
+<ul>
+<li class="level1"><div class="li"> As this may be a security hole, password store in session is not activated by default</div>
+</li>
+<li class="level1"><div class="li"> This mechanism can only work with authentication backends using a login/password form (<a href="../../documentation/1.1/authldap.html" class="wikilink1" title="documentation:1.1:authldap">LDAP</a>, <a href="../../documentation/1.1/authdbi.html" class="wikilink1" title="documentation:1.1:authdbi">DBI</a>, …)</div>
+</li>
+</ul>
+
+<p>
+
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Presentation" [47-642] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+Go in Manager, <code>General Parameters</code> » <code>Sessions </code> » <code>Store user password in session data</code> and set to <code>On</code>.
+</p>
+
+</div>
+<!-- SECTION "Configuration" [643-787] -->
+<h2><a name="usage" id="usage">Usage</a></h2>
+<div class="level2">
+
+<p>
+
+User password is now available in <code>$_password</code> variable. For example, to send it in an header:
+
+</p>
+<pre class="code">
+Auth-Password =&gt; $_password
+</pre>
+
+<p>
+<p><div class="notetip">For security reasons, the password is not shown in sessions explorer.
+</div></p>
+
+</p>
+
+</div>
+<!-- SECTION "Usage" [788-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/performances.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/performances.html
@ -0,0 +1,261 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="performances" id="performances">Performances</a></h1>
+<div class="level1">
+
+<p>
+
+Lemonldap::NG is designed to be very performant. In particular, it use Apache2 threads capabilities so to optimize performances, prefer using <a href="http://httpd.apache.org/docs/2.2/misc/perf-tuning.html#compiletime" class="urlextern" title="http://httpd.apache.org/docs/2.2/misc/perf-tuning.html#compiletime"  rel="nofollow">mpm-worker</a>.
+</p>
+
+</div>
+<!-- SECTION "Performances" [1-254] -->
+<h2><a name="handler_performance" id="handler_performance">Handler performance</a></h2>
+<div class="level2">
+
+<p>
+
+Handlers check rights and calculate headers for each <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> hit. So to improve performances, avoid too complex rules by using the macro or the groups or local macros.
+</p>
+
+</div>
+<!-- SECTION "Handler performance" [255-453] -->
+<h3><a name="macros_and_groups" id="macros_and_groups">Macros and groups</a></h3>
+<div class="level3">
+
+<p>
+
+Macros and groups are calculated during authentication process by the portal:
+</p>
+<ul>
+<li class="level1"><div class="li"> macros are used to extend (or rewrite) <a href="../../documentation/1.1/exportedvars.html" class="wikilink1" title="documentation:1.1:exportedvars">exported variables</a>. A macro is stored as attributes: it can contain boolean results or any string</div>
+</li>
+<li class="level1"><div class="li"> groups are stored as space-separated strings in the special attribute “groups”: it contains the names of groups whose rules were returned true for the current user</div>
+</li>
+</ul>
+
+<p>
+
+Example for macros:
+
+</p>
+<pre class="code perl"><span class="co1"># boolean macro</span>
+isAdmin <span class="sy0">-&gt;</span> <span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'foo'</span> <span class="kw1">or</span> <span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'bar'</span>
+<span class="co1"># other macro </span>
+displayName <span class="sy0">-&gt;</span> <span class="re0">$givenName</span><span class="sy0">.</span><span class="st0">&quot; &quot;</span><span class="sy0">.</span><span class="re0">$surName</span>
+&nbsp;
+<span class="co1"># Use a boolean macro in a rule</span>
+<span class="sy0">^/</span>admin <span class="sy0">-&gt;</span> <span class="re0">$isAdmin</span>
+<span class="co1"># Use a string macro in a HTTP header</span>
+Display<span class="sy0">-</span>Name <span class="sy0">-&gt;</span> <span class="re0">$displayName</span></pre>
+
+<p>
+Example for groups:
+
+</p>
+<pre class="code perl"><span class="co1"># group</span>
+admin <span class="sy0">-&gt;</span> <span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'foo'</span> <span class="kw1">or</span> <span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'bar'</span>
+&nbsp;
+<span class="co1"># Use a group in a rule</span>
+<span class="sy0">^/</span>admin <span class="sy0">-&gt;</span> <span class="re0">$groups</span> <span class="sy0">=~</span> <span class="sy0">/</span><span class="re0">\badmin</span><span class="re0">\b</span><span class="sy0">/</span></pre>
+
+</div>
+<!-- SECTION "Macros and groups" [454-1308] -->
+<h3><a name="local_macros" id="local_macros">Local macros</a></h3>
+<div class="level3">
+
+<p>
+
+Macros and groups are stored in session database. Local macros is a special feature of handler that permit to have macros useable localy only. Those macros are calculated only at the first usage and stored in the local session cache (only for this server) and only if the user access to the related applications. This avoid to have to many datas stored.
+</p>
+<pre class="code perl"><span class="co1"># rule</span>
+admin <span class="sy0">-&gt;</span> <span class="re0">$admin</span> <span class="sy0">||=</span> <span class="br0">&#40;</span><span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'foo'</span> <span class="kw1">or</span> <span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'bar'</span><span class="br0">&#41;</span>
+<span class="co1"># header</span>
+Display<span class="sy0">-</span>Name <span class="sy0">-&gt;</span> <span class="re0">$displayName</span> <span class="sy0">||=</span> <span class="re0">$givenName</span><span class="sy0">.</span><span class="st0">&quot; &quot;</span><span class="sy0">.</span><span class="re0">$surName</span></pre>
+
+<p>
+<p><div class="notetip">Note that this feature is interesting only for the Lemonldap::NG systems protecting a high number of applications
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Local macros" [1309-1966] -->
+<h2><a name="portal_performances" id="portal_performances">Portal performances</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Portal performances" [1967-1999] -->
+<h3><a name="general_performances" id="general_performances">General performances</a></h3>
+<div class="level3">
+
+<p>
+
+The portal is the biggest component of Lemonldap::NG. It is recommended to use ModPerl::Registry instead of using cgi-script as described in Apache configuration file example (portal-apache2.conf):
+
+</p>
+<pre class="code apache">&lt;<span class="kw3">Files</span> *.pl&gt;
+    <span class="kw1">SetHandler</span> perl-<span class="kw1">script</span>
+    PerlResponseHandler ModPerl::Registry
+&lt;/<span class="kw3">Files</span>&gt;</pre>
+
+</div>
+<!-- SECTION "General performances" [2000-2343] -->
+<h3><a name="starting_performances" id="starting_performances">Starting performances</a></h3>
+<div class="level3">
+
+<p>
+
+To make the portal start faster when the server is relaunched, add those lines in Apache configuration file (as described in portal-apache2.conf):
+
+</p>
+<pre class="code apache">&lt;Perl&gt;
+    <span class="kw1">require</span> Lemonldap::NG::Portal::SharedConf;
+    Lemonldap::NG::Portal::SharedConf-&gt;compile(
+        qw(delete <span class="kw1">header</span> cache read_from_client cookie <span class="kw1">redirect</span> unescapeHTML));
+    <span class="co1"># Uncomment this line if you use Lemonldap::NG menu</span>
+    <span class="kw1">require</span> Lemonldap::NG::Portal::Menu;
+    <span class="co1"># Uncomment this line if you use portal SOAP capabilities</span>
+    <span class="kw1">require</span> SOAP::Lite;
+&lt;/Perl&gt;</pre>
+
+</div>
+<!-- SECTION "Starting performances" [2344-2919] -->
+<h3><a name="apachesession_performances" id="apachesession_performances">Apache::Session performances</a></h3>
+<div class="level3">
+
+<p>
+
+Lemonldap::NG handlers use a local cache to store sessions (for 10 minutes). So Apache::Session module is not a problem for handlers. It can be a brake for the portal:
+</p>
+<ol>
+<li class="level1"><div class="li"> When you use the multiple sessions restriction parameters, sessions are parsed for each authentication unless you use an <a href="http://search.cpan.org/perldoc?Apache::Session::Browseable" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Browseable"  rel="nofollow">Apache::Session::Browseable</a> module.</div>
+</li>
+<li class="level1"><div class="li"> Since MySQL does not have always transaction feature, Apache::Session::MySQL has been designed to use MySQL locks. Since MySQL performances are very bad using this, if you want to store sessions in a MySQL database, prefer one of the following</div>
+</li>
+</ol>
+
+</div>
+
+<h4><a name="replace_mysql_by_apachesessionflex" id="replace_mysql_by_apachesessionflex">Replace MySQL by Apache::Session::Flex</a></h4>
+<div class="level4">
+
+<p>
+
+In “Apache::Session module” field, set ”<a href="http://search.cpan.org/perldoc?Apache::Session::Flex" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Flex"  rel="nofollow">Apache::Session::Flex</a>” and use the following parameters:
+
+</p>
+<pre class="code">
+Store      -&gt; MySQL
+Lock       -&gt; Null
+Generate   -&gt; MD5
+Serialize  -&gt; Storable
+DataSource -&gt; dbi:mysql:sessions;host=...
+UserName   -&gt; ...
+Password   -&gt; ...
+</pre>
+
+</div>
+
+<h4><a name="use_apachesessionbrowseable" id="use_apachesessionbrowseable">Use Apache::Session::Browseable</a></h4>
+<div class="level4">
+
+<p>
+
+<a href="http://search.cpan.org/perldoc?Apache::Session::Browseable" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Browseable"  rel="nofollow">Apache::Session::Browseable</a> is a wrapper for other Apache::Session modules that add the capability to manage indexes. To use it (with MySQL for example), choose “Apache::Session::Browseable::MySQL” as “Apache::Session module” and use the following parameters:
+
+</p>
+<pre class="code">
+DataSource -&gt; dbi:mysql:sessions;host=...
+UserName   -&gt; user
+Password   -&gt; password
+Index      -&gt; ipAddr uid
+</pre>
+
+<p>
+Note that Apache::Session::Browseable::MySQL doesn&#039;t use MySQL locks.
+</p>
+
+<p>
+<p><div class="notetip">A <a href="http://search.cpan.org/perldoc?Apache::Session::Browseable::Redis" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Browseable::Redis"  rel="nofollow">Apache::Session::Browseable::Redis</a> has been created, it is the faster
+</div></p>
+</p>
+
+<p>
+<p><div class="noteimportant">Some Apache::Session module are not useable by Lemonldap::NG such as Apache::Session::Memcached since this module does not offer capability to browse sessions
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Apache::Session performances" [2920-4879] -->
+<h3><a name="ldap_performances" id="ldap_performances">LDAP performances</a></h3>
+<div class="level3">
+
+<p>
+
+<acronym title="Lightweight Directory Access Protocol">LDAP</acronym> server can be a brake when you use <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups recovery. You can avoid this by setting “memberOf” fields in your <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> scheme:
+
+</p>
+<pre class="code ldif">dn: uid=foo,dmdName=people,dc=example,dc=com
+...
+memberOf: cn=admin,dmdName=groups,dc=example,dc=com
+memberOf: cn=su,dmdName=groups,dc=example,dc=com</pre>
+
+<p>
+So instead of using <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups recovery, you just have to store “memberOf” field in your exported variables. With OpenLDAP, you can use the <a href="http://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance" class="urlextern" title="http://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance"  rel="nofollow">memberof overlay</a> to do it automaticaly.
+</p>
+
+<p>
+<p><div class="noteimportant">Don&#039;t forget to create an index on the field used to find users (uid by default)
+</div></p>
+</p>
+
+<p>
+<p><div class="notetip">To avoid having group dn stored in sessions datas, you can use a macro to rewrite memberOf:
+</p>
+<ul>
+<li class="level1"><div class="li"> Exported variables</div>
+</li>
+</ul>
+<pre class="code">
+ldapgroups -&gt; memberOf
+</pre>
+<blockquote><div class="no">
+ For now, ldapgroups contains “cn=admin,dmdName=groups,dc=example,dc=com cn=su,dmdName=groups,dc=example,dc=com”</div></blockquote>
+<ul>
+<li class="level1"><div class="li"> A little macro:</div>
+</li>
+</ul>
+<pre class="code perl">ldapgroups <span class="sy0">-&gt;</span> <a href="http://perldoc.perl.org/functions/join.html"><span class="kw3">join</span></a><span class="br0">&#40;</span><span class="st0">&quot; &quot;</span><span class="sy0">,</span><span class="br0">&#40;</span><span class="re0">$ldapgroups</span> <span class="sy0">=~</span> <span class="co2">/cn=(.*?),/g</span><span class="br0">&#41;</span><span class="br0">&#41;</span></pre>
+<blockquote><div class="no">
+ Now ldapgroups contains “admin su”</div></blockquote>
+
+<p>
+
+</div></p>
+
+</p>
+
+</div>
+<!-- SECTION "LDAP performances" [4880-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/portal.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/portal.html
@ -0,0 +1,138 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="the_portal" id="the_portal">The portal</a></h1>
+<div class="level1">
+
+<p>
+
+The portal is the main component of <acronym title="LemonLDAP::NG">LL::NG</acronym>. It provides many features:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Authentication service</strong> of course</div>
+<ul>
+<li class="level2"><div class="li"> Web based for normal users:</div>
+<ul>
+<li class="level3"><div class="li"> using own database (<a href="../../documentation/1.1/authldap.html" class="wikilink1" title="documentation:1.1:authldap">LDAP</a>, <a href="../../documentation/1.1/authdbi.html" class="wikilink1" title="documentation:1.1:authdbi">SQL</a>, …)</div>
+</li>
+<li class="level3"><div class="li"> using Apache authentication system (used for <a href="../../documentation/1.1/authssl.html" class="wikilink1" title="documentation:1.1:authssl">SSL</a>, <a href="../../documentation/1.1/authapache.html" class="wikilink1" title="documentation:1.1:authapache">Kerberos</a>, <a href="../../documentation/1.1/authapache.html" class="wikilink1" title="documentation:1.1:authapache">HTTP basic authentication</a>, …)</div>
+</li>
+<li class="level3"><div class="li"> using external identity provider (<a href="../../documentation/1.1/authsaml.html" class="wikilink1" title="documentation:1.1:authsaml">SAML</a>, <a href="../../documentation/1.1/authopenid.html" class="wikilink1" title="documentation:1.1:authopenid">OpenID</a>, <a href="../../documentation/1.1/authcas.html" class="wikilink1" title="documentation:1.1:authcas">CAS</a>, <a href="../../documentation/1.1/authtwitter.html" class="wikilink1" title="documentation:1.1:authtwitter">Twitter</a>, other <acronym title="LemonLDAP::NG">LL::NG</acronym> system, …)</div>
+</li>
+<li class="level3"><div class="li"> all together (based on user <a href="../../documentation/1.1/authchoice.html" class="wikilink1" title="documentation:1.1:authchoice">choice</a>, <a href="../../documentation/1.1/authmulti.html" class="wikilink1" title="documentation:1.1:authmulti">rules</a>, …)</div>
+</li>
+</ul>
+</li>
+<li class="level2"><div class="li"> <a href="../../documentation/1.1/soapservices.html" class="wikilink1" title="documentation:1.1:soapservices">SOAP based</a> for client-server software, specific development, …</div>
+</li>
+</ul>
+</li>
+<li class="level1"><div class="li"> <strong>Identity provider</strong>: <acronym title="LemonLDAP::NG">LL::NG</acronym> is able to provide identity service using:</div>
+<ul>
+<li class="level2"><div class="li"> <a href="../../documentation/1.1/idpsaml.html" class="wikilink1" title="documentation:1.1:idpsaml">SAML</a></div>
+</li>
+<li class="level2"><div class="li"> <a href="../../documentation/1.1/idpopenid.html" class="wikilink1" title="documentation:1.1:idpopenid">OpenID</a></div>
+</li>
+<li class="level2"><div class="li"> <a href="../../documentation/1.1/idpcas.html" class="wikilink1" title="documentation:1.1:idpcas">CAS</a></div>
+</li>
+</ul>
+</li>
+<li class="level1"><div class="li"> <strong><a href="../../documentation/1.1/federationproxy.html" class="wikilink1" title="documentation:1.1:federationproxy">Identity provider proxy</a></strong>: <acronym title="LemonLDAP::NG">LL::NG</acronym> can be used as proxy translator between systems talking <acronym title="Security Assertion Markup Language">SAML</acronym>, OpenID, <acronym title="Central Authentication Service">CAS</acronym>, …</div>
+</li>
+<li class="level1"><div class="li"> <strong>Internal <acronym title="Simple Object Access Protocol">SOAP</acronym> server</strong> used by <a href="../../documentation/1.1/soapconfbackend.html" class="wikilink1" title="documentation:1.1:soapconfbackend">SOAP configuration backend</a> and usable for specific development (see <a href="../../documentation/1.1/soapservices.html" class="wikilink1" title="documentation:1.1:soapservices">SOAP services</a> for more)</div>
+</li>
+<li class="level1"><div class="li"> Interactive <strong>management of user passwords</strong>:</div>
+<ul>
+<li class="level2"><div class="li"> Password change form (in menu)</div>
+</li>
+<li class="level2"><div class="li"> Self service reset (send a mail to the user with a to change the password)</div>
+</li>
+<li class="level2"><div class="li"> Force password change with <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> password policy password reset flag</div>
+</li>
+</ul>
+</li>
+<li class="level1"><div class="li"> <strong><a href="../../documentation/1.1/portalmenu.html" class="wikilink1" title="documentation:1.1:portalmenu">Application menu</a></strong>: display authorized applications in categories</div>
+</li>
+<li class="level1"><div class="li"> <strong><a href="../../documentation/1.1/notifications.html" class="wikilink1" title="documentation:1.1:notifications">Notifications</a></strong>: prompt users with a message if found in the notification database</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "The portal" [1-1598] -->
+<h2><a name="functioning" id="functioning">Functioning</a></h2>
+<div class="level2">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> portal is a modular component. It needs 4 modules to work:
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/start.html#authentication_users_and_password_databases" class="wikilink1" title="documentation:1.1:start">Authentication</a>: how check user credentials</div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/start.html#authentication_users_and_password_databases" class="wikilink1" title="documentation:1.1:start">User database</a>: where collect user information</div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/start.html#authentication_users_and_password_databases" class="wikilink1" title="documentation:1.1:start">Password database</a>: where change password</div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/start.html#identity_provider" class="wikilink1" title="documentation:1.1:start">Identity provider</a>: how forward user identity</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">Each module can be disabled using the <code>Null</code> backend.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Functioning" [1599-2145] -->
+<h2><a name="kinematics" id="kinematics">Kinematics</a></h2>
+<div class="level2">
+<ol>
+<li class="level1"><div class="li"> Check if <acronym title="Uniform Resource Locator">URL</acronym> asked is valid</div>
+</li>
+<li class="level1"><div class="li"> Check if user is already authenticated</div>
+<ul>
+<li class="level2"><div class="li"> If not authenticated (or authentication is forced) try to find it (userDB module) and to authenticate it (auth module), create session, calculate groups and macros and store them</div>
+</li>
+</ul>
+</li>
+<li class="level1"><div class="li"> Modify password if asked</div>
+</li>
+<li class="level1"><div class="li"> Provides identity if asked</div>
+</li>
+<li class="level1"><div class="li"> Build <a href="../../documentation/1.1/ssocookie.html" class="wikilink1" title="documentation:1.1:ssocookie">cookie(s)</a></div>
+</li>
+<li class="level1"><div class="li"> Redirect user to the asked <acronym title="Uniform Resource Locator">URL</acronym> or display menu</div>
+</li>
+</ol>
+
+<p>
+
+<p><div class="noteclassic">See also <a href="../../documentation/presentation.html#kinematics" class="wikilink1" title="documentation:presentation">general kinematics presentation</a>.
+</div></p>
+
+</p>
+
+</div>
+<!-- SECTION "Kinematics" [2146-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/portalcustom.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/portalcustom.html
@ -0,0 +1,152 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="portal_customization" id="portal_customization">Portal customization</a></h1>
+<div class="level1">
+
+<p>
+
+<p><div class="noteclassic">The portal is the visible part of LemonLDAP::NG, all user interactions are displayed on it.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Portal customization" [1-142] -->
+<h2><a name="skin" id="skin">Skin</a></h2>
+<div class="level2">
+
+<p>
+
+LemonLDAP::NG is shipped with 3 skins:
+</p>
+<ul>
+<li class="level1"><div class="li"> pastel</div>
+</li>
+<li class="level1"><div class="li"> impact</div>
+</li>
+<li class="level1"><div class="li"> dark</div>
+</li>
+</ul>
+
+<p>
+
+You can change the skin in Manager: <code>General Parameters</code> &gt; <code>Portal</code> &gt; <code>Customization</code> &gt; <code>Skin</code>.
+</p>
+
+<p>
+<a href="/_detail/documentation/manager-portalskin.png?id=documentation%3A1.1%3Aportalcustom" class="media" title="documentation:manager-portalskin.png"><img src="../../../media/documentation/manager-portalskin.png" class="mediacenter" alt="" /></a>
+</p>
+
+</div>
+<!-- SECTION "Skin" [143-382] -->
+<h3><a name="skin_files" id="skin_files">Skin files</a></h3>
+<div class="level3">
+
+<p>
+
+A skin is composed of different files:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>.tpl</strong>: <acronym title="Practical Extraction and Report Language">Perl</acronym> <acronym title="HyperText Markup Language">HTML</acronym>::Template files, for <acronym title="HyperText Markup Language">HTML</acronym> content</div>
+</li>
+<li class="level1"><div class="li"> <strong>.css</strong>: <acronym title="Cascading Style Sheets">CSS</acronym> (styles)</div>
+</li>
+<li class="level1"><div class="li"> <strong>.js</strong>: Javascript</div>
+</li>
+<li class="level1"><div class="li"> images and other media files</div>
+</li>
+</ul>
+
+<p>
+
+A skin will often refer to the <code>common</code> skin, which is not a real skin, but shared skin objects (like scripts, images and <acronym title="Cascading Style Sheets">CSS</acronym>).
+</p>
+
+</div>
+<!-- SECTION "Skin files" [383-717] -->
+<h3><a name="skin_customization" id="skin_customization">Skin customization</a></h3>
+<div class="level3">
+
+<p>
+
+<p><div class="noteimportant">If you modify directly the skin files, your modifications will certainly be erased on the next upgrade.
+</div></p>
+</p>
+
+<p>
+To customize a skin, the simplest way is to create a new skin folder:
+
+</p>
+<pre class="code">
+cd portal/skins
+mkdir myskin
+mkdir myskin/css
+mkdir myskin/images
+</pre>
+
+<p>
+Then create symbolic links on template files, as you might not want to rewrite all <acronym title="HyperText Markup Language">HTML</acronym> code (else, do as you want).
+
+</p>
+<pre class="code">
+cd myskin
+ln -s ../pastel/*.tpl .
+</pre>
+
+<p>
+Then you <em>only</em> have to write <code>myskin/css/styles.css</code> and add your media to <code>myskin/images</code>.
+</p>
+
+<p>
+To configure your new skin in Manager, select the custom skin, and enter your skin name in the configuration field.
+</p>
+
+</div>
+<!-- SECTION "Skin customization" [718-1411] -->
+<h2><a name="other_parameters" id="other_parameters">Other parameters</a></h2>
+<div class="level2">
+<ul>
+<li class="level1"><div class="li"> <strong>Reset password</strong>: display a link to <a href="../../documentation/1.1/resetpassword.html" class="wikilink1" title="documentation:1.1:resetpassword">reset a password</a> (for password based authentication backends)</div>
+</li>
+<li class="level1"><div class="li"> <strong>Auto complete</strong>: allow the browser to remember the password (for password based authentication backends)</div>
+</li>
+<li class="level1"><div class="li"> <strong>Require old password</strong>: used only in the password changing module of the menu, will check the old password before updating it</div>
+</li>
+<li class="level1"><div class="li"> <strong>User attribute</strong>: which session attribute will be used to display <code>Connected as</code> in the menu</div>
+</li>
+<li class="level1"><div class="li"> <strong>New window</strong>: open menu links in new window</div>
+</li>
+<li class="level1"><div class="li"> <strong>Anti iframe protection</strong>: will kill parent frames to avoid some well known attacks</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="noteimportant">If you enable auto completion, authentication level will be decreased (-1) as you do not ask the user to type its password (it could be in browser passwords wallet).
+</div></p>
+
+</p>
+
+</div>
+<!-- SECTION "Other parameters" [1412-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/portalmenu.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/portalmenu.html
@ -0,0 +1,135 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="portal_menu" id="portal_menu">Portal menu</a></h1>
+<div class="level1">
+
+<p>
+
+<p><div class="noteclassic">The menu is displayed if authentication is successful.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Portal menu" [1-96] -->
+<h2><a name="menu_modules" id="menu_modules">Menu modules</a></h2>
+<div class="level2">
+
+<p>
+
+LemonLDAP::NG portal menu has 3 modules:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Application list</strong>: display categories and applications allowed for the user</div>
+</li>
+<li class="level1"><div class="li"> <strong>Password change</strong>: form to change the password</div>
+</li>
+<li class="level1"><div class="li"> <strong>Logout</strong>: logout button</div>
+</li>
+</ul>
+
+<p>
+
+Each module can be activated trough a rule, using user session information. These rules can be set trough Manager: <code>General Parameters</code> &gt; <code>Portal</code> &gt; <code>Menu</code> &gt; <code>Modules activation</code>.
+</p>
+
+<p>
+You can use <code>0</code> or <code>1</code> to disable/enable the module, or use a more complex rule. For example, to display the password change form only for user authenticated trough <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> or <acronym title="Database Interface">DBI</acronym>:
+</p>
+<pre class="code perl"><span class="re0">$_auth</span> <span class="kw1">eq</span> LDAP <span class="kw1">or</span> <span class="re0">$_auth</span> <span class="kw1">eq</span> DBI</pre>
+
+</div>
+<!-- SECTION "Menu modules" [97-755] -->
+<h2><a name="categories_and_applications" id="categories_and_applications">Categories and applications</a></h2>
+<div class="level2">
+
+<p>
+
+<a href="../../documentation/1.1/configvhost.html" class="wikilink1" title="documentation:1.1:configvhost">Configuring the virtual hosts</a> is not sufficient to display an application in the menu. Indeed, a virtual host can contain several applications (<a href="http://vhost.example.com/appli1" class="urlextern" title="http://vhost.example.com/appli1"  rel="nofollow">http://vhost.example.com/appli1</a>, <a href="http://vhost.example.com/appli2" class="urlextern" title="http://vhost.example.com/appli2"  rel="nofollow">http://vhost.example.com/appli2</a>).
+</p>
+
+<p>
+In Manager, you can configure categories and applications in <code>General Parameters</code> &gt; <code>Portal</code> &gt; <code>Menu</code> &gt; <code>Categories and applications</code>.
+</p>
+
+<p>
+Category parameters:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Key</strong>: category identifier</div>
+</li>
+<li class="level1"><div class="li"> <strong>Name</strong>: display text</div>
+</li>
+</ul>
+
+<p>
+
+Application parameters:
+</p>
+
+<p>
+<a href="/_detail/documentation/manager-menu-application.png?id=documentation%3A1.1%3Aportalmenu" class="media" title="documentation:manager-menu-application.png"><img src="../../../media/documentation/manager-menu-application.png" class="mediacenter" alt="" /></a>
+
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Key</strong>: application identifier</div>
+</li>
+<li class="level1"><div class="li"> <strong>Name</strong>: display text</div>
+</li>
+<li class="level1"><div class="li"> <strong>Address</strong>: <acronym title="Uniform Resource Locator">URL</acronym> of application</div>
+</li>
+<li class="level1"><div class="li"> <strong>Description</strong></div>
+</li>
+<li class="level1"><div class="li"> <strong>Logo</strong>: file name to use as logo</div>
+</li>
+<li class="level1"><div class="li"> <strong>Display</strong>:</div>
+<ul>
+<li class="level2"><div class="li"> <strong>auto</strong>: display only if the user can access it</div>
+</li>
+<li class="level2"><div class="li"> <strong>on</strong>: always display</div>
+</li>
+<li class="level2"><div class="li"> <strong>off</strong>: never display</div>
+</li>
+</ul>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">Category and application key can have a digit as first character, which will allow to display categories in the right order (categories and applications are displayed in alphabetical order).
+</div></p>
+</p>
+
+<p>
+<a href="/_detail/documentation/manager-menu-application-logo.png?id=documentation%3A1.1%3Aportalmenu" class="media" title="documentation:manager-menu-application-logo.png"><img src="../../../media/documentation/manager-menu-application-logo.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+<p><div class="notetip">The chosen logo file must be in portal applications logos directory (<code>portal/skins/common/apps/</code>). You can set a custom logo by choosing <code>My logo</code>, set the logo file name, and copy the logo file in portal applications logos directory
+</div></p>
+
+</p>
+
+</div>
+<!-- SECTION "Categories and applications" [756-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/prereq.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/prereq.html
@ -0,0 +1,226 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="prerequisites_and_dependencies" id="prerequisites_and_dependencies">Prerequisites and dependencies</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "Prerequisites and dependencies" [1-47] -->
+<h2><a name="apache" id="apache">Apache</a></h2>
+<div class="level2">
+
+<p>
+
+To use LemonLDAP::NG, you have to run an Apache
+server compiled with mod-perl (version 1.3 or 2.x).
+</p>
+
+<p>
+<p><div class="notewarning">In most of cases, the version of Apache proposed with your Linux distribution match, but some distributions used an experimental version of mod_perl with Apache2 (mod_perl-1.99) which does not work with LemonLDAP::NG. With such distributions (like Debian-3.1), you have to use Apache-1.3 or to use a mod_perl backport (<a href="http://www.backports.org" class="urlextern" title="http://www.backports.org"  rel="nofollow">www.backports.org</a> package for Debian works fine).
+</div></p>
+</p>
+
+<p>
+For Apache2, you can use both mpm-worker and mpm-prefork. Mpm-worker works faster and LemonLDAP::NG use the thread system for best performance. If you have to use mpm-prefork (for example if you use <acronym title="Hypertext Preprocessor">PHP</acronym>), LemonLDAP::NG will work anyway.
+</p>
+
+<p>
+You can use LemonLDAP::NG in an heterogeneous world: the authentication portal and the manager can work in any version of Apache 1.3 or more even if mod_perl is not compiled, with ModPerl::Registry or not… Only the handler
+need mod_perl. The different handlers can run on different servers with
+different versions of Apache/mod_perl.
+</p>
+
+</div>
+<!-- SECTION "Apache" [48-1134] -->
+<h2><a name="perl" id="perl">Perl</a></h2>
+<div class="level2">
+
+<p>
+
+<p><div class="noteclassic">Here is the list of <acronym title="Practical Extraction and Report Language">Perl</acronym> modules used in LemonLDAP::NG. Core modules must be installed on the system. Other modules must be installed only if you planned to use the related feature.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Perl" [1135-1348] -->
+<h3><a name="core" id="core">Core</a></h3>
+<div class="level3">
+<ul>
+<li class="level1"><div class="li"> Apache::Session</div>
+</li>
+<li class="level1"><div class="li"> Net::<acronym title="Lightweight Directory Access Protocol">LDAP</acronym></div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Multipurpose Internet Mail Extension">MIME</acronym>::Base64</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Common Gateway Interface">CGI</acronym></div>
+</li>
+<li class="level1"><div class="li"> LWP::UserAgent</div>
+</li>
+<li class="level1"><div class="li"> Cache::Cache</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Database Interface">DBI</acronym></div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Extensible Markup Language">XML</acronym>::Simple</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Common Gateway Interface">CGI</acronym>::Session</div>
+</li>
+<li class="level1"><div class="li"> Regexp::Assemble</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Extensible Markup Language">XML</acronym>::LibXML</div>
+</li>
+<li class="level1"><div class="li"> Crypt::Rijndael</div>
+</li>
+<li class="level1"><div class="li"> IO::String</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Extensible Markup Language">XML</acronym>::LibXSLT</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="HyperText Markup Language">HTML</acronym>::Template</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Simple Object Access Protocol">SOAP</acronym>::Lite</div>
+</li>
+<li class="level1"><div class="li"> Config::IniFiles</div>
+</li>
+<li class="level1"><div class="li"> JSON</div>
+</li>
+<li class="level1"><div class="li"> Digest::HMAC</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Core" [1349-1671] -->
+<h3><a name="reset_password_by_mail" id="reset_password_by_mail">Reset password by mail</a></h3>
+<div class="level3">
+<ul>
+<li class="level1"><div class="li"> String::Random</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Multipurpose Internet Mail Extension">MIME</acronym>::Lite</div>
+</li>
+<li class="level1"><div class="li"> Email::Date::Format</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Reset password by mail" [1672-1764] -->
+<h3><a name="saml2" id="saml2">SAML2</a></h3>
+<div class="level3">
+<ul>
+<li class="level1"><div class="li"> <a href="http://lasso.entrouvert.org/" class="urlextern" title="http://lasso.entrouvert.org/"  rel="nofollow">Lasso</a></div>
+</li>
+<li class="level1"><div class="li"> GLib</div>
+</li>
+<li class="level1"><div class="li"> Crypt::OpenSSL::RSA</div>
+</li>
+<li class="level1"><div class="li"> Crypt::OpenSSL::X509</div>
+</li>
+<li class="level1"><div class="li"> Convert::PEM</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "SAML2" [1765-1900] -->
+<h3><a name="cas" id="cas">CAS</a></h3>
+<div class="level3">
+<ul>
+<li class="level1"><div class="li"> <a href="http://sourcesup.cru.fr/projects/perlcas/" class="urlextern" title="http://sourcesup.cru.fr/projects/perlcas/"  rel="nofollow">AuthCAS</a></div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "CAS" [1901-1974] -->
+<h3><a name="openid" id="openid">OpenID</a></h3>
+<div class="level3">
+<ul>
+<li class="level1"><div class="li"> Net::OpenID::Consumer &gt; 1.00</div>
+</li>
+<li class="level1"><div class="li"> Net::OpenID::Server &gt; 1.00</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "OpenID" [1975-2057] -->
+<h3><a name="twitter" id="twitter">Twitter</a></h3>
+<div class="level3">
+<ul>
+<li class="level1"><div class="li"> Net::Twitter</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Twitter" [2058-2094] -->
+<h3><a name="pod_unit_tests" id="pod_unit_tests">POD unit tests</a></h3>
+<div class="level3">
+<ul>
+<li class="level1"><div class="li"> Test::POD</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "POD unit tests" [2095-2135] -->
+<h2><a name="other" id="other">Other</a></h2>
+<div class="level2">
+<ul>
+<li class="level1"><div class="li"> Jquery (javascript framework) is included in tarball and RPMs, but is a dependency on Debian</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Other" [2136-2252] -->
+<h2><a name="install_dependencies_on_your_system" id="install_dependencies_on_your_system">Install dependencies on your system</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Install dependencies on your system" [2253-2302] -->
+<h3><a name="apt-get" id="apt-get">APT-GET</a></h3>
+<div class="level3">
+<pre class="code">
+apt-get install apache2 libapache2-mod-perl2 libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl  libsoap-lite-perl libhtml-template-perl libregexp-assemble-perl libjs-jquery libxml-libxml-perl libcrypt-rijndael-perl libio-string-perl libxml-libxslt-perl libconfig-inifiles-perl libjson-perl libstring-random-perl libemail-date-format-perl libmime-lite-perl libcrypt-openssl-rsa-perl libdigest-hmac-perl
+</pre>
+
+</div>
+<!-- SECTION "APT-GET" [2303-2825] -->
+<h3><a name="yum" id="yum">YUM</a></h3>
+<div class="level3">
+
+<p>
+
+Choose a repository which hosted <acronym title="Practical Extraction and Report Language">Perl</acronym> dependencies, for example:
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="http://fedoraproject.org/wiki/EPEL/" class="urlextern" title="http://fedoraproject.org/wiki/EPEL/"  rel="nofollow">EPEL</a> repository, you can activate this repository: <a href="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse" class="urlextern" title="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse"  rel="nofollow">http://fedoraproject.org/wiki/EPEL/FAQ#howtouse</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="https://rpmrepo.org/" class="urlextern" title="https://rpmrepo.org/"  rel="nofollow">RPMForge</a> repository, you can activate this repository: <a href="https://rpmrepo.org/RPMforge/Using" class="urlextern" title="https://rpmrepo.org/RPMforge/Using"  rel="nofollow">https://rpmrepo.org/RPMforge/Using</a></div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">We recommend using EPEL repository.
+</div></p>
+</p>
+<pre class="code">
+yum install httpd mod_perl perl-Apache-Session perl-LDAP perl-XML-SAX perl-XML-NamespaceSupport perl-HTML-Template perl-Regexp-Assemble perl-Error perl-IPC-ShareLite perl-Cache-Cache perl-FreezeThaw perl-XML-Simple perl-version perl-CGI-Session perl-DBD-Pg perl-XML-LibXML-Common perl-BSD-Resource perl-XML-LibXML perl-Crypt-Rijndael perl-IO-String perl-XML-LibXSLT perl-SOAP-Lite perl-Config-IniFiles perl-JSON perl-Digest-HMAC perl-String-Random perl-MIME-Lite perl-Email-Date-Format perl-Crypt-OpenSSL-RSA perl-Crypt-OpenSSL-X509
+</pre>
+
+</div>
+<!-- SECTION "YUM" [2826-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/rbac.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/rbac.html
@ -0,0 +1,192 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="rbac_model" id="rbac_model">RBAC model</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "RBAC model" [1-26] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<a href="http://en.wikipedia.org/wiki/Role-based_access_control" class="urlextern" title="http://en.wikipedia.org/wiki/Role-based_access_control"  rel="nofollow">RBAC</a> stands for Role Based Access Control. It means that you manage authorizations to access applications by checking the role(s) of the user, and provide this role to the application.
+</p>
+
+<p>
+LemonLDAP::NG allows to use this model. You should use an <a href="../../documentation/1.1/authldap.html#schema_extension" class="wikilink1" title="documentation:1.1:authldap">extended LDAP schema</a> (or any users database extension), but this can works with standard attributes.
+</p>
+
+</div>
+<!-- SECTION "Presentation" [27-488] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Configuration" [489-516] -->
+<h3><a name="roles_as_simple_values_of_a_user_attribute" id="roles_as_simple_values_of_a_user_attribute">Roles as simple values of a user attribute</a></h3>
+<div class="level3">
+
+<p>
+
+Imagine you&#039;ve set your directory schema to store roles as values of ssoRoles, an attribute of the user. This is simple because you can send the role to the application by creating a <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> header (for example Auth-Role) with the concatenated values (&#039;;&#039; is the concatenation string):
+
+</p>
+<pre class="code">
+Auth-Roles =&gt; $ssoRoles
+</pre>
+
+<p>
+If the user has these values inside its entry:
+
+</p>
+<pre class="file">
+ssoRoles: user
+ssoRoles: admin
+</pre>
+
+<p>
+Then you got this value inside the Auth-Roles header:
+
+</p>
+<pre class="code">
+user; admin
+</pre>
+
+</div>
+<!-- SECTION "Roles as simple values of a user attribute" [517-1069] -->
+<h3><a name="roles_as_entries_in_the_directory" id="roles_as_entries_in_the_directory">Roles as entries in the directory</a></h3>
+<div class="level3">
+
+<p>
+
+Now imagine the following DIT:
+</p>
+
+<p>
+<a href="/_detail/documentation/dia_dit_roles.png?id=documentation%3A1.1%3Arbac" class="media" title="documentation:dia_dit_roles.png"><img src="../../../media/documentation/dia_dit_roles.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+Roles are entries, below branches representing applications. Each user has a ssoRoles attributes, which values are the <acronym title="Distinguished Name">DN</acronym> of the corresponding roles. With this organization, you can set roles to user within specific application.
+</p>
+
+<p>
+In the schema above, the user has the following values:
+
+</p>
+<pre class="file">
+ssoRoles: ou=admin,ou=aaa,ou=roles,dc=acme,dc=com
+ssoRoles: ou=user,ou=bbb,ou=roles,dc=acme,dc=com
+</pre>
+
+<p>
+So he is “user” on application “BBB” and “admin” on application “<acronym title="Authentication Authorization Accounting">AAA</acronym>”.
+</p>
+
+<p>
+Now we have to send to right role to the right application trough LemonLDAP::NG.
+</p>
+
+<p>
+First step: create a rule to grant access only if the user has a role in the application:
+</p>
+<ul>
+<li class="level1"><div class="li"> For application <acronym title="Authentication Authorization Accounting">AAA</acronym>:</div>
+</li>
+</ul>
+<pre class="code">
+default =&gt; $ssoRoles =~ /ou=aaa,ou=roles/
+</pre>
+<ul>
+<li class="level1"><div class="li"> For application BBB:</div>
+</li>
+</ul>
+<pre class="code">
+default =&gt; $ssoRoles =~ /ou=bbb,ou=roles/
+</pre>
+
+<p>
+Second step: get the role name for the application. We will use the macros to do that. Create two macros (inside <code>Variablles</code> » <code>Macros</code>):
+</p>
+<ul>
+<li class="level1"><div class="li"> For application <acronym title="Authentication Authorization Accounting">AAA</acronym>:</div>
+</li>
+</ul>
+<pre class="code">
+aaaRole =&gt; ((grep{/ou=aaa/} split(&#039;;&#039;,$ssoRoles))[0] =~ /ou=(.*),ou=aaa/)[0]
+</pre>
+<ul>
+<li class="level1"><div class="li"> For application BBB:</div>
+</li>
+</ul>
+<pre class="code">
+bbbRole =&gt; ((grep{/ou=bbb/} split(&#039;;&#039;,$ssoRoles))[0] =~ /ou=(.*),ou=bbb/)[0]
+</pre>
+
+<p>
+These regular expressions read the &#039;ou&#039; value of the <acronym title="Distinguished Name">DN</acronym> of the role of the concerned application. This works if the user has only one role per application.
+</p>
+
+<p>
+Third step: provide the role to the application. It is done by creating the correct <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> header:
+</p>
+<ul>
+<li class="level1"><div class="li"> For application <acronym title="Authentication Authorization Accounting">AAA</acronym>:</div>
+</li>
+</ul>
+<pre class="code">
+Auth-Roles =&gt; $aaaRoles
+</pre>
+<ul>
+<li class="level1"><div class="li"> For application BBB:</div>
+</li>
+</ul>
+<pre class="code">
+Auth-Roles =&gt; $bbbRoles
+</pre>
+
+<p>
+Now the protected application can read in the header <acronym title="Hyper Text Transfer Protocol">HTTP</acronym>_AUTH_ROLES the role of the user.
+</p>
+
+<p>
+<p><div class="notetip">
+If you have more than one role for an application, you can join those roles with a separator (ex: ||):
+
+</p>
+<pre class="code">
+aaaRole =&gt; join(&#039; || &#039;, (map {/uid=(.*),ou=aaa.*/} (grep{/ou=aaa/} split(&#039;;&#039;,$ssoRoles)))
+</pre>
+
+<p>
+
+
+</div></p>
+
+</p>
+
+</div>
+<!-- SECTION "Roles as entries in the directory" [1070-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/redirections.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/redirections.html
@ -0,0 +1,103 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="redirections" id="redirections">Redirections</a></h1>
+<div class="level1">
+
+<p>
+
+<p><div class="noteclassic">When a user access a Handler without a cookie, he is redirected on portal, and the target <acronym title="Uniform Resource Locator">URL</acronym> is encoded in redirection <acronym title="Uniform Resource Locator">URL</acronym> (to redirect user after authentication process).
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Redirections" [1-215] -->
+<h2><a name="protocol_and_port" id="protocol_and_port">Protocol and port</a></h2>
+<div class="level2">
+
+<p>
+
+To encode the redirection <acronym title="Uniform Resource Locator">URL</acronym>, the will use some Apache environment variables and also configuration settings:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>HTTPS</strong>: use https as protocol</div>
+</li>
+<li class="level1"><div class="li"> <strong>Port</strong>: port of the application (by default, 80 for http, 443 for https)</div>
+</li>
+</ul>
+
+<p>
+
+These parameters can be configured in Manager, in <code>General Parameters</code> &gt; <code>Advanced parameters</code> &gt; <code>Handler redirections</code>.
+</p>
+
+<p>
+<p><div class="notetip">These settings can be overriden per virtual host, see <a href="../../documentation/1.1/configvhost.html" class="wikilink1" title="documentation:1.1:configvhost">virtual host management</a>.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Protocol and port" [216-715] -->
+<h2><a name="forbidden_and_server_error" id="forbidden_and_server_error">Forbidden and Server error</a></h2>
+<div class="level2">
+
+<p>
+
+Handler use the default Apache error code for the following cases:
+</p>
+<ul>
+<li class="level1"><div class="li"> User has no access authorization: FORBIDDEN (403)</div>
+</li>
+<li class="level1"><div class="li"> An error occurs on server side: SERVER_ERROR (500)</div>
+</li>
+</ul>
+
+<p>
+
+These errors can be catch trough Apache <code>ErrorDocument</code> directive, to redirect user on a specific page:
+</p>
+<pre class="code file apache"><span class="co1"># Common error page and security parameters</span>
+<span class="kw1">ErrorDocument</span> 403 http://auth.example.com/?lmError=403
+<span class="kw1">ErrorDocument</span> <span class="nu0">500</span> http://auth.example.com/?lmError=<span class="nu0">500</span></pre>
+
+<p>
+It is also possible to redirect the user without using <code>ErrorDocument</code>: the Handler will not return 403 or 500 code, but code 302 (REDIRECT). 
+</p>
+
+<p>
+The user will be redirected on portal <acronym title="Uniform Resource Locator">URL</acronym> with error in the <code>lmError</code> <acronym title="Uniform Resource Locator">URL</acronym> parameter.
+</p>
+
+<p>
+These parameters can be configured in Manager, in <code>General Parameters</code> &gt; <code>Advanced parameters</code> &gt; <code>Handler redirections</code>:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Redirect on forbidden</strong>: use 302 instead 403</div>
+</li>
+<li class="level1"><div class="li"> <strong>Redirect on error</strong>: use 302 instead 500</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Forbidden and Server error" [716-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/resetpassword.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/resetpassword.html
@ -0,0 +1,115 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="reset_password_by_mail" id="reset_password_by_mail">Reset password by mail</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "Reset password by mail" [1-38] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> can propose a password reset form, for users who loose their password (this kind of application is also called a self service password interface).
+</p>
+
+<p>
+Kinematics:
+</p>
+<ol>
+<li class="level1"><div class="li"> User enters his email in the password reset form</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="LemonLDAP::NG">LL::NG</acronym> try to find the user in users database</div>
+</li>
+<li class="level1"><div class="li"> A mail with a token is sent to user</div>
+</li>
+<li class="level1"><div class="li"> The user click on the link in the mail</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="LemonLDAP::NG">LL::NG</acronym> validate the token and set a random password</div>
+</li>
+<li class="level1"><div class="li"> The random password is sent to user</div>
+</li>
+</ol>
+
+<p>
+
+<p><div class="notetip">If <a href="../../documentation/1.1/authldap.html" class="wikilink1" title="documentation:1.1:authldap">LDAP backend</a> is used, and <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> password policy is enabled, the <code>pwdReset</code> flag is set to TRUE, so that the user is forced to change his password on next connection.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Presentation" [39-715] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+<p>
+
+The reset password link must be activated, see <a href="../../documentation/1.1/portalcustom.html#other_parameters" class="wikilink1" title="documentation:1.1:portalcustom">portal customization</a>.
+</p>
+
+<p>
+Then go in Manager, <code>General Parameters</code> » <code>Advanced Parameters</code> » <code>Password management</code>:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong><acronym title="Simple Mail Transfer Protocol">SMTP</acronym> Server</strong>: <acronym title="Internet Protocol">IP</acronym> or hostname of the <acronym title="Simple Mail Transfer Protocol">SMTP</acronym> server (default: localhost)</div>
+</li>
+<li class="level1"><div class="li"> <strong>Page <acronym title="Uniform Resource Locator">URL</acronym></strong>: <acronym title="Uniform Resource Locator">URL</acronym> of password reset page (default: [PORTAL]/mail.pl)</div>
+</li>
+<li class="level1"><div class="li"> <strong>Mail sender</strong>: address seen in the “From” field (default: noreply@[DOMAIN])</div>
+</li>
+<li class="level1"><div class="li"> <strong>Success mail subject</strong>: Subject of mail sent when password is changed (default: [LemonLDAP::NG] Your new password)</div>
+</li>
+<li class="level1"><div class="li"> <strong>Success mail content</strong> (optional): Content of mail sent when password is changed</div>
+</li>
+<li class="level1"><div class="li"> <strong>Confirmation mail subject</strong>: Subject of mail sent when password change is asked (default: [LemonLDAP::NG] Password reset confirmation)</div>
+</li>
+<li class="level1"><div class="li"> <strong>Confirmation mail content</strong> (optional): Content of mail sent when password change is asked</div>
+</li>
+<li class="level1"><div class="li"> <strong>Regexp for password generation</strong>: Regular expression used to generate the password (default: [A-Z]{3}[a-z]{5}.\d{2})</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="noteimportant">
+By default, mail content are empty in order to use <acronym title="HyperText Markup Language">HTML</acronym> templates:
+</p>
+<ul>
+<li class="level1"><div class="li"> portal/skins/common/mail_confirm.tpl</div>
+</li>
+<li class="level1"><div class="li"> portal/skins/common/mail_password.tpl</div>
+</li>
+</ul>
+
+<p>
+
+If you define mail contents in Manager, <acronym title="HyperText Markup Language">HTML</acronym> templates will not be used.
+
+</div></p>
+
+</p>
+
+</div>
+<!-- SECTION "Configuration" [716-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/samlservice.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/samlservice.html
@ -0,0 +1,643 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="saml_service_configuration" id="saml_service_configuration">SAML service configuration</a></h1>
+<div class="level1">
+
+<p>
+
+<p><div class="noteclassic"><acronym title="Security Assertion Markup Language">SAML</acronym> service configuration is a common step to configure <acronym title="LemonLDAP::NG">LL::NG</acronym> as <a href="../../documentation/1.1/authsaml.html" class="wikilink1" title="documentation:1.1:authsaml">SAML SP</a> or <a href="../../documentation/1.1/idpsaml.html" class="wikilink1" title="documentation:1.1:idpsaml">SAML IDP</a>.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "SAML service configuration" [1-169] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+This documentation explains how configure <acronym title="Security Assertion Markup Language">SAML</acronym> service in <acronym title="LemonLDAP::NG">LL::NG</acronym>, in particular:
+</p>
+<ul>
+<li class="level1"><div class="li"> Install prerequisites</div>
+</li>
+<li class="level1"><div class="li"> Import or generate security keys</div>
+</li>
+<li class="level1"><div class="li"> Set <acronym title="Security Assertion Markup Language">SAML</acronym> end points</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="noteimportant">Service configuration will be used to generate <acronym title="LemonLDAP::NG">LL::NG</acronym> <acronym title="Security Assertion Markup Language">SAML</acronym> metadata, that will be shared with other providers. It means that if you modify some settings here, you will have to share again the metadata with other providers. In other words, take the time to configure this part before sharing metadata.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Presentation" [170-689] -->
+<h2><a name="prerequisites" id="prerequisites">Prerequisites</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Prerequisites" [690-716] -->
+<h3><a name="lasso" id="lasso">Lasso</a></h3>
+<div class="level3">
+
+<p>
+
+<a href="/_detail/documentation/lasso.png?id=documentation%3A1.1%3Asamlservice" class="media" title="documentation:lasso.png"><img src="../../../media/documentation/lasso.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+SAML2 implementation is based on <a href="http://lasso.entrouver.org" class="urlextern" title="http://lasso.entrouver.org"  rel="nofollow">Lasso</a>. You will need a very recent version of Lasso (&gt;= 2.3.0).
+</p>
+
+</div>
+
+<h4><a name="debianubuntu" id="debianubuntu">Debian/Ubuntu</a></h4>
+<div class="level4">
+
+<p>
+
+There are packages available here: <a href="http://deb.entrouvert.org/" class="urlextern" title="http://deb.entrouvert.org/"  rel="nofollow">http://deb.entrouvert.org/</a>.
+</p>
+
+<p>
+You will only need to install liblasso3-perl package:
+</p>
+<pre class="code">
+sudo apt-get install liblasso3-perl
+</pre>
+
+</div>
+
+<h4><a name="rhelcentosfedora" id="rhelcentosfedora">RHEL/CentOS/Fedora</a></h4>
+<div class="level4">
+
+<p>
+
+Packages should be available soon.
+</p>
+
+</div>
+
+<h4><a name="other" id="other">Other</a></h4>
+<div class="level4">
+
+<p>
+
+<a href="http://lasso.entrouvert.org/download/" class="urlextern" title="http://lasso.entrouvert.org/download/"  rel="nofollow">Download the Lasso tarball</a> and compile it on your system.
+</p>
+
+</div>
+<!-- SECTION "Lasso" [717-1273] -->
+<h3><a name="apache_rewrite_rules" id="apache_rewrite_rules">Apache rewrite rules</a></h3>
+<div class="level3">
+
+<p>
+
+Be sure that mod_rewrite is installed and that SAML2 rewrite rules are activated in <a href="../../documentation/1.1/configlocation.html#portal" class="wikilink1" title="documentation:1.1:configlocation">Apache portal configuration</a>:
+</p>
+<pre class="code file apache">&lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
+        <span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
+        <span class="kw1">RewriteRule</span> ^/saml/metadata /metadata.pl
+        <span class="kw1">RewriteRule</span> ^/saml/.* /index.pl
+&lt;/<span class="kw3">IfModule</span>&gt;</pre>
+
+</div>
+<!-- SECTION "Apache rewrite rules" [1274-1619] -->
+<h2><a name="service_configuration" id="service_configuration">Service configuration</a></h2>
+<div class="level2">
+
+<p>
+
+Go in Manager and click on <code><acronym title="Security Assertion Markup Language">SAML</acronym> 2 Service</code> node.
+</p>
+
+<p>
+<p><div class="notetip">You can use #PORTAL# in values to replace the portal <acronym title="Uniform Resource Locator">URL</acronym>.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Service configuration" [1620-1783] -->
+<h3><a name="entry_identifier" id="entry_identifier">Entry Identifier</a></h3>
+<div class="level3">
+
+<p>
+
+Your EntityID, often use as metadata <acronym title="Uniform Resource Locator">URL</acronym>, by default #PORTAL#/saml/metadata.
+</p>
+
+<p>
+<p><div class="noteclassic">
+The value will be use in metadata main markup:
+
+</p>
+<pre class="code file xml"><span class="sc3"><span class="re1">&lt;EntityDescriptor</span> <span class="re0">entityID</span>=<span class="st0">&quot;http://auth.example.com/saml/metadata&quot;</span><span class="re2">&gt;</span></span>
+  ...
+<span class="sc3"><span class="re1">&lt;/EntityDescriptor<span class="re2">&gt;</span></span></span></pre>
+
+<p>
+
+
+</div></p>
+</p>
+
+<p>
+<p><div class="notewarning">If you modify <code>/saml/metadata</code> suffix you have to change corresponding Apache rewrite rule.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Entry Identifier" [1784-2181] -->
+<h3><a name="security_parameters" id="security_parameters">Security parameters</a></h3>
+<div class="level3">
+
+<p>
+
+You can define keys for <acronym title="Security Assertion Markup Language">SAML</acronym> message signature and encryption. If no encryption keys are defined, signature keys are used for signature and encryption.
+</p>
+
+<p>
+To define keys, you can:
+</p>
+<ul>
+<li class="level1"><div class="li"> import your own private and public keys (<code>Load from a file</code> input)</div>
+</li>
+<li class="level1"><div class="li"> generate new public and private keys (<code>Generate</code> button)</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">You can enter a password to protect private key with a password. It will be prompted if you generate keys, else you can set it in the <code>Private key password</code>.
+</div></p>
+</p>
+
+<p>
+<a href="/_detail/documentation/manager-saml-private-key.png?id=documentation%3A1.1%3Asamlservice" class="media" title="documentation:manager-saml-private-key.png"><img src="../../../media/documentation/manager-saml-private-key.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+<p><div class="notetip">You can import a certificate containing the public key instead the raw public key. However, certificate will not be really validated by other <acronym title="Security Assertion Markup Language">SAML</acronym> components (expiration date, common name, etc.), but will just be a public key wrapper.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Security parameters" [2182-3010] -->
+<h3><a name="nameid_formats" id="nameid_formats">NameID formats</a></h3>
+<div class="level3">
+
+<p>
+
+<a href="/_detail/documentation/manager-saml-namid-formats.png?id=documentation%3A1.1%3Asamlservice" class="media" title="documentation:manager-saml-namid-formats.png"><img src="../../../media/documentation/manager-saml-namid-formats.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+<acronym title="Security Assertion Markup Language">SAML</acronym> can use different NameID formats. The NameID is the main user identifier, carried in <acronym title="Security Assertion Markup Language">SAML</acronym> messages. You can configure here which field of <acronym title="LemonLDAP::NG">LL::NG</acronym> session will be associated to a NameID format.
+</p>
+
+<p>
+<p><div class="noteclassic">This parameter is used by <a href="../../documentation/1.1/idpsaml.html" class="wikilink1" title="documentation:1.1:idpsaml">SAML IDP</a> to fill the NameID in authentication responses.
+</div></p>
+</p>
+
+<p>
+Customizable NameID formats are:
+</p>
+<ul>
+<li class="level1"><div class="li"> Email</div>
+</li>
+<li class="level1"><div class="li"> X509</div>
+</li>
+<li class="level1"><div class="li"> Windows</div>
+</li>
+<li class="level1"><div class="li"> Kerberos</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">For example, if you are using <a href="../../documentation/1.1/authldap.html" class="wikilink1" title="documentation:1.1:authldap">AD as authentication backend</a>, you can use sAMAccountName for the Windows NameID format.
+</div></p>
+</p>
+
+<p>
+Other NameID formats are automatically managed:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Transient</strong>: NameID is generated</div>
+</li>
+<li class="level1"><div class="li"> <strong>Persistent</strong>: NameID is restored from previous sessions</div>
+</li>
+<li class="level1"><div class="li"> <strong>Undefined</strong>: Default NameID format is used</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "NameID formats" [3011-3823] -->
+<h3><a name="authentication_contexts" id="authentication_contexts">Authentication contexts</a></h3>
+<div class="level3">
+
+<p>
+
+<a href="/_detail/documentation/manager-saml-service-authn-contexts.png?id=documentation%3A1.1%3Asamlservice" class="media" title="documentation:manager-saml-service-authn-contexts.png"><img src="../../../media/documentation/manager-saml-service-authn-contexts.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+Each <acronym title="LemonLDAP::NG">LL::NG</acronym> authentication module has an authentication level, which can be associated to an <a href="http://docs.oasis-open.org/security/saml/v2.0/saml-authn-context-2.0-os.pdf" class="urlextern" title="http://docs.oasis-open.org/security/saml/v2.0/saml-authn-context-2.0-os.pdf"  rel="nofollow">SAML authentication context</a>.
+</p>
+
+<p>
+<p><div class="noteclassic">This parameter is used by <a href="../../documentation/1.1/idpsaml.html" class="wikilink1" title="documentation:1.1:idpsaml">SAML IDP</a> to fill the authentication context in authentication responses. It will use the authentication level registered in user session to match the <acronym title="Security Assertion Markup Language">SAML</acronym> authentication context. It is also used by <a href="../../documentation/1.1/authsaml.html" class="wikilink1" title="documentation:1.1:authsaml">SAML SP</a> to fill the authentication level in user session, based on authentication response authentication context.
+</div></p>
+</p>
+
+<p>
+Customizable NameID formats are:
+</p>
+<ul>
+<li class="level1"><div class="li"> Password</div>
+</li>
+<li class="level1"><div class="li"> Password protected transport</div>
+</li>
+<li class="level1"><div class="li"> TLS client</div>
+</li>
+<li class="level1"><div class="li"> Kerberos</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Authentication contexts" [3824-4610] -->
+<h3><a name="organization" id="organization">Organization</a></h3>
+<div class="level3">
+
+<p>
+
+<p><div class="noteclassic">
+This concerns all parameters for the Organization metadata section:
+
+</p>
+<pre class="code file xml"><span class="sc3"><span class="re1">&lt;Organization<span class="re2">&gt;</span></span></span>
+  <span class="sc3"><span class="re1">&lt;OrganizationName</span> <span class="re0">xml:lang</span>=<span class="st0">&quot;en&quot;</span><span class="re2">&gt;</span></span>Example<span class="sc3"><span class="re1">&lt;/OrganizationName<span class="re2">&gt;</span></span></span>
+  <span class="sc3"><span class="re1">&lt;OrganizationDisplayName</span> <span class="re0">xml:lang</span>=<span class="st0">&quot;en&quot;</span><span class="re2">&gt;</span></span>Example<span class="sc3"><span class="re1">&lt;/OrganizationDisplayName<span class="re2">&gt;</span></span></span>
+  <span class="sc3"><span class="re1">&lt;OrganizationURL</span> <span class="re0">xml:lang</span>=<span class="st0">&quot;en&quot;</span><span class="re2">&gt;</span></span>http://www.example.com<span class="sc3"><span class="re1">&lt;/OrganizationURL<span class="re2">&gt;</span></span></span>
+<span class="sc3"><span class="re1">&lt;/Organization<span class="re2">&gt;</span></span></span></pre>
+
+<p>
+
+
+</div></p>
+
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Display Name</strong>: should be displayed on IDP, this is often your society name</div>
+</li>
+<li class="level1"><div class="li"> <strong>Name</strong>: internal name</div>
+</li>
+<li class="level1"><div class="li"> <strong><acronym title="Uniform Resource Locator">URL</acronym></strong>: <acronym title="Uniform Resource Locator">URL</acronym> of your society</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Organization" [4611-5122] -->
+<h3><a name="service_provider" id="service_provider">Service Provider</a></h3>
+<div class="level3">
+
+<p>
+
+<p><div class="noteclassic">
+This concerns all parameters for the Service Provider metadata section: 
+
+</p>
+<pre class="code file xml"><span class="sc3"><span class="re1">&lt;SPSSODescriptor<span class="re2">&gt;</span></span></span>
+  ...
+<span class="sc3"><span class="re1">&lt;/SPSSODescriptor<span class="re2">&gt;</span></span></span></pre>
+
+<p>
+
+
+</div></p>
+</p>
+
+</div>
+
+<h4><a name="general_options" id="general_options">General options</a></h4>
+<div class="level4">
+<ul>
+<li class="level1"><div class="li"> <strong>Signed Authentication Request</strong>: set to On to always sign authentication request.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Want Assertions Signed</strong>: set to On to require that received assertions are signed.</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">These options can then be overridden for each Identity Provider.
+</div></p>
+</p>
+
+</div>
+
+<h4><a name="single_logout" id="single_logout">Single Logout</a></h4>
+<div class="level4">
+
+<p>
+
+For each binding you can set:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Location</strong>: Access Point for SLO request.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Response Location</strong>: Access Point for SLO response.</div>
+</li>
+</ul>
+
+<p>
+
+<a href="/_detail/documentation/manager-saml-service-sp-slo.png?id=documentation%3A1.1%3Asamlservice" class="media" title="documentation:manager-saml-service-sp-slo.png"><img src="../../../media/documentation/manager-saml-service-sp-slo.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+Available bindings are:
+</p>
+<ul>
+<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> Redirect</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> POST</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> <acronym title="Simple Object Access Protocol">SOAP</acronym></div>
+</li>
+</ul>
+
+</div>
+
+<h4><a name="assertion_consumer" id="assertion_consumer">Assertion Consumer</a></h4>
+<div class="level4">
+
+<p>
+
+For each binding you can set:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Default</strong>: will this binding be used by default for authentication response.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Location</strong>: Access Point for <acronym title="Single Sign On">SSO</acronym> request and response.</div>
+</li>
+</ul>
+
+<p>
+
+<a href="/_detail/documentation/manager-saml-service-sp-ac.png?id=documentation%3A1.1%3Asamlservice" class="media" title="documentation:manager-saml-service-sp-ac.png"><img src="../../../media/documentation/manager-saml-service-sp-ac.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+Available bindings are:
+</p>
+<ul>
+<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> Artifact</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> POST</div>
+</li>
+</ul>
+
+</div>
+
+<h4><a name="artifact_resolution" id="artifact_resolution">Artifact Resolution</a></h4>
+<div class="level4">
+
+<p>
+
+The only authorized binding is <acronym title="Simple Object Access Protocol">SOAP</acronym>. This should be set as Default.
+</p>
+
+</div>
+<!-- SECTION "Service Provider" [5123-6286] -->
+<h3><a name="identity_provider" id="identity_provider">Identity Provider</a></h3>
+<div class="level3">
+
+<p>
+
+<p><div class="noteclassic">
+This concerns all parameters for the Service Provider metadata section:
+
+</p>
+<pre class="code file xml"><span class="sc3"><span class="re1">&lt;IDPSSODescriptor<span class="re2">&gt;</span></span></span>
+  ...
+<span class="sc3"><span class="re1">&lt;/IDPSSODescriptor<span class="re2">&gt;</span></span></span></pre>
+
+<p>
+
+
+</div></p>
+</p>
+
+</div>
+
+<h4><a name="general_parameters" id="general_parameters">General parameters</a></h4>
+<div class="level4">
+<ul>
+<li class="level1"><div class="li"> <strong>Want Authentication Request Signed</strong>: set to On to require that received authentication request are signed.</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">This option can then be overridden for each Service Provider.
+</div></p>
+</p>
+
+</div>
+
+<h4><a name="single_sign_on" id="single_sign_on">Single Sign On</a></h4>
+<div class="level4">
+
+<p>
+
+For each binding you can set:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Location</strong>: Access Point for <acronym title="Single Sign On">SSO</acronym> request.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Response Location</strong>: Access Point for <acronym title="Single Sign On">SSO</acronym> response.</div>
+</li>
+</ul>
+
+<p>
+
+Available bindings are:
+</p>
+<ul>
+<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> Redirect</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> POST</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> Artifact</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> <acronym title="Simple Object Access Protocol">SOAP</acronym></div>
+</li>
+</ul>
+
+</div>
+
+<h4><a name="single_logout1" id="single_logout1">Single Logout</a></h4>
+<div class="level4">
+
+<p>
+
+For each binding you can set:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Location</strong>: Access Point for SLO request.</div>
+</li>
+<li class="level2"><div class="li"> <strong>Response Location</strong>: Access Point for SLO response.</div>
+</li>
+</ul>
+
+<p>
+
+Available bindings are:
+</p>
+<ul>
+<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> Redirect</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> POST</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> <acronym title="Simple Object Access Protocol">SOAP</acronym></div>
+</li>
+</ul>
+
+</div>
+
+<h4><a name="artifact_resolution1" id="artifact_resolution1">Artifact Resolution</a></h4>
+<div class="level4">
+
+<p>
+
+The only authorized binding is <acronym title="Simple Object Access Protocol">SOAP</acronym>. This should be set as Default.
+</p>
+
+</div>
+<!-- SECTION "Identity Provider" [6287-7275] -->
+<h3><a name="attribute_authority" id="attribute_authority">Attribute Authority</a></h3>
+<div class="level3">
+
+<p>
+
+<p><div class="noteclassic">
+This concerns all parameters for the Attribute Authority metadata section
+
+</p>
+<pre class="code file xml"><span class="sc3"><span class="re1">&lt;AttributeAuthorityDescriptor<span class="re2">&gt;</span></span></span>
+  ...
+<span class="sc3"><span class="re1">&lt;/AttributeAuthorityDescriptor<span class="re2">&gt;</span></span></span></pre>
+
+<p>
+
+
+</div></p>
+</p>
+
+</div>
+
+<h4><a name="attribute_service" id="attribute_service">Attribute Service</a></h4>
+<div class="level4">
+
+<p>
+
+This is the only service to configure, and it accept only the <acronym title="Simple Object Access Protocol">SOAP</acronym> binding.
+</p>
+
+<p>
+Response Location should be empty, as <acronym title="Simple Object Access Protocol">SOAP</acronym> responses are directly returned (synchronous binding).
+</p>
+
+</div>
+<!-- SECTION "Attribute Authority" [7276-7687] -->
+<h3><a name="advanced" id="advanced">Advanced</a></h3>
+<div class="level3">
+
+<p>
+
+These parameters are not mandatory to run <acronym title="Security Assertion Markup Language">SAML</acronym> service, but can help to customize it:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>IDP resolution cookie name</strong>: by default, it&#039;s the <acronym title="LemonLDAP::NG">LL::NG</acronym> cookie name suffixed by <code>idp</code>, for example: <code>lemonldapidp</code>.</div>
+</li>
+<li class="level1"><div class="li"> <strong>UTF8 metadata conversion</strong>: set to On to force  partner&#039;s metadata conversion.</div>
+</li>
+</ul>
+
+</div>
+
+<h4><a name="saml_sessions_module_name_and_options" id="saml_sessions_module_name_and_options">SAML sessions module name and options</a></h4>
+<div class="level4">
+
+<p>
+
+By default, the main session module is used to store <acronym title="Security Assertion Markup Language">SAML</acronym> temporary data (like relay-states), but <acronym title="Security Assertion Markup Language">SAML</acronym> sessions need to use a session module compatible with the <a href="../../documentation/features.html#session_restrictions" class="wikilink1" title="documentation:features">sessions restrictions feature</a>.
+</p>
+
+<p>
+This is not the case of <a href="../../documentation/1.1/memcachedsessionbackend.html" class="wikilink1" title="documentation:1.1:memcachedsessionbackend">Memcached</a> for example. In this case, you can choose a different module to manage <acronym title="Security Assertion Markup Language">SAML</acronym> sessions.
+</p>
+
+<p>
+<p><div class="notetip">You can also choose a different session module to split <acronym title="Single Sign On">SSO</acronym> sessions and <acronym title="Security Assertion Markup Language">SAML</acronym> sessions.
+</div></p>
+</p>
+
+</div>
+
+<h4><a name="common_domain_cookie" id="common_domain_cookie">Common Domain Cookie</a></h4>
+<div class="level4">
+
+<p>
+
+<p><div class="noteclassic">Common Domain Cookie is also know as <a href="http://www.switch.ch/aai/support/tools/wayf.html" class="urlextern" title="http://www.switch.ch/aai/support/tools/wayf.html"  rel="nofollow">WAYF Service</a>.
+</div></p>
+</p>
+
+<p>
+The common domain is used by <a href="../../documentation/1.1/authsaml.html" class="wikilink1" title="documentation:1.1:authsaml">SAML SP</a> to find an Identity Provider for the user, and by <a href="../../documentation/1.1/idpsaml.html" class="wikilink1" title="documentation:1.1:idpsaml">SAML IDP</a> to register itself in user&#039;s IDP list.
+</p>
+
+<p>
+Configuration parameters are:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Activation</strong>: Set to On to enable Common Domain Cookie support.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Common domain</strong>: Name of the common domain (where common cookie is available).</div>
+</li>
+<li class="level1"><div class="li"> <strong>Reader <acronym title="Uniform Resource Locator">URL</acronym></strong>: <acronym title="Uniform Resource Locator">URL</acronym> used by <acronym title="Security Assertion Markup Language">SAML</acronym> SP to read the cookie. Leave blank to deactivate the feature.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Writer <acronym title="Uniform Resource Locator">URL</acronym></strong>: <acronym title="Uniform Resource Locator">URL</acronym> used by <acronym title="Security Assertion Markup Language">SAML</acronym> IDP to write the cookie. Leave blank to deactivate the feature.</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Advanced" [7688-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/security.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/security.html
@ -0,0 +1,333 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="security_recommendation" id="security_recommendation">Security recommendation</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "Security recommendation" [1-39] -->
+<h2><a name="secure_configuration_access" id="secure_configuration_access">Secure configuration access</a></h2>
+<div class="level2">
+
+<p>
+
+Configuration can be stored in several formats (<a href="../../documentation/1.1/sqlconfbackend.html" class="wikilink1" title="documentation:1.1:sqlconfbackend">SQL</a>, <a href="../../documentation/1.1/fileconfbackend.html" class="wikilink1" title="documentation:1.1:fileconfbackend">File</a>, <a href="../../documentation/1.1/ldapconfbackend.html" class="wikilink1" title="documentation:1.1:ldapconfbackend">LDAP</a>) but must be shared over the network if you use more than 1 server. If some of your servers are not in the same (secured) network than the database, it is recommended to use <a href="../../documentation/1.1/soapconfbackend.html" class="wikilink1" title="documentation:1.1:soapconfbackend">SOAP access</a> for those servers.
+</p>
+
+<p>
+<p><div class="notetip">You can use different type of access: <a href="../../documentation/1.1/sqlconfbackend.html" class="wikilink1" title="documentation:1.1:sqlconfbackend">SQL</a>, <a href="../../documentation/1.1/fileconfbackend.html" class="wikilink1" title="documentation:1.1:fileconfbackend">File</a> or <a href="../../documentation/1.1/ldapconfbackend.html" class="wikilink1" title="documentation:1.1:ldapconfbackend">LDAP</a> for servers in secured network and <a href="../../documentation/1.1/soapconfbackend.html" class="wikilink1" title="documentation:1.1:soapconfbackend">SOAP</a> for remote servers.
+</div></p>
+</p>
+
+<p>
+Next, you have to configure the <acronym title="Simple Object Access Protocol">SOAP</acronym> access as described <a href="../../documentation/1.1/soapconfbackend.html#next_configure_soap_for_your_remote_servers" class="wikilink1" title="documentation:1.1:soapconfbackend">here</a> since <acronym title="Simple Object Access Protocol">SOAP</acronym> access is denied by default.
+</p>
+
+</div>
+<!-- SECTION "Secure configuration access" [40-809] -->
+<h2><a name="protect_the_manager" id="protect_the_manager">Protect the Manager</a></h2>
+<div class="level2">
+
+<p>
+
+By default, the manager is restricted to localhost in its Apache configuration file, but no accounting is done. To change this, you can choose one of the following:
+</p>
+<ul>
+<li class="level1"><div class="li"> protect the manager by Apache configuration</div>
+</li>
+<li class="level1"><div class="li"> protect the manager by <acronym title="LemonLDAP::NG">LL::NG</acronym></div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Protect the Manager" [810-1090] -->
+<h3><a name="protect_the_manager_by_apache" id="protect_the_manager_by_apache">Protect the Manager by Apache</a></h3>
+<div class="level3">
+
+<p>
+
+You can use any of the mechanisms proposed by Apache: <acronym title="Secure Sockets Layer">SSL</acronym>, Auth-Basic, Kerberos,… Example
+
+</p>
+<pre class="code apache">&lt;<span class="kw3">VirtualHost</span> *:443&gt;
+    <span class="kw1">ServerName</span> manager.example.com
+    <span class="co1"># SSL parameters</span>
+    ...
+    <span class="co1"># DocumentRoot</span>
+    <span class="kw1">DocumentRoot</span> /var/lib/lemonldap-ng/manager/
+    &lt;<span class="kw3">Location</span> /&gt;
+        <span class="kw1">AuthType</span> Basic
+        <span class="kw1">AuthName</span> <span class="st0">&quot;Lemonldap::NG manager&quot;</span>
+        <span class="kw1">AuthUserFile</span> /usr/local/apache/passwd/passwords
+        <span class="kw1">Require</span> <span class="kw1">user</span> rbowen
+        <span class="kw1">Order</span> <span class="kw1">allow</span>,<span class="kw1">deny</span>
+        <span class="kw1">Deny</span> from <span class="kw2">all</span>
+        <span class="kw1">Allow</span> from 192.168.142.0/24
+        <span class="kw1">Options</span> +ExecCGI
+    &lt;/<span class="kw3">Location</span>&gt;
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+</div>
+<!-- SECTION "Protect the Manager by Apache" [1091-1701] -->
+<h3><a name="protect_the_manager_by_llng" id="protect_the_manager_by_llng">Protect the Manager by LL::NG</a></h3>
+<div class="level3">
+
+<p>
+
+To protect the manager by <acronym title="LemonLDAP::NG">LL::NG</acronym>, you just have to set this in <code>lemonldap-ng.ini</code> configuration file (section [manager]):
+
+</p>
+<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>manager<span class="br0">&#93;</span></span>
+<span class="re1">protection</span> <span class="sy0">=</span><span class="re2"> manager</span></pre>
+
+<p>
+<p><div class="noteimportant">Before, you have to create the virtual host <code>manager.your.domain</code> in the manager and set a <a href="../../documentation/1.1/writingrulesand_headers.html#rules" class="wikilink1" title="documentation:1.1:writingrulesand_headers">rules</a>, else access to the manager will be denied.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Protect the Manager by LL::NG" [1702-2118] -->
+<h2><a name="write_good_rules" id="write_good_rules">Write good rules</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Write good rules" [2119-2148] -->
+<h3><a name="order_your_rules" id="order_your_rules">Order your rules</a></h3>
+<div class="level3">
+
+<p>
+
+<a href="../../documentation/1.1/writingrulesand_headers.html#rules" class="wikilink1" title="documentation:1.1:writingrulesand_headers">Rules</a> are applied in alphabetical order (comment and regular expression). The first rule that matches is applied.
+</p>
+
+<p>
+<p><div class="noteimportant">The “default” rule is only applied if no other rule match
+</div></p>
+</p>
+
+<p>
+The Manager let you define comments in rules, to order them:
+</p>
+
+<p>
+<a href="/_detail/documentation/manager_access_rule.png?id=documentation%3A1.1%3Asecurity" class="media" title="documentation:manager_access_rule.png"><img src="../../../media/documentation/manager_access_rule.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+For example, if these rules are used without comments:
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  Regular expression  </th><th class="col1 centeralign">  Rule  </th><th class="col2 leftalign"> Comment  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0"> ^/pub/admin/ </td><td class="col1"> $uid eq “root” </td><td class="col2"> </td>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0"> ^/pub/ </td><td class="col1"> accept </td><td class="col2"> </td>
+	</tr>
+</table>
+
+<p>
+
+Then the second rule will be applied first, so every authenticated user will access to <code>/pub/admin</code> directory.
+</p>
+
+<p>
+Use comment to correct this:
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  Regular expression  </th><th class="col1 centeralign">  Rule  </th><th class="col2 leftalign"> Comment  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0"> ^/pub/admin/ </td><td class="col1"> $uid eq “root” </td><td class="col2"> 1_pub </td>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0"> ^/pub/ </td><td class="col1"> accept </td><td class="col2"> 2_admin </td>
+	</tr>
+</table>
+
+<p>
+
+<p><div class="notetip">
+</p>
+<ul>
+<li class="level1"><div class="li"> Reload the Manager to see the order that will be used</div>
+</li>
+<li class="level1"><div class="li"> Use rule comments to order your rules</div>
+</li>
+</ul>
+
+<p>
+
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Order your rules" [2149-3072] -->
+<h3><a name="be_careful_with_url_parameters" id="be_careful_with_url_parameters">Be careful with URL parameters</a></h3>
+<div class="level3">
+
+<p>
+
+You can write <a href="../../documentation/1.1/writingrulesand_headers.html#rules" class="wikilink1" title="documentation:1.1:writingrulesand_headers">rules</a> matching any component of <acronym title="Uniform Resource Locator">URL</acronym> to protect including GET parameters, but be careful.
+</p>
+
+<p>
+For example with this rule on the <code>access</code> parameter:
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  Regular expression  </th><th class="col1 centeralign">  Rule  </th><th class="col2 leftalign"> Comment  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0"> ^/index.php\?.*access=admin </td><td class="col1"> $groups =~ /\badmin\b/ </td><td class="col2"> </td>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0"> default </td><td class="col1"> accept </td><td class="col2"> </td>
+	</tr>
+</table>
+
+<p>
+
+Then a user that try to access to one of the following <em class="u">will be granted</em> !
+</p>
+<ul>
+<li class="level1"><div class="li"> /index.php?access=admin&amp;access=other</div>
+</li>
+<li class="level1"><div class="li"> /index.php?Access=admin</div>
+</li>
+</ul>
+
+<p>
+
+You can use the following rules instead:
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  Regular expression  </th><th class="col1 centeralign">  Rule  </th><th class="col2 leftalign"> Comment  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0"> ^/(?i)index.php\?.*access.*access </td><td class="col1"> deny </td><td class="col2"> 0_bad </td>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0"> ^/(?i)index.php\?.*access=admin </td><td class="col1"> $groups =~ /\badmin\b/ </td><td class="col2"> 1_admin </td>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0"> default </td><td class="col1"> accept </td><td class="col2"> </td>
+	</tr>
+</table>
+
+<p>
+
+<p><div class="notetip"><strong>(?i)</strong> means case no sensitive.
+</div></p>
+</p>
+
+<p>
+<p><div class="notewarning">Remember that rules written on GET parameters must be tested.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Be careful with URL parameters" [3073-3981] -->
+<h3><a name="encoded_characters" id="encoded_characters">Encoded characters</a></h3>
+<div class="level3">
+
+<p>
+
+Some characters are encoded in URLs by the browser (such as space,…). To avoid problems, <acronym title="LemonLDAP::NG">LL::NG</acronym> decode them using <a href="http://search.cpan.org/perldoc?Apache2::URI#unescape_url" class="urlextern" title="http://search.cpan.org/perldoc?Apache2::URI#unescape_url"  rel="nofollow">http://search.cpan.org/perldoc?Apache2::URI#unescape_url</a>. So write your rules using normal characters.
+</p>
+
+</div>
+<!-- SECTION "Encoded characters" [3982-4235] -->
+<h2><a name="secure_reverse-proxies" id="secure_reverse-proxies">Secure reverse-proxies</a></h2>
+<div class="level2">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> can protect any Apache hosted application including Apache reverse-proxy mechanism. Example:
+</p>
+<pre class="code apache">PerlOptions +GlobalRequest
+PerlRequire /var/lib/lemonldap-ng/handler/MyHandler.pm
+&lt;<span class="kw3">VirtualHost</span> *:443&gt;
+    <span class="kw1">SSLEngine</span> <span class="kw2">On</span>
+    ... other SSL parameters ...
+    PerlInitHandler My::Handler
+    <span class="kw1">ServerName</span> appl1.example.com
+    <span class="kw1">ProxyPass</span> / http://hiddenappl1.example.com/
+    <span class="kw1">ProxyPassReverse</span> / http://hiddenappl1.example.com/
+    <span class="kw1">ProxyPassReverseCookieDomain</span> / http://hiddenappl1.example.com/
+&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
+
+<p>
+See <a href="http://httpd.apache.org/docs/2.2/mod/mod_proxy.html" class="urlextern" title="http://httpd.apache.org/docs/2.2/mod/mod_proxy.html"  rel="nofollow">mod_proxy</a> and <a href="http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html" class="urlextern" title="http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html"  rel="nofollow">mod_rewrite</a> documentation for more about configuring Apache reverse-proxies.
+</p>
+
+<p>
+Such configuration can have some security problems:
+</p>
+<ul>
+<li class="level1"><div class="li"> if a user can access directly to the hidden application, it can bypass <acronym title="LemonLDAP::NG">LL::NG</acronym> protection</div>
+</li>
+<li class="level1"><div class="li"> if many hidden applications are on the same private network, if one is corrupted (by <acronym title="Structured Query Language">SQL</acronym> injection, or another attack), the hacker will be able to access to other applications without using reverse-proxies so it can bypass <acronym title="LemonLDAP::NG">LL::NG</acronym> protection</div>
+</li>
+</ul>
+
+<p>
+
+It is recommended to secure the channel between reverse-proxies and application to be sure that only request coming from the <acronym title="LemonLDAP::NG">LL::NG</acronym> protected reverse-proxies are allowed. You can use one or a combination of:
+</p>
+<ul>
+<li class="level1"><div class="li"> firewalls (but be careful if more than 1 server is behind the firewall)</div>
+</li>
+<li class="level1"><div class="li"> server based restriction (like Apache “allow/deny” mechanism)</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Secure Sockets Layer">SSL</acronym> client certificate for the reverse-proxy (see SSLProxy* parameters in <a href="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html" class="urlextern" title="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html"  rel="nofollow">mod_ssl documentation</a>)</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Secure reverse-proxies" [4236-5904] -->
+<h2><a name="configure_security_settings" id="configure_security_settings">Configure security settings</a></h2>
+<div class="level2">
+
+<p>
+
+Go in Manager, <code>General parameters</code> » <code>Advanced parameters</code> » <code>Security</code>:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Username control</strong>: Regular expression used to check user login syntax.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Force authentication</strong>: set to &#039;On&#039; to force authentication when user connects to portal, even if he has a valid session</div>
+</li>
+<li class="level1"><div class="li"> <strong>Encryption key</strong>: key used to crypt some data, should not be known by other applications</div>
+</li>
+<li class="level1"><div class="li"> <strong>Trusted domains</strong>: domains on which the user can be redirected after login on portal. Set &#039;*&#039; to accept all.</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Configure security settings" [5905-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/selfmadeapplication.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/selfmadeapplication.html
@ -0,0 +1,149 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="protect_your_application" id="protect_your_application">Protect your application</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "Protect your application" [1-40] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+Your application can know the connected user using:
+</p>
+<ul>
+<li class="level1"><div class="li"> REMOTE_USER environment variable (with local Handler or SetEnvIf trick)</div>
+</li>
+<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> header (in all cases)</div>
+</li>
+</ul>
+
+<p>
+
+To get more information on user (name, mail, etc.), you have to read <a href="../../documentation/1.1/writingrulesand_headers.html#headers" class="wikilink1" title="documentation:1.1:writingrulesand_headers">HTTP headers</a>.
+</p>
+
+<p>
+<p><div class="notetip">
+If your application is based on <a href="http://search.cpan.org/perldoc?CGI" class="urlextern" title="http://search.cpan.org/perldoc?CGI"  rel="nofollow">Perl CGI package</a>, you can simply replace <acronym title="Common Gateway Interface">CGI</acronym> by <a href="#perl_auto-protected_cgi" title="documentation:1.1:selfmadeapplication &crarr;" class="wikilink1">Lemonldap::NG::Handler::CGI</a>
+
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Presentation" [41-542] -->
+<h2><a name="code_snippet" id="code_snippet">Code snippet</a></h2>
+<div class="level2">
+
+<p>
+
+Examples with a <a href="../../documentation/1.1/writingrulesand_headers.html#headers" class="wikilink1" title="documentation:1.1:writingrulesand_headers">configured header</a> named &#039;Auth-User&#039;:
+</p>
+
+</div>
+<!-- SECTION "Code snippet" [543-658] -->
+<h3><a name="perl" id="perl">Perl</a></h3>
+<div class="level3">
+<pre class="code file perl"><a href="http://perldoc.perl.org/functions/print.html"><span class="kw3">print</span></a> <span class="st0">&quot;Connected user: &quot;</span><span class="sy0">.</span><span class="re0">$ENV</span><span class="br0">&#123;</span>HTTP_AUTH_USER<span class="br0">&#125;</span><span class="sy0">;</span></pre>
+
+</div>
+<!-- SECTION "Perl" [659-742] -->
+<h3><a name="php" id="php">PHP</a></h3>
+<div class="level3">
+<pre class="code file php"><span class="kw1">print</span> <span class="st0">&quot;Connected user: &quot;</span><span class="sy0">.</span><span class="re0">$_SERVER</span><span class="br0">&#123;</span>HTTP_AUTH_USER<span class="br0">&#125;</span><span class="sy0">;</span></pre>
+
+</div>
+<!-- SECTION "PHP" [743-828] -->
+<h2><a name="perl_auto-protected_cgi" id="perl_auto-protected_cgi">Perl auto-protected CGI</a></h2>
+<div class="level2">
+
+<p>
+
+Using this feature, you don&#039;t have to use virtual host protection: protection is embedded in Lemonldap::NG::Handler::<acronym title="Common Gateway Interface">CGI</acronym>.
+</p>
+
+<p>
+Lemonldap::NG::Handler::<acronym title="Common Gateway Interface">CGI</acronym> adds some functions to <a href="http://search.cpan.org/perldoc?CGI" class="urlextern" title="http://search.cpan.org/perldoc?CGI"  rel="nofollow">CGI</a>:
+</p>
+<ul>
+<li class="level1"><div class="li"> authenticate: check if user is authenticated; if not, redirect it to the portal</div>
+</li>
+<li class="level1"><div class="li"> authorize: check if user is authorizated to access to this <acronym title="Uniform Resource Locator">URL</acronym></div>
+</li>
+</ul>
+
+<p>
+
+Example:
+</p>
+<ul>
+<li class="level1"><div class="li"> Code to replace:</div>
+</li>
+</ul>
+<pre class="code perl"><span class="kw1">my</span> <span class="re0">$cgi</span> <span class="sy0">=</span> <span class="kw2">new</span> CGI<span class="sy0">;</span>
+<span class="sy0">...</span></pre>
+<ul>
+<li class="level1"><div class="li"> New code:</div>
+</li>
+</ul>
+<pre class="code perl"><span class="kw1">my</span> <span class="re0">$cgi</span> <span class="sy0">=</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Handler</span><span class="sy0">::</span><span class="me2">CGI</span><span class="sy0">-&gt;</span><span class="me1">new</span> <span class="br0">&#40;</span><span class="br0">&#123;</span><span class="br0">&#125;</span><span class="br0">&#41;</span><span class="sy0">;</span>
+<span class="re0">$cgi</span><span class="sy0">-&gt;</span><span class="me1">authenticate</span><span class="br0">&#40;</span><span class="br0">&#41;</span><span class="sy0">;</span>
+<span class="re0">$cgi</span><span class="sy0">-&gt;</span><span class="me1">authorize</span><span class="br0">&#40;</span><span class="br0">&#41;</span><span class="sy0">;</span>
+<span class="sy0">...</span></pre>
+
+<p>
+
+Then you can access to user datas
+
+</p>
+<pre class="code perl"><span class="co1"># Get attributes (or macros)</span>
+<span class="kw1">my</span> <span class="re0">$cn</span> <span class="sy0">=</span> <span class="re0">$cgi</span><span class="sy0">-&gt;</span><span class="me1">user</span><span class="sy0">-&gt;</span><span class="br0">&#123;</span>cn<span class="br0">&#125;</span>
+&nbsp;
+<span class="co1"># Test if user is member of a Lemonldap::NG group (or LDAP mapped group)</span>
+<span class="kw1">if</span><span class="br0">&#40;</span> <span class="re0">$cgi</span><span class="sy0">-&gt;</span><span class="me1">group</span><span class="br0">&#40;</span><span class="st_h">'admin'</span><span class="br0">&#41;</span> <span class="br0">&#41;</span> <span class="br0">&#123;</span>
+  <span class="co1"># special html code for admins</span>
+<span class="br0">&#125;</span>
+<span class="kw1">else</span> <span class="br0">&#123;</span>
+  <span class="co1"># another HTML code</span>
+<span class="br0">&#125;</span></pre>
+
+<p>
+You can test any <acronym title="Uniform Resource Locator">URL</acronym> to see if it&#039;s protected using testUri(). It returns:
+</p>
+<ul>
+<li class="level1"><div class="li"> 1 if user is authorizated to access to it</div>
+</li>
+<li class="level1"><div class="li"> 0 if not</div>
+</li>
+<li class="level1"><div class="li"> -1 if this <acronym title="Uniform Resource Locator">URL</acronym> is not known by <acronym title="LemonLDAP::NG">LL::NG</acronym> configuration</div>
+</li>
+</ul>
+<pre class="code perl"><span class="kw1">if</span><span class="br0">&#40;</span><span class="re0">$cgi</span><span class="sy0">-&gt;</span><span class="me1">testUri</span><span class="br0">&#40;</span><span class="st_h">'http://test3.example.com/'</span><span class="br0">&#41;</span> <span class="br0">&#123;</span>
+  <a href="http://perldoc.perl.org/functions/print.html"><span class="kw3">print</span></a> <span class="st_h">'&lt;a href=&quot;http://test3.example.com/&quot;&gt;click here&lt;/a&gt;'</span><span class="sy0">;</span>
+<span class="br0">&#125;</span></pre>
+
+</div>
+<!-- SECTION "Perl auto-protected CGI" [829-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/sessions.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/sessions.html
@ -0,0 +1,76 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="sessions" id="sessions">Sessions</a></h1>
+<div class="level1">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> rely on a session mechanism with the session ID as a shared secret between the user (in <a href="../../documentation/1.1/ssocookie.html" class="wikilink1" title="documentation:1.1:ssocookie">SSO cookie</a>) and the <a href="../../documentation/1.1/start.html#sessions_databases" class="wikilink1" title="documentation:1.1:start">session database</a>.
+</p>
+
+<p>
+To configure sessions, go in Manager, <code>General Parameters</code> » <code>Sessions</code>:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Opening conditions</strong>: a rule that will be evaluated to grant session to a user.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Store user password in session data</strong>: see <a href="../../documentation/1.1/passwordstore.html" class="wikilink1" title="documentation:1.1:passwordstore">password store documentation</a>.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Sessions timeout</strong>: Maximum lifetime of a session. Old sessions are deleted by a cron script.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Sessions activity timeout</strong>: Maximum inactivity duration.</div>
+</li>
+</ul>
+
+<p>
+<p><div class="notewarning">Session activity timeout requires Handlers to have a write access to sessions database.
+</div></p>
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Sessions Storage</strong>: see <a href="../../documentation/1.1/start.html#sessions_database" class="wikilink1" title="documentation:1.1:start">sessions database configuration</a>.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Multiple sessions</strong>, you can restrict the number of open sessions:</div>
+<ul>
+<li class="level2"><div class="li"> <strong>One session only by user</strong>: a user can not open 2 sessions with the same account.</div>
+</li>
+<li class="level2"><div class="li"> <strong>One <acronym title="Internet Protocol">IP</acronym> only by user</strong>: a user can not open 2 sessions with the same <acronym title="Internet Protocol">IP</acronym>.</div>
+</li>
+<li class="level2"><div class="li"> <strong>One user by <acronym title="Internet Protocol">IP</acronym> address</strong>: 2 users can not open a session with the same <acronym title="Internet Protocol">IP</acronym>.</div>
+</li>
+<li class="level2"><div class="li"> <strong>Display deleted sessions</strong>: display deleted sessions on authentication phase.</div>
+</li>
+<li class="level2"><div class="li"> <strong>Display other sessions </strong>: display other sessions on authentication phase, with a link to delete them.</div>
+</li>
+</ul>
+</li>
+</ul>
+
+<p>
+<p><div class="noteimportant">Note that since <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> protocol is not connected, restrictions are not applied to the new session: the oldest are destroyed.
+</div></p>
+</p>
+
+</div>
+</div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/soapconfbackend.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/soapconfbackend.html
@ -0,0 +1,86 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="soap_configuration_backend" id="soap_configuration_backend">SOAP configuration backend</a></h1>
+<div class="level1">
+
+<p>
+
+You can share your configuration over the network using <acronym title="Simple Object Access Protocol">SOAP</acronym> proxy system.
+</p>
+
+<p>
+<p><div class="notetip">Note that <acronym title="Simple Object Access Protocol">SOAP</acronym> is not a real configuration backend, but just a proxy system to access to your configuration over the network
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "SOAP configuration backend" [1-261] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Configuration" [262-288] -->
+<h3><a name="first_configure_your_real_backend" id="first_configure_your_real_backend">First, configure your real backend</a></h3>
+<div class="level3">
+<ul>
+<li class="level1"><div class="li"> On your main server, configure a <a href="../../documentation/1.0/fileconfbackend.html" class="wikilink1" title="documentation:1.0:fileconfbackend">File</a>, <a href="../../documentation/1.0/sqlconfbackend.html" class="wikilink1" title="documentation:1.0:sqlconfbackend">SQL</a> or <a href="../../documentation/1.0/ldapconfbackend.html" class="wikilink1" title="documentation:1.0:ldapconfbackend">LDAP</a> backend</div>
+</li>
+<li class="level1"><div class="li"> Set <acronym title="Simple Object Access Protocol">SOAP</acronym> parameter to true in the configuration using the manager: the portal will become a <acronym title="Simple Object Access Protocol">SOAP</acronym> server</div>
+</li>
+<li class="level1"><div class="li"> Configure Apache to allow remote access: in <code>portal-apache2.conf</code>, remote <acronym title="Simple Object Access Protocol">SOAP</acronym> access is disabled by default. Change it:</div>
+</li>
+</ul>
+<pre class="code apache"><span class="co1"># SOAP functions for configuration access (disabled by default)</span>
+&lt;<span class="kw3">Location</span> /index.pl/config&gt;
+    <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
+    <span class="kw1">Deny</span> from <span class="kw2">all</span>
+    <span class="kw1">Allow</span> from 192.168.2.0/24
+&lt;/<span class="kw3">Location</span>&gt;</pre>
+
+</div>
+<!-- SECTION "First, configure your real backend" [289-941] -->
+<h3><a name="next_configure_soap_for_your_remote_servers" id="next_configure_soap_for_your_remote_servers">Next, configure SOAP for your remote servers</a></h3>
+<div class="level3">
+
+<p>
+
+Change configuration in lemonldap-ng.ini :
+
+</p>
+<pre class="code file ini"><span class="re1">type</span>         <span class="sy0">=</span><span class="re2"> SOAP</span>
+<span class="re1">proxy</span>        <span class="sy0">=</span><span class="re2"> https://auth.example.com/index.pl/config</span></pre>
+
+<p>
+
+You can also add some other parameters
+
+</p>
+<pre class="code file ini"><span class="re1">User</span>         <span class="sy0">=</span><span class="re2"> lemonldap</span>
+<span class="re1">Password</span>     <span class="sy0">=</span><span class="re2"> mypassword</span>
+# LWP::UserAgent parameters
+<span class="re1">proxyOptions</span> <span class="sy0">=</span><span class="re2"> <span class="br0">&#123;</span> timeout <span class="sy0">=</span>&gt; <span class="nu0">5</span> <span class="br0">&#125;</span></span></pre>
+
+</div>
+<!-- SECTION "Next, configure SOAP for your remote servers" [942-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/soapminihowto.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/soapminihowto.html
@ -0,0 +1,70 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="configure_lemonldapng_to_use_soap_proxy_mechanism" id="configure_lemonldapng_to_use_soap_proxy_mechanism">Configure LemonLDAP::NG to use SOAP proxy mechanism</a></h1>
+<div class="level1">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> use 2 internal databases to store its configuration and sessions. It can be configured to use <acronym title="Simple Object Access Protocol">SOAP</acronym> instead of direct access to those databases (for remote servers).
+<p><div class="notetip">This mechanism can be used to secure access for remote servers that cross an unsecured network to access to <acronym title="LemonLDAP::NG">LL::NG</acronym> databases.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Configure LemonLDAP::NG to use SOAP proxy mechanism" [1-383] -->
+<h2><a name="use_soap_for_lemonldapng_configuration" id="use_soap_for_lemonldapng_configuration">Use SOAP for Lemonldap::NG configuration</a></h2>
+<div class="level2">
+
+<p>
+
+Steps:
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/start.html#configuration_database" class="wikilink1" title="documentation:1.1:start">Choose and configure your main configuration storage system</a></div>
+</li>
+<li class="level1"><div class="li"> Follow <a href="../../documentation/1.1/soapconfbackend.html" class="wikilink1" title="documentation:1.1:soapconfbackend">SOAP configuration backend</a> page</div>
+</li>
+<li class="level1"><div class="li"> Restart all your remote Apache servers</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Use SOAP for Lemonldap::NG configuration" [384-649] -->
+<h2><a name="use_soap_for_lemonldapng_sessions" id="use_soap_for_lemonldapng_sessions">Use SOAP for Lemonldap::NG sessions</a></h2>
+<div class="level2">
+
+<p>
+
+Steps:
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/start.html#sessions_database" class="wikilink1" title="documentation:1.1:start">Choose and configure your main sessions storage system</a></div>
+</li>
+<li class="level1"><div class="li"> Follow <a href="../../documentation/1.1/soapsessionbackend.html" class="wikilink1" title="documentation:1.1:soapsessionbackend">SOAP sessions backend</a> page</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Use SOAP for Lemonldap::NG sessions" [650-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/soapservices.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/soapservices.html
@ -0,0 +1,128 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="soap_services" id="soap_services">SOAP services</a></h1>
+<div class="level1">
+
+<p>
+
+Lemonldap::NG provides 2 <acronym title="Simple Object Access Protocol">SOAP</acronym> servers :
+</p>
+<ul>
+<li class="level1"><div class="li"> the <a href="../../documentation/1.1/portal.html" class="wikilink1" title="documentation:1.1:portal">portal</a></div>
+</li>
+<li class="level1"><div class="li"> the manager (for internal use only)</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "SOAP services" [1-129] -->
+<h2><a name="portal_soap_services" id="portal_soap_services">Portal SOAP services</a></h2>
+<div class="level2">
+
+<p>
+
+<acronym title="Simple Object Access Protocol">SOAP</acronym> functions are not accessible by network by default. <acronym title="Simple Object Access Protocol">SOAP</acronym> functions are protected by Apache, you can change this in <a href="../../documentation/1.1/configlocation.html#portal" class="wikilink1" title="documentation:1.1:configlocation">Apache portal configuration</a>:
+</p>
+<pre class="code file apache">    <span class="co1"># SOAP functions for sessions management (disabled by default)</span>
+    &lt;<span class="kw3">Location</span> /index.pl/adminSessions&gt;
+        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
+        <span class="kw1">Allow</span> from <span class="kw2">all</span>
+    &lt;/<span class="kw3">Location</span>&gt;
+&nbsp;
+    <span class="co1"># SOAP functions for sessions access (disabled by default)</span>
+    &lt;<span class="kw3">Location</span> /index.pl/sessions&gt;
+        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
+        <span class="kw1">Allow</span> from <span class="kw2">all</span>
+    &lt;/<span class="kw3">Location</span>&gt;
+&nbsp;
+    <span class="co1"># SOAP functions for configuration access (disabled by default)</span>
+    &lt;<span class="kw3">Location</span> /index.pl/config&gt;
+        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
+        <span class="kw1">Allow</span> from <span class="kw2">all</span>
+    &lt;/<span class="kw3">Location</span>&gt;
+&nbsp;
+    <span class="co1"># SOAP functions for notification insertion (disabled by default)</span>
+    &lt;<span class="kw3">Location</span> /index.pl/notification&gt;
+        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
+        <span class="kw1">Allow</span> from <span class="kw2">all</span>
+    &lt;/<span class="kw3">Location</span>&gt;</pre>
+
+<p>
+<p><div class="notetip">You can create a <acronym title="Simple Object Access Protocol">SOAP</acronym> only portal by setting “soapOnly = 1” in lemonldap-ng.ini (section PORTAL)
+</div></p>
+
+</p>
+<ul>
+<li class="level1"><div class="li"> Read-only functions (index.pl/sessions or index.pl/adminSessions paths):</div>
+<ul>
+<li class="level2"><div class="li"> <strong>getCookies(user,password)</strong>: authentication system. Returns cookie(s) name and values</div>
+</li>
+<li class="level2"><div class="li"> <strong>getAttributes(cookieValue)</strong>: get elements stored in session</div>
+</li>
+<li class="level2"><div class="li"> <strong>isAuthorizedURI(cookieValue,url)</strong>: check if user is granted to access to the function</div>
+</li>
+<li class="level2"><div class="li"> <strong>getMenuApplications(cookieValue)</strong>: return a list of authorizated applications (based on menu calculation)</div>
+</li>
+</ul>
+</li>
+<li class="level1"><div class="li"> Read/Write functions (index.pl/adminSessions paths):</div>
+<ul>
+<li class="level2"><div class="li"> <strong>setAttributes(cookieValue,hashtable)</strong>: update a session</div>
+</li>
+<li class="level2"><div class="li"> <strong>newSession</strong>: create a session (return attributes)</div>
+</li>
+<li class="level2"><div class="li"> <strong>deleteSession</strong>: delete a session</div>
+</li>
+<li class="level2"><div class="li"> <strong>get_key_from_all_sessions</strong>: list all sessions and return asked keys</div>
+</li>
+</ul>
+</li>
+<li class="level1"><div class="li"> Notification send function (index.pl/notification):</div>
+<ul>
+<li class="level2"><div class="li"> <strong>newNotification(xmlString)</strong>: insert a notification for a user (see <a href="../../documentation/1.1/notifications.html" class="wikilink1" title="documentation:1.1:notifications">Notifications system</a> for more)</div>
+</li>
+</ul>
+</li>
+</ul>
+
+<p>
+
+<p><div class="noteimportant">When you use <a href="../../documentation/1.1/soapsessionbackend.html" class="wikilink1" title="documentation:1.1:soapsessionbackend">SOAP sessions backend</a>, it is recommended to use read-only <acronym title="Uniform Resource Locator">URL</acronym> (<a href="http://portal/index.pl/sessions" class="urlextern" title="http://portal/index.pl/sessions"  rel="nofollow">http://portal/index.pl/sessions</a>). Write session path is needed only if you use a remote session explorer or a remote portal
+
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Portal SOAP services" [130-2327] -->
+<h2><a name="wsdl_file" id="wsdl_file">WSDL file</a></h2>
+<div class="level2">
+
+<p>
+
+When portal is installed, a file named portal.wsdl is created. It can be upgraded using buildPortalWSDL script.
+</p>
+
+</div>
+<!-- SECTION "WSDL file" [2328-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/soapsessionbackend.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/soapsessionbackend.html
@ -0,0 +1,130 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="soap_session_backend" id="soap_session_backend">SOAP session backend</a></h1>
+<div class="level1">
+
+<p>
+
+<acronym title="LemonLDAP::NG">LL::NG</acronym> portal provides <acronym title="Simple Object Access Protocol">SOAP</acronym> end points for sessions management:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>sessions/</strong>: read only access to sessions (enough for distant Handlers)</div>
+</li>
+<li class="level1"><div class="li"> <strong>adminSessions/</strong>: read/write access to sessions (required for distant Portal or distant Manager)</div>
+</li>
+</ul>
+
+<p>
+
+This session backend can be used to share sessions stored in a non-network backend (like <a href="../../documentation/1.1/filesessionbackend.html" class="wikilink1" title="documentation:1.1:filesessionbackend">file session backend</a>) or in a network backend protected with a firewall that only accepts <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> flows.
+</p>
+
+<p>
+Most of the time, <acronym title="Simple Object Access Protocol">SOAP</acronym> session backend is used by Handlers installed on external servers.
+</p>
+
+<p>
+To configure it, <acronym title="Simple Object Access Protocol">SOAP</acronym> session backend will be set trough Manager in global configuration (used by all Hanlders), and the real session backend will be configured for local components in lemonldap-ng.ini.
+</p>
+
+</div>
+<!-- SECTION "SOAP session backend" [1-792] -->
+<h2><a name="setup" id="setup">Setup</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Setup" [793-811] -->
+<h3><a name="manager" id="manager">Manager</a></h3>
+<div class="level3">
+
+<p>
+
+First, active <acronym title="Simple Object Access Protocol">SOAP</acronym> in <code>General parameters</code> » <code>Advanced parameters</code> » <code><acronym title="Simple Object Access Protocol">SOAP</acronym></code>.
+</p>
+
+<p>
+Then, set <code>Lemonldap::NG::Common::Apache::Session::<acronym title="Simple Object Access Protocol">SOAP</acronym></code> in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
+
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign" colspan="3">  Required parameters  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<th class="col0 centeralign">  Name  </th><th class="col1 centeralign">  Comment  </th><th class="col2 centeralign">  Example  </th>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0 centeralign">  <strong>proxy</strong>  </td><td class="col1"> <acronym title="Uniform Resource Locator">URL</acronym> of sessions <acronym title="Simple Object Access Protocol">SOAP</acronym> end point </td><td class="col2"> http://auth.example.com/index.pl/sessions </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Manager" [812-1283] -->
+<h3><a name="apache" id="apache">Apache</a></h3>
+<div class="level3">
+
+<p>
+
+Sessions <acronym title="Simple Object Access Protocol">SOAP</acronym> end points access must be allowed in Apache portal configuration (for example, access by <acronym title="Internet Protocol">IP</acronym> range):
+</p>
+<pre class="code file apache"><span class="co1"># SOAP functions for sessions management (disabled by default)</span>
+&lt;<span class="kw3">Location</span> /index.pl/adminSessions&gt;
+    <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
+    <span class="kw1">Deny</span> from <span class="kw2">all</span>
+    <span class="kw1">Allow</span> from 192.168.2.0/24
+&lt;/<span class="kw3">Location</span>&gt;
+&nbsp;
+<span class="co1"># SOAP functions for sessions access (disabled by default)</span>
+&lt;<span class="kw3">Location</span> /index.pl/sessions&gt;
+    <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
+    <span class="kw1">Deny</span> from <span class="kw2">all</span>
+    <span class="kw1">Allow</span> from 192.168.2.0/24
+&lt;/<span class="kw3">Location</span>&gt;</pre>
+
+</div>
+<!-- SECTION "Apache" [1284-1789] -->
+<h3><a name="real_session_backend" id="real_session_backend">Real session backend</a></h3>
+<div class="level3">
+
+<p>
+
+Real session backend will be configured in <code>lemonldap-ng.ini</code>, in <code>portal</code> section (the portal hosts the <acronym title="Simple Object Access Protocol">SOAP</acronym> service for sessions, and will do the link between <acronym title="Simple Object Access Protocol">SOAP</acronym> requests and real sessions).
+</p>
+
+<p>
+For example, if real sessions are stored in <a href="../../documentation/1.1/filesessionbackend.html" class="wikilink1" title="documentation:1.1:filesessionbackend">files</a>:
+</p>
+<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
+<span class="re1">globalStorage</span> <span class="sy0">=</span><span class="re2"> Apache::Session::File</span>
+<span class="re1">globalStorageOptions</span> <span class="sy0">=</span><span class="re2"> <span class="br0">&#123;</span> 'Directory' <span class="sy0">=</span>&gt; '/var/lib/lemonldap-ng/sessions/', 'LockDirectory' <span class="sy0">=</span>&gt; '/var/lib/lemonldap-ng/sessions/lock/', <span class="br0">&#125;</span></span></pre>
+
+<p>
+<p><div class="notetip">If your sessions explorer is on the same server that the portal, either use the <strong>adminSessions</strong> end point in Manager configuration, or override the <code>globalStorage</code> and <code>globalStorageOptions</code> parameters in section all (and not portal) of <code>lemonldap-ng.ini</code>. 
+</div></p>
+
+</p>
+
+</div>
+<!-- SECTION "Real session backend" [1790-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/sqlconfbackend.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/sqlconfbackend.html
@ -0,0 +1,142 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="sql_configuration_backends" id="sql_configuration_backends">SQL configuration backends</a></h1>
+<div class="level1">
+
+<p>
+
+There is 3 types of <acronym title="Structured Query Language">SQL</acronym> configuration backends for LemonLDAP::NG :
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>CDBI</strong> : very simple storage</div>
+</li>
+<li class="level1"><div class="li"> <strong>RDBI</strong> : triple store storage</div>
+</li>
+<li class="level1"><div class="li"> <strong><acronym title="Database Interface">DBI</acronym></strong> which has been deprecated: it is a read-only backend that exists just for compatibility with older versions of LemonLDAP::NG. See <a href="../../documentation/1.1/changeconfbackend.html" class="wikilink1" title="documentation:1.1:changeconfbackend">how to change configuration backend</a>.</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "SQL configuration backends" [1-382] -->
+<h2><a name="lemonldap-ngini_parameters" id="lemonldap-ngini_parameters">Lemonldap-ng.ini parameters</a></h2>
+<div class="level2">
+
+<p>
+
+To use a <acronym title="Structured Query Language">SQL</acronym> backend, configure your <code>lemonldap-ng.ini</code> file (section configuration) :
+</p>
+<ul>
+<li class="level1"><div class="li"> Choose <acronym title="Database Interface">DBI</acronym> type (RDBI, CDBI or <acronym title="Database Interface">DBI</acronym>)</div>
+</li>
+<li class="level1"><div class="li"> Configure the connection string (see <a href="http://search.cpan.org/perldoc?DBI" class="urlextern" title="http://search.cpan.org/perldoc?DBI"  rel="nofollow">DBI manual page</a>)</div>
+</li>
+<li class="level1"><div class="li"> Configure user and password</div>
+</li>
+<li class="level1"><div class="li"> If your table is not named lmConfig, set it&#039;s name in <code>dbiTable</code> parameter.</div>
+</li>
+</ul>
+
+<p>
+Example for MySQL :
+
+</p>
+<pre class="code ini"><span class="re0"><span class="br0">&#91;</span>configuration<span class="br0">&#93;</span></span>
+<span class="re1">type</span> <span class="sy0">=</span><span class="re2"> RDBI</span>
+<span class="re1">dbiChain</span>    <span class="sy0">=</span><span class="re2"> DBI:mysql:database=lemonldap-ng</span><span class="co0">;host=1.2.3.4</span>
+<span class="re1">dbiUser</span>     <span class="sy0">=</span><span class="re2"> lemonldap</span>
+<span class="re1">dbiPassword</span> <span class="sy0">=</span><span class="re2"> password</span>
+<span class="co0">; optional</span>
+<span class="re1">dbiTable</span>    <span class="sy0">=</span><span class="re2"> mytablename</span></pre>
+
+</div>
+<!-- SECTION "Lemonldap-ng.ini parameters" [383-974] -->
+<h2><a name="configure_your_sql_database" id="configure_your_sql_database">Configure your SQL database</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Configure your SQL database" [975-1015] -->
+<h3><a name="sql_configuration" id="sql_configuration">SQL configuration</a></h3>
+<div class="level3">
+
+</div>
+
+<h4><a name="rdbi" id="rdbi">RDBI</a></h4>
+<div class="level4">
+<pre class="code">
+CREATE TABLE lmConfig (
+    cfgNum int(11) NOT NULL,
+    field varchar(255) NOT NULL DEFAULT &#039;&#039;,
+    value longblob,
+    PRIMARY KEY (cfgNum,field)
+    );
+</pre>
+
+</div>
+
+<h4><a name="cdbi" id="cdbi">CDBI</a></h4>
+<div class="level4">
+<pre class="code">
+CREATE TABLE lmConfig (
+    cfgNum int not null primary key,
+    data longblob
+);
+</pre>
+
+</div>
+<!-- SECTION "SQL configuration" [1016-1341] -->
+<h3><a name="grant_lemonldapng_access" id="grant_lemonldapng_access">Grant LemonLDAP::NG access</a></h3>
+<div class="level3">
+
+<p>
+
+You have to grant read/write access for the manager component. Other components needs just a read access. You can also use the same user for all.
+</p>
+
+<p>
+<p><div class="notetip">You can use different dbiUser strings :
+</p>
+<ul>
+<li class="level1"><div class="li"> one with read/write rights for servers hosting the manager</div>
+</li>
+<li class="level1"><div class="li"> one with just read rights for other servers</div>
+</li>
+</ul>
+
+<p>
+
+</div></p>
+</p>
+
+<p>
+MySQL example (suppose that our servers are in 10.0.0.0/24 network):
+
+</p>
+<pre class="code sql"><span class="kw1">GRANT</span> <span class="kw1">SELECT</span><span class="sy0">,</span><span class="kw1">INSERT</span><span class="sy0">,</span><span class="kw1">UPDATE</span><span class="sy0">,</span><span class="kw1">LOCK</span> <span class="kw1">TABLES</span> <span class="kw1">ON</span> lmConfig<span class="sy0">.*</span>
+  <span class="kw1">TO</span> lemonldap<span class="sy0">-</span>ng@manager<span class="sy0">.</span>host <span class="kw1">IDENTIFIED</span> <span class="kw1">BY</span> <span class="st0">'mypassword'</span>;
+<span class="kw1">GRANT</span> <span class="kw1">SELECT</span> <span class="kw1">ON</span> lmConfig<span class="sy0">.*</span>
+  <span class="kw1">TO</span> lemonldap<span class="sy0">-</span>ng<span class="sy0">-</span>user@<span class="st0">'10.0.0.%'</span> <span class="kw1">IDENTIFIED</span> <span class="kw1">BY</span> <span class="st0">'myotherpassword'</span>;</pre>
+
+</div>
+<!-- SECTION "Grant LemonLDAP::NG access" [1342-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/sqlsessionbackend.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/sqlsessionbackend.html
@ -0,0 +1,184 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="sql_session_backend" id="sql_session_backend">SQL session backend</a></h1>
+<div class="level1">
+
+<p>
+
+<acronym title="Structured Query Language">SQL</acronym> session backend can be used with many <acronym title="Structured Query Language">SQL</acronym> databases such as:
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="http://search.cpan.org/perldoc?Apache::Session::MySQL" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::MySQL"  rel="nofollow">MySQL</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="http://search.cpan.org/perldoc?Apache::Session::Postgres" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Postgres"  rel="nofollow">PostgreSQL</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="http://search.cpan.org/perldoc?Apache::Session::Oracle" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Oracle"  rel="nofollow">Oracle</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="http://search.cpan.org/perldoc?Apache::Session::Informix" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Informix"  rel="nofollow">Informix</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="http://search.cpan.org/perldoc?Apache::Session::Sybase" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Sybase"  rel="nofollow">Sybase</a></div>
+</li>
+<li class="level1"><div class="li"> ….</div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "SQL session backend" [1-468] -->
+<h2><a name="setup" id="setup">Setup</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Setup" [469-487] -->
+<h3><a name="prepare_the_database" id="prepare_the_database">Prepare the database</a></h3>
+<div class="level3">
+
+<p>
+
+Your database must have a specific table to host sessions. Here are some examples for main databases servers.
+</p>
+
+</div>
+
+<h4><a name="mysql" id="mysql">MySQL</a></h4>
+<div class="level4">
+
+<p>
+
+Create a database if necessary:
+
+</p>
+<pre class="code">
+mysqladmin create lemonldapng
+</pre>
+
+<p>
+Create sessions table:
+
+</p>
+<pre class="code file sql"><span class="kw1">CREATE</span> <span class="kw1">TABLE</span> sessions <span class="br0">&#40;</span>
+    id char<span class="br0">&#40;</span>32<span class="br0">&#41;</span> <span class="kw1">NOT</span> <span class="kw1">NULL</span> <span class="kw1">PRIMARY</span> <span class="kw1">KEY</span><span class="sy0">,</span>
+    a_session blob
+    <span class="br0">&#41;</span>;</pre>
+
+</div>
+
+<h4><a name="postgresql" id="postgresql">PostgreSQL</a></h4>
+<div class="level4">
+
+<p>
+
+Create user and role:
+
+</p>
+<pre class="code">
+su - postgres
+createuser lemonldap-ng -P
+</pre>
+<pre class="code">
+Entrez le mot de passe pour le nouveau rôle : &lt;PASSWORD&gt;
+Entrez-le de nouveau : &lt;PASSWORD&gt;
+Le nouveau rôle est-il un super-utilisateur ? (o/n) n
+Le nouveau rôle doit-il être autorisé à créer des bases de données ? (o/n) n
+Le nouveau rôle doit-il être autorisé à créer de nouveaux rôles ? (o/n) n
+</pre>
+
+<p>
+Create database:
+
+</p>
+<pre class="code">
+createdb -O lemonldap-ng lemonldap-ng
+</pre>
+
+<p>
+Create table:
+
+</p>
+<pre class="code">
+psql -h 127.0.0.1 -U lemonldap-ng -W lemonldap-ng
+</pre>
+<pre class="code">
+Mot de passe pour l&#039;utilisateur lemonldap-ng :
+[...]
+lemonldap-ng=&gt; create table sessions ( id char(32) not null primary key, a_session text );
+lemonldap-ng=&gt; q
+</pre>
+
+</div>
+<!-- SECTION "Prepare the database" [488-1607] -->
+<h3><a name="manager" id="manager">Manager</a></h3>
+<div class="level3">
+
+<p>
+
+Go in the Manager and set the session module (for example <a href="http://search.cpan.org/perldoc?Apache::Session::Postgres" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Postgres"  rel="nofollow">Apache::Session::Postgres</a> for PostgreSQL) in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
+
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign" colspan="3">  Required parameters  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<th class="col0 centeralign">  Name  </th><th class="col1 centeralign">  Comment  </th><th class="col2 centeralign">  Example  </th>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0 centeralign">  <strong>DataSource</strong>  </td><td class="col1"> The <a href="http://search.cpan.org/perldoc?DBI" class="urlextern" title="http://search.cpan.org/perldoc?DBI"  rel="nofollow">DBI</a> string </td><td class="col2"> dbi:Pg:dbname=sessions;host=10.2.3.1 </td>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0 centeralign">  <strong>UserName</strong>  </td><td class="col1"> The database username </td><td class="col2"> lemonldapng </td>
+	</tr>
+	<tr class="row4 roweven">
+		<td class="col0 centeralign">  <strong>Password</strong>  </td><td class="col1"> The database password </td><td class="col2"> mysuperpassword </td>
+	</tr>
+	<tr class="row5 rowodd">
+		<td class="col0 centeralign">  <strong>Commit</strong>  </td><td class="col1"> Required for PostgreSQL </td><td class="col2"> 1 </td>
+	</tr>
+</table>
+
+<p>
+
+You must read the man page corresponding to your database (<a href="http://search.cpan.org/perldoc?Apache::Session::MySQL" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::MySQL"  rel="nofollow">Apache::Session::MySQL</a>, …) to learn more about parameters. You must also install the database connector (<a href="http://search.cpan.org/perldoc?DBD::Oracle" class="urlextern" title="http://search.cpan.org/perldoc?DBD::Oracle"  rel="nofollow">DBD::Oracle</a>, <a href="http://search.cpan.org/perldoc?DBD::Pg" class="urlextern" title="http://search.cpan.org/perldoc?DBD::Pg"  rel="nofollow">DBD::Pg</a>,…)
+</p>
+
+<p>
+If you choose to use MySQL, read <a href="../../documentation/1.1/performances.html#apachesession_performances" class="wikilink1" title="documentation:1.1:performances">how to increase MySQL performances</a>.
+</p>
+
+</div>
+<!-- SECTION "Manager" [1608-2735] -->
+<h2><a name="security" id="security">Security</a></h2>
+<div class="level2">
+
+<p>
+
+Restrict network access to the database.
+</p>
+
+<p>
+You can also use different user/password for your servers by overriding parameters <code>globalStorage</code> and <code>globalStorageOptions</code> in lemonldap-ng.ini file.
+</p>
+
+</div>
+<!-- SECTION "Security" [2736-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/ssocookie.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/ssocookie.html
@ -0,0 +1,110 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="single_sign_on_cookie_domain_and_portal_url" id="single_sign_on_cookie_domain_and_portal_url">Single Sign On cookie, domain and portal URL</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "Single Sign On cookie, domain and portal URL" [1-59] -->
+<h2><a name="sso_cookie" id="sso_cookie">SSO cookie</a></h2>
+<div class="level2">
+
+<p>
+
+The <acronym title="Single Sign On">SSO</acronym> cookie is build by the portal (as described in the <a href="../../documentation/presentation.html#login" class="wikilink1" title="documentation:presentation">login kinematic</a>), or by the Handler for cross domain authentication (see <a href="../../documentation/presentation.html#cross_domain_authentication_cda" class="wikilink1" title="documentation:presentation">CDA kinematic</a>).
+</p>
+
+<p>
+To edit <acronym title="Single Sign On">SSO</acronym> cookie parameters, go in Manager, <code>General Parameters</code> &gt; <code>Cookies</code>:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Cookie name</strong>: name of the cookie, can be changed to avoid conflicts with other LemonLDAP::NG installations</div>
+</li>
+<li class="level1"><div class="li"> <strong>Domain</strong>: validity domain for the cookie (the cookie will not be sent on other domains)</div>
+</li>
+<li class="level1"><div class="li"> <strong>Multiple domains</strong>: enable <a href="../../documentation/1.1/cda.html" class="wikilink1" title="documentation:1.1:cda">cross domain mechanism</a> (without this, you cannot extend <acronym title="Single Sign On">SSO</acronym> to other domains)</div>
+</li>
+<li class="level1"><div class="li"> <strong>Secured cookie</strong>: 3 options:</div>
+<ul>
+<li class="level2"><div class="li"> <strong>Non secured cookie</strong>: the cookie can be sent over <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> and HTTPS connections</div>
+</li>
+<li class="level2"><div class="li"> <strong>Secured cookie</strong>: the cookie can only be sent over HTTPS</div>
+</li>
+<li class="level2"><div class="li"> <strong>Double cookie</strong>: two cookies are built, one for <acronym title="Hyper Text Transfer Protocol">HTTP</acronym>, the other for HTTPS only</div>
+</li>
+</ul>
+</li>
+<li class="level1"><div class="li"> <strong>Cookie expiration time</strong>: by default, <acronym title="Single Sign On">SSO</acronym> cookie is a session cookie, which mean it will be destroyed when the browser is closed. You can change this behavior and set a cookie duration, for example:</div>
+<ul>
+<li class="level2"><div class="li"> <strong>+30s</strong>: 30 seconds from session creation</div>
+</li>
+<li class="level2"><div class="li"> <strong>+10m</strong>: ten minutes from session creation</div>
+</li>
+<li class="level2"><div class="li"> <strong>+1h</strong>: one hour from session creation</div>
+</li>
+<li class="level2"><div class="li"> <strong>+3M</strong>: three months from session creation</div>
+</li>
+<li class="level2"><div class="li"> <strong>+10y</strong>: ten years from session creation</div>
+</li>
+<li class="level2"><div class="li"> <strong>Thursday, 25-Apr-1999 00:40:33 GMT</strong>:  at the indicated time and date (but this is probably a bad idea)</div>
+</li>
+</ul>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notewarning">When you change cookie expiration time, it is written on the user hard disk unlike session cookie
+</div></p>
+</p>
+
+<p>
+<p><div class="noteimportant">Changing the domain value will not update other configuration parameters, like virtual host names, portal <acronym title="Uniform Resource Locator">URL</acronym>, etc. You have to update them by yourself.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "SSO cookie" [60-1875] -->
+<h2><a name="portal_url" id="portal_url">Portal URL</a></h2>
+<div class="level2">
+
+<p>
+
+Portal <acronym title="Uniform Resource Locator">URL</acronym> is the address used to redirect users on the authentication portal by:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Handler</strong>: user is redirected if he has no <acronym title="Single Sign On">SSO</acronym> cookie (or in <a href="../../documentation/1.1/cda.html" class="wikilink1" title="documentation:1.1:cda">CDA</a> mode)</div>
+</li>
+<li class="level1"><div class="li"> <strong>Portal</strong>: the portal redirect on itself in many cases (credentials POST, <acronym title="Security Assertion Markup Language">SAML</acronym>, etc.)</div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notewarning">The portal <acronym title="Uniform Resource Locator">URL</acronym> <strong>must</strong> be inside <acronym title="Single Sign On">SSO</acronym> domain. If secured cookie is enabled, the portal <acronym title="Uniform Resource Locator">URL</acronym> <strong>must</strong> be HTTPS.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Portal URL" [1876-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/start.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/start.html
@ -0,0 +1,401 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="documentation_for_lemonldapng_11" id="documentation_for_lemonldapng_11">Documentation for LemonLDAP::NG 1.1</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "Documentation for LemonLDAP::NG 1.1" [1-51] -->
+<h2><a name="installation" id="installation">Installation</a></h2>
+<div class="level2">
+
+<p>
+
+<div style="width:100px;height:100px;float:left;">
+<a href="/_detail/icons/warehause.png?id=documentation%3A1.1%3Astart" class="media" title="icons:warehause.png"><img src="../../../media/icons/warehause.png" class="media" alt="" /></a>
+</div>
+
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/prereq.html" class="wikilink1" title="documentation:1.1:prereq">Prerequisites and dependencies</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/installtarball.html" class="wikilink1" title="documentation:1.1:installtarball">Installation from the tarball</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/installdeb.html" class="wikilink1" title="documentation:1.1:installdeb">Installation on Debian/Ubuntu with packages</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/installrpm.html" class="wikilink1" title="documentation:1.1:installrpm">Installation on RHEL/CentOS with packages</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/upgrade.html" class="wikilink1" title="documentation:1.1:upgrade">Upgrade from 1.0</a></div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Installation" [52-445] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Configuration" [446-472] -->
+<h3><a name="first_steps" id="first_steps">First steps</a></h3>
+<div class="level3">
+
+<p>
+
+<div style="width:100px;height:120px;float:left;">
+<a href="/_detail/icons/lists.png?id=documentation%3A1.1%3Astart" class="media" title="icons:lists.png"><img src="../../../media/icons/lists.png" class="media" alt="" /></a>
+</div>
+
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/configlocation.html" class="wikilink1" title="documentation:1.1:configlocation">Access to configuration</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/ssocookie.html" class="wikilink1" title="documentation:1.1:ssocookie">Configure Single Sign On cookie and portal URL</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/redirections.html" class="wikilink1" title="documentation:1.1:redirections">Parameter redirections</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/exportedvars.html" class="wikilink1" title="documentation:1.1:exportedvars">Set exported variables</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/configvhost.html" class="wikilink1" title="documentation:1.1:configvhost">Manage virtual hosts</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/sessions.html" class="wikilink1" title="documentation:1.1:sessions">Configure sessions specificities</a></div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "First steps" [473-894] -->
+<h3><a name="portal" id="portal">Portal</a></h3>
+<div class="level3">
+
+<p>
+
+<div style="width:100px;height:50px;float:left;">
+<a href="/_detail/icons/colors.png?id=documentation%3A1.1%3Astart" class="media" title="icons:colors.png"><img src="../../../media/icons/colors.png" class="media" alt="" /></a>
+</div>
+
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/portal.html" class="wikilink1" title="documentation:1.1:portal">Presentation</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/portalcustom.html" class="wikilink1" title="documentation:1.1:portalcustom">Portal customization</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/portalmenu.html" class="wikilink1" title="documentation:1.1:portalmenu">Portal menu</a></div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Portal" [895-1121] -->
+<h3><a name="authentication_users_and_password_databases" id="authentication_users_and_password_databases">Authentication, users and password databases</a></h3>
+<div class="level3">
+
+<p>
+
+<div style="width:100px;height:50px;float:left;">
+<a href="/_detail/icons/gpg.png?id=documentation%3A1.1%3Astart" class="media" title="icons:gpg.png"><img src="../../../media/icons/gpg.png" class="media" alt="" /></a>
+</div>
+
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0"> Backend </th><th class="col1"> Authentication </th><th class="col2"> Users </th><th class="col3"> Password </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0"> <a href="../../documentation/1.1/authldap.html" class="wikilink1" title="documentation:1.1:authldap">LDAP</a> (including <a href="#mini_howtos" title="documentation:1.1:start &crarr;" class="wikilink1">Active Directory)</a> </td><td class="col1 centeralign">  ✔  </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0"> <a href="../../documentation/1.1/authdbi.html" class="wikilink1" title="documentation:1.1:authdbi">Databases (DBI)</a> </td><td class="col1 centeralign">  ✔  </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0"> <a href="../../documentation/1.1/authapache.html" class="wikilink1" title="documentation:1.1:authapache">Apache (Kerberos, NTLM, OTP, ...)</a> </td><td class="col1 centeralign">  ✔  </td><td class="col2 leftalign">    </td><td class="col3 leftalign">    </td>
+	</tr>
+	<tr class="row4 roweven">
+		<td class="col0"> <a href="../../documentation/1.1/authssl.html" class="wikilink1" title="documentation:1.1:authssl">SSL</a> </td><td class="col1 centeralign">  ✔  </td><td class="col2 leftalign">    </td><td class="col3 leftalign">    </td>
+	</tr>
+	<tr class="row5 rowodd">
+		<td class="col0"> <a href="../../documentation/1.1/authcas.html" class="wikilink1" title="documentation:1.1:authcas">CAS</a> </td><td class="col1 centeralign">  ✔  </td><td class="col2 leftalign">    </td><td class="col3 leftalign">    </td>
+	</tr>
+	<tr class="row6 roweven">
+		<td class="col0"> <a href="../../documentation/1.1/authopenid.html" class="wikilink1" title="documentation:1.1:authopenid">OpenID</a> </td><td class="col1 centeralign">  ✔  </td><td class="col2 centeralign">  ✔  </td><td class="col3 leftalign">    </td>
+	</tr>
+	<tr class="row7 rowodd">
+		<td class="col0"> <a href="../../documentation/1.1/authtwitter.html" class="wikilink1" title="documentation:1.1:authtwitter">Twitter</a> </td><td class="col1 centeralign">  ✔  </td><td class="col2 leftalign">    </td><td class="col3 leftalign">    </td>
+	</tr>
+	<tr class="row8 roweven">
+		<td class="col0"> <a href="../../documentation/1.1/authsaml.html" class="wikilink1" title="documentation:1.1:authsaml">SAML 2.0 / Shibboleth</a> </td><td class="col1 centeralign">  ✔  </td><td class="col2 centeralign">  ✔  </td><td class="col3 leftalign">    </td>
+	</tr>
+	<tr class="row9 rowodd">
+		<td class="col0"> <a href="../../documentation/1.1/authnull.html" class="wikilink1" title="documentation:1.1:authnull">Null</a> </td><td class="col1 centeralign">  ✔  </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td>
+	</tr>
+	<tr class="row10 roweven">
+		<td class="col0"> <a href="../../documentation/1.1/authslave.html" class="wikilink1" title="documentation:1.1:authslave">Slave</a> </td><td class="col1 centeralign">  ✔  </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td>
+	</tr>
+	<tr class="row11 rowodd">
+		<td class="col0"> <a href="../../documentation/1.1/authproxy.html" class="wikilink1" title="documentation:1.1:authproxy">Proxy LL::NG</a> </td><td class="col1 centeralign">  ✔  </td><td class="col2 centeralign">  ✔  </td><td class="col3 leftalign">    </td>
+	</tr>
+	<tr class="row12 roweven">
+		<td class="col0"> <a href="../../documentation/1.1/authremote.html" class="wikilink1" title="documentation:1.1:authremote">Remote LL::NG</a> </td><td class="col1 centeralign">  ✔  </td><td class="col2 centeralign">  ✔  </td><td class="col3 leftalign">    </td>
+	</tr>
+	<tr class="row13 rowodd">
+		<td class="col0"> <a href="../../documentation/1.1/authmulti.html" class="wikilink1" title="documentation:1.1:authmulti">Stack multiple backends</a> </td><td class="col1 centeralign">  ✔  </td><td class="col2 centeralign">  ✔  </td><td class="col3 leftalign">    </td>
+	</tr>
+	<tr class="row14 roweven">
+		<td class="col0"> <a href="../../documentation/1.1/authchoice.html" class="wikilink1" title="documentation:1.1:authchoice">Backend choice by users</a> </td><td class="col1 centeralign">  ✔  </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Authentication, users and password databases" [1122-2108] -->
+<h3><a name="configuration_database" id="configuration_database">Configuration database</a></h3>
+<div class="level3">
+
+<p>
+
+<div style="width:100px;height:100px;float:left;">
+<a href="/_detail/icons/utilities.png?id=documentation%3A1.1%3Astart" class="media" title="icons:utilities.png"><img src="../../../media/icons/utilities.png" class="media" alt="" /></a>
+</div>
+</p>
+
+<p>
+<acronym title="LemonLDAP::NG">LL::NG</acronym> needs a storage system to store its own configuration (managed by the manager). Choose one of the following:
+
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  Backend  </th><th class="col1 centeralign">  Shareable  </th><th class="col2 centeralign">  Comment  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  <a href="../../documentation/1.1/fileconfbackend.html" class="wikilink1" title="documentation:1.1:fileconfbackend">File configuration backend</a>  </td><td class="col1"> </td><td class="col2 leftalign">Not shareable between servers except if used in conjunction with <a href="../../documentation/1.1/soapconfbackend.html" class="wikilink1" title="documentation:1.1:soapconfbackend">SOAP configuration backend</a> or with a shared file system (NFS,…). Selected by default during installation.  </td>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0 centeralign">  <a href="../../documentation/1.1/sqlconfbackend.html" class="wikilink1" title="documentation:1.1:sqlconfbackend">SQL configuration backend (called RDBI or CDBI)</a>  </td><td class="col1 centeralign">  ✔  </td><td class="col2"> </td>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0 centeralign">  <a href="../../documentation/1.1/ldapconfbackend.html" class="wikilink1" title="documentation:1.1:ldapconfbackend">LDAP configuration backend</a>  </td><td class="col1 centeralign">  ✔  </td><td class="col2"> </td>
+	</tr>
+	<tr class="row4 roweven">
+		<td class="col0 centeralign">  <a href="../../documentation/1.1/soapconfbackend.html" class="wikilink1" title="documentation:1.1:soapconfbackend">SOAP configuration backend</a>  </td><td class="col1 centeralign">  ✔  </td><td class="col2 leftalign"> Proxy backend to be used in conjunction with another configuration backend. <br/><strong>Can be used to secure another backend</strong> for remote servers.  </td>
+	</tr>
+</table>
+
+<p>
+
+<p><div class="notetip">You can not start with an empty configuration, so read <a href="../../documentation/1.1/changeconfbackend.html" class="wikilink1" title="documentation:1.1:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Configuration database" [2109-3215] -->
+<h3><a name="sessions_database" id="sessions_database">Sessions database</a></h3>
+<div class="level3">
+
+<p>
+
+<div style="width:100px;height:150px;float:left;">
+<a href="/_detail/icons/kmultiple.png?id=documentation%3A1.1%3Astart" class="media" title="icons:kmultiple.png"><img src="../../../media/icons/kmultiple.png" class="media" alt="" /></a>
+</div>
+</p>
+
+<p>
+Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Session" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session"  rel="nofollow">Apache::Session</a> modules family. All <a href="http://search.cpan.org/perldoc?Apache::Session" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session"  rel="nofollow">Apache::Session</a> style modules are useable except for some features.
+
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  Backend  </th><th class="col1 centeralign">  Shareable  </th><th class="col2 centeralign">   <a href="../../documentation/features.html#session_explorer" class="wikilink1" title="documentation:features">Session explorer</a>  </th><th class="col3 centeralign">  <a href="../../documentation/features.html#session_restrictions" class="wikilink1" title="documentation:features">Session restrictions</a>  </th><th class="col4 centeralign">  Session expiration  </th><th class="col5 centeralign">  Comment  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  <a href="../../documentation/1.1/filesessionbackend.html" class="wikilink1" title="documentation:1.1:filesessionbackend">File</a>  </td><td class="col1"> </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4 centeralign">   ✔  </td><td class="col5 leftalign">Not shareable between servers except if used in conjunction with <a href="../../documentation/1.1/soapsessionbackend.html" class="wikilink1" title="documentation:1.1:soapsessionbackend">SOAP session backend</a> or with a shared file system (NFS,…). Selected by default during installation.  </td>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0 centeralign">  <a href="../../documentation/1.1/sqlsessionbackend.html" class="wikilink1" title="documentation:1.1:sqlsessionbackend">SQL</a>  </td><td class="col1 centeralign">  ✔  </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4 centeralign">  ✔  </td><td class="col5 leftalign" rowspan="2"> Unoptimized for <a href="../../documentation/features.html#session_explorer" class="wikilink1" title="documentation:features">session explorer</a> and <a href="../../documentation/features.html#session_restrictions" class="wikilink1" title="documentation:features">single session</a> features.  </td>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0 centeralign">  <a href="../../documentation/1.1/ldapsessionbackend.html" class="wikilink1" title="documentation:1.1:ldapsessionbackend">LDAP</a>  </td><td class="col1 centeralign">  ✔  </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4 centeralign">  ✔  </td>
+	</tr>
+	<tr class="row4 roweven">
+		<td class="col0 centeralign">  <a href="../../documentation/1.1/memcachedsessionbackend.html" class="wikilink1" title="documentation:1.1:memcachedsessionbackend">Memcached</a>  </td><td class="col1 centeralign">  ✔  </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 leftalign"> Must be secured by network access control.  </td>
+	</tr>
+	<tr class="row5 rowodd">
+		<td class="col0 centeralign">  <a href="../../documentation/1.1/nosqlsessionbackend.html" class="wikilink1" title="documentation:1.1:nosqlsessionbackend">NoSQL (Redis)</a>  </td><td class="col1 centeralign">  ✔  </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4 centeralign">  ✔  </td><td class="col5 leftalign"> The faster. Must be secured by network access control.  </td>
+	</tr>
+	<tr class="row6 roweven">
+		<td class="col0 centeralign">  <a href="../../documentation/1.1/browseablesessionbackend.html" class="wikilink1" title="documentation:1.1:browseablesessionbackend">Browseable (SQL, Redis or LDAP)</a>  </td><td class="col1 centeralign">  ✔  </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4 centeralign">  ✔  </td><td class="col5 leftalign"> <strong>Optimized</strong> for <a href="../../documentation/features.html#session_explorer" class="wikilink1" title="documentation:features">session explorer</a> and <a href="../../documentation/features.html#session_restrictions" class="wikilink1" title="documentation:features">single session</a> features.  </td>
+	</tr>
+	<tr class="row7 rowodd">
+		<td class="col0 centeralign">  <a href="../../documentation/1.1/soapsessionbackend.html" class="wikilink1" title="documentation:1.1:soapsessionbackend">SOAP</a>  </td><td class="col1 centeralign">  ✔  </td><td class="col2 centeralign">  ✔  </td><td class="col3 centeralign">  ✔  </td><td class="col4 centeralign">  ✔  </td><td class="col5 leftalign"> Proxy backend to be used in conjunction with another session backend. <br/><strong>Can be used to secure another backend</strong> for remote servers.  </td>
+	</tr>
+</table>
+
+</div>
+<!-- SECTION "Sessions database" [3216-5053] -->
+<h3><a name="identity_provider" id="identity_provider">Identity provider</a></h3>
+<div class="level3">
+
+<p>
+
+<div style="width:100px;height:50px;float:left;">
+<a href="/_detail/icons/personal.png?id=documentation%3A1.1%3Astart" class="media" title="icons:personal.png"><img src="../../../media/icons/personal.png" class="media" alt="" /></a>
+</div>
+
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/idpsaml.html" class="wikilink1" title="documentation:1.1:idpsaml">SAML / Shibboleth identity provider</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/idpopenid.html" class="wikilink1" title="documentation:1.1:idpopenid">OpenID identity provider</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/idpcas.html" class="wikilink1" title="documentation:1.1:idpcas">CAS identity provider</a></div>
+</li>
+</ul>
+
+<p>
+
+<p><div class="notetip">
+</p>
+<ul>
+<li class="level1"><div class="li"> All identity provider protocols can be used simultaneously</div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/federationproxy.html" class="wikilink1" title="documentation:1.1:federationproxy">LemonLDAP::NG can be used as a proxy between those protocols</a></div>
+</li>
+</ul>
+
+<p>
+
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Identity provider" [5054-5492] -->
+<h2><a name="applications_protection" id="applications_protection">Applications protection</a></h2>
+<div class="level2">
+
+<p>
+
+<div style="width:100px;height:80px;float:left;">
+<a href="/_detail/icons/access.png?id=documentation%3A1.1%3Astart" class="media" title="icons:access.png"><img src="../../../media/icons/access.png" class="media" alt="" /></a>
+</div>
+
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/writingrulesand_headers.html" class="wikilink1" title="documentation:1.1:writingrulesand_headers">Writing rules and headers</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/formreplay.html" class="wikilink1" title="documentation:1.1:formreplay">Form replay</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/applications.html" class="wikilink1" title="documentation:1.1:applications">Integrate existing applications</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/selfmadeapplication.html" class="wikilink1" title="documentation:1.1:selfmadeapplication">Integrate your own application</a></div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Applications protection" [5493-5838] -->
+<h2><a name="advanced_features" id="advanced_features">Advanced features</a></h2>
+<div class="level2">
+
+<p>
+
+<div style="width:100px;height:170px;float:left;">
+<a href="/_detail/icons/neotux.png?id=documentation%3A1.1%3Astart" class="media" title="icons:neotux.png"><img src="../../../media/icons/neotux.png" class="media" alt="" /></a>
+</div>
+
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/notifications.html" class="wikilink1" title="documentation:1.1:notifications">Notifications system</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/passwordstore.html" class="wikilink1" title="documentation:1.1:passwordstore">Store password in session</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/cda.html" class="wikilink1" title="documentation:1.1:cda">Cross Domain Authentication (CDA)</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/rbac.html" class="wikilink1" title="documentation:1.1:rbac">Role Based Access Control (RBAC)</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/customfunctions.html" class="wikilink1" title="documentation:1.1:customfunctions">Use custom functions</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/extendedfunctions.html" class="wikilink1" title="documentation:1.1:extendedfunctions">Use extended functions</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/resetpassword.html" class="wikilink1" title="documentation:1.1:resetpassword">Reset password by mail (self service)</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/logoutforward.html" class="wikilink1" title="documentation:1.1:logoutforward">Forward logout to applications</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/parameterlist.html" class="wikilink1" title="documentation:1.1:parameterlist">See full parameters list</a></div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Advanced features" [5839-6415] -->
+<h2><a name="mini_howtos" id="mini_howtos">Mini howtos</a></h2>
+<div class="level2">
+
+<p>
+
+<div style="width:100px;height:140px;float:left;">
+<a href="/_detail/icons/jabber_protocol.png?id=documentation%3A1.1%3Astart" class="media" title="icons:jabber_protocol.png"><img src="../../../media/icons/jabber_protocol.png" class="media" alt="" /></a>
+</div>
+
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/managerprotection.html" class="wikilink1" title="documentation:1.1:managerprotection">Modify Manager protection</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/mysqlminihowto.html" class="wikilink1" title="documentation:1.1:mysqlminihowto">Configuration and sessions in MySQL</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/ldapminihowto.html" class="wikilink1" title="documentation:1.1:ldapminihowto">Configuration and sessions in LDAP</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/soapminihowto.html" class="wikilink1" title="documentation:1.1:soapminihowto">Configuration and sessions access by SOAP</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/activedirectoryminihowto.html" class="wikilink1" title="documentation:1.1:activedirectoryminihowto">Integration in Active Directory (LDAP and Kerberos)</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/federationproxy.html" class="wikilink1" title="documentation:1.1:federationproxy">Create a protocol proxy</a> <em>(<acronym title="Security Assertion Markup Language">SAML</acronym> to OpenID, <acronym title="Central Authentication Service">CAS</acronym> to <acronym title="Security Assertion Markup Language">SAML</acronym> ,…)</em></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/header_remote_user_conversion.html" class="wikilink1" title="documentation:1.1:header_remote_user_conversion">Convert HTTP header into environment variable</a></div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Mini howtos" [6416-7046] -->
+<h2><a name="exploitation" id="exploitation">Exploitation</a></h2>
+<div class="level2">
+
+<p>
+
+<div style="width:100px;height:130px;float:left;">
+<a href="/_detail/icons/xeyes.png?id=documentation%3A1.1%3Astart" class="media" title="icons:xeyes.png"><img src="../../../media/icons/xeyes.png" class="media" alt="" /></a>
+</div>
+
+</p>
+<ul>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/performances.html" class="wikilink1" title="documentation:1.1:performances">Performances</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/security.html" class="wikilink1" title="documentation:1.1:security">Security</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/status.html" class="wikilink1" title="documentation:1.1:status">Handler status page</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/mrtg.html" class="wikilink1" title="documentation:1.1:mrtg">MRTG monitoring</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/logs.html" class="wikilink1" title="documentation:1.1:logs">Logs settings</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/error.html" class="wikilink1" title="documentation:1.1:error">Error messages</a></div>
+</li>
+<li class="level1"><div class="li"> <a href="../../documentation/1.1/highavailability.html" class="wikilink1" title="documentation:1.1:highavailability">High Availability</a></div>
+</li>
+</ul>
+
+</div>
+<!-- SECTION "Exploitation" [7047-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/status.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/status.html
@ -0,0 +1,114 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="handler_status" id="handler_status">Handler Status</a></h1>
+<div class="level1">
+
+</div>
+<!-- SECTION "Handler Status" [1-30] -->
+<h2><a name="presentation" id="presentation">Presentation</a></h2>
+<div class="level2">
+
+<p>
+
+When status feature is activated, Handlers and portal will collect statistics and save them in their local cache. This means that if several Handlers are deployed, each will manage its own statistics.
+</p>
+
+<p>
+<p><div class="notetip">
+This page can be browsed for example by <a href="http://oss.oetiker.ch/mrtg/" class="urlextern" title="http://oss.oetiker.ch/mrtg/"  rel="nofollow">MRTG</a> using the <a href="../../documentation/1.1/mrtg.html" class="wikilink1" title="documentation:1.1:mrtg">MRTG monitoring script</a>.
+
+</div></p>
+</p>
+
+<p>
+The statistics are collected trough a daemon launched by the Handler. It can be seen in system processes, for example:
+
+</p>
+<pre class="code">
+perl -MLemonldap::NG::Handler::Status -I/etc/perl -I/usr/local/lib/perl/5.10.1 -I/usr/local/share/perl/5.10.1 -I/usr/lib/perl5 -I/usr/share/perl5 -I/usr/lib/perl/5.10 -I/usr/share/perl/5.10 -I/usr/local/lib/site_perl -I. -I/etc/apache2 -e &amp;Lemonldap::NG::Handler::Status::run(Cache::FileCache,{?          &#039;cache_depth&#039; =&gt; 5,?          &#039;cache_root&#039; =&gt; &#039;/tmp&#039;,?          &#039;directory_umask&#039; =&gt; &#039;007&#039;,?          &#039;default_expires_in&#039; =&gt; 600,?          &#039;namespace&#039; =&gt; &#039;MyNamespace&#039;?        }?);
+</pre>
+
+<p>
+Statistics are displayed when calling the status path on an Handler (for example: <a href="http://test1.example.com/status" class="urlextern" title="http://test1.example.com/status"  rel="nofollow">http://test1.example.com/status</a>).
+</p>
+
+<p>
+Example of status page:
+</p>
+
+<p>
+<a href="/_detail/documentation/status_standard.png?id=documentation%3A1.1%3Astatus" class="media" title="documentation:status_standard.png"><img src="../../../media/documentation/status_standard.png" class="mediacenter" alt="" /></a>
+</p>
+
+</div>
+<!-- SECTION "Presentation" [31-1206] -->
+<h2><a name="configuration" id="configuration">Configuration</a></h2>
+<div class="level2">
+
+</div>
+<!-- SECTION "Configuration" [1207-1233] -->
+<h3><a name="apache" id="apache">Apache</a></h3>
+<div class="level3">
+
+<p>
+
+You need to give access to status path in the Handler Apache configuration:
+</p>
+<pre class="code file apache">    <span class="co1"># Uncomment this to activate status module</span>
+    &lt;<span class="kw3">Location</span> /status&gt;
+        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
+        <span class="kw1">Allow</span> from 127.0.0.0/8
+        PerlHeaderParserHandler My::Package-&gt;status
+    &lt;/<span class="kw3">Location</span>&gt;</pre>
+
+<p>
+Then restart Apache.
+</p>
+
+<p>
+<p><div class="notetip">You should change the <code>Allow</code> directive to match administration <acronym title="Internet Protocol">IP</acronym>, or use another Apache protection mean.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Apache" [1234-1694] -->
+<h3><a name="lemonldapng" id="lemonldapng">LemonLDAP::NG</a></h3>
+<div class="level3">
+
+<p>
+
+Edit <code>lemonldap-ng.ini</code>, and activate status in the <code>handler</code> section:
+</p>
+<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>handler<span class="br0">&#93;</span></span>
+# Set status to 1 if you want to have the report of activity <span class="br0">&#40;</span>used for
+# example to inform MRTG<span class="br0">&#41;</span>
+<span class="re1">status</span> <span class="sy0">=</span><span class="re2"> 1</span></pre>
+
+<p>
+Then restart Apache.
+</p>
+
+</div>
+<!-- SECTION "LemonLDAP::NG" [1695-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/upgrade.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/upgrade.html
@ -0,0 +1,41 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="upgrade_from_10_to_11" id="upgrade_from_10_to_11">Upgrade from 1.0 to 1.1</a></h1>
+<div class="level1">
+
+<p>
+
+<p><div class="noteclassic">If you are using packages, they should have done the upgrade process for you, but you can check here that all is in order.
+</div></p>
+</p>
+
+<p>
+<p><div class="noteimportant">If you upgrade from older versions, please follow first <a href="../../documentation/1.0/upgrade.html" class="wikilink1" title="documentation:1.0:upgrade">upgrade documentation from previous release</a>.
+</div></p>
+
+</p>
+
+</div>
+</div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/1.1/writingrulesand_headers.html
+++ b/build/lemonldap-ng/doc/pages/documentation/1.1/writingrulesand_headers.html
@ -0,0 +1,195 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title></title>
+<!-- metadata -->
+<meta name="generator" content="Offline" />
+<meta name="version" content="Offline 0.1" />
+<!-- style sheet links -->
+<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
+<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
+<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
+
+</head>
+<body>
+<div class="dokuwiki export">
+
+
+
+
+<h1><a name="writing_rules_and_headers" id="writing_rules_and_headers">Writing rules and headers</a></h1>
+<div class="level1">
+
+<p>
+
+Lemonldap::NG manage applications by their hostname (Apache&#039;s virtualHosts). Rules are used to protect applications, headers are <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> headers added to the request to give datas to the application (for logs, profiles,…).
+</p>
+
+<p>
+<p><div class="noteimportant">Note that variables designed by $xx correspond to the name of the <a href="../../documentation/1.1/exportedvars.html" class="wikilink1" title="documentation:1.1:exportedvars">exported variables</a> or <a href="../../documentation/1.1/performances.html#macros_and_groups" class="wikilink1" title="documentation:1.1:performances">macro names</a>.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Writing rules and headers" [1-441] -->
+<h2><a name="rules" id="rules">Rules</a></h2>
+<div class="level2">
+
+<p>
+
+A rule associates a <a href="http://en.wikipedia.org/wiki/Perl_Compatible_Regular_Expressions" class="urlextern" title="http://en.wikipedia.org/wiki/Perl_Compatible_Regular_Expressions"  rel="nofollow">regular expression</a> to a <acronym title="Practical Extraction and Report Language">Perl</acronym> boolean expression or a keyword.
+</p>
+
+<p>
+<a href="/_detail/documentation/manager_access_rule.png?id=documentation%3A1.1%3Awritingrulesand_headers" class="media" title="documentation:manager_access_rule.png"><img src="../../../media/documentation/manager_access_rule.png" class="mediacenter" alt="" /></a>
+</p>
+
+<p>
+Examples:
+
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  Goal  </th><th class="col1 centeralign">  Regular expression  </th><th class="col2 centeralign">  Rule  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 leftalign"> Restrict /admin/ directory to user bart.simpson  </td><td class="col1 centeralign">  ^/admin/  </td><td class="col2 centeralign">  $uid&nbsp;eq&nbsp;"bart.simpson"  </td>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0 leftalign"> Restrict /js/ and /css/ directory to authenticated users  </td><td class="col1 centeralign">  ^/(css|js)/  </td><td class="col2 centeralign">  accept  </td>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0 leftalign"> Deny access to /config/ directory  </td><td class="col1 centeralign">  ^/config/  </td><td class="col2 centeralign">  deny  </td>
+	</tr>
+	<tr class="row4 roweven">
+		<td class="col0 leftalign"> Authorize non authenticated users to access to /pub/ directory  </td><td class="col1 centeralign">  ^/pub/  </td><td class="col2 centeralign">  unprotect  </td>
+	</tr>
+	<tr class="row5 rowodd">
+		<td class="col0 leftalign"> Restrict access to the whole site to users that have the <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> description field set to “<acronym title="Lightweight Directory Access Protocol">LDAP</acronym> administrator” (must be set in exported variables)  </td><td class="col1 centeralign">  default  </td><td class="col2 centeralign">  $description&nbsp;eq&nbsp;"LDAP&nbsp;administrator"  </td>
+	</tr>
+</table>
+
+<p>
+
+The “<strong>default</strong>” access rule is used if no other access rule match the current <acronym title="Uniform Resource Locator">URL</acronym>.
+</p>
+
+<p>
+<p><div class="notetip">
+</p>
+<ul>
+<li class="level1"><div class="li"> Comments can be used to order your rules: rules are applied in the alphabetical order of comment (or regexp in there is no comment). See <strong><a href="../../documentation/1.1/security.html#write_good_rules" class="wikilink1" title="documentation:1.1:security">security chapter</a></strong> to learn more about writing good rules.</div>
+</li>
+<li class="level1"><div class="li"> See <a href="../../documentation/1.1/performances.html#handler_performance" class="wikilink1" title="documentation:1.1:performances">performances</a> to know how to use macros and groups in rules.</div>
+</li>
+</ul>
+
+<p>
+
+</div></p>
+</p>
+
+<p>
+Rules can also be used to intercept logout <acronym title="Uniform Resource Locator">URL</acronym>:
+
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  Goal  </th><th class="col1 centeralign">  Regular expression  </th><th class="col2 centeralign">  Rule  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 leftalign"> Logout user from Lemonldap::NG and redirect it to http://intranet/  </td><td class="col1 centeralign">  ^/index.php\?logout  </td><td class="col2 centeralign">  logout_sso&nbsp;http://intranet/  </td>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0 leftalign"> Logout user from current application and redirect it to the menu  </td><td class="col1 centeralign">  ^/index.php\?logout  </td><td class="col2 centeralign">  logout_app&nbsp;https://auth.example.com/  </td>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0 leftalign"> Logout user from current application and from Lemonldap::NG and redirect it to http://intranet/  </td><td class="col1 centeralign">  ^/index.php\?logout  </td><td class="col2 centeralign">  logout_app_sso&nbsp;http://intranet/  </td>
+	</tr>
+</table>
+
+<p>
+
+<p><div class="notetip">By default, user will be redirected on portal if no <acronym title="Uniform Resource Locator">URL</acronym> defined, or on the specified <acronym title="Uniform Resource Locator">URL</acronym> if any.
+</div></p>
+</p>
+
+<p>
+<p><div class="noteimportant">Only current application is concerned by logout_app* targets. Be careful with some applications which doesn&#039;t verify Lemonldap::NG headers after having created their own cookies. If so, you can redirect users to a <acronym title="HyperText Markup Language">HTML</acronym> page that explain that it is safe to close browser after disconnect.
+</div></p>
+</p>
+
+</div>
+<!-- SECTION "Rules" [442-2898] -->
+<h2><a name="headers" id="headers">Headers</a></h2>
+<div class="level2">
+
+<p>
+
+Headers are associations between an header name and a perl expression that returns a string. Headers are used to give user datas to the application. 
+</p>
+
+<p>
+Examples:
+
+</p>
+<table class="inline">
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  Goal  </th><th class="col1 centeralign">  Header name  </th><th class="col2 centeralign">  Header value  </th>
+	</tr>
+	<tr class="row1 rowodd">
+		<td class="col0 leftalign"> Give the uid (for accounting)  </td><td class="col1 centeralign">  Auth-User  </td><td class="col2 centeralign">  $uid  </td>
+	</tr>
+	<tr class="row2 roweven">
+		<td class="col0 leftalign"> Give a static value  </td><td class="col1 centeralign">  Some-Thing  </td><td class="col2 centeralign">  “static-value”  </td>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0 leftalign"> Give display name  </td><td class="col1 centeralign">  Display-Name  </td><td class="col2 centeralign">  $givenName.” ”.$surName  </td>
+	</tr>
+	<tr class="row4 roweven">
+		<td class="col0 leftalign"> Give a non ascii data  </td><td class="col1 centeralign">  Display-Name  </td><td class="col2 centeralign">  encode_base64($givenName."&nbsp;".$surName)  </td>
+	</tr>
+</table>
+
+<p>
+
+As described in <a href="../../documentation/1.1/performances.html#handler_performance" class="wikilink1" title="documentation:1.1:performances">performances chapter</a>, you can use macros, local macros,…
+</p>
+
+<p>
+<p><div class="noteimportant">
+</p>
+<ul>
+<li class="level1"><div class="li"> Since many <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> servers refuse non ascii headers, it is recommended to use encode_base64() function to transmit those headers</div>
+</li>
+<li class="level1"><div class="li"> Header names must contain only letters and ”-” character</div>
+</li>
+</ul>
+
+<p>
+
+</div></p>
+</p>
+
+<p>
+<p><div class="notetip">By default, <acronym title="Single Sign On">SSO</acronym> cookie is hidden, so protected applications cannot get <acronym title="Single Sign On">SSO</acronym> session key. But you can forward this key if it is really needed:
+
+</p>
+<pre class="code">
+Session-ID =&gt; $_session_id
+</pre>
+
+<p>
+
+
+</div></p>
+
+</p>
+
+</div>
+<!-- SECTION "Headers" [2899-] --></div><!-- closes <div class="dokuwiki export">-->
--- a/build/lemonldap-ng/doc/pages/documentation/latest
+++ b/build/lemonldap-ng/doc/pages/documentation/latest
@ -1 +1 @@
-1.0
+1.1
--- a/build/lemonldap-ng/doc/pages/start.html
+++ b/build/lemonldap-ng/doc/pages/start.html
@ -283,6 +283,6 @@ LemonLDAP::NG is the first <acronym title="Single Sign On">SSO</acronym> softwar
 <a href="/_detail/icons/clock.png?id=start" class="media" title="icons:clock.png"><img src="../media/icons/clock.png" class="media" alt="" /></a>
 </div>
 </p>
-<ul class="rss"><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1890" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1890"  rel="nofollow">findAttr.pl now scans undocumented parameters</a> by guimard (2010/12/05 14:41)</div></li><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1889" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1889"  rel="nofollow">Lasso dependency version</a> by guimard (2010/12/05 09:22)</div></li><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1888" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1888"  rel="nofollow">Debian fr.po is now maintained by debian-l10n-french team</a> by guimard (2010/12/05 08:50)</div></li><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1887" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1887"  rel="nofollow">Debian po update</a> by guimard (2010/12/05 08:45)</div></li><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1886" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1886"  rel="nofollow">README.Debian update</a> by guimard (2010/12/05 08:19)</div></li></ul>
+<ul class="rss"><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1919" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1919"  rel="nofollow">Fr translation in progress</a> by guimard (2010/12/12 06:43)</div></li><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1918" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1918"  rel="nofollow">Add &quot;eval&quot; to avoid problems when other datas are stored ...</a> by guimard (2010/12/09 21:18)</div></li><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1917" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1917"  rel="nofollow">May close #263</a> by guimard (2010/12/09 17:16)</div></li><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1916" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1916"  rel="nofollow">Debian translation update</a> by guimard (2010/12/09 14:22)</div></li><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1915" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1915"  rel="nofollow">Fr translation in progress</a> by guimard (2010/12/09 05:46)</div></li></ul>
 </div>
 <!-- SECTION "SVN activity" [3361-] --></div><!-- closes <div class="dokuwiki export">-->
 @ -1 +1 @@
 .0
 .1