LEMONLDAP::NG : documentation and Debian installation improvement
This commit is contained in:
parent
d1f45296a3
commit
95221d4ae4
|
@ -2,15 +2,28 @@ Lemonldap::NG TODO
|
||||||
------------------
|
------------------
|
||||||
TODO list for Lemonldap::NG development
|
TODO list for Lemonldap::NG development
|
||||||
|
|
||||||
- Priority: High Status: Planning Created: 2007\04\21 13-13-25
|
- Priority: High Status: In progress Created: 2007\04\21 13-13-25
|
||||||
Buttons to manage configurations (delete, next, previous, last,...)
|
Buttons to manage configurations (delete, next, previous, last,...)
|
||||||
- Priority: Normal Status: In progress Created: 2007\04\21 13-05-54
|
- Priority: Low Status: N/A Created: 2007\05\03 11-40-36
|
||||||
Help in english
|
Delete buttons in virtualHosts if 'read"-"only'
|
||||||
- Priority: Low Status: Planning Created: 2007\04\21 13-14-55
|
- Priority: Normal Status: Planning Created: 2007\05\03 12-28-30
|
||||||
|
Modify example to use nameVirtualHost instead of 127.0.0.x adresses
|
||||||
|
- Priority: Normal Status: In progress Created: 2007\05\03 10-41-36
|
||||||
|
Modify install to make a running example as debian install
|
||||||
|
- Priority: Normal Status: In progress Created: 2007\05\03 11-45-05
|
||||||
|
Display errors in saveConf
|
||||||
|
- Priority: Normal Status: N/A Created: 2007\05\03 11-50-17
|
||||||
|
Test and documentation for SOAP authentication
|
||||||
|
- Priority: Low Status: Planning Created: 2007\05\03 11-46-55
|
||||||
|
Documentation :
|
||||||
|
* logout documentation
|
||||||
|
- Priority: Low Status: N/A Created: 2007\05\03 11-47-42
|
||||||
|
Order rules :
|
||||||
|
* find a system to move up and down rules in manager interface
|
||||||
|
* split locationRules into 2 arrays
|
||||||
|
- Priority: Low Status: N/A Created: 2007\04\21 13-14-55
|
||||||
Simplified manager interface fo rules:
|
Simplified manager interface fo rules:
|
||||||
* simplified regexp (* instead of .*,...)
|
* simplified regexp (* instead of .*,...)
|
||||||
* simple combobox to choose groups
|
* simple combobox to choose groups
|
||||||
- Priority: Low Status: Planning Created: 2007\04\23 21-26-18
|
- Priority: Low Status: Planning Created: 2007\04\23 21-26-18
|
||||||
TLS in LDAP connection. SSL works, but start_tls cannot yet be called.
|
TLS in LDAP connection. SSL works, but start_tls cannot yet be called.
|
||||||
- Priority: Normal Status: Planning Created: 2007\05\01 08-59-46
|
|
||||||
Timeout documentation
|
|
||||||
|
|
|
@ -5,11 +5,12 @@ lemonldap-ng (0.8.1.2) unstable; urgency=low
|
||||||
* New: port is now checked in portal redirection
|
* New: port is now checked in portal redirection
|
||||||
* Different configurations can now be used on the same server at the same
|
* Different configurations can now be used on the same server at the same
|
||||||
time
|
time
|
||||||
|
* Help in english
|
||||||
* New debian structure: lemonldap-ng is splitted in 5 packages, default
|
* New debian structure: lemonldap-ng is splitted in 5 packages, default
|
||||||
configuration file has moved to /var/lib/lemonldap-ng/conf/ and first
|
configuration file has moved to /var/lib/lemonldap-ng/conf/ and first
|
||||||
configuration file is managed by debconf
|
configuration file is managed by debconf
|
||||||
|
|
||||||
-- Xavier Guimard <x.guimard@free.fr> Tue, 01 May 2007 16:18:47 +0200
|
-- Xavier Guimard <x.guimard@free.fr> Thu, 03 May 2007 10:39:51 +0200
|
||||||
|
|
||||||
lemonldap-ng (0.8.1.1) unstable; urgency=low
|
lemonldap-ng (0.8.1.1) unstable; urgency=low
|
||||||
|
|
||||||
|
|
|
@ -11,6 +11,8 @@ Depends: liblemonldap-ng-handler-perl, liblemonldap-ng-manager-perl, liblemonlda
|
||||||
Description: Lemonldap::NG Web-SSO system
|
Description: Lemonldap::NG Web-SSO system
|
||||||
Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies
|
Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies
|
||||||
or directly on application apache servers.
|
or directly on application apache servers.
|
||||||
|
.
|
||||||
|
This package is a meta package that install handler, manager and portal.
|
||||||
|
|
||||||
Package: liblemonldap-ng-handler-perl
|
Package: liblemonldap-ng-handler-perl
|
||||||
Architecture: all
|
Architecture: all
|
||||||
|
@ -18,6 +20,8 @@ Depends: libapache-session-perl, libwww-perl, libcache-cache-perl, liblemonldap-
|
||||||
Description: Lemonldap::NG apache module part
|
Description: Lemonldap::NG apache module part
|
||||||
Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies
|
Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies
|
||||||
or directly on application apache servers.
|
or directly on application apache servers.
|
||||||
|
.
|
||||||
|
This package installs the Apache module part (handler) used to protect web areas.
|
||||||
|
|
||||||
Package: liblemonldap-ng-conf-perl
|
Package: liblemonldap-ng-conf-perl
|
||||||
Architecture: all
|
Architecture: all
|
||||||
|
@ -26,6 +30,9 @@ Recommends: libsoap-lite-perl
|
||||||
Description: Lemonldap::NG apache manager part
|
Description: Lemonldap::NG apache manager part
|
||||||
Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies
|
Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies
|
||||||
or directly on application apache servers.
|
or directly on application apache servers.
|
||||||
|
.
|
||||||
|
This package installs the configuration libraries used by other Lemonldap::NG
|
||||||
|
modules.
|
||||||
|
|
||||||
Package: liblemonldap-ng-manager-perl
|
Package: liblemonldap-ng-manager-perl
|
||||||
Architecture: all
|
Architecture: all
|
||||||
|
@ -34,6 +41,8 @@ Recommends: libcache-cache-perl, libapache-session-perl, libsoap-lite-perl
|
||||||
Description: Lemonldap::NG apache manager part
|
Description: Lemonldap::NG apache manager part
|
||||||
Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies
|
Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies
|
||||||
or directly on application apache servers.
|
or directly on application apache servers.
|
||||||
|
.
|
||||||
|
This package installs the administration interface (manager).
|
||||||
|
|
||||||
Package: liblemonldap-ng-portal-perl
|
Package: liblemonldap-ng-portal-perl
|
||||||
Architecture: all
|
Architecture: all
|
||||||
|
@ -42,4 +51,5 @@ Recommends: liblasso-perl
|
||||||
Description: Lemonldap::NG apache authentication portal part
|
Description: Lemonldap::NG apache authentication portal part
|
||||||
Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies
|
Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies
|
||||||
or directly on application apache servers.
|
or directly on application apache servers.
|
||||||
|
.
|
||||||
|
This package installs the authentication portal.
|
||||||
|
|
|
@ -15,7 +15,8 @@ then
|
||||||
|
|
||||||
for i in domain ldapServer ldapPort ldapBase managerDn managerPassword portal; do
|
for i in domain ldapServer ldapPort ldapBase managerDn managerPassword portal; do
|
||||||
db_get liblemonldap-ng-conf-perl/$i || true
|
db_get liblemonldap-ng-conf-perl/$i || true
|
||||||
perl -000 -i -pe "s#^$i(\\n\\s+)('?)[^\\n]*?('?)\$#$i\${1}\${2}$RET\${3}#m" $FIRSTCONFFILE
|
perl -000 -i -pe "s#^$i(\\n\\s+)('?)[^\\n]*?('?)\$#$i\${1}\${2}$RET\${3}#m" $FIRSTCONFFILE
|
||||||
done
|
done
|
||||||
|
perl -000 -i -pe "s#^(globalStorageOptions\\n\\s+)'[^\\n]*?'\$#\${1}\'BAcEMTIzNAQEBAgDAgAAAAofL3Zhci9saWIvbGVtb25sZGFwLW5nL3Nlc3Npb25zLwkAAABEaXJlY3RvcnkKJC92YXIvbGliL2xlbW9ubGRhcC1uZy9zZXNzaW9ucy9sb2NrLw0AAABMb2NrRGlyZWN0b3J5'#m" $FIRSTCONFFILE
|
||||||
fi
|
fi
|
||||||
exit 0
|
exit 0
|
||||||
|
|
|
@ -38,7 +38,7 @@ Default: http://auth.example.com/
|
||||||
Description: Lemonldap::NG portal
|
Description: Lemonldap::NG portal
|
||||||
Set here the Lemonldap::NG portal URL.
|
Set here the Lemonldap::NG portal URL.
|
||||||
You can modify this value later using the Lemonldap::NG manager.
|
You can modify this value later using the Lemonldap::NG manager.
|
||||||
Description-fr: Port du serveur LDAP
|
Description-fr: Portail Lemonldap::NG
|
||||||
Indiquez ici l'URL du portail Lemonldap::NG.
|
Indiquez ici l'URL du portail Lemonldap::NG.
|
||||||
Vous pourrez modifier cette valeur ultérieurement dans le gestionnaire
|
Vous pourrez modifier cette valeur ultérieurement dans le gestionnaire
|
||||||
Lemonldap::NG.
|
Lemonldap::NG.
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
/usr/share
|
/usr/share
|
||||||
/var/lib/lemonldap-ng/handler
|
/var/lib/lemonldap-ng/handler
|
||||||
/var/lib/lemonldap-ng/sessions
|
/var/lib/lemonldap-ng/sessions
|
||||||
|
/var/lib/lemonldap-ng/sessions/lock
|
||||||
|
|
|
@ -13,8 +13,9 @@ then
|
||||||
perl -000 -pe 's/(configStorage\s*=>\s*){[^}]+}/$1\$Lemonldap::NG::Conf::configStorage/;
|
perl -000 -pe 's/(configStorage\s*=>\s*){[^}]+}/$1\$Lemonldap::NG::Conf::configStorage/;
|
||||||
s#^use#\nrequire "/usr/share/lemonldap-ng/configStorage.pm";\nuse#m;' \
|
s#^use#\nrequire "/usr/share/lemonldap-ng/configStorage.pm";\nuse#m;' \
|
||||||
$EXAMPLEHANDLERFILE >$HANDLERFILE
|
$EXAMPLEHANDLERFILE >$HANDLERFILE
|
||||||
chmod 770 $SESSIONSDIR;
|
chmod 770 $SESSIONSDIR
|
||||||
chown www-data.www-data $SESSIONSDIR;
|
chmod 770 $SESSIONSDIR/lock
|
||||||
|
chown -R www-data.www-data $SESSIONSDIR
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
#
|
#
|
||||||
# Regular cron jobs for the Lemonldap::NG portal
|
# Regular cron jobs for the Lemonldap::NG portal
|
||||||
#
|
#
|
||||||
*/10 * * * * www-data test -x /usr/share/lemonldap-ng/bin/purgeCentralCache
|
*/10 * * * * www-data test -x /usr/share/lemonldap-ng/bin/purgeCentralCache && /usr/share/lemonldap-ng/bin/purgeCentralCache
|
||||||
|
|
|
@ -2,3 +2,4 @@
|
||||||
/usr/share/lemonldap-ng/bin
|
/usr/share/lemonldap-ng/bin
|
||||||
/var/lib/lemonldap-ng/portal
|
/var/lib/lemonldap-ng/portal
|
||||||
/var/lib/lemonldap-ng/sessions
|
/var/lib/lemonldap-ng/sessions
|
||||||
|
/var/lib/lemonldap-ng/sessions/lock
|
||||||
|
|
|
@ -21,8 +21,9 @@ then
|
||||||
$EXAMPLECLEANERFILE >$CLEANERFILE
|
$EXAMPLECLEANERFILE >$CLEANERFILE
|
||||||
chmod +x $PORTALFILE
|
chmod +x $PORTALFILE
|
||||||
chmod +x $CLEANERFILE
|
chmod +x $CLEANERFILE
|
||||||
chmod 770 $SESSIONSDIR;
|
chmod 770 $SESSIONSDIR
|
||||||
chown www-data.www-data $SESSIONSDIR;
|
chmod 770 $SESSIONSDIR/lock
|
||||||
|
chown -R www-data.www-data $SESSIONSDIR
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@ package Lemonldap::NG::Manager::Help;
|
||||||
|
|
||||||
use AutoLoader qw(AUTOLOAD);
|
use AutoLoader qw(AUTOLOAD);
|
||||||
use UNIVERSAL qw(can);
|
use UNIVERSAL qw(can);
|
||||||
our $VERSION = '0.32';
|
our $VERSION = '0.33';
|
||||||
|
|
||||||
sub import {
|
sub import {
|
||||||
my ($caller_package) = caller;
|
my ($caller_package) = caller;
|
||||||
|
@ -18,19 +18,104 @@ sub import {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$l ||= "en";
|
$l ||= "en";
|
||||||
foreach $h (qw(virtualHosts groups ldap vars storage macros authParams
|
foreach $h (qw(authParams cookieName domain groups ldap macros storage vars
|
||||||
cookieName domain)) {
|
whatToTrace virtualHosts)) {
|
||||||
*{"${caller_package}::help_$h"} = \&{"help_${h}_$l"};
|
*{"${caller_package}::help_$h"} = \&{"help_${h}_$l"};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# TODO: Help in English
|
|
||||||
|
|
||||||
1;
|
1;
|
||||||
__END__
|
__END__
|
||||||
|
|
||||||
=pod
|
=pod
|
||||||
=cut
|
=cut
|
||||||
|
sub help_authParams_en {
|
||||||
|
print <<EOT;
|
||||||
|
<h3>Authentication Parameters</h3>
|
||||||
|
<dl>
|
||||||
|
<dt> Authentication type </dt>
|
||||||
|
<dd> By default,Lemonldap::NG uses ldap authentication scheme. You can change
|
||||||
|
this by 'SSL' for example.</dd>
|
||||||
|
|
||||||
|
<dt> Portal </dt>
|
||||||
|
<dd> Set here the URL used to authenticate users (portal). The portal has to
|
||||||
|
inherits from Lemonldap::NG::Portal::SharedConf.</dd>
|
||||||
|
|
||||||
|
<dt> Secured cookie (SSL) </dt>
|
||||||
|
<dd> An authenticated user is known by his cookie. If all (virtual) hosts use
|
||||||
|
HTTPS, set this value to 1 so the cookie will be protected and will not be
|
||||||
|
transmitted unless https is used.</dd>
|
||||||
|
</dl>
|
||||||
|
EOT
|
||||||
|
}
|
||||||
|
|
||||||
|
sub help_authParams_fr {
|
||||||
|
print <<EOT;
|
||||||
|
<h3>Paramètres d'authentification</h3>
|
||||||
|
<dl>
|
||||||
|
<dt> Type d'authentification </dt>
|
||||||
|
<dd> Le schéma classique d'authentification Lemonldap;;NG consiste à utiliser une
|
||||||
|
authentification par LDAP. Vous pouvez changer ceci en "SSL" par exemple.</dd>
|
||||||
|
|
||||||
|
<dt> Portail </dt>
|
||||||
|
<dd> Indiquez ici l'URL ou seront renvoyés les utilisateurs non authentifiés.
|
||||||
|
Cette URL doit bien sur correspondre à un portail utilisant
|
||||||
|
Lemonldap::NG::Portal::SharedConf.</dd>
|
||||||
|
|
||||||
|
<dt> Cookie sécurisé (SSL) </dt>
|
||||||
|
<dd> Une fois authentifié, l'utilisateur est reconnu par son cookie. Si tous
|
||||||
|
les hôtes virtuels de votre domaine son protégés par SSL, mettez cette option
|
||||||
|
à 1, ainsi le cookie ne sera présenté par le navigateur qu'aux sites protégés,
|
||||||
|
ce qui évite un vol de session.</dd>
|
||||||
|
</dl>
|
||||||
|
EOT
|
||||||
|
}
|
||||||
|
|
||||||
|
sub help_cookieName_en {
|
||||||
|
print <<EOT;
|
||||||
|
<h3>Cookie Name</h3>
|
||||||
|
<p> Set here the name of the cookie ('lemonldap' by default).<br>
|
||||||
|
|
||||||
|
WARNING, any change here needs to restart all the Apache servers that use
|
||||||
|
a Lemonldap::NG::Handler.</p>
|
||||||
|
EOT
|
||||||
|
}
|
||||||
|
|
||||||
|
sub help_cookieName_fr {
|
||||||
|
print <<EOT;
|
||||||
|
<h3>Nom de cookie</h3>
|
||||||
|
<p> Indiquez ici le nom du cookie ('lemonldap' par défaut).<br>
|
||||||
|
|
||||||
|
ATTENTION, tout changement nécessite le redémarrage de tous les serveurs Apache
|
||||||
|
hébergeant des agents de protection Lemonldap::NG::Handler.</p>
|
||||||
|
EOT
|
||||||
|
}
|
||||||
|
|
||||||
|
sub help_domain_en {
|
||||||
|
print <<EOT;
|
||||||
|
<h3>Protected domain</h3>
|
||||||
|
<p> Set here the main domain (or sub-domain) protected by Lemonldap::NG. If you
|
||||||
|
use "Cross domain authentication", set here the domain of the portal.<br>
|
||||||
|
WARNING : all the virtual hosts that are not under the same domain than the
|
||||||
|
portal must be protected by handlers that inherits from
|
||||||
|
Lemonldap::NG::Handler::CDA and if such handlers exist, you have to use
|
||||||
|
Lemonldap::NG::Portal::CDA.
|
||||||
|
EOT
|
||||||
|
}
|
||||||
|
|
||||||
|
sub help_domain_fr {
|
||||||
|
print <<EOT;
|
||||||
|
<h3>Domaine protégé</h3>
|
||||||
|
<p> Indiquez ici le nom du domaine (ou du sous-domaine) contenant vos
|
||||||
|
applications à protéger. Si vous utilisez le "Cross domain
|
||||||
|
authentication", indiquez ici le domaine du portail<br>
|
||||||
|
ATTENTION : tous les hôtes virtuels protégés ne se trouvant
|
||||||
|
pas dans le même domaine que le portail doivent être protégés par un agent
|
||||||
|
héritant de Lemonldap::NG::Handler::CDA et si un seul de ces agents est
|
||||||
|
utilisé, le portail doit être de type Lemonldap::NG::Portal::CDA.
|
||||||
|
EOT
|
||||||
|
}
|
||||||
|
|
||||||
sub help_groups_en {
|
sub help_groups_en {
|
||||||
print <<EOT;
|
print <<EOT;
|
||||||
<h3>User Groups</h3>
|
<h3>User Groups</h3>
|
||||||
|
@ -95,6 +180,154 @@ noms de groupe pour lesquels l'expression est vraie).</p>
|
||||||
EOT
|
EOT
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub help_ldap_en {
|
||||||
|
print <<EOT;
|
||||||
|
<h3>LDAP Parameters</h3>
|
||||||
|
<p>LDAP parameters are used to identify users. They must be set even if
|
||||||
|
authentication is done by another system (SSL for example).</p>
|
||||||
|
<ul>
|
||||||
|
<li>LDAP base : required (except if your server accepts the requests without
|
||||||
|
base). Example :
|
||||||
|
<pre> dc=example, dc=com </pre></li>
|
||||||
|
<li>LDAP server port : 389 by default ;</li>
|
||||||
|
<li>LDAP server : Name (or IP address) of the LDAP server. To use LDAPS, set
|
||||||
|
here :
|
||||||
|
<pre> ldaps://server/</pre>
|
||||||
|
and don't forget to change port (636 for example)</li>
|
||||||
|
<li>LDAP account : optional, must be set if anonymous connection cannot
|
||||||
|
access to the wanted LDAP attributes. This account is used before LDAP
|
||||||
|
authentication to find user's dn ;
|
||||||
|
</li>
|
||||||
|
<li>LDAP password : password corresponding to the account above.
|
||||||
|
</ul>
|
||||||
|
EOT
|
||||||
|
}
|
||||||
|
|
||||||
|
sub help_ldap_fr {
|
||||||
|
print <<EOT;
|
||||||
|
<h3>Paramètres LDAP</h3>
|
||||||
|
<p> Les paramètres LDAP servent à identifier les utilisateurs.
|
||||||
|
Ils doivent être renseignés même si l'authentification est
|
||||||
|
réalisée par un autre moyen (SSL par exemple).</p>
|
||||||
|
<ul>
|
||||||
|
<li>Base de recherche LDAP : obligatoire (à moins que votre serveur LDAP
|
||||||
|
accepte les requêtes sans base). Exemple :
|
||||||
|
<pre> dc=example, dc=com </pre></li>
|
||||||
|
<li>Port du serveur LDAP : 389 par défaut ;</li>
|
||||||
|
<li>Serveur LDAP : Nom (ou adresse IP) du serveur LDAP. Pour une connexion
|
||||||
|
LDAPS, indiquez ici :
|
||||||
|
<pre> ldaps://server/</pre>
|
||||||
|
et n'oubliez pas de changer le port (636 en général)</li>
|
||||||
|
<li>Compte de connexion LDAP : optionnel, à renseigner si les attributs LDAP
|
||||||
|
utilisés ne sont pas accessibles par une session anonyme. Ce compte est
|
||||||
|
utilisé avant l'authentification pour trouver le dn de l'utilisateur ;
|
||||||
|
</li>
|
||||||
|
<li>Mot de passe LDAP : mot de passe correspondant au compte ci-dessus.
|
||||||
|
</ul>
|
||||||
|
EOT
|
||||||
|
}
|
||||||
|
|
||||||
|
sub help_macros_en {
|
||||||
|
print <<EOT;
|
||||||
|
<h3>Macros</h3>
|
||||||
|
<p> Macros are used to add new variables to user variables attributes). Those
|
||||||
|
new variables are calculated from other variables issued from LDAP attributes.
|
||||||
|
This mechanism avoid to do more than one time the same operation in the
|
||||||
|
authentication phase. Example :</p>
|
||||||
|
<pre>
|
||||||
|
# macros
|
||||||
|
long_name => \$givenname . " " . \$surname
|
||||||
|
admin => \$uid eq "foo" or \$uid eq "bar"
|
||||||
|
|
||||||
|
# test.example.com - Headers
|
||||||
|
Name => \$long_name
|
||||||
|
|
||||||
|
# test.example.com - Rules
|
||||||
|
^/admin/ => \$admin
|
||||||
|
EOT
|
||||||
|
}
|
||||||
|
|
||||||
|
sub help_macros_fr {
|
||||||
|
print <<EOT;
|
||||||
|
<h3>Macros</h3>
|
||||||
|
<p> Les macros permettent d'ajouter des variables calculées à
|
||||||
|
partir des attributs LDAP (variables exportées). Elles évitent
|
||||||
|
de répéter le même calcul plusieurs fois dans la phase
|
||||||
|
d'authentification. Exemple :</p>
|
||||||
|
<pre>
|
||||||
|
# macros
|
||||||
|
nom_complet => \$givenname . " " . \$surname
|
||||||
|
admin => \$uid eq "foo" or \$uid eq "bar"
|
||||||
|
|
||||||
|
# test.example.com - En-têtes
|
||||||
|
Nom => \$nom_complet
|
||||||
|
|
||||||
|
# test.example.com - Règles
|
||||||
|
^/admin/ => \$admin
|
||||||
|
EOT
|
||||||
|
}
|
||||||
|
|
||||||
|
sub help_storage_en {
|
||||||
|
print <<EOT;
|
||||||
|
<h3>Sessions Storage</h3>
|
||||||
|
<p> Lemonldap::NG sessions storage works with modules that inherits from
|
||||||
|
Apache::Session. You have to set here the choosen module and add the
|
||||||
|
corresponding parameters :</p>
|
||||||
|
<p>Examples :</p>
|
||||||
|
<ul>
|
||||||
|
<li>Module => Apache::Session::File, <br>options :
|
||||||
|
<ul>
|
||||||
|
<li> Directory => /var/cache/lemonldap</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>Module => Apache::Session::MySQL, <br>options :
|
||||||
|
<ul>
|
||||||
|
<li> DataSource => DBI:mysql:database=lemon;host=1.2.3.4</li>
|
||||||
|
<li> UserName => Lemonldap
|
||||||
|
<li> Password => mypass
|
||||||
|
<li> timeout => 7200
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<p>
|
||||||
|
<b>Note</b> : if you use <tt><b>purgeCentralCache</b></tt> script provided
|
||||||
|
in the portal sources (to use in crontab), you can set the <b>timeout</b>
|
||||||
|
parameter to manage sessions end (7200 secondes by default).
|
||||||
|
</p>
|
||||||
|
EOT
|
||||||
|
}
|
||||||
|
|
||||||
|
sub help_storage_fr {
|
||||||
|
print <<EOT;
|
||||||
|
<h3>Stockage des sessions</h3>
|
||||||
|
<p> Le stockage des sessions Lemonldap::NG est réalisé au travers des modules
|
||||||
|
hérités de Apache::Session. Vous devez indiquer ici le module choisi et
|
||||||
|
indiquer les paramètres correspondants à ce module :</p>
|
||||||
|
<p>Exemples :</p>
|
||||||
|
<ul>
|
||||||
|
<li>Module => Apache::Session::File, <br>options :
|
||||||
|
<ul>
|
||||||
|
<li> Directory => /var/cache/lemonldap</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>Module => Apache::Session::MySQL, <br>options :
|
||||||
|
<ul>
|
||||||
|
<li> DataSource => DBI:mysql:database=lemon;host=1.2.3.4</li>
|
||||||
|
<li> UserName => Lemonldap
|
||||||
|
<li> Password => mypass
|
||||||
|
<li> timeout => 7200
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<p>
|
||||||
|
<b>Note</b> : si vous utilisez le script <tt><b>purgeCentralCache</b></tt>
|
||||||
|
fourni dans les sources du portail (à mettre en crontab), vous pouvez ajouter
|
||||||
|
le paramètre <b>timeout</b> pour gérer la destruction des sessions (7200
|
||||||
|
secondes par défaut).
|
||||||
|
</p>
|
||||||
|
EOT
|
||||||
|
}
|
||||||
|
|
||||||
sub help_vars_en {
|
sub help_vars_en {
|
||||||
print <<EOT;
|
print <<EOT;
|
||||||
<h3>Variables (LDAP attributes)</h3>
|
<h3>Variables (LDAP attributes)</h3>
|
||||||
|
@ -137,58 +370,6 @@ précéder du signe '\$'. Exemple :
|
||||||
EOT
|
EOT
|
||||||
}
|
}
|
||||||
|
|
||||||
sub help_authParams_en {
|
|
||||||
print <<EOT;
|
|
||||||
<h3>Authentication Parameters</h3>
|
|
||||||
This help chapter does not exist in english. If you want to help us, you can
|
|
||||||
edit lib/Lemonldap/NG/Manager/Help.pm in lemonldap-ng source tree and send us
|
|
||||||
your contribution.<br>
|
|
||||||
Thanks.
|
|
||||||
EOT
|
|
||||||
}
|
|
||||||
|
|
||||||
sub help_authParams_fr {
|
|
||||||
print <<EOT;
|
|
||||||
<h3>Paramètres d'authentification</h3>
|
|
||||||
<dl>
|
|
||||||
<dt> Type d'authentification </dt>
|
|
||||||
<dd> Le schéma classique d'authentification Lemonldap consiste à utiliser une
|
|
||||||
authentification par LDAP. Vous pouvez changer ceci en ssl par exemple.</dd>
|
|
||||||
|
|
||||||
<dt> Portail </dt>
|
|
||||||
<dd> Indiquez ici l'URL ou seront renvoyés les utilisateurs non authentifiés.
|
|
||||||
Cette URL doit bien sur correspondre à un portail utilisant
|
|
||||||
Lemonldap::NG::Portal::SharedConf.</dd>
|
|
||||||
|
|
||||||
<dt> Cookie sécurisé (SSL) </dt>
|
|
||||||
<dd> Une fois authentifié, l'utilisateur est reconnu par son cookie. Si tous
|
|
||||||
les hôtes virtuels de votre domaine son protégés par SSL, mettez cette option
|
|
||||||
à 1, ainsi le cookie ne sera présenté par le navigateur qu'aux sites protégés,
|
|
||||||
ce qui évite un vol de session.
|
|
||||||
</dl>
|
|
||||||
EOT
|
|
||||||
}
|
|
||||||
|
|
||||||
sub help_domain_en {
|
|
||||||
print <<EOT;
|
|
||||||
<h3>Protected domain</h3>
|
|
||||||
This help chapter does not exist in english. If you want to help us, you can
|
|
||||||
edit lib/Lemonldap/NG/Manager/Help.pm in lemonldap-ng source tree and send us
|
|
||||||
your contribution.<br>
|
|
||||||
Thanks.
|
|
||||||
EOT
|
|
||||||
}
|
|
||||||
|
|
||||||
sub help_domain_fr {
|
|
||||||
print <<EOT;
|
|
||||||
<h3>Domaine protégé</h3>
|
|
||||||
<p> Indiquez ici le nom du domaine (ou du sous-domaine) contenant vos
|
|
||||||
applications à protéger.<br>
|
|
||||||
ATTENTION : tous les hôtes virtuels protégés ainsi que le portail
|
|
||||||
d'authentification doivent se trouver dans ce domaine.
|
|
||||||
EOT
|
|
||||||
}
|
|
||||||
|
|
||||||
sub help_virtualHosts_en {
|
sub help_virtualHosts_en {
|
||||||
print <<EOT;
|
print <<EOT;
|
||||||
<h3>Virtual Hosts</h3>
|
<h3>Virtual Hosts</h3>
|
||||||
|
@ -281,143 +462,20 @@ comme suit : <tt><nom de l'en-tête> => <expression Perl&g
|
||||||
EOT
|
EOT
|
||||||
}
|
}
|
||||||
|
|
||||||
sub help_macros_en {
|
sub help_whatToTrace_en {
|
||||||
print <<EOT;
|
print <<EOT;
|
||||||
<h3>Macros</h3>
|
<h3>What to log in Apache</h3>
|
||||||
<p> Macros are used to add new variables to user variables attributes). Those
|
<p> Set here le name of the variable (attribute) or macro that has to be used
|
||||||
new variables are calculated from other variables issued from LDAP attributes.
|
in proected application Apache logs (don't forget "\$"). By default :
|
||||||
This mechanism avoid to do more than one time the same operation in the
|
\$uid</p>
|
||||||
authentication phase. Example :</p>
|
|
||||||
<pre>
|
|
||||||
# macros
|
|
||||||
long_name => \$givenname . " " . \$surname
|
|
||||||
admin => \$uid eq "foo" or \$uid eq "bar"
|
|
||||||
|
|
||||||
# test.example.com - Headers
|
|
||||||
Name => \$long_name
|
|
||||||
|
|
||||||
# test.example.com - Rules
|
|
||||||
^/admin/ => \$admin
|
|
||||||
EOT
|
EOT
|
||||||
}
|
}
|
||||||
|
|
||||||
sub help_macros_fr {
|
sub help_whatToTrace_fr {
|
||||||
print <<EOT;
|
print <<EOT;
|
||||||
<h3>Macros</h3>
|
<h3>Donnée à journaliser dans Apache</h3>
|
||||||
<p> Les macros permettent d'ajouter des variables calculées à
|
<p> Indiquez ici le nom de la variable (attribut) ou de la macro qui doit être
|
||||||
partir des attributs LDAP (variables exportées). Elles évitent
|
utilisée pour alimenter les journaux Apache des applications protégées
|
||||||
de répéter le même calcul plusieurs fois dans la phase
|
(n'oubliez pas le "\$"). Par défaut : \$uid</p>
|
||||||
d'authentification. Exemple :</p>
|
|
||||||
<pre>
|
|
||||||
# macros
|
|
||||||
nom_complet => \$givenname . " " . \$surname
|
|
||||||
admin => \$uid eq "foo" or \$uid eq "bar"
|
|
||||||
|
|
||||||
# test.example.com - En-têtes
|
|
||||||
Nom => \$nom_complet
|
|
||||||
|
|
||||||
# test.example.com - Règles
|
|
||||||
^/admin/ => \$admin
|
|
||||||
EOT
|
|
||||||
}
|
|
||||||
|
|
||||||
sub help_ldap_en {
|
|
||||||
print <<EOT;
|
|
||||||
<h3>LDAP Parameters</h3>
|
|
||||||
<p>LDAP parameters are used to identify users. They must be set even if
|
|
||||||
authentication is done by another system (SSL for example).</p>
|
|
||||||
<ul>
|
|
||||||
<li>LDAP base : required (except if your server accepts the requests without
|
|
||||||
base). Example :
|
|
||||||
<pre> dc=example, dc=com </pre></li>
|
|
||||||
<li>LDAP server port : 389 by default ;</li>
|
|
||||||
<li>LDAP server : Name (or IP address) of the LDAP server. To use LDAPS, set
|
|
||||||
here :
|
|
||||||
<pre> ldaps://server/</pre>
|
|
||||||
and don't forget to change port (636 for example)</li>
|
|
||||||
<li>LDAP account : optional, must be set if anonymous connection cannot
|
|
||||||
access to the wanted LDAP attributes. This account is used before LDAP
|
|
||||||
authentication to find user's dn ;
|
|
||||||
</li>
|
|
||||||
<li>LDAP password : password corresponding to the account above.
|
|
||||||
</ul>
|
|
||||||
EOT
|
|
||||||
}
|
|
||||||
|
|
||||||
sub help_ldap_fr {
|
|
||||||
print <<EOT;
|
|
||||||
<h3>Paramètres LDAP</h3>
|
|
||||||
<p> Les paramètres LDAP servent à identifier les utilisateurs.
|
|
||||||
Ils doivent être renseignés même si l'authentification est
|
|
||||||
réalisée par un autre moyen (SSL par exemple).</p>
|
|
||||||
<ul>
|
|
||||||
<li>Base de recherche LDAP : obligatoire (à moins que votre serveur LDAP
|
|
||||||
accepte les requêtes sans base). Exemple :
|
|
||||||
<pre> dc=example, dc=com </pre></li>
|
|
||||||
<li>Port du serveur LDAP : 389 par défaut ;</li>
|
|
||||||
<li>Serveur LDAP : Nom (ou adresse IP) du serveur LDAP. Pour une connexion
|
|
||||||
LDAPS, indiquez ici :
|
|
||||||
<pre> ldaps://server/</pre>
|
|
||||||
et n'oubliez pas de changer le port (636 en général)</li>
|
|
||||||
<li>Compte de connexion LDAP : optionnel, à renseigner si les attributs LDAP
|
|
||||||
utilisés ne sont pas accessibles par une session anonyme. Ce compte est
|
|
||||||
utilisé avant l'authentification pour trouver le dn de l'utilisateur ;
|
|
||||||
</li>
|
|
||||||
<li>Mot de passe LDAP : mot de passe correspondant au compte ci-dessus.
|
|
||||||
</ul>
|
|
||||||
EOT
|
|
||||||
}
|
|
||||||
|
|
||||||
sub help_storage_en {
|
|
||||||
print <<EOT;
|
|
||||||
<h3>Sessions Storage</h3>
|
|
||||||
This help chapter does not exist in english. If you want to help us, you can
|
|
||||||
edit lib/Lemonldap/NG/Manager/Help.pm in lemonldap-ng source tree and send us
|
|
||||||
your contribution.<br>
|
|
||||||
Thanks.
|
|
||||||
EOT
|
|
||||||
}
|
|
||||||
|
|
||||||
sub help_storage_fr {
|
|
||||||
print <<EOT;
|
|
||||||
<h3>Stockage des sessions</h3>
|
|
||||||
<p> Le stockage des sessions Lemonldap::NG est réalisé au travers des modules
|
|
||||||
hérités de Apache::Session. Vous devez indiquer ici le module choisi et
|
|
||||||
indiquer les paramètres correspondants à ce module :</p>
|
|
||||||
<p>Exemples :</p>
|
|
||||||
<ul>
|
|
||||||
<li>Module => Apache::Session::File, <br>options :
|
|
||||||
<ul>
|
|
||||||
<li> Directory => /var/cache/lemonldap</li>
|
|
||||||
</ul>
|
|
||||||
</li>
|
|
||||||
<li>Module => Apache::Session::MySQL, <br>options :
|
|
||||||
<ul>
|
|
||||||
<li> DataSource => DBI:mysql:database=lemon;host=1.2.3.4</li>
|
|
||||||
<li> UserName => Lemonldap
|
|
||||||
<li> Password => mypass
|
|
||||||
</ul>
|
|
||||||
</li>
|
|
||||||
</ul>
|
|
||||||
EOT
|
|
||||||
}
|
|
||||||
|
|
||||||
sub help_cookieName_en {
|
|
||||||
print <<EOT;
|
|
||||||
<h3>Cookie Name</h3>
|
|
||||||
This help chapter does not exist in english. If you want to help us, you can
|
|
||||||
edit lib/Lemonldap/NG/Manager/Help.pm in lemonldap-ng source tree and send us
|
|
||||||
your contribution.<br>
|
|
||||||
Thanks.
|
|
||||||
EOT
|
|
||||||
}
|
|
||||||
|
|
||||||
sub help_cookieName_fr {
|
|
||||||
print <<EOT;
|
|
||||||
<h3>Nom de cookie</h3>
|
|
||||||
<p> Indiquez ici le nom du cookie ('lemonldap' par défaut).<br>
|
|
||||||
|
|
||||||
ATTENTION, tout changement nécessite le redémarrage de tous les serveurs Apache
|
|
||||||
hébergeant des agents de protection Lemonldap::NG::Handler.</p>
|
|
||||||
EOT
|
EOT
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,7 +8,7 @@ use AutoLoader qw(AUTOLOAD);
|
||||||
require Lemonldap::NG::Manager::_i18n;
|
require Lemonldap::NG::Manager::_i18n;
|
||||||
use Lemonldap::NG::Manager::Conf::Constants;
|
use Lemonldap::NG::Manager::Conf::Constants;
|
||||||
|
|
||||||
our $VERSION = '0.25';
|
our $VERSION = '0.26';
|
||||||
|
|
||||||
# TODO: Delete buttons in headers and rules if 'read-only'
|
# TODO: Delete buttons in headers and rules if 'read-only'
|
||||||
|
|
||||||
|
@ -172,6 +172,9 @@ function onNodeSelect(nodeId) {
|
||||||
but+=button('$text{newGroup}','newGroup',nodeId);
|
but+=button('$text{newGroup}','newGroup',nodeId);
|
||||||
help('groups');
|
help('groups');
|
||||||
}
|
}
|
||||||
|
else if(nodeIs(nodeId,"whatToTrace")){
|
||||||
|
help('whatToTrace');
|
||||||
|
}
|
||||||
else if(nodeIs(nodeId,"generalParameters")){
|
else if(nodeIs(nodeId,"generalParameters")){
|
||||||
if(nodeIs(nodeId,"ldapParameters")){
|
if(nodeIs(nodeId,"ldapParameters")){
|
||||||
help('ldap');
|
help('ldap');
|
||||||
|
|
Loading…
Reference in New Issue