dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

LEMONLDAP::NG : documentation and Debian installation improvement

This commit is contained in:
Xavier Guimard 2007-05-03 19:47:57 +00:00
parent d1f45296a3
commit 95221d4ae4
12 changed files with 296 additions and 206 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
build/lemonldap-ng/TODO
View File

@ -2,15 +2,28 @@ Lemonldap::NG TODO
------------------ ------------------
TODO list for Lemonldap::NG development TODO list for Lemonldap::NG development
- Priority: High Status: Planning Created: 2007\04\21 13-13-25 - Priority: High Status: In progress Created: 2007\04\21 13-13-25
Buttons to manage configurations (delete, next, previous, last,...) Buttons to manage configurations (delete, next, previous, last,...)
- Priority: Normal Status: In progress Created: 2007\04\21 13-05-54 - Priority: Low Status: N/A Created: 2007\05\03 11-40-36
Help in english Delete buttons in virtualHosts if 'read"-"only'
- Priority: Low Status: Planning Created: 2007\04\21 13-14-55 - Priority: Normal Status: Planning Created: 2007\05\03 12-28-30
Modify example to use nameVirtualHost instead of 127.0.0.x adresses
- Priority: Normal Status: In progress Created: 2007\05\03 10-41-36
Modify install to make a running example as debian install
- Priority: Normal Status: In progress Created: 2007\05\03 11-45-05
Display errors in saveConf
- Priority: Normal Status: N/A Created: 2007\05\03 11-50-17
Test and documentation for SOAP authentication
- Priority: Low Status: Planning Created: 2007\05\03 11-46-55
Documentation :
* logout documentation
- Priority: Low Status: N/A Created: 2007\05\03 11-47-42
Order rules :
* find a system to move up and down rules in manager interface
* split locationRules into 2 arrays
- Priority: Low Status: N/A Created: 2007\04\21 13-14-55
Simplified manager interface fo rules: Simplified manager interface fo rules:
* simplified regexp (* instead of .*,...) * simplified regexp (* instead of .*,...)
* simple combobox to choose groups * simple combobox to choose groups
- Priority: Low Status: Planning Created: 2007\04\23 21-26-18 - Priority: Low Status: Planning Created: 2007\04\23 21-26-18
TLS in LDAP connection. SSL works, but start_tls cannot yet be called. TLS in LDAP connection. SSL works, but start_tls cannot yet be called.
- Priority: Normal Status: Planning Created: 2007\05\01 08-59-46
Timeout documentation

3
build/lemonldap-ng/debian/changelog
View File

@ -5,11 +5,12 @@ lemonldap-ng (0.8.1.2) unstable; urgency=low
* New: port is now checked in portal redirection * New: port is now checked in portal redirection
* Different configurations can now be used on the same server at the same * Different configurations can now be used on the same server at the same
time time
* Help in english
* New debian structure: lemonldap-ng is splitted in 5 packages, default * New debian structure: lemonldap-ng is splitted in 5 packages, default
configuration file has moved to /var/lib/lemonldap-ng/conf/ and first configuration file has moved to /var/lib/lemonldap-ng/conf/ and first
configuration file is managed by debconf configuration file is managed by debconf
-- Xavier Guimard <x.guimard@free.fr> Tue, 01 May 2007 16:18:47 +0200 -- Xavier Guimard <x.guimard@free.fr> Thu, 03 May 2007 10:39:51 +0200
lemonldap-ng (0.8.1.1) unstable; urgency=low lemonldap-ng (0.8.1.1) unstable; urgency=low

12
build/lemonldap-ng/debian/control
View File

@ -11,6 +11,8 @@ Depends: liblemonldap-ng-handler-perl, liblemonldap-ng-manager-perl, liblemonlda
Description: Lemonldap::NG Web-SSO system Description: Lemonldap::NG Web-SSO system
Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies
or directly on application apache servers. or directly on application apache servers.
.
This package is a meta package that install handler, manager and portal.
Package: liblemonldap-ng-handler-perl Package: liblemonldap-ng-handler-perl
Architecture: all Architecture: all
@ -18,6 +20,8 @@ Depends: libapache-session-perl, libwww-perl, libcache-cache-perl, liblemonldap-
Description: Lemonldap::NG apache module part Description: Lemonldap::NG apache module part
Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies
or directly on application apache servers. or directly on application apache servers.
.
This package installs the Apache module part (handler) used to protect web areas.
Package: liblemonldap-ng-conf-perl Package: liblemonldap-ng-conf-perl
Architecture: all Architecture: all
@ -26,6 +30,9 @@ Recommends: libsoap-lite-perl
Description: Lemonldap::NG apache manager part Description: Lemonldap::NG apache manager part
Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies
or directly on application apache servers. or directly on application apache servers.
.
This package installs the configuration libraries used by other Lemonldap::NG
modules.
Package: liblemonldap-ng-manager-perl Package: liblemonldap-ng-manager-perl
Architecture: all Architecture: all
@ -34,6 +41,8 @@ Recommends: libcache-cache-perl, libapache-session-perl, libsoap-lite-perl
Description: Lemonldap::NG apache manager part Description: Lemonldap::NG apache manager part
Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies
or directly on application apache servers. or directly on application apache servers.
.
This package installs the administration interface (manager).
Package: liblemonldap-ng-portal-perl Package: liblemonldap-ng-portal-perl
Architecture: all Architecture: all
@ -42,4 +51,5 @@ Recommends: liblasso-perl
Description: Lemonldap::NG apache authentication portal part Description: Lemonldap::NG apache authentication portal part
Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies
or directly on application apache servers. or directly on application apache servers.
.
This package installs the authentication portal.

3
build/lemonldap-ng/debian/liblemonldap-ng-conf-perl.postinst
View File

@ -15,7 +15,8 @@ then
for i in domain ldapServer ldapPort ldapBase managerDn managerPassword portal; do for i in domain ldapServer ldapPort ldapBase managerDn managerPassword portal; do
db_get liblemonldap-ng-conf-perl/$i || true db_get liblemonldap-ng-conf-perl/$i || true
perl -000 -i -pe "s#^$i(\\n\\s+)('?)[^\\n]*?('?)\$#$i\${1}\${2}$RET\${3}#m" $FIRSTCONFFILE perl -000 -i -pe "s#^$i(\\n\\s+)('?)[^\\n]*?('?)\$#$i\${1}\${2}$RET\${3}#m" $FIRSTCONFFILE
done done
perl -000 -i -pe "s#^(globalStorageOptions\\n\\s+)'[^\\n]*?'\$#\${1}\'BAcEMTIzNAQEBAgDAgAAAAofL3Zhci9saWIvbGVtb25sZGFwLW5nL3Nlc3Npb25zLwkAAABEaXJlY3RvcnkKJC92YXIvbGliL2xlbW9ubGRhcC1uZy9zZXNzaW9ucy9sb2NrLw0AAABMb2NrRGlyZWN0b3J5'#m" $FIRSTCONFFILE
fi fi
exit 0 exit 0

2
build/lemonldap-ng/debian/liblemonldap-ng-conf-perl.templates
View File

@ -38,7 +38,7 @@ Default: http://auth.example.com/
Description: Lemonldap::NG portal Description: Lemonldap::NG portal
Set here the Lemonldap::NG portal URL. Set here the Lemonldap::NG portal URL.
You can modify this value later using the Lemonldap::NG manager. You can modify this value later using the Lemonldap::NG manager.
Description-fr: Port du serveur LDAP Description-fr: Portail Lemonldap::NG
Indiquez ici l'URL du portail Lemonldap::NG. Indiquez ici l'URL du portail Lemonldap::NG.
Vous pourrez modifier cette valeur ultérieurement dans le gestionnaire Vous pourrez modifier cette valeur ultérieurement dans le gestionnaire
Lemonldap::NG. Lemonldap::NG.

1
build/lemonldap-ng/debian/liblemonldap-ng-handler-perl.dirs
View File

@ -1,3 +1,4 @@
/usr/share /usr/share
/var/lib/lemonldap-ng/handler /var/lib/lemonldap-ng/handler
/var/lib/lemonldap-ng/sessions /var/lib/lemonldap-ng/sessions
/var/lib/lemonldap-ng/sessions/lock

5
build/lemonldap-ng/debian/liblemonldap-ng-handler-perl.postinst
View File

@ -13,8 +13,9 @@ then
perl -000 -pe 's/(configStorage\s*=>\s*){[^}]+}/$1\$Lemonldap::NG::Conf::configStorage/; perl -000 -pe 's/(configStorage\s*=>\s*){[^}]+}/$1\$Lemonldap::NG::Conf::configStorage/;
s#^use#\nrequire "/usr/share/lemonldap-ng/configStorage.pm";\nuse#m;' \ s#^use#\nrequire "/usr/share/lemonldap-ng/configStorage.pm";\nuse#m;' \
$EXAMPLEHANDLERFILE >$HANDLERFILE $EXAMPLEHANDLERFILE >$HANDLERFILE
chmod 770 $SESSIONSDIR; chmod 770 $SESSIONSDIR
chown www-data.www-data $SESSIONSDIR; chmod 770 $SESSIONSDIR/lock
chown -R www-data.www-data $SESSIONSDIR
fi fi

2
build/lemonldap-ng/debian/liblemonldap-ng-portal-perl.cron.d
View File

@ -1,4 +1,4 @@
# #
# Regular cron jobs for the Lemonldap::NG portal # Regular cron jobs for the Lemonldap::NG portal
# #
*/10 * * * * www-data test -x /usr/share/lemonldap-ng/bin/purgeCentralCache */10 * * * * www-data test -x /usr/share/lemonldap-ng/bin/purgeCentralCache && /usr/share/lemonldap-ng/bin/purgeCentralCache

1
build/lemonldap-ng/debian/liblemonldap-ng-portal-perl.dirs
View File

@ -2,3 +2,4 @@
/usr/share/lemonldap-ng/bin /usr/share/lemonldap-ng/bin
/var/lib/lemonldap-ng/portal /var/lib/lemonldap-ng/portal
/var/lib/lemonldap-ng/sessions /var/lib/lemonldap-ng/sessions
/var/lib/lemonldap-ng/sessions/lock

5
build/lemonldap-ng/debian/liblemonldap-ng-portal-perl.postinst
View File

@ -21,8 +21,9 @@ then
$EXAMPLECLEANERFILE >$CLEANERFILE $EXAMPLECLEANERFILE >$CLEANERFILE
chmod +x $PORTALFILE chmod +x $PORTALFILE
chmod +x $CLEANERFILE chmod +x $CLEANERFILE
chmod 770 $SESSIONSDIR; chmod 770 $SESSIONSDIR
chown www-data.www-data $SESSIONSDIR; chmod 770 $SESSIONSDIR/lock
chown -R www-data.www-data $SESSIONSDIR
fi fi

438
modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Help.pm
View File

@ -2,7 +2,7 @@ package Lemonldap::NG::Manager::Help;
use AutoLoader qw(AUTOLOAD); use AutoLoader qw(AUTOLOAD);
use UNIVERSAL qw(can); use UNIVERSAL qw(can);
our $VERSION = '0.32'; our $VERSION = '0.33';
sub import { sub import {
my ($caller_package) = caller; my ($caller_package) = caller;
@ -18,19 +18,104 @@ sub import {
} }
} }
$l ||= "en"; $l ||= "en";
foreach $h (qw(virtualHosts groups ldap vars storage macros authParams foreach $h (qw(authParams cookieName domain groups ldap macros storage vars
cookieName domain)) { whatToTrace virtualHosts)) {
*{"${caller_package}::help_$h"} = \&{"help_${h}_$l"}; *{"${caller_package}::help_$h"} = \&{"help_${h}_$l"};
} }
} }
# TODO: Help in English
1; 1;
__END__ __END__
=pod =pod
=cut =cut
sub help_authParams_en {
print <<EOT;
<h3>Authentication Parameters</h3>
<dl>
<dt> Authentication type </dt>
<dd> By default,Lemonldap::NG uses ldap authentication scheme. You can change
this by 'SSL' for example.</dd>
<dt> Portal </dt>
<dd> Set here the URL used to authenticate users (portal). The portal has to
inherits from Lemonldap::NG::Portal::SharedConf.</dd>
<dt> Secured cookie (SSL) </dt>
<dd> An authenticated user is known by his cookie. If all (virtual) hosts use
HTTPS, set this value to 1 so the cookie will be protected and will not be
transmitted unless https is used.</dd>
</dl>
EOT
}
sub help_authParams_fr {
print <<EOT;
<h3>Param&egrave;tres d'authentification</h3>
<dl>
<dt> Type d'authentification </dt>
<dd> Le sch&eacute;ma classique d'authentification Lemonldap;;NG consiste &agrave; utiliser une
authentification par LDAP. Vous pouvez changer ceci en "SSL" par exemple.</dd>
<dt> Portail </dt>
<dd> Indiquez ici l'URL ou seront renvoy&eacute;s les utilisateurs non authentifi&eacute;s.
Cette URL doit bien sur correspondre &agrave; un portail utilisant
Lemonldap::NG::Portal::SharedConf.</dd>
<dt> Cookie s&eacute;curis&eacute; (SSL) </dt>
<dd> Une fois authentifi&eacute;, l'utilisateur est reconnu par son cookie. Si tous
les h&ocirc;tes virtuels de votre domaine son prot&eacute;g&eacute;s par SSL, mettez cette option
&agrave; 1, ainsi le cookie ne sera pr&eacute;sent&eacute; par le navigateur qu'aux sites prot&eacute;g&eacute;s,
ce qui &eacute;vite un vol de session.</dd>
</dl>
EOT
}
sub help_cookieName_en {
print <<EOT;
<h3>Cookie Name</h3>
<p> Set here the name of the cookie ('lemonldap' by default).<br>
WARNING, any change here needs to restart all the Apache servers that use
a Lemonldap::NG::Handler.</p>
EOT
}
sub help_cookieName_fr {
print <<EOT;
<h3>Nom de cookie</h3>
<p> Indiquez ici le nom du cookie ('lemonldap' par d&eacute;faut).<br>
ATTENTION, tout changement n&eacute;cessite le red&eacute;marrage de tous les serveurs Apache
h&eacute;bergeant des agents de protection Lemonldap::NG::Handler.</p>
EOT
}
sub help_domain_en {
print <<EOT;
<h3>Protected domain</h3>
<p> Set here the main domain (or sub-domain) protected by Lemonldap::NG. If you
use "Cross domain authentication", set here the domain of the portal.<br>
WARNING : all the virtual hosts that are not under the same domain than the
portal must be protected by handlers that inherits from
Lemonldap::NG::Handler::CDA and if such handlers exist, you have to use
Lemonldap::NG::Portal::CDA.
EOT
}
sub help_domain_fr {
print <<EOT;
<h3>Domaine prot&eacute;g&eacute;</h3>
<p> Indiquez ici le nom du domaine (ou du sous-domaine) contenant vos
applications &agrave; prot&eacute;ger. Si vous utilisez le "Cross domain
authentication", indiquez ici le domaine du portail<br>
ATTENTION : tous les h&ocirc;tes virtuels prot&eacute;g&eacute;s ne se trouvant
pas dans le m&ecirc;me domaine que le portail doivent &ecirc;tre prot&eacute;g&eacute;s par un agent
h&eacute;ritant de Lemonldap::NG::Handler::CDA et si un seul de ces agents est
utilis&eacute;, le portail doit &ecirc;tre de type Lemonldap::NG::Portal::CDA.
EOT
}
sub help_groups_en { sub help_groups_en {
print <<EOT; print <<EOT;
<h3>User Groups</h3> <h3>User Groups</h3>
@ -95,6 +180,154 @@ noms de groupe pour lesquels l'expression est vraie).</p>
EOT EOT
} }
sub help_ldap_en {
print <<EOT;
<h3>LDAP Parameters</h3>
<p>LDAP parameters are used to identify users. They must be set even if
authentication is done by another system (SSL for example).</p>
<ul>
<li>LDAP base : required (except if your server accepts the requests without
base). Example&nbsp;:
<pre> dc=example, dc=com </pre></li>
<li>LDAP server port : 389 by default&nbsp;;</li>
<li>LDAP server : Name (or IP address) of the LDAP server. To use LDAPS, set
here&nbsp;:
<pre> ldaps://server/</pre>
and don't forget to change port (636 for example)</li>
<li>LDAP account : optional, must be set if anonymous connection cannot
access to the wanted LDAP attributes. This account is used before LDAP
authentication to find user's dn&nbsp;;
</li>
<li>LDAP password : password corresponding to the account above.
</ul>
EOT
}
sub help_ldap_fr {
print <<EOT;
<h3>Param&egrave;tres LDAP</h3>
<p> Les param&egrave;tres LDAP servent &agrave; identifier les utilisateurs.
Ils doivent &ecirc;tre renseign&eacute;s m&ecirc;me si l'authentification est
r&eacute;alis&eacute;e par un autre moyen (SSL par exemple).</p>
<ul>
<li>Base de recherche LDAP : obligatoire (&agrave; moins que votre serveur LDAP
accepte les requ&ecirc;tes sans base). Exemple&nbsp;:
<pre> dc=example, dc=com </pre></li>
<li>Port du serveur LDAP : 389 par d&eacute;faut&nbsp;;</li>
<li>Serveur LDAP : Nom (ou adresse IP) du serveur LDAP. Pour une connexion
LDAPS, indiquez ici&nbsp;:
<pre> ldaps://server/</pre>
et n'oubliez pas de changer le port (636 en g&eacute;n&eacute;ral)</li>
<li>Compte de connexion LDAP : optionnel, &agrave; renseigner si les attributs LDAP
utilis&eacute;s ne sont pas accessibles par une session anonyme. Ce compte est
utilis&eacute; avant l'authentification pour trouver le dn de l'utilisateur&nbsp;;
</li>
<li>Mot de passe LDAP : mot de passe correspondant au compte ci-dessus.
</ul>
EOT
}
sub help_macros_en {
print <<EOT;
<h3>Macros</h3>
<p> Macros are used to add new variables to user variables attributes). Those
new variables are calculated from other variables issued from LDAP attributes.
This mechanism avoid to do more than one time the same operation in the
authentication phase. Example&nbsp;:</p>
<pre>
# macros
long_name => \$givenname . " " . \$surname
admin => \$uid eq "foo" or \$uid eq "bar"
# test.example.com - Headers
Name => \$long_name
# test.example.com - Rules
^/admin/ => \$admin
EOT
}
sub help_macros_fr {
print <<EOT;
<h3>Macros</h3>
<p> Les macros permettent d'ajouter des variables calcul&eacute;es &agrave;
partir des attributs LDAP (variables export&eacute;es). Elles &eacute;vitent
de r&eacute;p&eacute;ter le m&ecirc;me calcul plusieurs fois dans la phase
d'authentification. Exemple&nbsp;:</p>
<pre>
# macros
nom_complet => \$givenname . " " . \$surname
admin => \$uid eq "foo" or \$uid eq "bar"
# test.example.com - En-t&ecirc;tes
Nom => \$nom_complet
# test.example.com - R&egrave;gles
^/admin/ => \$admin
EOT
}
sub help_storage_en {
print <<EOT;
<h3>Sessions Storage</h3>
<p> Lemonldap::NG sessions storage works with modules that inherits from
Apache::Session. You have to set here the choosen module and add the
corresponding parameters&nbsp;:</p>
<p>Examples :</p>
<ul>
<li>Module =&gt; Apache::Session::File, <br>options :
<ul>
<li> Directory =&gt; /var/cache/lemonldap</li>
</ul>
</li>
<li>Module =&gt; Apache::Session::MySQL, <br>options :
<ul>
<li> DataSource =&gt; DBI:mysql:database=lemon;host=1.2.3.4</li>
<li> UserName =&gt; Lemonldap
<li> Password =&gt; mypass
<li> timeout =&gt; 7200
</ul>
</li>
</ul>
<p>
<b>Note</b>&nbsp;: if you use <tt><b>purgeCentralCache</b></tt> script provided
in the portal sources (to use in crontab), you can set the <b>timeout</b>
parameter to manage sessions end (7200 secondes by default).
</p>
EOT
}
sub help_storage_fr {
print <<EOT;
<h3>Stockage des sessions</h3>
<p> Le stockage des sessions Lemonldap::NG est r&eacute;alis&eacute; au travers des modules
h&eacute;rit&eacute;s de Apache::Session. Vous devez indiquer ici le module choisi et
indiquer les param&egrave;tres correspondants &agrave; ce module&nbsp;:</p>
<p>Exemples :</p>
<ul>
<li>Module =&gt; Apache::Session::File, <br>options :
<ul>
<li> Directory =&gt; /var/cache/lemonldap</li>
</ul>
</li>
<li>Module =&gt; Apache::Session::MySQL, <br>options :
<ul>
<li> DataSource =&gt; DBI:mysql:database=lemon;host=1.2.3.4</li>
<li> UserName =&gt; Lemonldap
<li> Password =&gt; mypass
<li> timeout =&gt; 7200
</ul>
</li>
</ul>
<p>
<b>Note</b>&nbsp;: si vous utilisez le script <tt><b>purgeCentralCache</b></tt>
fourni dans les sources du portail (&agrave; mettre en crontab), vous pouvez ajouter
le param&egrave;tre <b>timeout</b> pour g&eacute;rer la destruction des sessions (7200
secondes par d&eacute;faut).
</p>
EOT
}
sub help_vars_en { sub help_vars_en {
print <<EOT; print <<EOT;
<h3>Variables (LDAP attributes)</h3> <h3>Variables (LDAP attributes)</h3>
@ -137,58 +370,6 @@ pr&eacute;c&eacute;der du signe '\$'. Exemple&nbsp;:
EOT EOT
} }
sub help_authParams_en {
print <<EOT;
<h3>Authentication Parameters</h3>
This help chapter does not exist in english. If you want to help us, you can
edit lib/Lemonldap/NG/Manager/Help.pm in lemonldap-ng source tree and send us
your contribution.<br>
Thanks.
EOT
}
sub help_authParams_fr {
print <<EOT;
<h3>Param&egrave;tres d'authentification</h3>
<dl>
<dt> Type d'authentification </dt>
<dd> Le sch&eacute;ma classique d'authentification Lemonldap consiste &agrave; utiliser une
authentification par LDAP. Vous pouvez changer ceci en ssl par exemple.</dd>
<dt> Portail </dt>
<dd> Indiquez ici l'URL ou seront renvoy&eacute;s les utilisateurs non authentifi&eacute;s.
Cette URL doit bien sur correspondre &agrave; un portail utilisant
Lemonldap::NG::Portal::SharedConf.</dd>
<dt> Cookie s&eacute;curis&eacute; (SSL) </dt>
<dd> Une fois authentifi&eacute;, l'utilisateur est reconnu par son cookie. Si tous
les h&ocirc;tes virtuels de votre domaine son prot&eacute;g&eacute;s par SSL, mettez cette option
&agrave; 1, ainsi le cookie ne sera pr&eacute;sent&eacute; par le navigateur qu'aux sites prot&eacute;g&eacute;s,
ce qui &eacute;vite un vol de session.
</dl>
EOT
}
sub help_domain_en {
print <<EOT;
<h3>Protected domain</h3>
This help chapter does not exist in english. If you want to help us, you can
edit lib/Lemonldap/NG/Manager/Help.pm in lemonldap-ng source tree and send us
your contribution.<br>
Thanks.
EOT
}
sub help_domain_fr {
print <<EOT;
<h3>Domaine prot&eacute;g&eacute;</h3>
<p> Indiquez ici le nom du domaine (ou du sous-domaine) contenant vos
applications &agrave; prot&eacute;ger.<br>
ATTENTION : tous les h&ocirc;tes virtuels prot&eacute;g&eacute;s ainsi que le portail
d'authentification doivent se trouver dans ce domaine.
EOT
}
sub help_virtualHosts_en { sub help_virtualHosts_en {
print <<EOT; print <<EOT;
<h3>Virtual Hosts</h3> <h3>Virtual Hosts</h3>
@ -281,143 +462,20 @@ comme suit&nbsp;: <tt>&lt;nom de l'en-t&ecirc;te&gt; =&gt; &lt;expression Perl&g
EOT EOT
} }
sub help_macros_en { sub help_whatToTrace_en {
print <<EOT; print <<EOT;
<h3>Macros</h3> <h3>What to log in Apache</h3>
<p> Macros are used to add new variables to user variables attributes). Those <p> Set here le name of the variable (attribute) or macro that has to be used
new variables are calculated from other variables issued from LDAP attributes. in proected application Apache logs (don't forget "\$"). By default&nbsp;:
This mechanism avoid to do more than one time the same operation in the \$uid</p>
authentication phase. Example&nbsp;:</p>
<pre>
# macros
long_name => \$givenname . " " . \$surname
admin => \$uid eq "foo" or \$uid eq "bar"
# test.example.com - Headers
Name => \$long_name
# test.example.com - Rules
^/admin/ => \$admin
EOT EOT
} }
sub help_macros_fr { sub help_whatToTrace_fr {
print <<EOT; print <<EOT;
<h3>Macros</h3> <h3>Donnée à journaliser dans Apache</h3>
<p> Les macros permettent d'ajouter des variables calcul&eacute;es &agrave; <p> Indiquez ici le nom de la variable (attribut) ou de la macro qui doit être
partir des attributs LDAP (variables export&eacute;es). Elles &eacute;vitent utilisée pour alimenter les journaux Apache des applications protégées
de r&eacute;p&eacute;ter le m&ecirc;me calcul plusieurs fois dans la phase (n'oubliez pas le "\$"). Par défaut&nbsp;: \$uid</p>
d'authentification. Exemple&nbsp;:</p>
<pre>
# macros
nom_complet => \$givenname . " " . \$surname
admin => \$uid eq "foo" or \$uid eq "bar"
# test.example.com - En-t&ecirc;tes
Nom => \$nom_complet
# test.example.com - R&egrave;gles
^/admin/ => \$admin
EOT
}
sub help_ldap_en {
print <<EOT;
<h3>LDAP Parameters</h3>
<p>LDAP parameters are used to identify users. They must be set even if
authentication is done by another system (SSL for example).</p>
<ul>
<li>LDAP base : required (except if your server accepts the requests without
base). Example&nbsp;:
<pre> dc=example, dc=com </pre></li>
<li>LDAP server port : 389 by default&nbsp;;</li>
<li>LDAP server : Name (or IP address) of the LDAP server. To use LDAPS, set
here&nbsp;:
<pre> ldaps://server/</pre>
and don't forget to change port (636 for example)</li>
<li>LDAP account : optional, must be set if anonymous connection cannot
access to the wanted LDAP attributes. This account is used before LDAP
authentication to find user's dn&nbsp;;
</li>
<li>LDAP password : password corresponding to the account above.
</ul>
EOT
}
sub help_ldap_fr {
print <<EOT;
<h3>Param&egrave;tres LDAP</h3>
<p> Les param&egrave;tres LDAP servent &agrave; identifier les utilisateurs.
Ils doivent &ecirc;tre renseign&eacute;s m&ecirc;me si l'authentification est
r&eacute;alis&eacute;e par un autre moyen (SSL par exemple).</p>
<ul>
<li>Base de recherche LDAP : obligatoire (&agrave; moins que votre serveur LDAP
accepte les requ&ecirc;tes sans base). Exemple&nbsp;:
<pre> dc=example, dc=com </pre></li>
<li>Port du serveur LDAP : 389 par d&eacute;faut&nbsp;;</li>
<li>Serveur LDAP : Nom (ou adresse IP) du serveur LDAP. Pour une connexion
LDAPS, indiquez ici&nbsp;:
<pre> ldaps://server/</pre>
et n'oubliez pas de changer le port (636 en général)</li>
<li>Compte de connexion LDAP : optionnel, &agrave; renseigner si les attributs LDAP
utilis&eacute;s ne sont pas accessibles par une session anonyme. Ce compte est
utilis&eacute; avant l'authentification pour trouver le dn de l'utilisateur&nbsp;;
</li>
<li>Mot de passe LDAP : mot de passe correspondant au compte ci-dessus.
</ul>
EOT
}
sub help_storage_en {
print <<EOT;
<h3>Sessions Storage</h3>
This help chapter does not exist in english. If you want to help us, you can
edit lib/Lemonldap/NG/Manager/Help.pm in lemonldap-ng source tree and send us
your contribution.<br>
Thanks.
EOT
}
sub help_storage_fr {
print <<EOT;
<h3>Stockage des sessions</h3>
<p> Le stockage des sessions Lemonldap::NG est r&eacute;alis&eacute; au travers des modules
h&eacute;rit&eacute;s de Apache::Session. Vous devez indiquer ici le module choisi et
indiquer les param&egrave;tres correspondants &agrave; ce module&nbsp;:</p>
<p>Exemples :</p>
<ul>
<li>Module =&gt; Apache::Session::File, <br>options :
<ul>
<li> Directory =&gt; /var/cache/lemonldap</li>
</ul>
</li>
<li>Module =&gt; Apache::Session::MySQL, <br>options :
<ul>
<li> DataSource =&gt; DBI:mysql:database=lemon;host=1.2.3.4</li>
<li> UserName =&gt; Lemonldap
<li> Password =&gt; mypass
</ul>
</li>
</ul>
EOT
}
sub help_cookieName_en {
print <<EOT;
<h3>Cookie Name</h3>
This help chapter does not exist in english. If you want to help us, you can
edit lib/Lemonldap/NG/Manager/Help.pm in lemonldap-ng source tree and send us
your contribution.<br>
Thanks.
EOT
}
sub help_cookieName_fr {
print <<EOT;
<h3>Nom de cookie</h3>
<p> Indiquez ici le nom du cookie ('lemonldap' par d&eacute;faut).<br>
ATTENTION, tout changement n&eacute;cessite le red&eacute;marrage de tous les serveurs Apache
h&eacute;bergeant des agents de protection Lemonldap::NG::Handler.</p>
EOT EOT
} }

5
modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_HTML.pm
View File

@ -8,7 +8,7 @@ use AutoLoader qw(AUTOLOAD);
require Lemonldap::NG::Manager::_i18n; require Lemonldap::NG::Manager::_i18n;
use Lemonldap::NG::Manager::Conf::Constants; use Lemonldap::NG::Manager::Conf::Constants;
our $VERSION = '0.25'; our $VERSION = '0.26';
# TODO: Delete buttons in headers and rules if 'read-only' # TODO: Delete buttons in headers and rules if 'read-only'
@ -172,6 +172,9 @@ function onNodeSelect(nodeId) {
but+=button('$text{newGroup}','newGroup',nodeId); but+=button('$text{newGroup}','newGroup',nodeId);
help('groups'); help('groups');
} }
else if(nodeIs(nodeId,"whatToTrace")){
help('whatToTrace');
}
else if(nodeIs(nodeId,"generalParameters")){ else if(nodeIs(nodeId,"generalParameters")){
if(nodeIs(nodeId,"ldapParameters")){ if(nodeIs(nodeId,"ldapParameters")){
help('ldap'); help('ldap');