dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Spelling errors

Browse Source
This commit is contained in:
Xavier Guimard 2018-06-25 23:17:51 +02:00
parent 5b38373e31
commit 9f890f6be9
46 changed files with 1029 additions and 713 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
doc/pages/documentation/current/applications/alfresco.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:applications:alfresco</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,applications,alfresco"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="alfresco.html"/>
@ -286,7 +286,7 @@ Edit then <code>share-config-custom.xml</code>:
&nbsp;
&nbsp;
<span class="sc-1">&lt;!--</span>
<span class="sc-1"> Since we have added the CSRF filter with filter-mapping of &quot;/*&quot; we will catch all public GET's to avoid them</span>
<span class="sc-1"> Since we have added the CSRF filter with filter-mapping of &quot;/*&quot; we will catch all public GET to avoid them</span>
<span class="sc-1"> having to pass through the remaining rules.</span>
<span class="sc-1"> --&gt;</span>
<span class="sc3"><span class="re1">&lt;rule<span class="re2">&gt;</span></span></span>
@ -521,7 +521,7 @@ To finish with Alfresco configuration, tick the “Enable <abbr title="Security
</p>
</div>
<!-- EDIT7 SECTION "Alfresco" [3518-14176] -->
<!-- EDIT7 SECTION "Alfresco" [3518-14174] -->
<h3 class="sectionedit8" id="llng1">LL::NG</h3>
<div class="level3">
@ -556,7 +556,7 @@ And you can define these exported attributes:
</ul>
</div>
<!-- EDIT8 SECTION "LL::NG" [14177-14555] -->
<!-- EDIT8 SECTION "LL::NG" [14175-14553] -->
<h2 class="sectionedit9" id="other_resources">Other resources</h2>
<div class="level2">
<ul>
@ -567,6 +567,6 @@ And you can define these exported attributes:
</ul>
</div>
<!-- EDIT9 SECTION "Other resources" [14556-] --></div>
<!-- EDIT9 SECTION "Other resources" [14554-] --></div>
</body>
</html>

27
doc/pages/documentation/current/applications/img/icons.png
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=a8e117edbbbe45106ea023b3c5ef2ae5" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=ca8b27b06771874f4f7205ded14cfc7c" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -178,6 +178,27 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
<p>
<a href="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" class="media" title="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" rel="nofollow"><img src="/_media/applications/franceconnect_logo.png" class="mediacenter" alt="" /></a>
<strong>France Connect</strong>
</p>
<p>
<a href="https://fusioniam.org" class="media" title="https://fusioniam.org" rel="nofollow"><img src="/_media/logos/fusioniam_logo_icon_dragon_circle.png" class="mediacenter" alt="" /></a>
<strong>FusionIAM projet member</strong>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT2 SECTION "Certifications" [175-534] -->
<h3 class="sectionedit3" id="awards">Awards</h3>
<div class="level3">
<p>
<a href="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" class="media" title="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" rel="nofollow"><img src="/_media/logos/ow2.png?w=150&amp;tok=b7af43" class="mediacenter" alt="" width="150" /></a>
<strong>OW2con&#039;14 Community Award</strong>
</div>
</p>
<hr />
@ -201,7 +222,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div>
<!-- EDIT2 SECTION "Certifications" [175-] --> </div>
<!-- EDIT3 SECTION "Awards" [535-] --> </div>
</div>
</aside>
@ -220,7 +241,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1528371119" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1529961293" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

27
doc/pages/documentation/current/applications/img/loader.gif
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=a8e117edbbbe45106ea023b3c5ef2ae5" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=ca8b27b06771874f4f7205ded14cfc7c" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -178,6 +178,27 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
<p>
<a href="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" class="media" title="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" rel="nofollow"><img src="/_media/applications/franceconnect_logo.png" class="mediacenter" alt="" /></a>
<strong>France Connect</strong>
</p>
<p>
<a href="https://fusioniam.org" class="media" title="https://fusioniam.org" rel="nofollow"><img src="/_media/logos/fusioniam_logo_icon_dragon_circle.png" class="mediacenter" alt="" /></a>
<strong>FusionIAM projet member</strong>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT2 SECTION "Certifications" [175-534] -->
<h3 class="sectionedit3" id="awards">Awards</h3>
<div class="level3">
<p>
<a href="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" class="media" title="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" rel="nofollow"><img src="/_media/logos/ow2.png?w=150&amp;tok=b7af43" class="mediacenter" alt="" width="150" /></a>
<strong>OW2con&#039;14 Community Award</strong>
</div>
</p>
<hr />
@ -201,7 +222,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div>
<!-- EDIT2 SECTION "Certifications" [175-] --> </div>
<!-- EDIT3 SECTION "Awards" [535-] --> </div>
</div>
</aside>
@ -220,7 +241,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1528371119" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1529961293" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

6
doc/pages/documentation/current/authfacebook.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authfacebook</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authfacebook"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authfacebook.html"/>
@ -93,6 +93,8 @@ Then, go in <code>Facebook parameters</code>:
</li>
<li class="level1"><div class="li"> <strong>Facebook application secret</strong>: the corresponding secret</div>
</li>
<li class="level1"><div class="li"> <strong>User field</strong>: Facebook field that will be used as default user identifier</div>
</li>
</ul>
<p>
@ -112,7 +114,7 @@ If you use Facebook as user database, declare values in exported variables:
</ul>
</li>
</ul>
<div class="noteimportant">Do not query <code>id</code> field in exported variables, as it is already registered by the authentication module in <code>$_user</code>.
<div class="noteimportant">Do not query user field in exported variables, as it is already registered by the authentication module in <code>$_user</code>.
</div><div class="notetip">You can use the same Facebook access token in your applications. It is stored in session datas under the name <code>$_facebookToken</code>
</div>
</div>

6
doc/pages/documentation/current/authproxy.html
View File

@ -106,7 +106,7 @@ Then, go in <code>Proxy parameters</code>:
<ul>
<li class="level1"><div class="li"> <strong>Internal portal <abbr title="Uniform Resource Locator">URL</abbr></strong>: <abbr title="Uniform Resource Locator">URL</abbr> of internal portal</div>
</li>
<li class="level1"><div class="li"> <strong>Session service <abbr title="Uniform Resource Locator">URL</abbr></strong> (optional): Session service <abbr title="Uniform Resource Locator">URL</abbr> (default: same as previous for SOAP, same with “/mysession” for REST)</div>
<li class="level1"><div class="li"> <strong>Session service <abbr title="Uniform Resource Locator">URL</abbr></strong> (optional): Session service <abbr title="Uniform Resource Locator">URL</abbr> (default: same as previous for SOAP, same with “/session/my” for REST)</div>
</li>
<li class="level1"><div class="li"> <strong>Cookie name</strong> (optional): name of the cookie of internal portal, if different from external portal</div>
</li>
@ -117,7 +117,7 @@ Then, go in <code>Proxy parameters</code>:
</ul>
</div>
<!-- EDIT5 SECTION "External portal" [486-1340] -->
<!-- EDIT5 SECTION "External portal" [486-1341] -->
<h3 class="sectionedit6" id="internal_portal">Internal portal</h3>
<div class="level3">
@ -126,6 +126,6 @@ The portal must be configured to accept REST or SOAP authentication requests if
</p>
</div>
<!-- EDIT6 SECTION "Internal portal" [1341-] --></div>
<!-- EDIT6 SECTION "Internal portal" [1342-] --></div>
</body>
</html>

2
doc/pages/documentation/current/authrest.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authrest</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authrest"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authrest.html"/>

10
doc/pages/documentation/current/authtwitter.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authtwitter</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authtwitter"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authtwitter.html"/>
@ -96,6 +96,14 @@ Then, go in <code>Twitter parameters</code>:
</li>
<li class="level1"><div class="li"> <strong>Application name</strong> (optional): Application name (visible in Twitter)</div>
</li>
<li class="level1"><div class="li"> <strong>User field</strong>: Twitter field that will be used as default user identifier. Allowed values:</div>
<ul>
<li class="level2"><div class="li"> <code>screen_name</code></div>
</li>
<li class="level2"><div class="li"> <code>user_id</code> </div>
</li>
</ul>
</li>
</ul>
</div>

4
doc/pages/documentation/current/autosignin.html
View File

@ -57,7 +57,7 @@ Auto-Signin add-on provides a simple way to bypass authentication based on rules
<div class="level2">
<p>
This add-on is automatically enabled if a rule is declared. A rule associates a username to a rule. The only variable usable here is <code>$env</code>. Example:
This add-on is automatically enabled if a rule is declared. A rule links username to a rule. The only usable variable here is <code>$env</code>. Example:
</p>
<div class="table sectionedit3"><table class="inline table table-bordered table-striped">
<thead>
@ -69,7 +69,7 @@ This add-on is automatically enabled if a rule is declared. A rule associates a
<td class="col0"> dwho </td><td class="col1"> $env→{REMOTE_ADDR} == &#039;192.168.42.42&#039; </td>
</tr>
</table></div>
<!-- EDIT3 TABLE [369-444] --><div class="noteimportant">Username must exists in the user database.
<!-- EDIT3 TABLE [362-437] --><div class="noteimportant">Username must be defined in the user database.
</div>
</div>
<!-- EDIT2 SECTION "Configuration" [189-] --></div>

14
doc/pages/documentation/current/configapache.html
View File

@ -52,11 +52,7 @@
<!-- EDIT1 SECTION "Deploy Apache configuration" [1-136] -->
<h2 class="sectionedit2" id="files">Files</h2>
<div class="level2">
<div class="noteimportant">Apache-ModPerl is no longer usable since 2.4 version <em>(many segfaults,…)</em>. No problem for portal and manager since they are now handled by FastCGI.
<p>
<strong>But for handlers, please use <a href="confignginx.html" class="wikilink1" title="documentation:2.0:confignginx">Nginx</a> !</strong>
</p>
<div class="noteimportant">Apache Mod Perl has many issues since 2.4 version with MPM worker and MPM event. No problem for portal and manager since they are now handled by FastCGI. If you want to use Apache for Handler, please switch to MPM prefork, else use Nginx.
</div>
<p>
With tarball installation, Apache configuration files will be installed in <code>/usr/local/lemonldap-ng/etc/</code>, else they are in <code>/etc/lemonldap-ng</code>.
@ -82,7 +78,7 @@ a2ensite test-apache2.conf</pre>
</div>
</div>
<!-- EDIT2 SECTION "Files" [137-1162] -->
<!-- EDIT2 SECTION "Files" [137-1191] -->
<h2 class="sectionedit3" id="modules">Modules</h2>
<div class="level2">
@ -98,12 +94,14 @@ You will also need to load some Apache modules:
</li>
<li class="level1"><div class="li"> mod_fcgid</div>
</li>
<li class="level1"><div class="li"> mod_headers</div>
</li>
</ul>
<div class="notetip">With Debian/Ubuntu:
<pre class="code">a2enmod fcgid perl alias rewrite</pre>
<pre class="code">a2enmod fcgid perl alias rewrite headers</pre>
</div>
</div>
<!-- EDIT3 SECTION "Modules" [1163-] --></div>
<!-- EDIT3 SECTION "Modules" [1192-] --></div>
</body>
</html>

23
doc/pages/documentation/current/configlocation.html
View File

@ -390,7 +390,7 @@ Manager virtual host is used to serve configuration interface and local document
<span class="co1"># RewriteCond &quot;%{REQUEST_FILENAME}&quot; &quot;!\.html$&quot;</span>
&nbsp;
<span class="co1"># REST URLs</span>
<span class="kw1">RewriteCond</span> <span class="st0">&quot;%{REQUEST_FILENAME}&quot;</span> <span class="st0">&quot;!^/(?:static|doc|fr-doc|lib).*&quot;</span>
<span class="kw1">RewriteCond</span> <span class="st0">&quot;%{REQUEST_FILENAME}&quot;</span> <span class="st0">&quot;!^/(?:static|doc|lib).*&quot;</span>
<span class="kw1">RewriteRule</span> <span class="st0">&quot;^/(.+)$&quot;</span> <span class="st0">&quot;/psgi/manager-server.fcgi/$1&quot;</span> [PT]
&nbsp;
<span class="kw1">Alias</span> /psgi/ /var/lib/lemonldap-ng/manager/psgi/
@ -415,7 +415,7 @@ Configuration interface access is not protected by Apache but by LemonLDAP::NG i
</p>
</div>
<!-- EDIT8 SECTION "Manager" [8761-10311] -->
<!-- EDIT8 SECTION "Manager" [8761-10304] -->
<h3 class="sectionedit9" id="handler">Handler</h3>
<div class="level3">
<ul>
@ -468,7 +468,7 @@ Then, to protect a standard virtual host, the only configuration line to add is:
<pre class="code file apache">PerlHeaderParserHandler Lemonldap::NG::Handler</pre>
</div>
<!-- EDIT9 SECTION "Handler" [10312-11670] -->
<!-- EDIT9 SECTION "Handler" [10305-11663] -->
<h2 class="sectionedit10" id="nginx">Nginx</h2>
<div class="level2">
<div class="noteimportant">LemonLDAP::NG does not manage Nginx configuration
@ -491,7 +491,7 @@ See <a href="confignginx.html" class="wikilink1" title="documentation:2.0:config
<div class="notewarning"><a href="fastcgiserver.html" class="wikilink1" title="documentation:2.0:fastcgiserver">LL::NG FastCGI</a> server must be loaded separately.
</div>
</div>
<!-- EDIT10 SECTION "Nginx" [11671-12124] -->
<!-- EDIT10 SECTION "Nginx" [11664-12117] -->
<h3 class="sectionedit11" id="portal1">Portal</h3>
<div class="level3">
@ -563,7 +563,7 @@ In Portal virtual host, you will find several configuration parts:
}</pre>
</div>
<!-- EDIT11 SECTION "Portal" [12125-13916] -->
<!-- EDIT11 SECTION "Portal" [12118-13909] -->
<h3 class="sectionedit12" id="manager2">Manager</h3>
<div class="level3">
@ -575,7 +575,7 @@ Manager virtual host is used to serve configuration interface and local document
server_name manager.example.com;
root /usr/share/lemonldap-ng/manager/;
&nbsp;
if ($uri !~ ^/(static|doc|fr-doc|lib|javascript)) {
if ($uri !~ ^/(static|doc|lib|javascript)) {
rewrite ^/(.*)$ /manager.psgi/$1 break;
}
&nbsp;
@ -597,7 +597,7 @@ By default, configuration interface access is not protected by Nginx but by Lemo
</p>
</div>
<!-- EDIT12 SECTION "Manager" [13917-14669] -->
<!-- EDIT12 SECTION "Manager" [13910-14655] -->
<h3 class="sectionedit13" id="handler1">Handler</h3>
<div class="level3">
@ -697,10 +697,10 @@ Then, to protect a standard virtual host, you must insert this (or create an inc
# Insert then your configuration (fastcgi_* or proxy_*)</pre>
</div>
<!-- EDIT13 SECTION "Handler" [14670-17756] -->
<!-- EDIT13 SECTION "Handler" [14656-17742] -->
<h2 class="sectionedit14" id="configuration_reload">Configuration reload</h2>
<div class="level2">
<div class="noteclassic">As Handlers keep configuration in cache, when configuration change, it should be updated in Handlers. An Apache restart will work, but LemonLDAP::NG offers the mean to reload them through an HTTP request. Configuration reload will then be effective in less than 10 minutes.
<div class="noteclassic">As Handlers keep configuration in cache, when configuration change, it should be updated in Handlers. An Apache restart will work, but LemonLDAP::NG offers the mean to reload them through an HTTP request. Configuration reload will then be effective in less than 10 minutes. If you want to change this timeout, set <code>checkTime = 240</code> in your lemonldap-ng.ini file <em>(values in seconds)</em>
</div>
<p>
After configuration is saved by Manager, LemonLDAP::NG will try to reload configuration on distant Handlers by sending an HTTP request to the servers. The servers and URLs can be configured in Manager, <code>General Parameters</code> &gt; <code>reload configuration URLs</code>: keys are server names or <abbr title="Internet Protocol">IP</abbr> the requests will be sent to, and values are the requested URLs.
@ -715,9 +715,10 @@ These parameters can be overwritten in LemonLDAP::NG ini file, in the section <c
The <code>reload</code> target is managed in Apache or Nginx configuration, inside a virtual host protected by LemonLDAP::NG Handler (see below examples in Apache→handler or Nginx→Handler).
</p>
<div class="noteimportant">You must allow access to declared URLs to your Manager <abbr title="Internet Protocol">IP</abbr>.
</div><div class="noteimportant">If you want to use reload mechanism on a portal only host, you must install a handler in Portal host to be able to refresh local cache. Include <code>handler-nginx.conf</code> or <code>handler-apache2.conf</code> for example
</div>
</div>
<!-- EDIT14 SECTION "Configuration reload" [17757-18926] -->
<!-- EDIT14 SECTION "Configuration reload" [17743-19256] -->
<h2 class="sectionedit15" id="local_file">Local file</h2>
<div class="level2">
@ -751,6 +752,6 @@ For example, to override configured skin for portal:
<div class="notetip">You need to know the technical name of configuration parameter to do this. You can refer to <a href="parameterlist.html" class="wikilink1" title="documentation:2.0:parameterlist">parameter list</a> to find it.
</div>
</div>
<!-- EDIT15 SECTION "Local file" [18927-] --></div>
<!-- EDIT15 SECTION "Local file" [19257-] --></div>
</body>
</html>

18
doc/pages/documentation/current/configvhost.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:configvhost</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,configvhost"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="configvhost.html"/>
@ -276,7 +276,7 @@ server {
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
# Keep original request (LLNG server will receive /lmauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
@ -312,7 +312,7 @@ server {
}</pre>
</div>
<!-- EDIT7 SECTION "Hosted application" [4936-6565] -->
<!-- EDIT7 SECTION "Hosted application" [4936-6564] -->
<h3 class="sectionedit8" id="reverse_proxy1">Reverse proxy</h3>
<div class="level3">
@ -335,7 +335,7 @@ server {
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
# Keep original request (LLNG server will receive /lmauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
@ -363,7 +363,7 @@ server {
}</pre>
</div>
<!-- EDIT8 SECTION "Reverse proxy" [6566-7860] -->
<!-- EDIT8 SECTION "Reverse proxy" [6565-7858] -->
<h2 class="sectionedit9" id="lemonldapng_configuration">LemonLDAP::NG configuration</h2>
<div class="level2">
@ -390,7 +390,7 @@ A virtual host contains:
</ul>
</div>
<!-- EDIT9 SECTION "LemonLDAP::NG configuration" [7861-8460] -->
<!-- EDIT9 SECTION "LemonLDAP::NG configuration" [7859-8458] -->
<h3 class="sectionedit10" id="access_rules_and_http_headers">Access rules and HTTP headers</h3>
<div class="level3">
@ -399,7 +399,7 @@ See <strong><a href="writingrulesand_headers.html" class="wikilink1" title="docu
</p>
</div>
<!-- EDIT10 SECTION "Access rules and HTTP headers" [8461-8653] -->
<!-- EDIT10 SECTION "Access rules and HTTP headers" [8459-8651] -->
<h3 class="sectionedit11" id="post_data">POST data</h3>
<div class="level3">
@ -408,7 +408,7 @@ See <strong><a href="formreplay.html" class="wikilink1" title="documentation:2.0
</p>
</div>
<!-- EDIT11 SECTION "POST data" [8654-8788] -->
<!-- EDIT11 SECTION "POST data" [8652-8786] -->
<h3 class="sectionedit12" id="options">Options</h3>
<div class="level3">
@ -435,6 +435,6 @@ Some options are available:
</p>
</div>
<!-- EDIT12 SECTION "Options" [8789-] --></div>
<!-- EDIT12 SECTION "Options" [8787-] --></div>
</body>
</html>

63
doc/pages/documentation/current/devopssthandler.html Normal file
View File

@ -0,0 +1,63 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:devopssthandler</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,devopssthandler"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="devopssthandler.html"/>
<link rel="contents" href="devopssthandler.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:devopssthandler","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="devops_servicetoken_handler">DevOps+ServiceToken Handler</h1>
<div class="level1">
<p>
This handler enables both:
</p>
<ul>
<li class="level1"><div class="li"> <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps Handler</a>, base of <a href="ssoaas.html" class="wikilink1" title="documentation:2.0:ssoaas">SSO as a service (SSOaaS)</a></div>
</li>
<li class="level1"><div class="li"> <a href="servertoserver.html" class="wikilink1" title="documentation:2.0:servertoserver">Service token handler</a>, used to control web-api sub requests</div>
</li>
</ul>
</div>
</div>
</body>
</html>

17
doc/pages/documentation/current/handlerauthbasic.html
View File

@ -70,25 +70,24 @@
<div class="level2">
<p>
The AuthBasic Handler is a special Handler that will use AuthBasic to authenticate to a virtual host, and then run authorization rules to allow access to the virtual
host.
The AuthBasic Handler is a special Handler using AuthBasic method to authenticate and grante access to a virtual host.
</p>
<p>
The Handler will send a WWW-Authenticate header to the client, to request user and password, and then check the credentials using REST web service (you must enable REST session service in the manager). Then, when session is granted, the Handler will check authorizations like the standard Handler.
The Handler sends a WWW-Authenticate header to the client, to request user id and password. Then it checks credentials by using <abbr title="LemonLDAP::NG">LL::NG</abbr> REST web service (REST session service must be enabled in the manager). Once session is granted, the Handler will check authorizations like the standard Handler.
</p>
<p>
This can be useful to allow a third party application to access a virtual host with users credentials by sending a Basic challenge to it.
This feature can be useful to allow a third party application to access a virtual host with user credentials by sending a Basic challenge to it.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [34-672] -->
<!-- EDIT2 SECTION "Presentation" [34-624] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [673-699] -->
<!-- EDIT3 SECTION "Configuration" [625-651] -->
<h3 class="sectionedit4" id="virtual_host">Virtual host</h3>
<div class="level3">
@ -107,7 +106,7 @@ If you want to protect only a virtualHost part, keep type on “Main” and set
</ul>
</div>
<!-- EDIT4 SECTION "Virtual host" [700-1090] -->
<!-- EDIT4 SECTION "Virtual host" [652-1042] -->
<h3 class="sectionedit5" id="nginx">Nginx</h3>
<div class="level3">
@ -144,7 +143,7 @@ location / {
}</pre>
</div>
<!-- EDIT5 SECTION "Nginx" [1091-2113] -->
<!-- EDIT5 SECTION "Nginx" [1043-2065] -->
<h3 class="sectionedit6" id="handler_parameters">Handler parameters</h3>
<div class="level3">
@ -153,6 +152,6 @@ No parameters needed. But you have to allow sessions web services, see <a href="
</p>
</div>
<!-- EDIT6 SECTION "Handler parameters" [2114-] --></div>
<!-- EDIT6 SECTION "Handler parameters" [2066-] --></div>
</body>
</html>

8
doc/pages/documentation/current/idpcas.html
View File

@ -53,10 +53,10 @@
<div class="level2">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can act as an <abbr title="Central Authentication Service">CAS</abbr> server, that can allow one to federate <abbr title="LemonLDAP::NG">LL::NG</abbr> with:
<abbr title="LemonLDAP::NG">LL::NG</abbr> can be used as a <abbr title="Central Authentication Service">CAS</abbr> server. It can allow one to federate <abbr title="LemonLDAP::NG">LL::NG</abbr> with:
</p>
<ul>
<li class="level1"><div class="li"> Another <abbr title="LemonLDAP::NG">LL::NG</abbr> system configured with <a href="authcas.html" class="wikilink1" title="documentation:2.0:authcas">CAS authentication</a></div>
<li class="level1"><div class="li"> Another <a href="authcas.html" class="wikilink1" title="documentation:2.0:authcas">CAS authentication</a> <abbr title="LemonLDAP::NG">LL::NG</abbr> provider</div>
</li>
<li class="level1"><div class="li"> Any <abbr title="Central Authentication Service">CAS</abbr> consumer</div>
</li>
@ -67,7 +67,7 @@
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [27-410] -->
<!-- EDIT2 SECTION "Presentation" [27-397] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
@ -110,6 +110,6 @@ Then go in <code>Options</code> to define:
<div class="notetip">If <code><abbr title="Central Authentication Service">CAS</abbr> login</code> is not set, it uses <code>General Parameters</code> » <code>Logs</code> » <code>REMOTE_USER</code> data, which is set to <code>uid</code> by default
</div>
</div>
<!-- EDIT3 SECTION "Configuration" [411-] --></div>
<!-- EDIT3 SECTION "Configuration" [398-] --></div>
</body>
</html>

34
doc/pages/documentation/current/installdeb.html
View File

@ -97,8 +97,6 @@ LemonLDAP::NG provides these packages:
</li>
<li class="level1"><div class="li"> lemonldap-ng-fastcgi-server: <abbr title="LemonLDAP::NG">LL::NG</abbr> FastCGI server (for Nginx)</div>
</li>
<li class="level1"><div class="li"> lemonldap-ng-fr-doc: French translation for <abbr title="HyperText Markup Language">HTML</abbr> documentation</div>
</li>
<li class="level1"><div class="li"> lemonldap-ng-handler: Handler files</div>
</li>
<li class="level1"><div class="li"> liblemonldap-ng-common-perl: configuration and common files</div>
@ -112,12 +110,12 @@ LemonLDAP::NG provides these packages:
</ul>
</div>
<!-- EDIT2 SECTION "Organization" [60-681] -->
<!-- EDIT2 SECTION "Organization" [60-614] -->
<h2 class="sectionedit3" id="get_the_packages">Get the packages</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Get the packages" [682-711] -->
<!-- EDIT3 SECTION "Get the packages" [615-644] -->
<h3 class="sectionedit4" id="official_repository">Official repository</h3>
<div class="level3">
@ -128,7 +126,7 @@ If you run Debian testing or unstable, the packages are directly installable:
<div class="noteimportant">Packages from <a href="http://packages.debian.org/search?keywords=lemonldap-ng" class="urlextern" title="http://packages.debian.org/search?keywords=lemonldap-ng" rel="nofollow">Debian repository</a> may not be up to date. Prefer then the other solutions (see below).
</div>
</div>
<!-- EDIT4 SECTION "Official repository" [712-1050] -->
<!-- EDIT4 SECTION "Official repository" [645-983] -->
<h3 class="sectionedit5" id="llng_repository">LL::NG repository</h3>
<div class="level3">
@ -155,7 +153,7 @@ You may need to install this package to access HTTPS repositories:
<pre class="code">apt install apt-transport-https</pre>
</div>
<!-- EDIT5 SECTION "LL::NG repository" [1051-1695] -->
<!-- EDIT5 SECTION "LL::NG repository" [984-1628] -->
<h3 class="sectionedit6" id="manual_download">Manual download</h3>
<div class="level3">
@ -164,7 +162,7 @@ Packages are available on the <a href="download.html" class="wikilink1" title="d
</p>
</div>
<!-- EDIT6 SECTION "Manual download" [1696-1782] -->
<!-- EDIT6 SECTION "Manual download" [1629-1715] -->
<h2 class="sectionedit7" id="package_gpg_signature">Package GPG signature</h2>
<div class="level2">
@ -183,18 +181,18 @@ Update cache:
<pre class="code">apt update</pre>
</div>
<!-- EDIT7 SECTION "Package GPG signature" [1783-2037] -->
<!-- EDIT7 SECTION "Package GPG signature" [1716-1970] -->
<h2 class="sectionedit8" id="install_packages">Install packages</h2>
<div class="level2">
</div>
<!-- EDIT8 SECTION "Install packages" [2038-2067] -->
<!-- EDIT8 SECTION "Install packages" [1971-2000] -->
<h3 class="sectionedit9" id="with_apt">With apt</h3>
<div class="level3">
<pre class="code">apt install lemonldap-ng</pre>
</div>
<!-- EDIT9 SECTION "With apt" [2068-2128] -->
<!-- EDIT9 SECTION "With apt" [2001-2061] -->
<h3 class="sectionedit10" id="with_dpkg">With dpkg</h3>
<div class="level3">
@ -208,12 +206,12 @@ Then:
<pre class="code">dpkg -i liblemonldap-ng-* lemonldap-ng*</pre>
</div>
<!-- EDIT10 SECTION "With dpkg" [2129-2277] -->
<!-- EDIT10 SECTION "With dpkg" [2062-2210] -->
<h2 class="sectionedit11" id="first_configuration_steps">First configuration steps</h2>
<div class="level2">
</div>
<!-- EDIT11 SECTION "First configuration steps" [2278-2316] -->
<!-- EDIT11 SECTION "First configuration steps" [2211-2249] -->
<h3 class="sectionedit12" id="change_default_dns_domain">Change default DNS domain</h3>
<div class="level3">
@ -223,7 +221,7 @@ By default, <abbr title="Domain Name System">DNS</abbr> domain is <code>example.
<pre class="code shell">sed -i 's/example\.com/ow2.org/g' /etc/lemonldap-ng/* /var/lib/lemonldap-ng/conf/lmConf-1.json /var/lib/lemonldap-ng/test/index.pl</pre>
</div>
<!-- EDIT12 SECTION "Change default DNS domain" [2317-2636] -->
<!-- EDIT12 SECTION "Change default DNS domain" [2250-2569] -->
<h3 class="sectionedit13" id="reload_virtual_host">Reload virtual host</h3>
<div class="level3">
@ -234,7 +232,7 @@ To allow the manager to reload the configuration, register the reload virtual ho
<div class="notetip">Adapt the reload virtual host name to the domain you configured.
</div>
</div>
<!-- EDIT13 SECTION "Reload virtual host" [2637-2938] -->
<!-- EDIT13 SECTION "Reload virtual host" [2570-2871] -->
<h3 class="sectionedit14" id="upgrade">Upgrade</h3>
<div class="level3">
@ -243,7 +241,7 @@ If you upgraded <abbr title="LemonLDAP::NG">LL::NG</abbr>, check all <a href="up
</p>
</div>
<!-- EDIT14 SECTION "Upgrade" [2939-3019] -->
<!-- EDIT14 SECTION "Upgrade" [2872-2952] -->
<h3 class="sectionedit15" id="dns">DNS</h3>
<div class="level3">
@ -259,7 +257,7 @@ Follow the <a href="start.html#configuration" class="wikilink1" title="documenta
</p>
</div>
<!-- EDIT15 SECTION "DNS" [3020-3292] -->
<!-- EDIT15 SECTION "DNS" [2953-3225] -->
<h2 class="sectionedit16" id="file_location">File location</h2>
<div class="level2">
<ul>
@ -280,7 +278,7 @@ Follow the <a href="start.html#configuration" class="wikilink1" title="documenta
</ul>
</div>
<!-- EDIT16 SECTION "File location" [3293-3829] -->
<!-- EDIT16 SECTION "File location" [3226-3762] -->
<h2 class="sectionedit17" id="build_your_packages">Build your packages</h2>
<div class="level2">
@ -292,6 +290,6 @@ cd lemonldap-ng-*
make debian-packages</pre>
</div>
<!-- EDIT17 SECTION "Build your packages" [3830-] --></div>
<!-- EDIT17 SECTION "Build your packages" [3763-] --></div>
</body>
</html>

32
doc/pages/documentation/current/installrpm.html
View File

@ -95,8 +95,6 @@ LemonLDAP::NG provides packages for Red Hat/Centos 7:
</li>
<li class="level1"><div class="li"> lemonldap-ng-doc: contains <abbr title="HyperText Markup Language">HTML</abbr> documentation and project docs (README, etc.)</div>
</li>
<li class="level1"><div class="li"> lemonldap-ng-fr-doc: French translation for documentation</div>
</li>
<li class="level1"><div class="li"> lemonldap-ng-conf: contains default configuration (<abbr title="Domain Name System">DNS</abbr> domain: example.com)</div>
</li>
<li class="level1"><div class="li"> lemonldap-ng-test: contains sample CGI test page</div>
@ -120,12 +118,12 @@ LemonLDAP::NG provides packages for Red Hat/Centos 7:
</ul>
</div>
<!-- EDIT2 SECTION "Organization" [113-1052] -->
<!-- EDIT2 SECTION "Organization" [113-990] -->
<h2 class="sectionedit3" id="get_the_packages">Get the packages</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Get the packages" [1053-1082] -->
<!-- EDIT3 SECTION "Get the packages" [991-1020] -->
<h3 class="sectionedit4" id="yum_repository">YUM repository</h3>
<div class="level3">
@ -159,7 +157,7 @@ Run this to update packages cache:
</div>
</div>
<!-- EDIT4 SECTION "YUM repository" [1083-1976] -->
<!-- EDIT4 SECTION "YUM repository" [1021-1914] -->
<h3 class="sectionedit5" id="manual_download">Manual download</h3>
<div class="level3">
@ -168,7 +166,7 @@ RPMs are available on the <a href="download.html" class="wikilink1" title="downl
</p>
</div>
<!-- EDIT5 SECTION "Manual download" [1977-2059] -->
<!-- EDIT5 SECTION "Manual download" [1915-1997] -->
<h2 class="sectionedit6" id="package_gpg_signature">Package GPG signature</h2>
<div class="level2">
@ -182,12 +180,12 @@ Install it to trust RPMs:
<pre class="code">rpm --import rpm-gpg-key-ow2</pre>
</div>
<!-- EDIT6 SECTION "Package GPG signature" [2060-2225] -->
<!-- EDIT6 SECTION "Package GPG signature" [1998-2163] -->
<h2 class="sectionedit7" id="install_packages">Install packages</h2>
<div class="level2">
</div>
<!-- EDIT7 SECTION "Install packages" [2226-2255] -->
<!-- EDIT7 SECTION "Install packages" [2164-2193] -->
<h3 class="sectionedit8" id="with_yum">With YUM</h3>
<div class="level3">
@ -202,7 +200,7 @@ You can also use yum on local RPMs file:
<pre class="code">yum localinstall lemonldap-ng-* perl-Lemonldap-NG-*</pre>
</div>
<!-- EDIT8 SECTION "With YUM" [2256-2479] -->
<!-- EDIT8 SECTION "With YUM" [2194-2417] -->
<h3 class="sectionedit9" id="with_rpm">With RPM</h3>
<div class="level3">
@ -221,12 +219,12 @@ Install the package <code>lemonldap-ng-conf</code> on all server which contains
</div>
</div>
<!-- EDIT9 SECTION "With RPM" [2480-2947] -->
<!-- EDIT9 SECTION "With RPM" [2418-2885] -->
<h2 class="sectionedit10" id="first_configuration_steps">First configuration steps</h2>
<div class="level2">
</div>
<!-- EDIT10 SECTION "First configuration steps" [2948-2986] -->
<!-- EDIT10 SECTION "First configuration steps" [2886-2924] -->
<h3 class="sectionedit11" id="change_default_dns_domain">Change default DNS domain</h3>
<div class="level3">
@ -236,7 +234,7 @@ By default, <abbr title="Domain Name System">DNS</abbr> domain is <code>example.
<pre class="code shell">sed -i 's/example\.com/ow2.org/g' /etc/lemonldap-ng/* /var/lib/lemonldap-ng/conf/lmConf-1.json /var/lib/lemonldap-ng/test/index.pl</pre>
</div>
<!-- EDIT11 SECTION "Change default DNS domain" [2987-3306] -->
<!-- EDIT11 SECTION "Change default DNS domain" [2925-3244] -->
<h3 class="sectionedit12" id="reload_virtual_host">Reload virtual host</h3>
<div class="level3">
@ -247,7 +245,7 @@ To allow the manager to reload the configuration, register the reload virtual ho
<div class="notetip">Adapt the reload virtual host name to the domain you configured.
</div>
</div>
<!-- EDIT12 SECTION "Reload virtual host" [3307-3608] -->
<!-- EDIT12 SECTION "Reload virtual host" [3245-3546] -->
<h3 class="sectionedit13" id="upgrade">Upgrade</h3>
<div class="level3">
@ -256,7 +254,7 @@ If you upgraded <abbr title="LemonLDAP::NG">LL::NG</abbr>, check all <a href="up
</p>
</div>
<!-- EDIT13 SECTION "Upgrade" [3609-3689] -->
<!-- EDIT13 SECTION "Upgrade" [3547-3627] -->
<h3 class="sectionedit14" id="dns">DNS</h3>
<div class="level3">
@ -272,7 +270,7 @@ Follow the <a href="start.html#configuration" class="wikilink1" title="documenta
</p>
</div>
<!-- EDIT14 SECTION "DNS" [3690-3962] -->
<!-- EDIT14 SECTION "DNS" [3628-3900] -->
<h2 class="sectionedit15" id="file_location">File location</h2>
<div class="level2">
<ul>
@ -289,7 +287,7 @@ Follow the <a href="start.html#configuration" class="wikilink1" title="documenta
</ul>
</div>
<!-- EDIT15 SECTION "File location" [3963-4319] -->
<!-- EDIT15 SECTION "File location" [3901-4257] -->
<h2 class="sectionedit16" id="build_your_packages">Build your packages</h2>
<div class="level2">
@ -318,6 +316,6 @@ If you need it, you can rebuild RPMs:
<pre class="code">rpmbuild -ta SOURCES/lemonldap-ng-VERSION.tar.gz</pre>
</div>
<!-- EDIT16 SECTION "Build your packages" [4320-] --></div>
<!-- EDIT16 SECTION "Build your packages" [4258-] --></div>
</body>
</html>

34
doc/pages/documentation/current/installsles.html
View File

@ -96,8 +96,6 @@ LemonLDAP::NG provides packages for SLES:
</li>
<li class="level1"><div class="li"> lemonldap-ng-doc: contains <abbr title="HyperText Markup Language">HTML</abbr> documentation and project docs (README, etc.)</div>
</li>
<li class="level1"><div class="li"> lemonldap-ng-fr-doc: French translation for documentation</div>
</li>
<li class="level1"><div class="li"> lemonldap-ng-conf: contains default configuration (<abbr title="Domain Name System">DNS</abbr> domain: example.com)</div>
</li>
<li class="level1"><div class="li"> lemonldap-ng-test: contains sample CGI test page</div>
@ -121,12 +119,12 @@ LemonLDAP::NG provides packages for SLES:
</ul>
</div>
<!-- EDIT2 SECTION "Organization" [118-1045] -->
<!-- EDIT2 SECTION "Organization" [118-983] -->
<h2 class="sectionedit3" id="get_the_packages">Get the packages</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Get the packages" [1046-1075] -->
<!-- EDIT3 SECTION "Get the packages" [984-1013] -->
<h3 class="sectionedit4" id="repositories">Repositories</h3>
<div class="level3">
@ -179,7 +177,7 @@ zypper refresh</pre>
</div>
</div>
<!-- EDIT4 SECTION "Repositories" [1076-2470] -->
<!-- EDIT4 SECTION "Repositories" [1014-2408] -->
<h3 class="sectionedit5" id="manual_download">Manual download</h3>
<div class="level3">
@ -188,7 +186,7 @@ RPMs are available on the <a href="download.html" class="wikilink1" title="downl
</p>
</div>
<!-- EDIT5 SECTION "Manual download" [2471-2553] -->
<!-- EDIT5 SECTION "Manual download" [2409-2491] -->
<h2 class="sectionedit6" id="package_gpg_signature">Package GPG signature</h2>
<div class="level2">
@ -202,12 +200,12 @@ Install it to trust RPMs:
<pre class="code">rpm --import rpm-gpg-key-ow2</pre>
</div>
<!-- EDIT6 SECTION "Package GPG signature" [2554-2718] -->
<!-- EDIT6 SECTION "Package GPG signature" [2492-2656] -->
<h2 class="sectionedit7" id="install_packages">Install packages</h2>
<div class="level2">
</div>
<!-- EDIT7 SECTION "Install packages" [2719-2748] -->
<!-- EDIT7 SECTION "Install packages" [2657-2686] -->
<h3 class="sectionedit8" id="with_zypper">With ZYPPER</h3>
<div class="level3">
@ -225,7 +223,7 @@ You can also use zypper on local RPMs file:
<pre class="code">zypper install lemonldap-ng-* perl-Lemonldap-NG-*</pre>
</div>
<!-- EDIT8 SECTION "With ZYPPER" [2749-3187] -->
<!-- EDIT8 SECTION "With ZYPPER" [2687-3125] -->
<h3 class="sectionedit9" id="with_rpm">With RPM</h3>
<div class="level3">
@ -245,12 +243,12 @@ Install the package <code>lemonldap-ng-conf</code> on all server which contains
</div>
</div>
<!-- EDIT9 SECTION "With RPM" [3188-4687] -->
<!-- EDIT9 SECTION "With RPM" [3126-4625] -->
<h2 class="sectionedit10" id="first_configuration_steps">First configuration steps</h2>
<div class="level2">
</div>
<!-- EDIT10 SECTION "First configuration steps" [4688-4726] -->
<!-- EDIT10 SECTION "First configuration steps" [4626-4664] -->
<h3 class="sectionedit11" id="enable_apache_extensions">Enable Apache extensions</h3>
<div class="level3">
@ -271,7 +269,7 @@ If you decide to use SSL, you should also activate the appopriate flag:
<pre class="code">sed -i &#039;s/^APACHE_SERVER_FLAGS=.*/APACHE_SERVER_FLAGS=&quot;SSL&quot;/&#039; /etc/sysconfig/apache2</pre>
</div>
<!-- EDIT11 SECTION "Enable Apache extensions" [4727-5133] -->
<!-- EDIT11 SECTION "Enable Apache extensions" [4665-5071] -->
<h3 class="sectionedit12" id="change_default_dns_domain">Change default DNS domain</h3>
<div class="level3">
@ -287,7 +285,7 @@ Check Apache configuration and restart:
apachectl restart</pre>
</div>
<!-- EDIT12 SECTION "Change default DNS domain" [5134-5576] -->
<!-- EDIT12 SECTION "Change default DNS domain" [5072-5514] -->
<h3 class="sectionedit13" id="reload_virtual_host">Reload virtual host</h3>
<div class="level3">
@ -298,7 +296,7 @@ To allow the manager to reload the configuration, register the reload virtual ho
<div class="notetip">Adapt the reload virtual host name to the domain you configured.
</div>
</div>
<!-- EDIT13 SECTION "Reload virtual host" [5577-5878] -->
<!-- EDIT13 SECTION "Reload virtual host" [5515-5816] -->
<h3 class="sectionedit14" id="upgrade">Upgrade</h3>
<div class="level3">
@ -324,7 +322,7 @@ The upgrade process will also have migrate old configuration files into <code>/e
<div class="noteimportant">You should now use the Manager to configure all <a href="portalmenu.html#categories_and_applications" class="wikilink1" title="documentation:2.0:portalmenu">applications and categories</a>, and then comment or remove the <code>applicationList</code> parameter from <code>/etc/lemonldap-ng/lemonldap-ng.ini</code>.
</div>
</div>
<!-- EDIT14 SECTION "Upgrade" [5879-8392] -->
<!-- EDIT14 SECTION "Upgrade" [5817-8330] -->
<h3 class="sectionedit15" id="dns">DNS</h3>
<div class="level3">
@ -340,7 +338,7 @@ Follow the <a href="start.html#configuration" class="wikilink1" title="documenta
</p>
</div>
<!-- EDIT15 SECTION "DNS" [8393-8665] -->
<!-- EDIT15 SECTION "DNS" [8331-8603] -->
<h2 class="sectionedit16" id="file_location">File location</h2>
<div class="level2">
<ul>
@ -357,7 +355,7 @@ Follow the <a href="start.html#configuration" class="wikilink1" title="documenta
</ul>
</div>
<!-- EDIT16 SECTION "File location" [8666-9021] -->
<!-- EDIT16 SECTION "File location" [8604-8959] -->
<h2 class="sectionedit17" id="build_your_packages">Build your packages</h2>
<div class="level2">
@ -386,6 +384,6 @@ Alternatively, you can use the automatic script “create-lemonldap-packages.sh
</p>
</div>
<!-- EDIT17 SECTION "Build your packages" [9022-] --></div>
<!-- EDIT17 SECTION "Build your packages" [8960-] --></div>
</body>
</html>

8
doc/pages/documentation/current/installtarball.html
View File

@ -175,8 +175,6 @@ You can choose other Makefile targets:
<ul>
<li class="level2"><div class="li"> install_doc_site (/usr/local/lemonldap-ng/htdocs/doc)</div>
</li>
<li class="level2"><div class="li"> install_fr_doc_site (/usr/local/lemonldap-ng/htdocs/fr-doc)</div>
</li>
<li class="level2"><div class="li"> install_examples_site (/usr/local/lemonldap-ng/examples)</div>
</li>
</ul>
@ -235,7 +233,7 @@ See also <a href="installdeb.html" class="wikilink1" title="documentation:2.0:in
</div>
</div>
<!-- EDIT5 SECTION "Installation" [856-3712] -->
<!-- EDIT5 SECTION "Installation" [856-3644] -->
<h2 class="sectionedit6" id="install_cron_jobs">Install cron jobs</h2>
<div class="level2">
@ -255,7 +253,7 @@ To install them on system:
<pre class="code">sudo ln -s /usr/local/lemonldap-ng/etc/cron.d/* /etc/cron.d/</pre>
</div>
<!-- EDIT6 SECTION "Install cron jobs" [3713-3922] -->
<!-- EDIT6 SECTION "Install cron jobs" [3645-3854] -->
<h2 class="sectionedit7" id="dns">DNS</h2>
<div class="level2">
@ -271,6 +269,6 @@ Follow the <a href="start.html#configuration" class="wikilink1" title="documenta
</p>
</div>
<!-- EDIT7 SECTION "DNS" [3923-] --></div>
<!-- EDIT7 SECTION "DNS" [3855-] --></div>
</body>
</html>

58
doc/pages/documentation/current/localconfbackend.html Normal file
View File

@ -0,0 +1,58 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:localconfbackend</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,localconfbackend"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="localconfbackend.html"/>
<link rel="contents" href="localconfbackend.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:localconfbackend","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="local_configuration_backend">Local configuration backend</h1>
<div class="level1">
<p>
Some admins wants to deploy configuration using lemonldap-ng.ini only. This backend just return an empty configuration.
</p>
<div class="noteimportant">Advanced use only !
</div>
</div>
</div>
</body>
</html>

2
doc/pages/documentation/current/nodehandler.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:nodehandler</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,nodehandler"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="nodehandler.html"/>

14
doc/pages/documentation/current/nosqlsessionbackend.html
View File

@ -48,21 +48,21 @@
<div class="level1">
<p>
<a href="http://search.cpan.org/perldoc?Apache::Session::Redis" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Redis" rel="nofollow">Apache::Session::Redis</a> is the faster shareable session backend
<a href="http://search.cpan.org/perldoc?Apache::Session::Browseable::Redis" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Browseable::Redis" rel="nofollow">Apache::Session::Browseable::Redis</a> is the faster shareable session backend
</p>
</div>
<!-- EDIT1 SECTION "Redis session backend" [1-158] -->
<!-- EDIT1 SECTION "Redis session backend" [1-182] -->
<h2 class="sectionedit2" id="setup">Setup</h2>
<div class="level2">
<p>
Install and launch a <a href="http://code.google.com/p/redis/" class="urlextern" title="http://code.google.com/p/redis/" rel="nofollow">Redis server</a>. Install
<a href="http://search.cpan.org/perldoc?Apache::Session::Redis" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Redis" rel="nofollow">Apache::Session::Redis</a> Perl module.
<a href="http://search.cpan.org/perldoc?Apache::Session::Redis" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Redis" rel="nofollow">Apache::Session::Browseable::Redis</a> Perl module.
</p>
<p>
In the manager: set <a href="http://search.cpan.org/perldoc?Apache::Session::Redis" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Redis" rel="nofollow">Apache::Session::Redis</a> in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
In the manager: set <a href="http://search.cpan.org/perldoc?Apache::Session::browseable::Redis" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::browseable::Redis" rel="nofollow">Apache::Session::Browseable::Redis</a> in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
</p>
<div class="table sectionedit3"><table class="inline table table-bordered table-striped">
<thead>
@ -77,9 +77,9 @@ In the manager: set <a href="http://search.cpan.org/perldoc?Apache::Session::Red
<td class="col0 centeralign"> <strong>server</strong> </td><td class="col1"> Redis server </td><td class="col2"> 127.0.0.1:6379 </td>
</tr>
</table></div>
<!-- EDIT3 TABLE [601-712] -->
<!-- EDIT3 TABLE [661-772] -->
</div>
<!-- EDIT2 SECTION "Setup" [159-713] -->
<!-- EDIT2 SECTION "Setup" [183-773] -->
<h2 class="sectionedit4" id="security">Security</h2>
<div class="level2">
@ -88,6 +88,6 @@ Restrict network access to the redis server. For remote servers, you can use <a
</p>
</div>
<!-- EDIT4 SECTION "Security" [714-] --></div>
<!-- EDIT4 SECTION "Security" [774-] --></div>
</body>
</html>

804
doc/pages/documentation/current/parameterlist.html
View File

File diff suppressed because it is too large Load Diff

12
doc/pages/documentation/current/performances.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:performances</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,performances"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="performances.html"/>
@ -409,13 +409,13 @@ Now ldapgroups contains “admin su”
<div class="level3">
<p>
In lemonldap-ng.ini, set only modules that you will use. By default, configuration, sessions explorer and notifications explorer are enabled. Example:
In lemonldap-ng.ini, set only modules that you will use. By default, configuration, sessions explorer, notifications explorer and second factor are enabled. Example:
</p>
<pre class="code ini"><span class="re0"><span class="br0">&#91;</span>manager<span class="br0">&#93;</span></span>
<span class="re1">enabledModules</span> <span class="sy0">=</span><span class="re2"> conf, sessions</span></pre>
</div>
<!-- EDIT12 SECTION "Disable unused modules" [11486-11732] -->
<!-- EDIT12 SECTION "Disable unused modules" [11486-11747] -->
<h3 class="sectionedit13" id="use_static_html_files">Use static HTML files</h3>
<div class="level3">
@ -425,7 +425,7 @@ Once Manager is installed, browse enabled modules (configuration, sessions, noti
<pre class="code apache"><span class="kw1">RewriteRule</span> <span class="st0">&quot;^/$&quot;</span> <span class="st0">&quot;/psgi/manager-server.fcgi&quot;</span> [PT]
<span class="co1"># DirectoryIndex manager.html</span>
<span class="co1"># RewriteCond &quot;%{REQUEST_FILENAME}&quot; &quot;!\.html$&quot;</span>
<span class="kw1">RewriteCond</span> <span class="st0">&quot;%{REQUEST_FILENAME}&quot;</span> <span class="st0">&quot;!^/(?:static|doc|fr-doc|lib).*&quot;</span>
<span class="kw1">RewriteCond</span> <span class="st0">&quot;%{REQUEST_FILENAME}&quot;</span> <span class="st0">&quot;!^/(?:static|doc|lib).*&quot;</span>
<span class="kw1">RewriteRule</span> <span class="st0">&quot;^/(.+)$&quot;</span> <span class="st0">&quot;/psgi/manager-server.fcgi/$1&quot;</span> [PT]</pre>
<p>
@ -434,7 +434,7 @@ by:
<pre class="code apache"><span class="co1"># RewriteRule &quot;^/$&quot; &quot;/psgi/manager-server.fcgi&quot; [PT]</span>
<span class="kw1">DirectoryIndex</span> manager.html
<span class="kw1">RewriteCond</span> <span class="st0">&quot;%{REQUEST_FILENAME}&quot;</span> <span class="st0">&quot;!<span class="es0">\.</span>html$&quot;</span>
<span class="kw1">RewriteCond</span> <span class="st0">&quot;%{REQUEST_FILENAME}&quot;</span> <span class="st0">&quot;!^/(?:static|doc|fr-doc|lib).*&quot;</span>
<span class="kw1">RewriteCond</span> <span class="st0">&quot;%{REQUEST_FILENAME}&quot;</span> <span class="st0">&quot;!^/(?:static|doc|lib).*&quot;</span>
<span class="kw1">RewriteRule</span> <span class="st0">&quot;^/(.+)$&quot;</span> <span class="st0">&quot;/psgi/manager-server.fcgi/$1&quot;</span> [PT]</pre>
<p>
@ -442,6 +442,6 @@ So manager <abbr title="HyperText Markup Language">HTML</abbr> templates will be
</p>
</div>
<!-- EDIT13 SECTION "Use static HTML files" [11733-] --></div>
<!-- EDIT13 SECTION "Use static HTML files" [11748-] --></div>
</body>
</html>

22
doc/pages/documentation/current/platformsoverview.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:platformsoverview</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,platformsoverview"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="platformsoverview.html"/>
@ -88,7 +88,7 @@ LLNG is able to use different web servers to provide its services. Here is a res
<div class="level2">
<p>
Since 2.0, both portal and manager are native FastCGI applications. They can be used on any web server that can dial with a FastCGI server. Some examples:
Since 2.0, both portal and manager are native FastCGI / PSGI Plack based applications. They can be powered by any FastCGI / PSGI compatible web servers. Some examples:
</p>
<div class="table sectionedit3"><table class="inline table table-bordered table-striped">
<thead>
@ -103,9 +103,9 @@ Since 2.0, both portal and manager are native FastCGI applications. They can be
<td class="col0 centeralign"> <strong>Link with webserver process</strong> </td><td class="col1 centeralign"> External processes managed by webserver <em>(default)</em> </td><td class="col2 centeralign"> External <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">LLNG server</a> </td><td class="col3 centeralign"> External <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">LLNG server</a> </td><td class="col4 centeralign"> <a href="configplack.html" class="wikilink1" title="documentation:2.0:configplack">Inside</a> </td>
</tr>
</table></div>
<!-- EDIT3 TABLE [635-1181] -->
<!-- EDIT3 TABLE [648-1194] -->
</div>
<!-- EDIT2 SECTION "Portal/Manager installation" [438-1182] -->
<!-- EDIT2 SECTION "Portal/Manager installation" [438-1195] -->
<h2 class="sectionedit4" id="application_protection_overview">Application protection overview</h2>
<div class="level2">
@ -130,7 +130,7 @@ To protect applications with handler, LLNG can be used in two mode:
</ul>
</div>
<!-- EDIT4 SECTION "Application protection overview" [1183-1672] -->
<!-- EDIT4 SECTION "Application protection overview" [1196-1685] -->
<h3 class="sectionedit5" id="handler_integration">Handler integration</h3>
<div class="level3">
@ -152,10 +152,10 @@ LLNG handlers can be installed on the following web servers:
<td class="col0 centeralign"> <strong>Addon needed</strong> </td><td class="col1 centeralign"> ModPerl </td><td class="col2 leftalign"> </td><td class="col3 leftalign"> </td><td class="col4 centeralign"> Express </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <strong>LLNG integration in webserver</strong> </td><td class="col1 centeralign"> <a href="configvhost.html#apache_configuration" class="wikilink1" title="documentation:2.0:configvhost">Inside</a> </td><td class="col2 centeralign"> Separate process: <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">External LLNG FastCGI/uWSGI servers</a> <em>(auth_request)</em> </td><td class="col3 centeralign"> <a href="configplack.html" class="wikilink1" title="documentation:2.0:configplack">Inside</a> </td><td class="col4 centeralign"> <a href="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler#express-app" class="urlextern" title="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler#express-app" rel="nofollow">Inside</a> </td>
<td class="col0 centeralign"> <strong>LLNG integration in webserver</strong> </td><td class="col1 centeralign"> <a href="configvhost.html#apache_configuration" class="wikilink1" title="documentation:2.0:configvhost">Inside</a> </td><td class="col2 centeralign"> Separate process: <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">External LLNG FastCGI/uWSGI servers</a> <em>(auth_request)</em> </td><td class="col3 centeralign"> <a href="psgi.html#protect_a_psgi_application" class="wikilink1" title="documentation:2.0:psgi">Inside</a> </td><td class="col4 centeralign"> <a href="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler#express-app" class="urlextern" title="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler#express-app" rel="nofollow">Inside</a> </td>
</tr>
</table></div>
<!-- EDIT6 TABLE [1799-2271] -->
<!-- EDIT6 TABLE [1812-2304] -->
</div>
<h4 id="reverseproxy_mode">ReverseProxy Mode</h4>
@ -170,14 +170,14 @@ LLNG handlers can be installed on the following web servers:
<td class="col0 centeralign"> <strong>LLNG integration in ReverseProxy webserver</strong> </td><td class="col1 centeralign"> <a href="configvhost.html#apache_configuration" class="wikilink1" title="documentation:2.0:configvhost">Inside</a> </td><td class="col2 centeralign"> Separate process: <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">External LLNG FastCGI/uWSGI servers</a> </td>
</tr>
</table></div>
<!-- EDIT7 TABLE [2299-2536] -->
<!-- EDIT7 TABLE [2332-2569] -->
</div>
<!-- EDIT5 SECTION "Handler integration" [1673-2538] -->
<!-- EDIT5 SECTION "Handler integration" [1686-2571] -->
<h3 class="sectionedit8" id="external_servers_for_nginx">External servers for Nginx</h3>
<div class="level3">
<p>
Natively, Nginx supportes FastCGI and uWSGI protocoles.
Nginx supportes natively FastCGI and uWSGI protocoles.
</p>
<p>
@ -223,6 +223,6 @@ However, you can use some other FastCGI server engines:
</ul>
</div>
<!-- EDIT8 SECTION "External servers for Nginx" [2539-] --></div>
<!-- EDIT8 SECTION "External servers for Nginx" [2572-] --></div>
</body>
</html>

2
doc/pages/documentation/current/portal.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:portal</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,portal"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="portal.html"/>

12
doc/pages/documentation/current/prereq.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:prereq</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,prereq"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="prereq.html"/>
@ -290,17 +290,15 @@ For Apache2, you can use all workers mpm-worker, mpm-prefork and mpm-event. Mpm-
<ul>
<li class="level1"><div class="li"> Jquery (javascript framework) is included in tarball and RPMs, but is a dependency on Debian official releases</div>
</li>
<li class="level1"><div class="li"> OmegaT is needed to translate offline documentation and build fr-doc packages</div>
</li>
</ul>
</div>
<!-- EDIT10 SECTION "Other" [2076-2292] -->
<!-- EDIT10 SECTION "Other" [2076-2210] -->
<h2 class="sectionedit11" id="install_dependencies_on_your_system">Install dependencies on your system</h2>
<div class="level2">
</div>
<!-- EDIT11 SECTION "Install dependencies on your system" [2293-2342] -->
<!-- EDIT11 SECTION "Install dependencies on your system" [2211-2260] -->
<h3 class="sectionedit12" id="apt-get">APT-GET</h3>
<div class="level3">
@ -320,7 +318,7 @@ For Nginx:
<pre class="code">apt install nginx nginx-extras</pre>
</div>
<!-- EDIT12 SECTION "APT-GET" [2343-3125] -->
<!-- EDIT12 SECTION "APT-GET" [2261-3043] -->
<h3 class="sectionedit13" id="yum">YUM</h3>
<div class="level3">
<div class="notetip">You need <a href="http://fedoraproject.org/wiki/EPEL/" class="urlextern" title="http://fedoraproject.org/wiki/EPEL/" rel="nofollow">EPEL</a> repository. See how you can activate this repository: <a href="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse" class="urlextern" title="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse" rel="nofollow">http://fedoraproject.org/wiki/EPEL/FAQ#howtouse</a>
@ -342,6 +340,6 @@ For Nginx:
<div class="noteimportant">As you need a recent version of Nginx, the best is to install <a href="https://www.nginx.com/resources/wiki/start/topics/tutorials/install/#official-red-hat-centos-packages" class="urlextern" title="https://www.nginx.com/resources/wiki/start/topics/tutorials/install/#official-red-hat-centos-packages" rel="nofollow">Nginx official packages</a>.
</div>
</div>
<!-- EDIT13 SECTION "YUM" [3126-] --></div>
<!-- EDIT13 SECTION "YUM" [3044-] --></div>
</body>
</html>

55
doc/pages/documentation/current/psgi.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:psgi</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,psgi"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="psgi.html"/>
@ -59,8 +59,11 @@
<li class="level2"><div class="li"><a href="#using_uwsgi">Using uWSGI</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#using_debian_lemonldap-ng-uwsgi-app_package">Using Debian lemonldap-ng-uwsgi-app package</a></div></li>
</ul></li>
</ul></li>
</ul>
</li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#protect_a_psgi_application">Protect a PSGI application</a></div></li>
</ul>
</div>
</div>
@ -235,6 +238,50 @@ Then adapt your Nginx configuration to use this uWSGI app.
</p>
</div>
<!-- EDIT5 SECTION "Using uWSGI" [3413-] --></div>
<!-- EDIT5 SECTION "Using uWSGI" [3413-4230] -->
<h2 class="sectionedit6" id="protect_a_psgi_application">Protect a PSGI application</h2>
<div class="level2">
<p>
LLNG provides <code>Plack::Middleware::Auth::LemonldapNG</code> that can be used to protect any PSGI application: it acts exactly like a LLNG handler. Simple example:
</p>
<dl class="file">
<dt><a href="_export/code/documentation/2.0/psgi/codeblock.4.code" title="Download Snippet" class="mediafile mf_psgi">app.psgi</a></dt>
<dd><pre class="code file perl"><span class="kw2">use</span> Plack<span class="sy0">::</span><span class="me2">Builder</span><span class="sy0">;</span>
&nbsp;
<span class="kw1">my</span> <span class="re0">$app</span> <span class="sy0">=</span> <span class="kw2">sub</span> <span class="br0">&#123;</span> <span class="sy0">...</span> <span class="br0">&#125;</span><span class="sy0">;</span>
builder <span class="br0">&#123;</span>
enable <span class="st0">&quot;Auth::LemonldapNG&quot;</span><span class="sy0">;</span>
<span class="re0">$app</span><span class="sy0">;</span>
<span class="br0">&#125;</span><span class="sy0">;</span></pre>
</dd></dl>
<p>
More advanced example:
</p>
<dl class="file">
<dt><a href="_export/code/documentation/2.0/psgi/codeblock.5.code" title="Download Snippet" class="mediafile mf_psgi">app.psgi</a></dt>
<dd><pre class="code file perl"><span class="kw2">use</span> Plack<span class="sy0">::</span><span class="me2">Builder</span><span class="sy0">;</span>
&nbsp;
<span class="kw1">my</span> <span class="re0">$app</span> <span class="sy0">=</span> <span class="kw2">sub</span> <span class="br0">&#123;</span> <span class="sy0">...</span> <span class="br0">&#125;</span><span class="sy0">;</span>
&nbsp;
<span class="co1"># Optionally ($proposedResponse is the PSGI response of Lemonldap::NG handler)</span>
<span class="kw2">sub</span> on_reject <span class="br0">&#123;</span>
<span class="kw1">my</span><span class="br0">&#40;</span><span class="re0">$self</span><span class="sy0">,</span><span class="re0">$env</span><span class="sy0">,</span><span class="re0">$proposedResponse</span><span class="br0">&#41;</span> <span class="sy0">=</span> <span class="co5">@_</span><span class="sy0">;</span>
<span class="co1"># ...</span>
<span class="br0">&#125;</span>
&nbsp;
builder <span class="br0">&#123;</span>
enable <span class="st0">&quot;Auth::LemonldapNG&quot;</span><span class="sy0">,</span>
llparams <span class="sy0">=&gt;</span> <span class="br0">&#123;</span>
<span class="co1"># ...</span>
<span class="br0">&#125;</span><span class="sy0">,</span>
on_reject <span class="sy0">=&gt;</span> <span class="re0">\&amp;on_reject</span><span class="sy0">;</span>
<span class="re0">$app</span><span class="sy0">;</span>
<span class="br0">&#125;</span><span class="sy0">;</span></pre>
</dd></dl>
</div>
<!-- EDIT6 SECTION "Protect a PSGI application" [4231-] --></div>
</body>
</html>

2
doc/pages/documentation/current/restminihowto.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:restminihowto</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,restminihowto"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="restminihowto.html"/>

27
doc/pages/documentation/current/restserverplugin
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=a8e117edbbbe45106ea023b3c5ef2ae5" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=ca8b27b06771874f4f7205ded14cfc7c" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -178,6 +178,27 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
<p>
<a href="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" class="media" title="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" rel="nofollow"><img src="/_media/applications/franceconnect_logo.png" class="mediacenter" alt="" /></a>
<strong>France Connect</strong>
</p>
<p>
<a href="https://fusioniam.org" class="media" title="https://fusioniam.org" rel="nofollow"><img src="/_media/logos/fusioniam_logo_icon_dragon_circle.png" class="mediacenter" alt="" /></a>
<strong>FusionIAM projet member</strong>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT2 SECTION "Certifications" [175-534] -->
<h3 class="sectionedit3" id="awards">Awards</h3>
<div class="level3">
<p>
<a href="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" class="media" title="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" rel="nofollow"><img src="/_media/logos/ow2.png?w=150&amp;tok=b7af43" class="mediacenter" alt="" width="150" /></a>
<strong>OW2con&#039;14 Community Award</strong>
</div>
</p>
<hr />
@ -201,7 +222,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div>
<!-- EDIT2 SECTION "Certifications" [175-] --> </div>
<!-- EDIT3 SECTION "Awards" [535-] --> </div>
</div>
</aside>
@ -220,7 +241,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1528371138" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1529961311" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

20
doc/pages/documentation/current/restsessionbackend.html
View File

@ -82,14 +82,14 @@
</ul>
<p>
Sessions for connected users:
Sessions for connected users <em>(used by <a href="authproxy.html" class="wikilink1" title="documentation:2.0:authproxy">LLNG Proxy</a>)</em>:
</p>
<ul>
<li class="level1"><div class="li"> GET /mysession/&lt;type&gt; : get session datas</div>
<li class="level1"><div class="li"> GET /session/my/&lt;type&gt; : get session datas</div>
</li>
<li class="level1"><div class="li"> GET /mysession/&lt;type&gt;/key : get session key</div>
<li class="level1"><div class="li"> GET /session/my/&lt;type&gt;/key : get session key</div>
</li>
<li class="level1"><div class="li"> DELETE /mysession : ask for logout</div>
<li class="level1"><div class="li"> DELETE /session/my : ask for logout</div>
</li>
</ul>
@ -114,12 +114,12 @@ To configure it, REST session backend will be set trough Manager in global confi
</p>
</div>
<!-- EDIT1 SECTION "REST session backend" [1-1390] -->
<!-- EDIT1 SECTION "REST session backend" [1-1432] -->
<h2 class="sectionedit2" id="setup">Setup</h2>
<div class="level2">
</div>
<!-- EDIT2 SECTION "Setup" [1391-1409] -->
<!-- EDIT2 SECTION "Setup" [1433-1451] -->
<h3 class="sectionedit3" id="manager">Manager</h3>
<div class="level3">
@ -152,9 +152,9 @@ Then, set <code>Lemonldap::NG::Common::Apache::Session::REST</code> in <code>Gen
<td class="col0 centeralign"> <strong>password</strong> </td><td class="col1"> Password to use for auth basic mechanism </td><td class="col2 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT4 TABLE [1758-2084] -->
<!-- EDIT4 TABLE [1800-2126] -->
</div>
<!-- EDIT3 SECTION "Manager" [1410-2085] -->
<!-- EDIT3 SECTION "Manager" [1452-2127] -->
<h3 class="sectionedit5" id="apache">Apache</h3>
<div class="level3">
@ -167,7 +167,7 @@ Sessions REST end points access must be allowed in Apache portal configuration (
&lt;/<span class="kw3">Location</span>&gt;</pre>
</div>
<!-- EDIT5 SECTION "Apache" [2086-2375] -->
<!-- EDIT5 SECTION "Apache" [2128-2417] -->
<h3 class="sectionedit6" id="real_session_backend">Real session backend</h3>
<div class="level3">
@ -184,6 +184,6 @@ For example, if real sessions are stored in <a href="filesessionbackend.html" cl
<div class="notetip">Session explorer and “single session” features can&#039;t be used using this backend. Session explorer and portal must be launched with real backend.
</div>
</div>
<!-- EDIT6 SECTION "Real session backend" [2376-] --></div>
<!-- EDIT6 SECTION "Real session backend" [2418-] --></div>
</body>
</html>

27
doc/pages/documentation/current/samlservice.html
View File

@ -230,17 +230,20 @@ To define keys, you can:
<p>
You can import a certificate containing the public key instead the raw public key. However, certificate will not be really validated by other <abbr title="Security Assertion Markup Language">SAML</abbr> components (expiration date, common name, etc.), but will just be a public key wrapper.
</p>
<p>
You can force <abbr title="LemonLDAP::NG">LL::NG</abbr> to use this certificate in <abbr title="Security Assertion Markup Language">SAML</abbr> responses by enabling <strong>Use certificate in response</strong> option.
</p>
<div class="notetip">You can easily generate a certificate to replace your public key by saving the private key in a file, and use <code>openssl</code> commands to issue a self-signed certificate:
<pre class="code">$ openssl req -new -key private.key -out cert.csr
$ openssl x509 -req -days 3650 -in cert.csr -signkey private.key -out cert.pem</pre>
</div><ul>
<li class="level1"><div class="li"> <strong>Use certificate in response</strong>: Certificate will be sent inside <abbr title="Security Assertion Markup Language">SAML</abbr> responses.</div>
</li>
<li class="level1"><div class="li"> <strong>Signature method</strong>: set the signature algorithm</div>
</li>
</ul>
<div class="noteimportant">Default value is RSA SHA1 for compatibility purpose but we recommend to use RSA SHA256. This requires to test all partners to check their compatibility.
</div>
</div>
<!-- EDIT7 SECTION "Security parameters" [2065-3327] -->
<!-- EDIT7 SECTION "Security parameters" [2065-3527] -->
<h3 class="sectionedit8" id="nameid_formats">NameID formats</h3>
<div class="level3">
@ -277,7 +280,7 @@ Other NameID formats are automatically managed:
</ul>
</div>
<!-- EDIT8 SECTION "NameID formats" [3328-4086] -->
<!-- EDIT8 SECTION "NameID formats" [3528-4286] -->
<h3 class="sectionedit9" id="authentication_contexts">Authentication contexts</h3>
<div class="level3">
@ -301,7 +304,7 @@ Customizable NameID formats are:
</ul>
</div>
<!-- EDIT9 SECTION "Authentication contexts" [4087-4810] -->
<!-- EDIT9 SECTION "Authentication contexts" [4287-5010] -->
<h3 class="sectionedit10" id="organization">Organization</h3>
<div class="level3">
<div class="noteclassic">This concerns all parameters for the Organization metadata section:
@ -321,7 +324,7 @@ Customizable NameID formats are:
</ul>
</div>
<!-- EDIT10 SECTION "Organization" [4811-5322] -->
<!-- EDIT10 SECTION "Organization" [5011-5522] -->
<h3 class="sectionedit11" id="service_provider">Service Provider</h3>
<div class="level3">
<div class="noteclassic">This concerns all parameters for the Service Provider metadata section:
@ -404,7 +407,7 @@ The only authorized binding is SOAP. This should be set as Default.
</p>
</div>
<!-- EDIT11 SECTION "Service Provider" [5323-6377] -->
<!-- EDIT11 SECTION "Service Provider" [5523-6577] -->
<h3 class="sectionedit12" id="identity_provider">Identity Provider</h3>
<div class="level3">
<div class="noteclassic">This concerns all parameters for the Service Provider metadata section:
@ -489,7 +492,7 @@ The only authorized binding is SOAP. This should be set as Default.
</p>
</div>
<!-- EDIT12 SECTION "Identity Provider" [6378-7366] -->
<!-- EDIT12 SECTION "Identity Provider" [6578-7566] -->
<h3 class="sectionedit13" id="attribute_authority">Attribute Authority</h3>
<div class="level3">
<div class="noteclassic">This concerns all parameters for the Attribute Authority metadata section
@ -512,7 +515,7 @@ Response Location should be empty, as SOAP responses are directly returned (sync
</p>
</div>
<!-- EDIT13 SECTION "Attribute Authority" [7367-7778] -->
<!-- EDIT13 SECTION "Attribute Authority" [7567-7978] -->
<h3 class="sectionedit14" id="advanced">Advanced</h3>
<div class="level3">
@ -571,6 +574,6 @@ Configuration parameters are:
</ul>
</div>
<!-- EDIT14 SECTION "Advanced" [7779-] --></div>
<!-- EDIT14 SECTION "Advanced" [7979-] --></div>
</body>
</html>

10
doc/pages/documentation/current/secondfactor.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:secondfactor</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,secondfactor"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="secondfactor.html"/>
@ -56,7 +56,7 @@
<li class="level2"><div class="li"><a href="#yubikey_tokens">Yubikey Tokens</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#developper_corner">Developper corner</a></div></li>
<li class="level1"><div class="li"><a href="#developer_corner">Developer corner</a></div></li>
</ul>
</div>
</div>
@ -125,11 +125,11 @@ If you don&#039;t want to use self-registration features for U2F, TOTP and so on
</div>
<!-- EDIT5 SECTION "Yubikey Tokens" [1679-1817] -->
<h2 class="sectionedit6" id="developper_corner">Developper corner</h2>
<h2 class="sectionedit6" id="developer_corner">Developer corner</h2>
<div class="level2">
<p>
To developpe a new 2FA plugin, read <code>Lemonldap::NG::Portal::Main::SecondFactor (3pm)</code> manpage. Your 2F module must be a Perl class named <code>Lemonldap::NG::Portal::2F::<em>&lt;custom_name&gt;</em></code>. To enable it, set <code>available2F</code> key in your <code>lemonldap-ng.ini</code> file :
To develop a new 2FA plugin, read <code>Lemonldap::NG::Portal::Main::SecondFactor (3pm)</code> manpage. Your 2F module must be a Perl class named <code>Lemonldap::NG::Portal::2F::<em>&lt;custom_name&gt;</em></code>. To enable it, set <code>available2F</code> key in your <code>lemonldap-ng.ini</code> file :
</p>
<pre class="code ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">available2F</span> <span class="sy0">=</span><span class="re2"> U2F,TOTP,&lt;custom_name&gt;</span></pre>
@ -141,6 +141,6 @@ To enable manager Second Factor Administration Module, set <code>enabledModules<
<span class="re1">enabledModules</span> <span class="sy0">=</span><span class="re2"> conf, sessions, notifications, 2ndFA</span></pre>
</div>
<!-- EDIT6 SECTION "Developper corner" [1818-] --></div>
<!-- EDIT6 SECTION "Developer corner" [1818-] --></div>
</body>
</html>

14
doc/pages/documentation/current/securetoken.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:securetoken</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,securetoken"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="securetoken.html"/>
@ -55,7 +55,7 @@
<li class="level2"><div class="li"><a href="#virtual_host">Virtual host</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#apache">Apache</a></div></li>
<li class="level3"><div class="li"><a href="#nginx">Nginx</a></div></li>
<li class="level3"><div class="li"><a href="#other_web_servers">Other web servers</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#handler_parameters">Handler parameters</a></div></li>
@ -97,7 +97,7 @@ This mechanism allows one to protect an application with an unsafe link between
<div class="level4">
<p>
Configure the virtual host like other <a href="configvhost.html" class="wikilink1" title="documentation:2.0:configvhost">protected virtual host</a> but use Secure Token Handler instead of default Handler.
VirtualHost has to be configured like other <a href="configvhost.html" class="wikilink1" title="documentation:2.0:configvhost">protected virtual hosts</a> but by using Secure Token Handler instead of default Handler.
</p>
<pre class="code file apache">PerlModule Lemonldap::NG::Handler::Specific::SecureToken
&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
@ -112,12 +112,12 @@ Configure the virtual host like other <a href="configvhost.html" class="wikilink
</div>
<h4 id="nginx">Nginx</h4>
<h4 id="other_web_servers">Other web servers</h4>
<div class="level4">
<div class="noteclassic">This module uses Apache2 Filter and is not compatible with Nginx.
<div class="noteclassic">This handler uses Apache2Filter Module to hide token, prefer <a href="servertoserver.html" class="wikilink1" title="documentation:2.0:servertoserver">Handling server webservice calls</a> for other servers.
</div>
</div>
<!-- EDIT4 SECTION "Virtual host" [542-1094] -->
<!-- EDIT4 SECTION "Virtual host" [542-1184] -->
<h3 class="sectionedit5" id="handler_parameters">Handler parameters</h3>
<div class="level3">
@ -149,6 +149,6 @@ SecureToken parameters are the following:
</div>
</div>
<!-- EDIT5 SECTION "Handler parameters" [1095-] --></div>
<!-- EDIT5 SECTION "Handler parameters" [1185-] --></div>
</body>
</html>

12
doc/pages/documentation/current/security.html
View File

@ -72,6 +72,7 @@
<li class="level1"><div class="li"><a href="#configure_security_settings">Configure security settings</a></div></li>
<li class="level1"><div class="li"><a href="#fail2ban">Fail2ban</a></div></li>
<li class="level1"><div class="li"><a href="#sessions_identifier">Sessions identifier</a></div></li>
<li class="level1"><div class="li"><a href="#saml">SAML</a></div></li>
</ul>
</div>
</div>
@ -445,6 +446,15 @@ We recommend the use of <code>Lemonldap::NG::Common::Apache::Session::Generate::
</p>
</div>
<!-- EDIT19 SECTION "Sessions identifier" [9099-] --></div>
<!-- EDIT19 SECTION "Sessions identifier" [9099-9363] -->
<h2 class="sectionedit20" id="saml">SAML</h2>
<div class="level2">
<p>
See <a href="samlservice.html#security_parameters" class="wikilink1" title="documentation:2.0:samlservice">security_parameters</a>
</p>
</div>
<!-- EDIT20 SECTION "SAML" [9364-] --></div>
</body>
</html>

8
doc/pages/documentation/current/selfmadeapplication.html
View File

@ -143,14 +143,8 @@ First create a PSGI module based on Lemonldap::NG::Handler:
<span class="br0">&#125;</span></pre>
<p>
Then call this module in a CGI script:
See our LLNG Nginx/Apache configurations to see how to launch it or read <a href="https://plackperl.org/" class="urlextern" title="https://plackperl.org/" rel="nofollow">PSGI/Plack documentation</a>.
</p>
<pre class="code perl"> <span class="co1">#!/usr/bin/env perl</span>
&nbsp;
<span class="kw2">use</span> My<span class="sy0">::</span><span class="me2">PSGI</span><span class="sy0">;</span>
<span class="kw2">use</span> Plack<span class="sy0">::</span><span class="me2">Handler</span><span class="sy0">::</span><span class="me2">FCGI</span><span class="sy0">;</span> <span class="co1"># or Plack::Handler::CGI</span>
&nbsp;
Plack<span class="sy0">::</span><span class="me2">Handler</span><span class="sy0">::</span><span class="me2">FCGI</span><span class="sy0">-&gt;</span><span class="me1">new</span><span class="sy0">-&gt;</span><span class="me1">run</span><span class="br0">&#40;</span> My<span class="sy0">::</span><span class="me2">PSGI</span><span class="sy0">-&gt;</span><span class="me1">run</span><span class="br0">&#40;</span><span class="br0">&#41;</span> <span class="br0">&#41;</span><span class="sy0">;</span></pre>
<p>
The protection parameter must be set when calling the init() method:

28
doc/pages/documentation/current/servertoserver.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:servertoserver</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,servertoserver"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="servertoserver.html"/>
@ -48,11 +48,23 @@
<div class="level1">
<p>
In modern applications, web application may need to call some other web application on behalf of the connected users. There is three way to do it: the ugly and the smart.
In modern applications, web application may need to request some other web applications on behalf of the authenticated users. There are three ways to do this:
</p>
<ul>
<li class="level1"><div class="li"> the Ugly : provide to all applications the <abbr title="Single Sign On">SSO</abbr> cookie. Not secured because the <abbr title="Single Sign On">SSO</abbr> cookie can be caught and used everywhere, every time by everyone!!! <strong>NOT RECOMMENDED</strong>. </div>
</li>
<li class="level1"><div class="li"> the Bad (<a href="securetoken.html" class="wikilink1" title="documentation:2.0:securetoken">Secure Token Handler</a>) : <strong>Deprecated</strong>. Can be used in specific cases </div>
</li>
<li class="level1"><div class="li"> the Good (Service Token Handler): See below ! (Thanks Sergio…)</div>
</li>
</ul>
<p>
The “Bad” method consists to give the token (cookie value) to webapp1 which uses it as cookie header in its request. Since 2.0 version, <abbr title="LemonLDAP::NG">LL::NG</abbr> gives a better way (the Good !) to do this by using limited scope tokens.
</p>
<p>
The ugly consists to give the cookie value to the webapp 1 which use it in cookie header of its request. Since version 2.0, LLNG gives a better way to do it using tokens with limited scope.
Tokens are time limited (30 seconds) and <abbr title="Uniform Resource Locator">URL</abbr> restricted (three max).
</p>
<p>
@ -60,21 +72,21 @@ The ugly consists to give the cookie value to the webapp 1 which use it in cooki
</p>
</div>
<!-- EDIT1 SECTION "Handling server webservice calls" [1-447] -->
<!-- EDIT1 SECTION "Handling server webservice calls" [1-899] -->
<h2 class="sectionedit2" id="webapp1_handler_configuration">Webapp1 handler configuration</h2>
<div class="level2">
<p>
Insert a header containing this value:
Insert a header filled with this value:
</p>
<pre class="code file perl">token<span class="br0">&#40;</span> <span class="re0">$_session_id</span><span class="sy0">,</span> <span class="st_h">'webapp2.example.com'</span><span class="sy0">,</span> <span class="st_h">'webapp3.example.com'</span> <span class="br0">&#41;</span></pre>
<p>
Webapp1 can read this header and use it in its requests in the <code>X-Llng-Token</code> header. The token is build using the session ID and the list of authorized virtualhosts. The token is available only 30 seconds and only the listed virtualhosts.
Webapp1 can read this header and use it in its requests by setting the <code>X-Llng-Token</code> header. The token is built using the session ID and the authorized virtualhosts list. The token is only available during 30 seconds and for the specified virtualhosts.
</p>
</div>
<!-- EDIT2 SECTION "Webapp1 handler configuration" [448-861] -->
<!-- EDIT2 SECTION "Webapp1 handler configuration" [900-1328] -->
<h2 class="sectionedit3" id="webapp2_handler_configuration">Webapp2 handler configuration</h2>
<div class="level2">
@ -83,6 +95,6 @@ Change handler type to “ServiceToken”. So it is able to manage both user and
</p>
</div>
<!-- EDIT3 SECTION "Webapp2 handler configuration" [862-] --></div>
<!-- EDIT3 SECTION "Webapp2 handler configuration" [1329-] --></div>
</body>
</html>

10
doc/pages/documentation/current/sqlsessionbackend.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:sqlsessionbackend</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,sqlsessionbackend"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="sqlsessionbackend.html"/>
@ -204,7 +204,7 @@ You must read the man page corresponding to your database (<a href="http://searc
</li>
</ul>
</div><div class="notetip">For better performances, you can use specific <abbr title="LemonLDAP::NG">LL::NG</abbr> <abbr title="Database Interface">DBI</abbr> Perl modules.
</div><div class="notetip">For better performances, you can use specific <a href="browseablesessionbackend.html" class="wikilink1" title="documentation:2.0:browseablesessionbackend">browseable session backend</a>.
<p>
Learn more at <a href="performances.html#apachesession_performances" class="wikilink1" title="documentation:2.0:performances">how to increase Data Base performances</a>.
</p>
@ -234,9 +234,9 @@ If you may store some non-<abbr title="American Standard Code for Information In
<td class="col0 centeralign"> SQLite </td><td class="col1 centeralign"> sqlite_unicode </td><td class="col2 centeralign"> 1 </td>
</tr>
</table></div>
<!-- EDIT6 TABLE [3763-3926] -->
<!-- EDIT6 TABLE [3795-3958] -->
</div>
<!-- EDIT4 SECTION "Manager" [2238-3927] -->
<!-- EDIT4 SECTION "Manager" [2238-3959] -->
<h2 class="sectionedit7" id="security">Security</h2>
<div class="level2">
@ -249,6 +249,6 @@ You can also use different user/password for your servers by overriding paramete
</p>
</div>
<!-- EDIT7 SECTION "Security" [3928-] --></div>
<!-- EDIT7 SECTION "Security" [3960-] --></div>
</body>
</html>

2
doc/pages/documentation/current/ssocookie.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:ssocookie</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,ssocookie"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="ssocookie.html"/>

56
doc/pages/documentation/current/start.html
View File

@ -446,7 +446,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
<div class="table sectionedit13"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> Handler type </th><th class="col1 centeralign"> Apache </th><th class="col2 centeralign"> Nginx </th><th class="col3 rightalign"> <a href="https://plackperl.org" class="urlextern" title="https://plackperl.org" rel="nofollow">Plack* server</a></th><th class="col4 centeralign"> Node.js </th><th class="col5 centeralign"> Comment </th><td class="col6"></td>
<th class="col0"> Handler type </th><th class="col1 centeralign"> Apache </th><th class="col2 centeralign"> Nginx </th><th class="col3 rightalign"> <a href="https://plackperl.org" class="urlextern" title="https://plackperl.org" rel="nofollow">Plack* servers</a></th><th class="col4 centeralign"> Node.js </th><th class="col5 centeralign"> Comment </th><td class="col6"></td>
</tr>
</thead>
<tr class="row1 rowodd">
@ -459,21 +459,24 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
<td class="col0"> <a href="cda.html" class="wikilink1" title="documentation:2.0:cda">CDA</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 leftalign"> </td><td class="col5"> For Cross Domain Authentication </td><td class="col6"></td>
</tr>
<tr class="row4 roweven">
<td class="col0"> <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps</a> <em>(<a href="ssoaas.html" class="wikilink1" title="documentation:2.0:ssoaas">SSOaaS</a>)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td><td class="col5"> Allows application developers to define their rules within the application </td><td class="col6"></td>
<td class="col0"> <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps</a> <em>(<a href="ssoaas.html" class="wikilink1" title="documentation:2.0:ssoaas">SSOaaS</a>)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td><td class="col5"> Allows application developers to define their own rules and headers inside their applications </td><td class="col6"></td>
</tr>
<tr class="row5 rowodd">
<td class="col0"> <a href="securetoken.html" class="wikilink1" title="documentation:2.0:securetoken">Secure Token</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 leftalign"> </td><td class="col5"> Designed to secure dialog between a LLNG reverse-proxy and a remote app </td><td class="col6"></td>
<td class="col0"> <a href="devopssthandler.html" class="wikilink1" title="documentation:2.0:devopssthandler">DevOpsST</a> <em>(<a href="ssoaas.html" class="wikilink1" title="documentation:2.0:ssoaas">SSOaaS</a>)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"> </td><td class="col5"> Enables both <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps</a> and <a href="servertoserver.html" class="wikilink1" title="documentation:2.0:servertoserver">Service Token</a> </td><td class="col6"></td>
</tr>
<tr class="row6 roweven">
<td class="col0"> <a href="servertoserver.html" class="wikilink1" title="documentation:2.0:servertoserver">Service Token</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> <em>(Server-to-Server)</em> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"> </td><td class="col5"> Designed to permits underlying requests <em>(<abbr title="Application Programming Interface">API</abbr>-Based Infrastructure)</em> </td><td class="col6"></td>
<td class="col0"> <a href="securetoken.html" class="wikilink1" title="documentation:2.0:securetoken">Secure Token</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 leftalign"> </td><td class="col5"> Designed to secure exchanges between a LLNG reverse-proxy and a remote app </td><td class="col6"></td>
</tr>
<tr class="row7 rowodd">
<td class="col0"> <a href="servertoserver.html" class="wikilink1" title="documentation:2.0:servertoserver">Service Token</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> <em>(Server-to-Server)</em> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td><td class="col5"> Designed to permit underlying requests <em>(<abbr title="Application Programming Interface">API</abbr>-Based Infrastructure)</em> </td><td class="col6"></td>
</tr>
<tr class="row8 roweven">
<td class="col0"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra PreAuth</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 leftalign"> </td><td class="col5 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT13 TABLE [5927-6894] -->
<!-- EDIT13 TABLE [5927-7105] -->
<p>
<em>(*): <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:nodehandler">Node.js handler</a> has not yet reached the same level of functionality.</em>
<em>(*): <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:nodehandler">Node.js handler</a> has not yet reached the same level of functionalities.</em>
</p>
<p>
@ -481,7 +484,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
</p>
</div>
<!-- EDIT12 SECTION "Handlers" [5653-7017] -->
<!-- EDIT12 SECTION "Handlers" [5653-7230] -->
<h3 class="sectionedit14" id="llng_databases">LLNG databases</h3>
<div class="level3">
@ -509,7 +512,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
<td class="col0 centeralign"> <a href="fileconfbackend.html" class="wikilink1" title="documentation:2.0:fileconfbackend">File (JSON)</a> </td><td class="col1"> </td><td class="col2 leftalign">Not shareable between servers except if used in conjunction with <a href="soapconfbackend.html" class="wikilink1" title="documentation:2.0:soapconfbackend">SOAP</a> or with a shared file system (NFS,…). Selected by default during installation. </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <a href="yamlconfbackend.html" class="wikilink1" title="documentation:2.0:yamlconfbackend">YAML</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1"> </td><td class="col2 leftalign">Same as <a href="fileconfbackend.html" class="wikilink1" title="documentation:2.0:fileconfbackend">File</a> in YAML format instead of JSON </td>
<td class="col0 centeralign"> <a href="yamlconfbackend.html" class="wikilink1" title="documentation:2.0:yamlconfbackend">YAML</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1"> </td><td class="col2 leftalign">Same as <a href="fileconfbackend.html" class="wikilink1" title="documentation:2.0:fileconfbackend">File</a> but in YAML format instead of JSON </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <a href="sqlconfbackend.html" class="wikilink1" title="documentation:2.0:sqlconfbackend">SQL (RDBI/CDBI)</a> </td><td class="col1 centeralign"></td><td class="col2"> Recommended for large-scale systems. Prefer CDBI. </td>
@ -526,8 +529,11 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
<tr class="row7 rowodd">
<td class="col0 centeralign"> <a href="restconfbackend.html" class="wikilink1" title="documentation:2.0:restconfbackend">REST</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 leftalign"> Proxy backend to be used in conjunction with another configuration backend. <br/><strong>Can be used to secure another backend</strong> for remote servers. </td>
</tr>
<tr class="row8 roweven">
<td class="col0 centeralign"> <a href="localconfbackend.html" class="wikilink1" title="documentation:2.0:localconfbackend">Local</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 leftalign"> </td><td class="col2 leftalign"> Use only lemonldap-ng.ini parameters. </td>
</tr>
</table></div>
<!-- EDIT15 TABLE [7322-8304] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
<!-- EDIT15 TABLE [7535-8621] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
</div>
<p>
</div></div>
@ -582,13 +588,13 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
<strong>Can be used to secure another backend</strong> for remote servers. </td>
</tr>
</table></div>
<!-- EDIT16 TABLE [9169-10849] -->
<!-- EDIT16 TABLE [9486-11166] -->
<p>
</div></div>
</p>
</div>
<!-- EDIT14 SECTION "LLNG databases" [7018-10877] -->
<!-- EDIT14 SECTION "LLNG databases" [7231-11194] -->
<h2 class="sectionedit17" id="applications_protection">Applications protection</h2>
<div class="level2">
@ -617,7 +623,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT17 SECTION "Applications protection" [10878-11368] -->
<!-- EDIT17 SECTION "Applications protection" [11195-11685] -->
<h3 class="sectionedit18" id="well_known_compatible_applications">Well known compatible applications</h3>
<div class="level3">
<div class="noteclassic">Here is a list of well known applications that are compatible with <abbr title="LemonLDAP::NG">LL::NG</abbr>. A full list is available on <a href="applications.html" class="wikilink1" title="documentation:2.0:applications">vendor applications page</a>.
@ -715,7 +721,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT18 SECTION "Well known compatible applications" [11369-13582] -->
<!-- EDIT18 SECTION "Well known compatible applications" [11686-13899] -->
<h2 class="sectionedit19" id="advanced_features">Advanced features</h2>
<div class="level2">
@ -772,7 +778,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT19 SECTION "Advanced features" [13583-14765] -->
<!-- EDIT19 SECTION "Advanced features" [13900-15082] -->
<h2 class="sectionedit20" id="mini_howtos">Mini howtos</h2>
<div class="level2">
@ -805,7 +811,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT20 SECTION "Mini howtos" [14766-15539] -->
<!-- EDIT20 SECTION "Mini howtos" [15083-15856] -->
<h2 class="sectionedit21" id="exploitation">Exploitation</h2>
<div class="level2">
@ -840,7 +846,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT21 SECTION "Exploitation" [15540-16054] -->
<!-- EDIT21 SECTION "Exploitation" [15857-16371] -->
<h2 class="sectionedit22" id="bug_report">Bug report</h2>
<div class="level2">
@ -849,7 +855,7 @@ See <a href="bugreport.html" class="wikilink1" title="bugreport">How to report a
</p>
</div>
<!-- EDIT22 SECTION "Bug report" [16055-16119] -->
<!-- EDIT22 SECTION "Bug report" [16372-16436] -->
<h2 class="sectionedit23" id="developer_corner">Developer corner</h2>
<div class="level2">
@ -891,7 +897,7 @@ To add a new language:
</li>
<li class="level1"><div class="li"> translate the 3 files</div>
</li>
<li class="level1"><div class="li"> we will then put them in sources.</div>
<li class="level1"><div class="li"> then we will append them in sources.</div>
</li>
</ul>
@ -907,19 +913,7 @@ If you don&#039;t want to publish your translation <em>(<code>XX</code> must be
</li>
</ul>
<p>
To translate this doc (Manager help):
</p>
<ul>
<li class="level1"><div class="li"> Install <a href="http://www.omegat.org/" class="urlextern" title="http://www.omegat.org/" rel="nofollow">OmegaT</a></div>
</li>
<li class="level1"><div class="li"> Launch “make XX-translation” and translate all</div>
</li>
<li class="level1"><div class="li"> Launch “make XX-doc” to build doc</div>
</li>
</ul>
</div>
<!-- EDIT23 SECTION "Developer corner" [16120-] --></div>
<!-- EDIT23 SECTION "Developer corner" [16437-] --></div>
</body>
</html>

96
doc/pages/documentation/current/status.html
View File

@ -59,10 +59,12 @@
<li class="level2"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level2"><div class="li"><a href="#configuration1">Configuration</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#apache">Apache</a></div></li>
<li class="level3"><div class="li"><a href="#nginx">Nginx</a></div></li>
<li class="level3"><div class="li"><a href="#apache">Apache</a></div></li>
<li class="level3"><div class="li"><a href="#lemonldapng">LemonLDAP::NG</a></div></li>
</ul></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#advanced">Advanced</a></div></li>
</ul></li>
</ul>
</div>
@ -78,16 +80,17 @@
<div class="level2">
<p>
The portal displays in JSON format its activity. Unlike handler, this is not the full activity of the server, but for now just the activity of 1 thread. This can give a view to all returned codes.
The portal displays in JSON format its activity. Some d This can give a view to all returned codes.
</p>
</div>
<!-- EDIT2 SECTION "Portal Status (experimental)" [29-268] -->
<!-- EDIT2 SECTION "Portal Status (experimental)" [29-171] -->
<h3 class="sectionedit3" id="configuration">Configuration</h3>
<div class="level3">
<p>
* Set <code>portalStatus = 1</code> in lemonldap-ng.ini file (section <code>[Portal]</code>)
* Note that handler status must also been enabled
* Protect <a href="http://portal/portalStatus" class="urlextern" title="http://portal/portalStatus" rel="nofollow">http://portal/portalStatus</a> using your webserver configuration
</p>
@ -96,13 +99,12 @@ Status is displayed by calling this <abbr title="Uniform Resource Locator">URL</
</p>
</div>
<!-- EDIT3 SECTION "Configuration" [269-485] -->
<!-- EDIT3 SECTION "Configuration" [172-439] -->
<h2 class="sectionedit4" id="handler_status">Handler Status</h2>
<div class="level2">
<div class="noteimportant">Since 2.0, Handler status no more collects Portal returned codes.
</div>
</div>
<!-- EDIT4 SECTION "Handler Status" [486-603] -->
<!-- EDIT4 SECTION "Handler Status" [440-467] -->
<h3 class="sectionedit5" id="presentation">Presentation</h3>
<div class="level3">
@ -113,12 +115,11 @@ When status feature is activated, Handlers and portal will collect statistics an
</div>
<p>
The statistics are collected trough a daemon launched by the Handler. It can be seen in system processes, for example:
The statistics are collected trough a daemon launched by the Handler. It can be seen in system processes.
</p>
<pre class="code">perl -MLemonldap::NG::Handler::Status -I/etc/perl -I/usr/local/lib/perl/5.10.1 -I/usr/local/share/perl/5.10.1 -I/usr/lib/perl5 -I/usr/share/perl5 -I/usr/lib/perl/5.10 -I/usr/share/perl/5.10 -I/usr/local/lib/site_perl -I. -I/etc/apache2 -e &amp;Lemonldap::NG::Handler::Status::run(Cache::FileCache,{? &#039;cache_depth&#039; =&gt; 5,? &#039;cache_root&#039; =&gt; &#039;/tmp&#039;,? &#039;directory_umask&#039; =&gt; &#039;007&#039;,? &#039;default_expires_in&#039; =&gt; 600,? &#039;namespace&#039; =&gt; &#039;MyNamespace&#039;? }?);</pre>
<p>
Statistics are displayed when calling the status path on an Handler (for example: <a href="http://test1.example.com/status" class="urlextern" title="http://test1.example.com/status" rel="nofollow">http://test1.example.com/status</a>).
Statistics are displayed when calling the status path on an Handler (for example: <a href="http://reload.example.com/status" class="urlextern" title="http://reload.example.com/status" rel="nofollow">http://reload.example.com/status</a>).
</p>
<p>
@ -130,32 +131,12 @@ Example of status page:
</p>
</div>
<!-- EDIT5 SECTION "Presentation" [604-1777] -->
<!-- EDIT5 SECTION "Presentation" [468-1126] -->
<h3 class="sectionedit6" id="configuration1">Configuration</h3>
<div class="level3">
</div>
<h4 id="apache">Apache</h4>
<div class="level4">
<p>
You need to give access to status path in the Handler Apache configuration:
</p>
<pre class="code file apache"> <span class="co1"># Uncomment this to activate status module</span>
&lt;<span class="kw3">Location</span> /status&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Allow</span> from 127.0.0.0/<span class="nu0">8</span>
PerlHeaderParserHandler Lemonldap::NG::Handler-&gt;status
&lt;/<span class="kw3">Location</span>&gt;</pre>
<p>
Then restart Apache.
</p>
<div class="notetip">You should change the <code>Allow</code> directive to match administration <abbr title="Internet Protocol">IP</abbr>, or use another Apache protection mean.
</div>
</div>
<h4 id="nginx">Nginx</h4>
<div class="level4">
@ -178,13 +159,49 @@ You need to give access to status path in the Handler Nginx configuration:
</div>
<h4 id="apache">Apache</h4>
<div class="level4">
<p>
You need to give access to status path in the Handler Apache configuration:
</p>
<pre class="code file apache"> <span class="co1"># Uncomment this to activate status module</span>
&lt;<span class="kw3">Location</span> /status&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Allow</span> from 127.0.0.0/<span class="nu0">8</span>
PerlHeaderParserHandler Lemonldap::NG::Handler-&gt;status
&lt;/<span class="kw3">Location</span>&gt;</pre>
<p>
Then restart Apache.
</p>
<div class="notetip">You should change the <code>Allow</code> directive to match administration <abbr title="Internet Protocol">IP</abbr>, or use another Apache protection mean.
</div>
</div>
<h5 id="portal_data">Portal data</h5>
<div class="level5">
<p>
By default Apache handler status process listen to <code>localhost:64321</code> <em>(UDP)</em>. You can change this using <code>LLNGSTATUSLISTEN</code> environment variable. If you want to collect portal data, you just have to set <code>LLNGSTATUSHOST</code> environment variable <em>(see comments in our <code>portal-apache2.conf</code>)</em>.
</p>
<pre class="code apache"> &lt;<span class="kw3">Files</span> *.fcgi&gt;
<span class="kw1">SetHandler</span> fcgid-<span class="kw1">script</span>
<span class="co1">#CGIPassAuth on</span>
<span class="kw1">Options</span> +ExecCGI
<span class="kw1">header</span> unset Lm-Remote-<span class="kw1">User</span>
&lt;/<span class="kw3">Files</span>&gt;
FcgidInitialEnv LLNGSTATUSHOST 127.0.0.1:<span class="nu0">64321</span></pre>
</div>
<h4 id="lemonldapng">LemonLDAP::NG</h4>
<div class="level4">
<p>
Edit <code>lemonldap-ng.ini</code>, and activate status in the <code>handler</code> section:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>handler<span class="br0">&#93;</span></span>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>all<span class="br0">&#93;</span></span>
# Set status to <span class="nu0">1</span> if you want to have the report of activity <span class="br0">&#40;</span>used for
# example to inform MRTG<span class="br0">&#41;</span>
<span class="re1">status</span> <span class="sy0">=</span><span class="re2"> 1</span></pre>
@ -194,6 +211,17 @@ Then restart webserver.
</p>
</div>
<!-- EDIT6 SECTION "Configuration" [1778-] --></div>
<!-- EDIT6 SECTION "Configuration" [1127-2799] -->
<h3 class="sectionedit7" id="advanced">Advanced</h3>
<div class="level3">
<ol>
<li class="level1"><div class="li"> You can also open the UDP port with Nginx if you set <code>LLNGSTATUSLISTEN</code> environment variable <em>(host:port)</em></div>
</li>
<li class="level1"><div class="li"> When querying status <em>(using portal or handler status)</em> and if UDP is used, query is given to <code>LLNGSTATUSHOST</code> <em>(host:port)</em> and response is waiting on a dynamic UDP port given in query <em>(between 64322 and 64331)</em>. By default this dynamic UDP port is opened on loopback <em>(<code>localhost</code> entry in <code>/etc/hosts</code>)</em>. To change this, set an <abbr title="Internet Protocol">IP</abbr> address or a host using <code>LLNGSTATUSCLIENT</code> environment variable.</div>
</li>
</ol>
</div>
<!-- EDIT7 SECTION "Advanced" [2800-] --></div>
</body>
</html>

9
doc/pages/documentation/current/u2f.html
View File

@ -136,14 +136,17 @@ If you have enabled self registration, users can register their U2F keys using <
<div class="level2">
<p>
If a user lost its key, you can delete the 2F device from the manager Second Factor module :
If a user lost its key, you can delete the 2F device from the manager Second Factor module :
</p>
<p>
* To enable manager Second Factor Administration Module, set <code>enabledModules</code> key in your <code>lemonldap-ng.ini</code> file :
</p>
<pre class="code ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">enabledModules</span> <span class="sy0">=</span><span class="re2"> conf, sessions, notifications, 2ndFA</span></pre>
</div>
<!-- EDIT6 SECTION "Assistance" [2308-2628] -->
<!-- EDIT6 SECTION "Assistance" [2308-2630] -->
<h2 class="sectionedit7" id="developer_corner">Developer corner</h2>
<div class="level2">
@ -158,6 +161,6 @@ Note that both “origin” and “appId” are fixed to portal <abbr title="Uni
</p>
</div>
<!-- EDIT7 SECTION "Developer corner" [2629-] --></div>
<!-- EDIT7 SECTION "Developer corner" [2631-] --></div>
</body>
</html>

73
doc/pages/documentation/current/upgrade.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:upgrade</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,upgrade"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="upgrade.html"/>
@ -51,7 +51,11 @@
<ul class="toc">
<li class="level1"><div class="li"><a href="#upgrade_order_from_19">Upgrade order from 1.9.*</a></div></li>
<li class="level1"><div class="li"><a href="#installation">Installation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#configuration_refresh">Configuration refresh</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#kerberos_or_ssl_usage">Kerberos or SSL usage</a></div></li>
<li class="level1"><div class="li"><a href="#logs">Logs</a></div></li>
<li class="level1"><div class="li"><a href="#security">Security</a></div></li>
@ -97,7 +101,8 @@ As usual, if you use more than 1 server and don&#039;t want to stop the <abbr ti
<!-- EDIT2 SECTION "Upgrade order from 1.9.*" [163-653] -->
<h2 class="sectionedit3" id="installation">Installation</h2>
<div class="level2">
<div class="noteimportant">French documentation is no more available. Only English version of this documentation is maintained now.
</div>
<p>
This release of <abbr title="LemonLDAP::NG">LL::NG</abbr> requires these minimal versions of GNU/Linux distributions:
</p>
@ -117,7 +122,7 @@ For <abbr title="Security Assertion Markup Language">SAML</abbr> features, we re
</p>
</div>
<!-- EDIT3 SECTION "Installation" [654-872] -->
<!-- EDIT3 SECTION "Installation" [654-1001] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<ul>
@ -139,8 +144,18 @@ For <abbr title="Security Assertion Markup Language">SAML</abbr> features, we re
</div>
</div>
<!-- EDIT4 SECTION "Configuration" [873-1894] -->
<h2 class="sectionedit5" id="kerberos_or_ssl_usage">Kerberos or SSL usage</h2>
<!-- EDIT4 SECTION "Configuration" [1002-2023] -->
<h3 class="sectionedit5" id="configuration_refresh">Configuration refresh</h3>
<div class="level3">
<p>
Now portal has the same behavior than handlers: it looks to configuration stored in local cache every 10 minutes. So it has to be reload like every handler.
</p>
<div class="noteimportant">If you want to use reload mechanism on a portal only host, you must install a handler in Portal host to be able to refresh local cache. Include <code>handler-nginx.conf</code> or <code>handler-apache2.conf</code> for example
</div>
</div>
<!-- EDIT5 SECTION "Configuration refresh" [2024-2443] -->
<h2 class="sectionedit6" id="kerberos_or_ssl_usage">Kerberos or SSL usage</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> A new <a href="authkerberos.html" class="wikilink1" title="documentation:2.0:authkerberos">Kerberos</a> authentication backend has been added since 2.0. This module solves many Kerberos integration problems <em>(usage in conjunction with other backends, better error display,…)</em>. However, you can retain the old integration manner <em>(using <a href="authapache.html" class="wikilink1" title="documentation:2.0:authapache">Apache authentication module</a>)</em>.</div>
@ -150,8 +165,8 @@ For <abbr title="Security Assertion Markup Language">SAML</abbr> features, we re
</ul>
</div>
<!-- EDIT5 SECTION "Kerberos or SSL usage" [1895-2403] -->
<h2 class="sectionedit6" id="logs">Logs</h2>
<!-- EDIT6 SECTION "Kerberos or SSL usage" [2444-2952] -->
<h2 class="sectionedit7" id="logs">Logs</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> <strong>Syslog</strong>: logs are now configured only in <code>lemonldap-ng.ini</code> file. If you use Syslog, you must reconfigure it. See <a href="logs.html" class="wikilink1" title="documentation:2.0:logs">logs</a> for more.</div>
@ -161,8 +176,8 @@ For <abbr title="Security Assertion Markup Language">SAML</abbr> features, we re
</ul>
</div>
<!-- EDIT6 SECTION "Logs" [2404-2816] -->
<h2 class="sectionedit7" id="security">Security</h2>
<!-- EDIT7 SECTION "Logs" [2953-3365] -->
<h2 class="sectionedit8" id="security">Security</h2>
<div class="level2">
<p>
@ -176,8 +191,8 @@ LLNG portal now embeds the following features:
</ul>
</div>
<!-- EDIT7 SECTION "Security" [2817-3384] -->
<h2 class="sectionedit8" id="handlers">Handlers</h2>
<!-- EDIT8 SECTION "Security" [3366-3933] -->
<h2 class="sectionedit9" id="handlers">Handlers</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> <a href="cda.html" class="wikilink1" title="documentation:2.0:cda">CDA</a>, <a href="documentation/latest/applications/zimbra.html" class="wikilink1" title="documentation:latest:applications:zimbra">ZimbraPreAuth</a>, <a href="securetoken.html" class="wikilink1" title="documentation:2.0:securetoken">SecureToken</a> and <a href="handlerauthbasic.html" class="wikilink1" title="documentation:2.0:handlerauthbasic">AuthBasic</a> are now <a href="handlerarch.html" class="wikilink1" title="documentation:2.0:handlerarch">Handler Types</a>. So there is no more special file to load: you just have to choose “VirtualHost type” in the manager/VirtualHosts.</div>
@ -187,8 +202,8 @@ LLNG portal now embeds the following features:
</ul>
</div>
<!-- EDIT8 SECTION "Handlers" [3385-4046] -->
<h2 class="sectionedit9" id="rules_and_headers">Rules and headers</h2>
<!-- EDIT9 SECTION "Handlers" [3934-4595] -->
<h2 class="sectionedit10" id="rules_and_headers">Rules and headers</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> hostname() and remote_ip() are no more provided to avoid some name conflicts <em>(replaced by $ENV{})</em></div>
@ -200,8 +215,8 @@ LLNG portal now embeds the following features:
</ul>
</div>
<!-- EDIT9 SECTION "Rules and headers" [4047-4365] -->
<h2 class="sectionedit10" id="supported_servers">Supported servers</h2>
<!-- EDIT10 SECTION "Rules and headers" [4596-4914] -->
<h2 class="sectionedit11" id="supported_servers">Supported servers</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> Apache-1.3 files are not provided now. You can build them yourself by looking at Apache-2 configuration files</div>
@ -209,8 +224,8 @@ LLNG portal now embeds the following features:
</ul>
</div>
<!-- EDIT10 SECTION "Supported servers" [4366-4511] -->
<h2 class="sectionedit11" id="ajax_requests">Ajax requests</h2>
<!-- EDIT11 SECTION "Supported servers" [4915-5060] -->
<h2 class="sectionedit12" id="ajax_requests">Ajax requests</h2>
<div class="level2">
<p>
@ -218,8 +233,8 @@ Before 2.0, an Ajax query that was launched after session timeout received a 302
</p>
</div>
<!-- EDIT11 SECTION "Ajax requests" [4512-4731] -->
<h2 class="sectionedit12" id="soaprest_services">SOAP/REST services</h2>
<!-- EDIT12 SECTION "Ajax requests" [5061-5280] -->
<h2 class="sectionedit13" id="soaprest_services">SOAP/REST services</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> SOAP server activation is now split in 2 parameters (configuration/sessions). You must set them else SOAP service will be disabled</div>
@ -234,13 +249,13 @@ Before 2.0, an Ajax query that was launched after session timeout received a 302
<div class="noteimportant"><a href="handlerauthbasic.html" class="wikilink1" title="documentation:2.0:handlerauthbasic">AuthBasic Handler</a> uses now REST services instead of SOAP.
</div>
</div>
<!-- EDIT12 SECTION "SOAP/REST services" [4732-5330] -->
<h2 class="sectionedit13" id="developer_corner">Developer corner</h2>
<!-- EDIT13 SECTION "SOAP/REST services" [5281-5879] -->
<h2 class="sectionedit14" id="developer_corner">Developer corner</h2>
<div class="level2">
</div>
<!-- EDIT13 SECTION "Developer corner" [5331-5360] -->
<h3 class="sectionedit14" id="apis">APIs</h3>
<!-- EDIT14 SECTION "Developer corner" [5880-5909] -->
<h3 class="sectionedit15" id="apis">APIs</h3>
<div class="level3">
<p>
@ -248,8 +263,8 @@ Portal has now many REST features and includes a plugin <abbr title="Application
</p>
</div>
<!-- EDIT14 SECTION "APIs" [5361-5518] -->
<h3 class="sectionedit15" id="portal_overview">Portal overview</h3>
<!-- EDIT15 SECTION "APIs" [5910-6067] -->
<h3 class="sectionedit16" id="portal_overview">Portal overview</h3>
<div class="level3">
<p>
@ -270,8 +285,8 @@ The request is a separated object based on Lemonldap::NG::Portal::Main::Request
</p>
</div>
<!-- EDIT15 SECTION "Portal overview" [5519-5966] -->
<h3 class="sectionedit16" id="handler">Handler</h3>
<!-- EDIT16 SECTION "Portal overview" [6068-6515] -->
<h3 class="sectionedit17" id="handler">Handler</h3>
<div class="level3">
<p>
@ -283,6 +298,6 @@ If you had auto protected CGI, you also need to rewrite them, see <a href="selfm
</p>
</div>
<!-- EDIT16 SECTION "Handler" [5967-] --></div>
<!-- EDIT17 SECTION "Handler" [6516-] --></div>
</body>
</html>

8
doc/pages/documentation/current/utotp2f.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:utotp2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,utotp2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="utotp2f.html"/>
@ -64,7 +64,7 @@ Difference between enabled both U2F and TOTP is that only one page is displayed
In the manager (second factors), you just have to enable it:
</p>
<ul>
<li class="level1"><div class="li"> Activation: set it to “on”. Note that you should not enable <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">U2F</a> and <a href="totp2f.html" class="wikilink1" title="documentation:2.0:totp2f">TOTP</a> separatly <em>(except for self-registration: see below)</em></div>
<li class="level1"><div class="li"> Activation: set it to “on”. Note that you should not enable <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">U2F</a> and <a href="totp2f.html" class="wikilink1" title="documentation:2.0:totp2f">TOTP</a> separately <em>(except for self-registration: see below)</em></div>
</li>
<li class="level1"><div class="li"> Authentication level: you can overwrite here auth level for registered users. Leave it blank keeps auth level provided by first authentication module (By default: 2 for user/password based modules). It is recommended to set an higher value here if you want to give access to apps just for enrolled users.</div>
</li>
@ -73,7 +73,7 @@ In the manager (second factors), you just have to enable it:
</div><div class="noteimportant">If you want to give a different level for U2F or TOTP, leave this parameter blank and set U2F and TOTP “authentication level” in corresponding modules.
</div>
</div>
<!-- EDIT2 SECTION "Configuration" [351-1235] -->
<!-- EDIT2 SECTION "Configuration" [351-1236] -->
<h3 class="sectionedit3" id="self-registration">Self-registration</h3>
<div class="level3">
@ -92,6 +92,6 @@ Automatically, U2F registration will be hidden for unregistered TOTP users and d
</p>
</div>
<!-- EDIT3 SECTION "Self-registration" [1236-] --></div>
<!-- EDIT3 SECTION "Self-registration" [1237-] --></div>
</body>
</html>

2
doc/pages/documentation/current/writingrulesand_headers.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:writingrulesand_headers</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,writingrulesand_headers"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="writingrulesand_headers.html"/>

12
doc/pages/documentation/current/yubikey2f.html
View File

@ -52,6 +52,7 @@
<li class="level1"><div class="li"><a href="#prerequisites_and_dependencies">Prerequisites and dependencies</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level1"><div class="li"><a href="#provisioning">Provisioning</a></div></li>
<li class="level1"><div class="li"><a href="#enrollment">Enrollment</a></div></li>
</ul>
</div>
</div>
@ -116,6 +117,15 @@ If you don&#039;t want to use self-registration, set public part of user&#039;s
<pre class="code file json">[{&quot;name&quot; : &quot;MyYubikey&quot; , &quot;type&quot; : &quot;UBK&quot; , &quot;_secret&quot; : &quot;########&quot; , &quot;epoch&quot;:&quot;1524078936&quot;}, ...]</pre>
</div>
<!-- EDIT4 SECTION "Provisioning" [1621-] --></div>
<!-- EDIT4 SECTION "Provisioning" [1621-1988] -->
<h2 class="sectionedit5" id="enrollment">Enrollment</h2>
<div class="level2">
<p>
If you have enabled self registration, users can register their U2F keys using <a href="https://portal/2fregisters" class="urlextern" title="https://portal/2fregisters" rel="nofollow">https://portal/2fregisters</a>
</p>
</div>
<!-- EDIT5 SECTION "Enrollment" [1989-] --></div>
</body>
</html>

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm
View File

@ -140,7 +140,7 @@ L<Lemonldap::NG::Portal> second factor plugins.
# The rule must be like this :
# By example :
$self->conf->{u2fActivation} = '$_2fDevices =~ /"type":\s*"U2F"/s'
# Optionnaly, the rule can be : '$_2fDevices and $_2fDevices =~ /"type":\s*"U2F"/s'
# Optionally, the rule can be : '$_2fDevices and $_2fDevices =~ /"type":\s*"U2F"/s'
# to avoid warning due to undef variable
#
# Required call: