dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update doc

Browse Source
This commit is contained in:
Xavier Guimard 2018-12-20 10:46:14 +01:00
parent 420089f19f
commit aae139e4e4
41 changed files with 334 additions and 445 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/pages/documentation/current/applications/img/icons.png
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=df13de1d1df0e6da1b89ce87ded3ea23" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=0e94f56711d80a9e3559eb4fc980da70" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -241,7 +241,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1543524687" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1545299080" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

4
doc/pages/documentation/current/applications/img/loader.gif
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=df13de1d1df0e6da1b89ce87ded3ea23" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=0e94f56711d80a9e3559eb4fc980da70" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -241,7 +241,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1543524687" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1545299080" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

10
doc/pages/documentation/current/authcas.html
View File

@ -89,6 +89,16 @@ They can then be forwarded to applications trough <a href="writingrulesand_heade
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose <abbr title="Central Authentication Service">CAS</abbr> for authentication.
</p>
<div class="notetip">You can then choose any other module for users and password.
</div><div class="noteimportant">Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn&#039;t block the redirects whereas Chrome does).
Administrators may have to modify formAction value with wildcard likes *.
<p>
In Manager, go in :
</p>
<p>
<code>General Parameters</code> &gt; <code>Advanced Parameters</code> &gt; <code>Security</code> &gt; <code>Content Security Policy</code> &gt; <code>Form destination</code>
</p>
</div>
<p>
Then, go in <code><abbr title="Central Authentication Service">CAS</abbr> parameters</code>:

30
doc/pages/documentation/current/authcombination.html
View File

@ -135,10 +135,12 @@ Each module that will be used in combination rule must be declared. You must set
</li>
</ul>
</li>
<li class="level1"><div class="li"> overwritten parameters: you can redefine any LLNG string parameter. For example, if you use 2 different LDAP, the first can use normal configuration and for the second, overwritten parameter can redefine ldapServer,…</div>
<li class="level1"><div class="li"> overloaded parameters: you can redefine any LLNG string parameters. For example, if you use 2 different LDAP, the first can use normal configuration and for the second, overwritten parameter can redefine ldapServer,…</div>
</li>
</ul>
<div class="noteclassic">To overload parameters, you must select a module, add a parameter and set its value.
</div>
<p>
For example:
</p>
@ -155,13 +157,13 @@ For example:
<td class="col0"> DB2 </td><td class="col1"> <abbr title="Database Interface">DBI</abbr> </td><td class="col2"> User DB only </td><td class="col3"> dbiAuthChain ⇒ “mysql:…” </td>
</tr>
</table></div>
<!-- EDIT6 TABLE [1034-1157] -->
<!-- EDIT6 TABLE [1133-1256] -->
<p>
Usually, you can&#039;t declare two modules of the same type if they don&#039;t have the same parameters. For example, usually you can&#039;t declare a MySQL <abbr title="Database Interface">DBI</abbr> and a PostgreSQL <abbr title="Database Interface">DBI</abbr>, because there is no extra field for PostgreSQL parameters. Now with Combination, you can declare some overloaded parameters. For example, if <abbr title="Database Interface">DBI</abbr> is configured to use PostgreSQL but DB2 is a MySQL DB, you can override the “dbiChain” parameter.
</p>
</div>
<!-- EDIT5 SECTION "Modules declaration" [516-1571] -->
<!-- EDIT5 SECTION "Modules declaration" [516-1670] -->
<h3 class="sectionedit7" id="rule_chain">Rule chain</h3>
<div class="level3">
@ -208,7 +210,7 @@ Remember that schemes in rules are the names declared above.
<td class="col0 leftalign"> <code>[mySSL and myLDAP, myLDAP ]</code> </td><td class="col1"> Use mySSL and myLDAP to authentify, myLDAP to get user </td>
</tr>
</table></div>
<!-- EDIT8 TABLE [2025-2456] --><div class="noteimportant">Note that “or” can&#039;t be used inside a scheme.
<!-- EDIT8 TABLE [2124-2555] --><div class="noteimportant">Note that “or” can&#039;t be used inside a scheme.
If you think to “[mySSL or myLDAP, myLDAP]”, you must write <code>[mySSL, myLDAP] or [myLDAP, myLDAP]</code>
</div><div class="table sectionedit9"><table class="inline table table-bordered table-striped">
@ -224,7 +226,7 @@ If you think to “[mySSL or myLDAP, myLDAP]”, you must write <code>[mySSL, my
<td class="col0"> <code>[myDBI1] and [myDBI2] or [myLDAP] and [myDBI2]</code> </td><td class="col1"> Try myDBI1 and myDBI2, if it fails, try myLDAP and myDBI2 </td>
</tr>
</table></div>
<!-- EDIT9 TABLE [2629-2873] --><div class="noteimportant">You can&#039;t use brackets in a boolean expression and “and” has precedence on “or”.
<!-- EDIT9 TABLE [2728-2972] --><div class="noteimportant">You can&#039;t use brackets in a boolean expression and “and” has precedence on “or”.
<p>
If you think to “( [myLDAP] or [myDBI1] ) and [myDBI2]”, you must write <code>[myLDAP] and [myDBI2] or [myDBI1] and [myDBI2]</code>
</p>
@ -251,7 +253,7 @@ Test can use only the <code>$env</code> variable. It contains the FastCGI enviro
<td class="col0"> <code>if($env→{REMOTE_ADDR} =~ /^10\./) then [myLDAP] else if($env→{REMOTE_ADDR} =~ /^192/) then [myDBI1] else [myDBI2]</code> </td><td class="col1"> Chain tests </td>
</tr>
</table></div>
<!-- EDIT10 TABLE [3209-3531] --><div class="noteimportant">Note that brackets can&#039;t be used except to enclose test.
<!-- EDIT10 TABLE [3308-3630] --><div class="noteimportant">Note that brackets can&#039;t be used except to enclose test.
<p>
If you wants to write <code>if(…) then if…</code>, you must write <code>if(not …) then … else if(…)…</code>
</p>
@ -271,7 +273,7 @@ The following rule is valid:
</p>
</div>
<!-- EDIT7 SECTION "Rule chain" [1572-3878] -->
<!-- EDIT7 SECTION "Rule chain" [1671-3977] -->
<h3 class="sectionedit11" id="combine_second_factor">Combine second factor</h3>
<div class="level3">
@ -296,7 +298,7 @@ Now if you want to authenticate users either by LDAP or LDAP+U2F <em>(to have 2
</ul>
</div>
<!-- EDIT11 SECTION "Combine second factor" [3879-4528] -->
<!-- EDIT11 SECTION "Combine second factor" [3978-4627] -->
<h3 class="sectionedit12" id="display_multiple_forms">Display multiple forms</h3>
<div class="level3">
@ -307,12 +309,12 @@ Combination module returns the form corresponding to the first authentication sc
<span class="re1">combinationForms</span> <span class="sy0">=</span><span class="re2"> standardform, openidform</span></pre>
</div>
<!-- EDIT12 SECTION "Display multiple forms" [4529-4857] -->
<!-- EDIT12 SECTION "Display multiple forms" [4628-4956] -->
<h2 class="sectionedit13" id="known_problems">Known problems</h2>
<div class="level2">
</div>
<!-- EDIT13 SECTION "Known problems" [4858-4885] -->
<!-- EDIT13 SECTION "Known problems" [4957-4984] -->
<h3 class="sectionedit14" id="federation_protocols">Federation protocols</h3>
<div class="level3">
@ -332,9 +334,9 @@ Combination module returns the form corresponding to the first authentication sc
<td class="col0"> <em><code>[<abbr title="Security Assertion Markup Language">SAML</abbr>] and [LDAP] or [LDAP]</code></em> </td><td class="col1"> <code>[<abbr title="Security Assertion Markup Language">SAML</abbr>, <abbr title="Security Assertion Markup Language">SAML</abbr> and LDAP] or [LDAP]</code> </td><td class="col2"> Authentication is done by <abbr title="Security Assertion Markup Language">SAML</abbr> or LDAP but user must match an LDAP entry </td>
</tr>
</table></div>
<!-- EDIT15 TABLE [5185-5517] -->
<!-- EDIT15 TABLE [5284-5616] -->
</div>
<!-- EDIT14 SECTION "Federation protocols" [4886-5518] -->
<!-- EDIT14 SECTION "Federation protocols" [4985-5617] -->
<h3 class="sectionedit16" id="authapache_authentication">Auth::Apache authentication</h3>
<div class="level3">
@ -352,7 +354,7 @@ To bypass this, follow the documentation of <a href="authapache.html" class="wik
</p>
</div>
<!-- EDIT16 SECTION "Auth::Apache authentication" [5519-6130] -->
<!-- EDIT16 SECTION "Auth::Apache authentication" [5618-6229] -->
<h3 class="sectionedit17" id="ssl_authentication">SSL authentication</h3>
<div class="level3">
@ -361,6 +363,6 @@ To chain SSL, you have to set “SSLRequire optional” in Apache configuration,
</p>
</div>
<!-- EDIT17 SECTION "SSL authentication" [6131-] --></div>
<!-- EDIT17 SECTION "SSL authentication" [6230-] --></div>
</body>
</html>

10
doc/pages/documentation/current/authfacebook.html
View File

@ -115,6 +115,16 @@ If you use Facebook as user database, declare values in exported variables:
</li>
</ul>
<div class="noteimportant">Do not query user field in exported variables, as it is already registered by the authentication module in <code>$_user</code>.
</div><div class="noteimportant">Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn&#039;t block the redirects whereas Chrome does).
Administrators may have to modify formAction value with wildcard likes *.
<p>
In Manager, go in :
</p>
<p>
<code>General Parameters</code> &gt; <code>Advanced Parameters</code> &gt; <code>Security</code> &gt; <code>Content Security Policy</code> &gt; <code>Form destination</code>
</p>
</div><div class="notetip">You can use the same Facebook access token in your applications. It is stored in session datas under the name <code>$_facebookToken</code>
</div>
</div>

10
doc/pages/documentation/current/authlinkedin.html
View File

@ -97,6 +97,16 @@ Then, go in <code>LinkedIn parameters</code>:
</li>
</ul>
<div class="notetip">Collected fields are stored in session in <code>linkedIn_</code> keys
</div><div class="noteimportant">Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn&#039;t block the redirects whereas Chrome does).
Administrators may have to modify formAction value with wildcard likes *.
<p>
In Manager, go in :
</p>
<p>
<code>General Parameters</code> &gt; <code>Advanced Parameters</code> &gt; <code>Security</code> &gt; <code>Content Security Policy</code> &gt; <code>Form destination</code>
</p>
</div>
</div>
<!-- EDIT4 SECTION "Configuration" [527-] --></div>

10
doc/pages/documentation/current/authopenid.html
View File

@ -141,7 +141,17 @@ To configure requested attributes, edit <strong>Exported variables</strong> and
<p>
See also <a href="exportedvars.html" class="wikilink1" title="documentation:2.0:exportedvars">exported variables configuration</a>.
</p>
<div class="noteimportant">Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn&#039;t block the redirects whereas Chrome does).
Administrators may have to modify formAction value with wildcard likes *.
<p>
In Manager, go in :
</p>
<p>
<code>General Parameters</code> &gt; <code>Advanced Parameters</code> &gt; <code>Security</code> &gt; <code>Content Security Policy</code> &gt; <code>Form destination</code>
</p>
</div>
</div>
<!-- EDIT4 SECTION "Configuration" [948-] --></div>
</body>

16
doc/pages/documentation/current/authopenidconnect.html
View File

@ -155,6 +155,16 @@ In <code>General Parameters</code> &gt; <code>Authentication modules</code>, set
</li>
</ul>
<div class="notetip">As passwords will not be managed by <abbr title="LemonLDAP::NG">LL::NG</abbr>, you can disable <a href="portalmenu.html#menu_modules" class="wikilink1" title="documentation:2.0:portalmenu">menu password module</a>.
</div><div class="noteimportant">Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn&#039;t block the redirects whereas Chrome does).
Administrators may have to modify formAction value with wildcard likes *.
<p>
In Manager, go in :
</p>
<p>
<code>General Parameters</code> &gt; <code>Advanced Parameters</code> &gt; <code>Security</code> &gt; <code>Content Security Policy</code> &gt; <code>Form destination</code>
</p>
</div>
<p>
Then in <code>General Parameters</code> &gt; <code>Authentication modules</code> &gt; <code>OpenID Connect parameters</code>, you can set:
@ -169,7 +179,7 @@ Then in <code>General Parameters</code> &gt; <code>Authentication modules</code>
</ul>
</div>
<!-- EDIT7 SECTION "Authentication and UserDB" [1547-2338] -->
<!-- EDIT7 SECTION "Authentication and UserDB" [1547-2707] -->
<h3 class="sectionedit8" id="register_llng_to_an_openid_connect_provider">Register LL::NG to an OpenID Connect Provider</h3>
<div class="level3">
@ -195,7 +205,7 @@ After registration, the OP must give you a client ID and a client secret, that w
</p>
</div>
<!-- EDIT8 SECTION "Register LL::NG to an OpenID Connect Provider" [2339-3053] -->
<!-- EDIT8 SECTION "Register LL::NG to an OpenID Connect Provider" [2708-3422] -->
<h3 class="sectionedit9" id="declare_the_openid_connect_provider_in_llng">Declare the OpenID Connect Provider in LL::NG</h3>
<div class="level3">
@ -428,6 +438,6 @@ So you can define for example:
</ul>
</div>
<!-- EDIT9 SECTION "Declare the OpenID Connect Provider in LL::NG" [3054-] --></div>
<!-- EDIT9 SECTION "Declare the OpenID Connect Provider in LL::NG" [3423-] --></div>
</body>
</html>

8
doc/pages/documentation/current/authproxy.html
View File

@ -112,20 +112,20 @@ Then, go in <code>Proxy parameters</code>:
</li>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: level given to this authentication</div>
</li>
<li class="level1"><div class="li"> <strong>Use SOAP instead of REST</strong>: use a SOAP server (deprecated) instead of a REST one (you must set it if internal portal version is &lt; 2.0). In this case, “Portal <abbr title="Uniform Resource Locator">URL</abbr>” parameter must contains SOAP endpoint (generally <a href="http://auth.example.com/index.pl/sessions" class="urlextern" title="http://auth.example.com/index.pl/sessions" rel="nofollow">http://auth.example.com/index.pl/sessions</a> for 1.9 and earlier, <a href="http://auth.example.com/sessions" class="urlextern" title="http://auth.example.com/sessions" rel="nofollow">http://auth.example.com/sessions</a> for 2.0)</div>
<li class="level1"><div class="li"> <strong>Use SOAP instead of REST</strong>: use a deprecated SOAP server instead of a REST one (you must set it if internal portal version is &lt; 2.0). In this case, “Portal <abbr title="Uniform Resource Locator">URL</abbr>” parameter must contains SOAP endpoint (generally <a href="http://auth.example.com/index.pl/sessions" class="urlextern" title="http://auth.example.com/index.pl/sessions" rel="nofollow">http://auth.example.com/index.pl/sessions</a> for 1.9 and earlier, <a href="http://auth.example.com/sessions" class="urlextern" title="http://auth.example.com/sessions" rel="nofollow">http://auth.example.com/sessions</a> for 2.0)</div>
</li>
</ul>
</div>
<!-- EDIT5 SECTION "External portal" [486-1341] -->
<!-- EDIT5 SECTION "External portal" [486-1339] -->
<h3 class="sectionedit6" id="internal_portal">Internal portal</h3>
<div class="level3">
<p>
The portal must be configured to accept REST or SOAP authentication requests if you&#039;ve choose to use SOAP. See: <a href="restserverplugin" class="wikilink2" title="documentation:2.0:restserverplugin" rel="nofollow">REST server plugin</a> or <a href="soapsessionbackend.html" class="wikilink1" title="documentation:2.0:soapsessionbackend">SOAP session backend</a>.
The portal must be configured to accept REST or SOAP authentication requests if you&#039;ve choose to use SOAP. See: <a href="restservices.html" class="wikilink1" title="documentation:2.0:restservices">REST server plugin</a> or <a href="soapsessionbackend.html" class="wikilink1" title="documentation:2.0:soapsessionbackend">SOAP session backend</a> <em>(deprecated)</em>.
</p>
</div>
<!-- EDIT6 SECTION "Internal portal" [1342-] --></div>
<!-- EDIT6 SECTION "Internal portal" [1340-] --></div>
</body>
</html>

18
doc/pages/documentation/current/authsaml.html
View File

@ -111,9 +111,19 @@ For each IDP, you can configure attributes that are collected. Some can be manda
<p>
See <a href="samlservice.html" class="wikilink1" title="documentation:2.0:samlservice">SAML service</a> configuration chapter.
</p>
<div class="noteimportant">Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn&#039;t block the redirects whereas Chrome does).
Administrators may have to modify formAction value with wildcard likes *.
<p>
In Manager, go in :
</p>
<p>
<code>General Parameters</code> &gt; <code>Advanced Parameters</code> &gt; <code>Security</code> &gt; <code>Content Security Policy</code> &gt; <code>Form destination</code>
</p>
</div>
<!-- EDIT5 SECTION "SAML Service" [721-801] -->
</div>
<!-- EDIT5 SECTION "SAML Service" [721-1170] -->
<h3 class="sectionedit6" id="authentication_and_userdb">Authentication and UserDB</h3>
<div class="level3">
@ -129,7 +139,7 @@ In <code>General Parameters</code> &gt; <code>Authentication modules</code>, set
<div class="notetip">As passwords will not be managed by <abbr title="LemonLDAP::NG">LL::NG</abbr>, you can disable <a href="portalmenu.html#menu_modules" class="wikilink1" title="documentation:2.0:portalmenu">menu password module</a>.
</div>
</div>
<!-- EDIT6 SECTION "Authentication and UserDB" [802-1085] -->
<!-- EDIT6 SECTION "Authentication and UserDB" [1171-1454] -->
<h3 class="sectionedit7" id="register_lemonldapng_on_partner_identity_provider">Register LemonLDAP::NG on partner Identity Provider</h3>
<div class="level3">
@ -142,7 +152,7 @@ They are available at the EntityID <abbr title="Uniform Resource Locator">URL</a
</p>
</div>
<!-- EDIT7 SECTION "Register LemonLDAP::NG on partner Identity Provider" [1086-1332] -->
<!-- EDIT7 SECTION "Register LemonLDAP::NG on partner Identity Provider" [1455-1701] -->
<h3 class="sectionedit8" id="register_partner_identity_provider_on_lemonldapng">Register partner Identity Provider on LemonLDAP::NG</h3>
<div class="level3">
@ -289,6 +299,6 @@ These options override service signature options (see <a href="samlservice.html#
</ul>
</div>
<!-- EDIT8 SECTION "Register partner Identity Provider on LemonLDAP::NG" [1333-] --></div>
<!-- EDIT8 SECTION "Register partner Identity Provider on LemonLDAP::NG" [1702-] --></div>
</body>
</html>

10
doc/pages/documentation/current/authtwitter.html
View File

@ -83,6 +83,16 @@ You need to register a new application on Twitter to get <abbr title="Applicatio
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Twitter for authentication module.
</p>
<div class="notetip">You can then choose any other module for users and password.
</div><div class="noteimportant">Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn&#039;t block the redirects whereas Chrome does).
Administrators may have to modify formAction value with wildcard likes *.
<p>
In Manager, go in :
</p>
<p>
<code>General Parameters</code> &gt; <code>Advanced Parameters</code> &gt; <code>Security</code> &gt; <code>Content Security Policy</code> &gt; <code>Form destination</code>
</p>
</div>
<p>
Then, go in <code>Twitter parameters</code>:

13
doc/pages/documentation/current/bruteforceprotection.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:bruteforceprotection</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,bruteforceprotection"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="bruteforceprotection.html"/>
@ -52,7 +52,7 @@ bruteForceProtection plugin prevents brute force attack. Plugin DISABLED by defa
</p>
<p>
After three failed login attempts, user must wait (30 seconds by default) before try to log in again.
After some failed login attempts, user must wait (30 seconds by default) before try to log in again.
</p>
<p>
@ -60,7 +60,7 @@ The aim of a brute force attack is to gain access to user accounts by repeatedly
</p>
</div>
<!-- EDIT1 SECTION "Brute Force Protection Addon" [1-456] -->
<!-- EDIT1 SECTION "Brute Force Protection Addon" [1-455] -->
<h2 class="sectionedit2" id="configuration">Configuration</h2>
<div class="level2">
@ -73,13 +73,14 @@ Go in Manager, <code>General Parameters</code> » <code>Advanced Parameters</cod
</p>
<p>
To modify waiting time (30 seconds by default) before reAuthentication and MaxAge between current and last stored failed login (300 seconds by default) edit <code>lemonldap-ng.ini</code> in section [portal]:
To modify waiting time (30 seconds by default) before reAuthentication, MaxAge between current and last stored failed login (300 seconds by default) or number of allowed failed login attempts (3 by default) edit <code>lemonldap-ng.ini</code> in section [portal]:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">bruteForceProtectionTempo</span> <span class="sy0">=</span><span class="re2"> 30</span>
<span class="re1">bruteForceProtectionMaxAge</span> <span class="sy0">=</span><span class="re2"> 300</span></pre>
<span class="re1">bruteForceProtectionMaxAge</span> <span class="sy0">=</span><span class="re2"> 300</span>
<span class="re1">bruteForceProtectionMaxFailed</span> <span class="sy0">=</span><span class="re2"> 3</span></pre>
</div>
<!-- EDIT2 SECTION "Configuration" [457-] --></div>
<!-- EDIT2 SECTION "Configuration" [456-] --></div>
</body>
</html>

53
doc/pages/documentation/current/configlocation.html
View File

@ -323,7 +323,12 @@ In Portal virtual host, you will find several configuration parts:
<span class="co1"># Note that Content-Security-Policy header is generated by portal itself</span>
&lt;<span class="kw3">Files</span> *.fcgi&gt;
<span class="kw1">SetHandler</span> fcgid-<span class="kw1">script</span>
<span class="co1">#CGIPassAuth on</span>
<span class="co1"># For Authorization header to be passed, please uncomment one of the following:</span>
<span class="co1"># for Apache &gt;= 2.4.13</span>
<span class="co1">#CGIPassAuth On</span>
<span class="co1"># for Apache &lt; 2.4.13</span>
<span class="co1">#RewriteCond %{HTTP:Authorization} ^(.*)</span>
<span class="co1">#RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]</span>
<span class="kw1">Options</span> +ExecCGI
&lt;/<span class="kw3">Files</span>&gt;
&nbsp;
@ -368,7 +373,7 @@ In Portal virtual host, you will find several configuration parts:
&lt;/<span class="kw3">Location</span>&gt;</pre>
</div>
<!-- EDIT7 SECTION "Portal" [6660-8757] -->
<!-- EDIT7 SECTION "Portal" [6660-9007] -->
<h3 class="sectionedit8" id="manager1">Manager</h3>
<div class="level3">
@ -415,7 +420,7 @@ Configuration interface access is not protected by Apache but by LemonLDAP::NG i
</p>
</div>
<!-- EDIT8 SECTION "Manager" [8758-10301] -->
<!-- EDIT8 SECTION "Manager" [9008-10551] -->
<h3 class="sectionedit9" id="handler">Handler</h3>
<div class="level3">
<ul>
@ -423,16 +428,16 @@ Configuration interface access is not protected by Apache but by LemonLDAP::NG i
</li>
</ul>
<pre class="code file apache">PerlOptions +GlobalRequest
PerlModule Lemonldap::NG::Handler</pre>
PerlModule Lemonldap::NG::Handler::Apache2</pre>
<ul>
<li class="level1"><div class="li"> Catch error pages:</div>
</li>
</ul>
<pre class="code file apache"><span class="kw1">ErrorDocument</span> <span class="nu0">403</span> http://auth.example.com/?lmError=<span class="nu0">403</span>
<span class="kw1">ErrorDocument</span> <span class="nu0">404</span> http://auth.example.com/?lmError=<span class="nu0">404</span>
<span class="kw1">ErrorDocument</span> <span class="nu0">500</span> http://auth.example.com/?lmError=<span class="nu0">500</span>
<span class="kw1">ErrorDocument</span> <span class="nu0">502</span> http://auth.example.com/?lmError=<span class="nu0">502</span>
<span class="kw1">ErrorDocument</span> <span class="nu0">503</span> http://auth.example.com/?lmError=<span class="nu0">503</span></pre>
<pre class="code file apache"><span class="kw1">ErrorDocument</span> <span class="nu0">403</span> http://auth.example.com/lmerror/<span class="nu0">403</span>
<span class="kw1">ErrorDocument</span> <span class="nu0">404</span> http://auth.example.com/lmerror/<span class="nu0">404</span>
<span class="kw1">ErrorDocument</span> <span class="nu0">500</span> http://auth.example.com/lmerror/<span class="nu0">500</span>
<span class="kw1">ErrorDocument</span> <span class="nu0">502</span> http://auth.example.com/lmerror/<span class="nu0">502</span>
<span class="kw1">ErrorDocument</span> <span class="nu0">503</span> http://auth.example.com/lmerror/<span class="nu0">503</span></pre>
<ul>
<li class="level1"><div class="li"> Reload virtual host:</div>
</li>
@ -448,7 +453,7 @@ PerlModule Lemonldap::NG::Handler</pre>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
<span class="kw1">Allow</span> from 127.0.0.0/<span class="nu0">8</span>
<span class="kw1">SetHandler</span> perl-<span class="kw1">script</span>
PerlResponseHandler Lemonldap::NG::Handler-&gt;reload
PerlResponseHandler Lemonldap::NG::Handler::Apache2-&gt;reload
&lt;/<span class="kw3">Location</span>&gt;
&nbsp;
<span class="co1"># Uncomment this to activate status module</span>
@ -457,7 +462,7 @@ PerlModule Lemonldap::NG::Handler</pre>
<span class="co1"># Deny from all</span>
<span class="co1"># Allow from 127.0.0.0/8</span>
<span class="co1"># SetHandler perl-script</span>
<span class="co1"># PerlResponseHandler Lemonldap::NG::Handler-&gt;status</span>
<span class="co1"># PerlResponseHandler Lemonldap::NG::Handler::Apache2-&gt;status</span>
<span class="co1">#&lt;/Location&gt;</span>
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
@ -465,10 +470,10 @@ PerlModule Lemonldap::NG::Handler</pre>
<p>
Then, to protect a standard virtual host, the only configuration line to add is:
</p>
<pre class="code file apache">PerlHeaderParserHandler Lemonldap::NG::Handler</pre>
<pre class="code file apache">PerlHeaderParserHandler Lemonldap::NG::Handler::Apache2</pre>
</div>
<!-- EDIT9 SECTION "Handler" [10302-11660] -->
<!-- EDIT9 SECTION "Handler" [10552-11941] -->
<h2 class="sectionedit10" id="nginx">Nginx</h2>
<div class="level2">
<div class="noteimportant">LemonLDAP::NG does not manage Nginx configuration
@ -491,7 +496,7 @@ See <a href="confignginx.html" class="wikilink1" title="documentation:2.0:config
<div class="notewarning"><a href="fastcgiserver.html" class="wikilink1" title="documentation:2.0:fastcgiserver">LL::NG FastCGI</a> server must be loaded separately.
</div>
</div>
<!-- EDIT10 SECTION "Nginx" [11661-12114] -->
<!-- EDIT10 SECTION "Nginx" [11942-12395] -->
<h3 class="sectionedit11" id="portal1">Portal</h3>
<div class="level3">
@ -563,7 +568,7 @@ In Portal virtual host, you will find several configuration parts:
}</pre>
</div>
<!-- EDIT11 SECTION "Portal" [12115-13906] -->
<!-- EDIT11 SECTION "Portal" [12396-14187] -->
<h3 class="sectionedit12" id="manager2">Manager</h3>
<div class="level3">
@ -597,7 +602,7 @@ By default, configuration interface access is not protected by Nginx but by Lemo
</p>
</div>
<!-- EDIT12 SECTION "Manager" [13907-14652] -->
<!-- EDIT12 SECTION "Manager" [14188-14933] -->
<h3 class="sectionedit13" id="handler1">Handler</h3>
<div class="level3">
@ -608,11 +613,11 @@ Nginx handler is provided by the <a href="fastcgiserver.html" class="wikilink1"
<li class="level1"><div class="li"> Handle errors:</div>
</li>
</ul>
<pre class="code file nginx">error_page 403 http://auth.example.com/?lmError=403;
error_page 404 http://auth.example.com/?lmError=404;
error_page 500 http://auth.example.com/?lmError=500;
error_page 502 http://auth.example.com/?lmError=502;
error_page 503 http://auth.example.com/?lmError=503;</pre>
<pre class="code file nginx">error_page 403 http://auth.example.com/lmerror/403;
error_page 404 http://auth.example.com/lmerror/404;
error_page 500 http://auth.example.com/lmerror/500;
error_page 502 http://auth.example.com/lmerror/502;
error_page 503 http://auth.example.com/lmerror/503;</pre>
<ul>
<li class="level1"><div class="li"> Reload virtual host:</div>
</li>
@ -697,7 +702,7 @@ Then, to protect a standard virtual host, you must insert this (or create an inc
# Insert then your configuration (fastcgi_* or proxy_*)</pre>
</div>
<!-- EDIT13 SECTION "Handler" [14653-17739] -->
<!-- EDIT13 SECTION "Handler" [14934-18015] -->
<h2 class="sectionedit14" id="configuration_reload">Configuration reload</h2>
<div class="level2">
<div class="noteclassic">As Handlers keep configuration in cache, when configuration change, it should be updated in Handlers. An Apache restart will work, but LemonLDAP::NG offers the mean to reload them through an HTTP request. Configuration reload will then be effective in less than 10 minutes. If you want to change this timeout, set <code>checkTime = 240</code> in your lemonldap-ng.ini file <em>(values in seconds)</em>
@ -738,7 +743,7 @@ You also need to adjust the protection of the reload vhost, for example:
&lt;/<span class="kw3">Location</span>&gt;</pre>
</div>
<!-- EDIT14 SECTION "Configuration reload" [17740-20023] -->
<!-- EDIT14 SECTION "Configuration reload" [18016-20299] -->
<h2 class="sectionedit15" id="local_file">Local file</h2>
<div class="level2">
@ -772,6 +777,6 @@ For example, to override configured skin for portal:
<div class="notetip">You need to know the technical name of configuration parameter to do this. You can refer to <a href="parameterlist.html" class="wikilink1" title="documentation:2.0:parameterlist">parameter list</a> to find it.
</div>
</div>
<!-- EDIT15 SECTION "Local file" [20024-] --></div>
<!-- EDIT15 SECTION "Local file" [20300-] --></div>
</body>
</html>

2
doc/pages/documentation/current/docker.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:docker</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,docker"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="docker.html"/>

4
doc/pages/documentation/current/dos
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/dos?do=login&amp;sectok=df13de1d1df0e6da1b89ce87ded3ea23" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/dos?do=login&amp;sectok=0e94f56711d80a9e3559eb4fc980da70" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -241,7 +241,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Ados&amp;1543524736" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Ados&amp;1545299129" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

4
doc/pages/documentation/current/exploit
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/exploit?do=login&amp;sectok=df13de1d1df0e6da1b89ce87ded3ea23" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/exploit?do=login&amp;sectok=0e94f56711d80a9e3559eb4fc980da70" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -241,7 +241,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aexploit&amp;1543524736" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aexploit&amp;1545299129" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

2
doc/pages/documentation/current/forcereauthn.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:forcereauthn</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,forcereauthn"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="forcereauthn.html"/>

2
doc/pages/documentation/current/installdeb.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:installdeb</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,installdeb"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="installdeb.html"/>

2
doc/pages/documentation/current/installrpm.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:installrpm</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,installrpm"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="installrpm.html"/>

2
doc/pages/documentation/current/installsles.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:installsles</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,installsles"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="installsles.html"/>

2
doc/pages/documentation/current/installtarball.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:installtarball</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,installtarball"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="installtarball.html"/>

4
doc/pages/documentation/current/mitm
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/mitm?do=login&amp;sectok=df13de1d1df0e6da1b89ce87ded3ea23" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/mitm?do=login&amp;sectok=0e94f56711d80a9e3559eb4fc980da70" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -241,7 +241,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Amitm&amp;1543524736" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Amitm&amp;1545299129" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

2
doc/pages/documentation/current/mongodbconfbackend.html
View File

@ -131,7 +131,7 @@ connecting to: test
switched to db configuration
&gt; db.createCollection(&quot;configuration&quot;)
...
&gt; db.addUser({user:&quot;lluser&quot;,pwd:&quot;llpassword&quot;,roles:[&quot;readWrite&quot;]})
&gt; db.createUser({user:&quot;lluser&quot;,pwd:&quot;llpassword&quot;,roles:[&quot;readWrite&quot;]})
...
&gt; exit
bye

10
doc/pages/documentation/current/nodehandler.html
View File

@ -68,7 +68,7 @@
<div class="level1">
<p>
Since version 2.0, a beta Node.js handler is available on <a href="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler" class="urlextern" title="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler" rel="nofollow">GitHub</a>.
Since version 2.0, a beta Node.js handler is available on <a href="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler" class="urlextern" title="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler" rel="nofollow">GitHub</a> and <a href="https://www.npmjs.com/package/node-lemonldap-ng-handler" class="urlextern" title="https://www.npmjs.com/package/node-lemonldap-ng-handler" rel="nofollow">NPMJS</a>.
</p>
<p>
@ -76,7 +76,7 @@ Up-to-date documentation is available on GitHub.
</p>
</div>
<!-- EDIT1 SECTION "Node.js handler" [1-209] -->
<!-- EDIT1 SECTION "Node.js handler" [1-279] -->
<h2 class="sectionedit2" id="examples">Examples</h2>
<div class="level2">
@ -96,7 +96,7 @@ Up-to-date documentation is available on GitHub.
<span class="re1">nodeVhosts</span> <span class="sy0">=</span><span class="re2"> test.example.com, test2.example.com</span></pre>
</div>
<!-- EDIT2 SECTION "Examples" [210-731] -->
<!-- EDIT2 SECTION "Examples" [280-801] -->
<h3 class="sectionedit3" id="use_it_as_fastcgi_server_application_protection_only">Use it as FastCGI server (application protection only)</h3>
<div class="level3">
@ -158,7 +158,7 @@ handler.<span class="me1">nginxServer</span><span class="br0">&#40;</span><span
</dd></dl>
</div>
<!-- EDIT3 SECTION "Use it as FastCGI server (application protection only)" [732-1912] -->
<!-- EDIT3 SECTION "Use it as FastCGI server (application protection only)" [802-1982] -->
<h3 class="sectionedit4" id="use_it_to_protect_an_express_app">Use it to protect an express app</h3>
<div class="level3">
<dl class="file">
@ -188,6 +188,6 @@ app.<span class="me1">listen</span><span class="br0">&#40;</span><span class="nu
</dd></dl>
</div>
<!-- EDIT4 SECTION "Use it to protect an express app" [1913-] --></div>
<!-- EDIT4 SECTION "Use it to protect an express app" [1983-] --></div>
</body>
</html>

2
doc/pages/documentation/current/notifications.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:notifications</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,notifications"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="notifications.html"/>

2
doc/pages/documentation/current/parameterlist.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:parameterlist</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,parameterlist"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="parameterlist.html"/>

14
doc/pages/documentation/current/plugincustom.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:plugincustom</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,plugincustom"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="plugincustom.html"/>
@ -130,19 +130,23 @@ extends <span class="st_h">'Lemonldap::NG::Portal::Main::Plugin'</span><span cla
<a href="http://perldoc.perl.org/functions/return.html"><span class="kw3">return</span></a> PE_OK<span class="sy0">;</span>
<span class="br0">&#125;</span>
<span class="kw2">sub</span> hello <span class="br0">&#123;</span>
<span class="kw1">my</span> <span class="br0">&#40;</span><span class="re0">$self</span><span class="sy0">,</span> <span class="re0">$req</span><span class="br0">&#41;</span> <span class="sy0">=</span> <span class="co5">@_</span><span class="sy0">;</span>
<span class="kw1">my</span> <span class="br0">&#40;</span><span class="re0">$self</span><span class="sy0">,</span> <span class="re0">$req</span><span class="br0">&#41;</span> <span class="sy0">=</span> <span class="co5">@_</span><span class="sy0">;</span>
<span class="sy0">...</span>
<a href="http://perldoc.perl.org/functions/return.html"><span class="kw3">return</span></a> <span class="re0">$self</span><span class="sy0">-&gt;</span><span class="me1">p</span><span class="sy0">-&gt;</span><span class="me1">sendJSONresponse</span><span class="br0">&#40;</span><span class="re0">$req</span><span class="sy0">,</span> <span class="br0">&#123;</span> hello <span class="sy0">=&gt;</span> <span class="nu0">1</span> <span class="br0">&#125;</span><span class="br0">&#41;</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
<span class="kw2">sub</span> welcome <span class="br0">&#123;</span>
<span class="kw1">my</span> <span class="br0">&#40;</span><span class="re0">$self</span><span class="sy0">,</span> <span class="re0">$req</span><span class="br0">&#41;</span> <span class="sy0">=</span> <span class="co5">@_</span><span class="sy0">;</span>
<span class="kw1">my</span> <span class="br0">&#40;</span><span class="re0">$self</span><span class="sy0">,</span> <span class="re0">$req</span><span class="br0">&#41;</span> <span class="sy0">=</span> <span class="co5">@_</span><span class="sy0">;</span>
&nbsp;
<span class="kw1">my</span> <span class="re0">$userid</span> <span class="sy0">=</span> <span class="re0">$req</span><span class="sy0">-&gt;</span><span class="me1">user</span><span class="sy0">;</span>
<span class="re0">$self</span><span class="sy0">-&gt;</span><span class="me1">p</span><span class="sy0">-&gt;</span><span class="me1">logger</span><span class="sy0">-&gt;</span><span class="me1">debug</span><span class="br0">&#40;</span><span class="st0">&quot;Call welcome for $userid&quot;</span><span class="br0">&#41;</span><span class="sy0">;</span>
&nbsp;
<span class="sy0">...</span>
<a href="http://perldoc.perl.org/functions/return.html"><span class="kw3">return</span></a> <span class="re0">$self</span><span class="sy0">-&gt;</span><span class="me1">p</span><span class="sy0">-&gt;</span><span class="me1">sendHtml</span><span class="br0">&#40;</span><span class="re0">$req</span><span class="sy0">,</span> <span class="st_h">'template'</span><span class="sy0">,</span> params <span class="sy0">=&gt;</span> <span class="br0">&#123;</span> WELCOME <span class="sy0">=&gt;</span> <span class="nu0">1</span> <span class="br0">&#125;</span><span class="br0">&#41;</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
<span class="nu0">1</span><span class="sy0">;</span></pre>
</div>
<!-- EDIT4 SECTION "Plugin Perl module" [816-1767] -->
<!-- EDIT4 SECTION "Plugin Perl module" [816-1917] -->
<h3 class="sectionedit5" id="configuration">Configuration</h3>
<div class="level3">
@ -155,6 +159,6 @@ customPlugins <span class="sy0">=</span> Lemonldap<span class="sy0">::</span><sp
<span class="sy0">;</span>customPlugins <span class="sy0">=</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">MyPlugin1</span><span class="sy0">,</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">MyPlugin2</span><span class="sy0">,</span> <span class="sy0">...</span></pre>
</div>
<!-- EDIT5 SECTION "Configuration" [1768-] --></div>
<!-- EDIT5 SECTION "Configuration" [1918-] --></div>
</body>
</html>

37
doc/pages/documentation/current/portalcustom.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:portalcustom</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,portalcustom"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="portalcustom.html"/>
@ -58,6 +58,7 @@
<li class="level2"><div class="li"><a href="#skin_files">Skin files</a></div></li>
<li class="level2"><div class="li"><a href="#skin_customization">Skin customization</a></div></li>
<li class="level2"><div class="li"><a href="#messages">Messages</a></div></li>
<li class="level2"><div class="li"><a href="#menu_tabs">Menu tabs</a></div></li>
<li class="level2"><div class="li"><a href="#template_parameters">Template parameters</a></div></li>
<li class="level1"><div class="li"><a href="#buttons">Buttons</a></div></li>
<li class="level1"><div class="li"><a href="#password_management">Password management</a></div></li>
@ -282,8 +283,24 @@ Messages are defined in source code. If they really do not please you, override
</div>
</div>
<!-- EDIT10 SECTION "Messages" [4400-5041] -->
<h3 class="sectionedit11" id="template_parameters">Template parameters</h3>
<!-- EDIT10 SECTION "Messages" [4400-5042] -->
<h3 class="sectionedit11" id="menu_tabs">Menu tabs</h3>
<div class="level3">
<p>
If you modify the menu template to add some tabs, you should add the new tabs in `customMenuTabs` parameter in lemonldap-ng.ini:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
&nbsp;
<span class="re1">customMenuTabs</span> <span class="sy0">=</span><span class="re2"> test, test2</span></pre>
<p>
This will one allow to display the tab directly with this <abbr title="Uniform Resource Locator">URL</abbr>: <a href="http://auth.example.com/?tab=test" class="urlextern" title="http://auth.example.com/?tab=test" rel="nofollow">http://auth.example.com/?tab=test</a>
</p>
</div>
<!-- EDIT11 SECTION "Menu tabs" [5043-5349] -->
<h3 class="sectionedit12" id="template_parameters">Template parameters</h3>
<div class="level3">
<p>
@ -305,8 +322,8 @@ All session variables are also available in templates, with the prefix “sessio
<pre class="code file html4strict">Hello <span class="sc2">&lt;TMPL_VAR <span class="kw3">NAME</span><span class="sy0">=</span><span class="st0">&quot;session_cn&quot;</span>&gt;</span>!</pre>
</div>
<!-- EDIT11 SECTION "Template parameters" [5042-5552] -->
<h2 class="sectionedit12" id="buttons">Buttons</h2>
<!-- EDIT12 SECTION "Template parameters" [5350-5861] -->
<h2 class="sectionedit13" id="buttons">Buttons</h2>
<div class="level2">
<p>
@ -322,8 +339,8 @@ This node allows one to enable/disable buttons on the login page:
</ul>
</div>
<!-- EDIT12 SECTION "Buttons" [5553-6069] -->
<h2 class="sectionedit13" id="password_management">Password management</h2>
<!-- EDIT13 SECTION "Buttons" [5862-6378] -->
<h2 class="sectionedit14" id="password_management">Password management</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> <strong>Require old password</strong>: used only in the password changing module of the menu, will check the old password before updating it</div>
@ -335,8 +352,8 @@ This node allows one to enable/disable buttons on the login page:
</ul>
</div>
<!-- EDIT13 SECTION "Password management" [6070-6520] -->
<h2 class="sectionedit14" id="other_parameters">Other parameters</h2>
<!-- EDIT14 SECTION "Password management" [6379-6829] -->
<h2 class="sectionedit15" id="other_parameters">Other parameters</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> <strong>User attribute</strong>: which session attribute will be used to display <code>Connected as</code> in the menu</div>
@ -354,6 +371,6 @@ This node allows one to enable/disable buttons on the login page:
</ul>
</div>
<!-- EDIT14 SECTION "Other parameters" [6521-] --></div>
<!-- EDIT15 SECTION "Other parameters" [6830-] --></div>
</body>
</html>

14
doc/pages/documentation/current/portalservers.html
View File

@ -53,7 +53,7 @@
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#rest">REST</a></div></li>
<li class="level2"><div class="li"><a href="#soap">SOAP</a></div></li>
<li class="level2"><div class="li"><a href="#soapdeprecated">SOAP //(deprecated)//</a></div></li>
</ul></li>
</ul>
</div>
@ -69,7 +69,7 @@
<div class="level2">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> portal can be configured as REST or SOAP server, for several usage:
<abbr title="LemonLDAP::NG">LL::NG</abbr> portal can be configured as REST or <em>(deprecated)</em> SOAP server, for several usage:
</p>
<ul>
<li class="level1"><div class="li"> Configuration sharing</div>
@ -81,12 +81,12 @@
</ul>
</div>
<!-- EDIT2 SECTION "Presentation" [34-213] -->
<!-- EDIT2 SECTION "Presentation" [34-230] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [214-240] -->
<!-- EDIT3 SECTION "Configuration" [231-257] -->
<h3 class="sectionedit4" id="rest">REST</h3>
<div class="level3">
@ -107,8 +107,8 @@ See also <a href="restservices.html" class="wikilink1" title="documentation:2.0:
</p>
</div>
<!-- EDIT4 SECTION "REST" [241-565] -->
<h3 class="sectionedit5" id="soap">SOAP</h3>
<!-- EDIT4 SECTION "REST" [258-582] -->
<h3 class="sectionedit5" id="soapdeprecated">SOAP //(deprecated)//</h3>
<div class="level3">
<p>
@ -128,6 +128,6 @@ See also <a href="soapservices.html" class="wikilink1" title="documentation:2.0:
</p>
</div>
<!-- EDIT5 SECTION "SOAP" [566-] --></div>
<!-- EDIT5 SECTION "SOAP //(deprecated)//" [583-] --></div>
</body>
</html>

14
doc/pages/documentation/current/psgi.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:psgi</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,psgi"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="psgi.html"/>
@ -182,10 +182,10 @@ There are also some other psgi files in examples directory.
<td class="col0 centeralign"> -e </td><td class="col1 centeralign"> engine </td><td class="col2 centeralign"> ENGINE </td><td class="col3"> Plack::Handler engine, default to FCGI <em>(see below)</em> </td>
</tr>
<tr class="row10 roweven">
<td class="col0 leftalign"> </td><td class="col1 centeralign"> plackOptions </td><td class="col2 leftalign"> </td><td class="col3"> Other options to path to Plack. Can bu multi-valued. Values must look like <code>key=value</code> </td>
<td class="col0 leftalign"> </td><td class="col1 centeralign"> plackOptions </td><td class="col2 leftalign"> </td><td class="col3"> Other options to path to Plack. Can bu multi-valued. Values must look like <code>key=value</code> </td>
</tr>
</table></div>
<!-- EDIT4 TABLE [2210-2981] -->
<!-- EDIT4 TABLE [2210-2983] -->
<p>
See <code>llng-fastcgi-server(1)</code> manpage.
</p>
@ -199,7 +199,7 @@ See <code>llng-fastcgi-server(1)</code> manpage.
FCGI with FCGI::ProcManager::Constrained
</p>
<pre class="code shell">llng-fastcgi-server -u nobody -g nobody -s /run/llng.sock -n 10 -e FCGI \
--plackOptions manager=FCGI::ProcManager::Constrained</pre>
--plackOptions=--manager=FCGI::ProcManager::Constrained</pre>
<p>
FCGI::Engine::ProcManager
@ -208,7 +208,7 @@ FCGI::Engine::ProcManager
-e FCGI::Engine::ProcManager</pre>
</div>
<!-- EDIT3 SECTION "LLNG FastCGI Server" [2111-3420] -->
<!-- EDIT3 SECTION "LLNG FastCGI Server" [2111-3424] -->
<h3 class="sectionedit5" id="using_uwsgi">Using uWSGI</h3>
<div class="level3">
@ -239,7 +239,7 @@ Then adapt your Nginx configuration to use this uWSGI app.
</p>
</div>
<!-- EDIT5 SECTION "Using uWSGI" [3421-4278] -->
<!-- EDIT5 SECTION "Using uWSGI" [3425-4282] -->
<h2 class="sectionedit6" id="protect_a_psgi_application">Protect a PSGI application</h2>
<div class="level2">
@ -283,6 +283,6 @@ builder <span class="br0">&#123;</span>
</dd></dl>
</div>
<!-- EDIT6 SECTION "Protect a PSGI application" [4279-] --></div>
<!-- EDIT6 SECTION "Protect a PSGI application" [4283-] --></div>
</body>
</html>

5
doc/pages/documentation/current/restconfbackend.html
View File

@ -110,7 +110,10 @@ location /index.psgi/config {
Change configuration in lemonldap-ng.ini :
</p>
<pre class="code file ini"><span class="re1">type</span> <span class="sy0">=</span><span class="re2"> REST</span>
<span class="re1">baseUrl</span> <span class="sy0">=</span><span class="re2"> https://auth.example.com/index.fcgi/config</span></pre>
<span class="co0">; Apache</span>
<span class="re1">baseUrl</span> <span class="sy0">=</span><span class="re2"> https://auth.example.com/index.fcgi/config</span>
<span class="co0">; Nginx</span>
<span class="re1">baseUrl</span> <span class="sy0">=</span><span class="re2"> https://auth.example.com/index.psgi/config</span></pre>
<p>
You can also add some other parameters

254
doc/pages/documentation/current/restserverplugin
View File

@ -1,254 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<title>documentation:2.0:restserverplugin [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="/lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="/lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<link type="text/css" rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootswatch/3.3.4/flatly/bootstrap.min.css" />
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,follow"/>
<meta name="keywords" content="documentation,2.0,restserverplugin"/>
<link rel="search" type="application/opensearchdescription+xml" href="/lib/exe/opensearch.php" title="LemonLDAP::NG"/>
<link rel="start" href="/"/>
<link rel="contents" href="/documentation/2.0/restserverplugin?do=index" title="Sitemap"/>
<link rel="alternate" type="application/rss+xml" title="Recent changes" href="/feed.php"/>
<link rel="alternate" type="application/rss+xml" title="Current namespace" href="/feed.php?mode=list&amp;ns=documentation:2.0"/>
<link rel="alternate" type="text/html" title="Plain HTML" href="/_export/xhtml/documentation/2.0/restserverplugin"/>
<link rel="alternate" type="text/plain" title="Wiki Markup" href="/_export/raw/documentation/2.0/restserverplugin"/>
<link rel="stylesheet" type="text/css" href="/lib/exe/css.php?t=bootstrap3&amp;tseed=68165aeb4a485b8d6b99b5c80ffc4981"/>
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:restserverplugin","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="/lib/exe/js.php?tseed=68165aeb4a485b8d6b99b5c80ffc4981&amp;template=bootstrap3"></script>
<script type="text/javascript" src="/lib/tpl/bootstrap3/assets/bootstrap/js/bootstrap.min.js"></script>
<style type="text/css">
body { padding-top: 20px; }
</style>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script type="text/javascript" src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script type="text/javascript" src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body class="flatly page-on-panel">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__site" class="container">
<div id="dokuwiki__top" class="site dokuwiki mode_show tpl_bootstrap3 notFound hasSidebar">
<!-- header -->
<div id="dokuwiki__header">
<nav class="navbar navbar-default" role="navigation">
<div class="container-fluid">
<div class="navbar-header">
<button class="navbar-toggle" type="button" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href="/start" accesskey="h" title="[H]" class="navbar-brand"><img src="/_media/wiki/logo.png" alt="LemonLDAP::NG" class="pull-left" id="dw__logo" width="20" height="20" /> <span id="dw__title" >LemonLDAP::NG</span></a>
</div>
<div class="collapse navbar-collapse">
<ul class="nav navbar-nav" id="dw__navbar">
<!-- <li>
<a href="/start" ><i class="glyphicon glyphicon-home"></i> Home</a></li> -->
<li>
<a href="/download" ><i class="glyphicon glyphicon-download"></i> Download</a></li>
<li>
<a href="/documentation" ><i class="glyphicon glyphicon-book"></i> Documentation</a></li>
<li>
<a href="/screenshots" ><i class="glyphicon glyphicon-picture"></i> Screenshots</a></li>
<li class="dropdown ">
<a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-question-sign"></span> Contact <b class="caret"></b></a>
<ul class="dropdown-menu">
<li><a href="/contact" ><i class="glyphicon glyphicon-envelope"></i> Mails, IRC and more</a></li>
<li><a href="/team" ><i class="glyphicon glyphicon-user"></i> The team</a></li>
<li><a href="/professionalservices" ><i class="glyphicon glyphicon-briefcase"></i> Professional Services</a></li>
<li><a href="/references" ><i class="glyphicon glyphicon-sunglasses"></i> References</a></li>
<li><a href="/sponsors" ><i class="glyphicon glyphicon-piggy-bank"></i> Sponsors</a></li>
</ul>
</li>
</ul>
<div class="navbar-right">
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=df13de1d1df0e6da1b89ce87ded3ea23" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
</div>
</div>
</nav>
</div>
<!-- /header -->
<div id="dw__breadcrumbs">
<hr/>
<div class="breadcrumb"><span class="bchead">You are here: </span><span class="home"><bdi><a href="/start" class="wikilink1" title="start">start</a></bdi></span> » <bdi><a href="/documentation" class="wikilink1" title="documentation">documentation</a></bdi> » <bdi><a href="/documentation/2.0/start" class="wikilink1" title="documentation:2.0:start">2.0</a></bdi> » <bdi><span class="curid"><a href="/documentation/2.0/restserverplugin" class="wikilink2" title="documentation:2.0:restserverplugin" rel="nofollow">restserverplugin</a></span></bdi></div>
<hr/>
</div>
<p class="pageId text-right">
<span class="label label-default">documentation:2.0:restserverplugin</span>
</p>
<div id="dw__msgarea">
</div>
<main class="main row" role="main">
<!-- ********** CONTENT ********** -->
<article id="dokuwiki__content" class="col-sm-9 col-md-10 " >
<div class="panel panel-default" >
<div class="page group panel-body">
<div class="pull-right hidden-print" data-spy="affix" data-offset-top="150" style="z-index:1024; top:10px; right:10px;">
</div>
<!-- wikipage start -->
<h1 class="sectionedit1" id="this_topic_does_not_exist_yet">This topic does not exist yet</h1>
<div class="level1">
<p>
You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissions allow, you may create it by clicking on “Create this page”.
</p>
</div>
<!-- wikipage stop -->
</div>
</div>
</article>
<!-- ********** ASIDE ********** -->
<aside id="dokuwiki__aside" class="dw__sidebar col-sm-3 col-md-2 hidden-print">
<div class="content">
<div class="toogle hidden-lg hidden-md hidden-sm" data-toggle="collapse" data-target="#dokuwiki__aside .collapse">
<i class="glyphicon glyphicon-th-list"></i> Sidebar </div>
<div class="collapse in">
<p>
<div class="text-center">
</p>
<h3 class="sectionedit1" id="hosted_by">Hosted by</h3>
<div class="level3">
<p>
<a href="http://www.ow2.org" class="media" title="http://www.ow2.org" rel="nofollow"><img src="/_media/logos/ow2.png?w=150&amp;tok=b7af43" class="mediacenter" alt="" width="150" /></a>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT1 SECTION "Hosted by" [40-174] -->
<h3 class="sectionedit2" id="certifications">Certifications</h3>
<div class="level3">
<p>
<a href="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" class="media" title="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" rel="nofollow"><img src="/_media/applications/franceconnect_logo.png" class="mediacenter" alt="" /></a>
<strong>France Connect</strong>
</p>
<p>
<a href="https://fusioniam.org" class="media" title="https://fusioniam.org" rel="nofollow"><img src="/_media/logos/fusioniam_logo_icon_dragon_circle.png" class="mediacenter" alt="" /></a>
<strong>FusionIAM projet member</strong>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT2 SECTION "Certifications" [175-534] -->
<h3 class="sectionedit3" id="awards">Awards</h3>
<div class="level3">
<p>
<a href="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" class="media" title="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" rel="nofollow"><img src="/_media/logos/ow2.png?w=150&amp;tok=b7af43" class="mediacenter" alt="" width="150" /></a>
<strong>OW2con&#039;14 Community Award</strong>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
<p>
<script type="text/javascript" src="http://www.openhub.net/p/12421/widgets/project_users.js?style=blue"></script>
</div>
</p>
<script type='text/javascript'>
var ab_h = '321e562442494652658acbc3fd84ec80';
var ab_s = '6ca5df30810665e075f684a87e742175';
</script>
<script type='text/javascript' src='http://cdn1.adbard.net/js/ab1.js'></script>
</div>
<!-- EDIT3 SECTION "Awards" [535-] --> </div>
</div>
</aside>
</main>
<footer id="dokuwiki__footer" class="small hidden-print">
<a href="javascript:void(0)" class="back-to-top hidden-print btn btn-default btn-sm" title="skip to content>" id="back-to-top"><i class="glyphicon glyphicon-chevron-up"></i></a>
<div class="text-center">
<p id="dw__license">
<div class="license">Except where otherwise noted, content on this wiki is licensed under the following license: <bdi><a href="http://creativecommons.org/licenses/by-nc-sa/3.0/" rel="license" class="urlextern">CC Attribution-Noncommercial-Share Alike 3.0 Unported</a></bdi></div> </p>
</div>
</footer>
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1543524705" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
<span class="visible-md"></span>
<span class="visible-lg"></span>
</div>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

2
doc/pages/documentation/current/samlservice.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:samlservice</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,samlservice"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="samlservice.html"/>

47
doc/pages/documentation/current/security.html
View File

@ -157,21 +157,22 @@ To protect the manager by <abbr title="LemonLDAP::NG">LL::NG</abbr>, you just ha
LLNG portal now embeds the following features:
</p>
<ul>
<li class="level1"><div class="li"> <a href="https://en.wikipedia.org/wiki/Cross-site_request_forgery" class="urlextern" title="https://en.wikipedia.org/wiki/Cross-site_request_forgery" rel="nofollow">CSRF</a> protection <em>(Cross-Site Request Forgery)</em>: a token is build for each form. To disable it, set requireToken to 0 <em>(portal security parameters in the manager)</em>. Token timeout can be defined via manager (default to 120 seconds),</div>
<li class="level1"><div class="li"> <a href="https://en.wikipedia.org/wiki/Cross-site_request_forgery" class="urlextern" title="https://en.wikipedia.org/wiki/Cross-site_request_forgery" rel="nofollow">CSRF</a> protection <em>(Cross-Site Request Forgery)</em>: a token is build for each form. To disable it, set &#039;require Token for forms&#039; to Off <em>(portal security parameters in the manager)</em>. Token timeout can be defined via manager (default to 120 seconds),</div>
</li>
<li class="level1"><div class="li"> <a href="https://en.wikipedia.org/wiki/Content_Security_Policy" class="urlextern" title="https://en.wikipedia.org/wiki/Content_Security_Policy" rel="nofollow">Content-Security-Policy</a> header: portal build dynamically this header. You can modify default values in the manager <em>(Général parameters » Advanced parameters » Security » Content-Security-Policy)</em>.</div>
<li class="level1"><div class="li"> <a href="https://en.wikipedia.org/wiki/Content_Security_Policy" class="urlextern" title="https://en.wikipedia.org/wiki/Content_Security_Policy" rel="nofollow">Content-Security-Policy</a> header: portal builds dynamically this header. You can modify default values in the manager <em>(Général parameters » Advanced parameters » Security » Content-Security-Policy)</em>.</div>
</li>
<li class="level1"><div class="li"> <a href="https://en.wikipedia.org/wiki/Brute-force_attack" class="urlextern" title="https://en.wikipedia.org/wiki/Brute-force_attack" rel="nofollow">Brute-force attack</a> protection: after some failed logins, user must wait before re-try to log into Portal.</div>
</li>
</ul>
<div class="noteimportant">* Brute-force attack protection is DISABLED by default
<p>
* Browser implementations of form Action directive are inconsistent (e.g. Firefox doesn&#039;t block the redirects whereas Chrome does). Administrators may have to modify form Action value with wildcard likes *.
* Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn&#039;t block the redirects whereas Chrome does).
Administrators may have to modify formAction value with wildcard likes *.
</p>
</div>
</div>
<!-- EDIT6 SECTION "Portal" [2106-3191] -->
<!-- EDIT6 SECTION "Portal" [2106-3211] -->
<h3 class="sectionedit7" id="split_portal_when_using_soaprest">Split portal when using SOAP/REST</h3>
<div class="level3">
@ -180,12 +181,12 @@ If you use <a href="soapsessionbackend.html" class="wikilink1" title="documentat
</p>
</div>
<!-- EDIT7 SECTION "Split portal when using SOAP/REST" [3192-3382] -->
<!-- EDIT7 SECTION "Split portal when using SOAP/REST" [3212-3402] -->
<h2 class="sectionedit8" id="write_good_rules">Write good rules</h2>
<div class="level2">
</div>
<!-- EDIT8 SECTION "Write good rules" [3383-3412] -->
<!-- EDIT8 SECTION "Write good rules" [3403-3432] -->
<h3 class="sectionedit9" id="order_your_rules">Order your rules</h3>
<div class="level3">
@ -218,7 +219,7 @@ For example, if these rules are used without comments:
<td class="col0"> ^/pub/ </td><td class="col1"> accept </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT10 TABLE [3826-3936] -->
<!-- EDIT10 TABLE [3846-3956] -->
<p>
Then the second rule will be applied first, so every authenticated user will access to <code>/pub/admin</code> directory.
</p>
@ -239,7 +240,7 @@ Use comment to correct this:
<td class="col0"> ^/pub/ </td><td class="col1"> accept </td><td class="col2"> 2_pub </td>
</tr>
</table></div>
<!-- EDIT11 TABLE [4081-4205] --><div class="notetip"><ul>
<!-- EDIT11 TABLE [4101-4225] --><div class="notetip"><ul>
<li class="level1"><div class="li"> Reload the Manager to see the effective order</div>
</li>
<li class="level1"><div class="li"> Use rule comments to order your rules</div>
@ -248,7 +249,7 @@ Use comment to correct this:
</div>
</div>
<!-- EDIT9 SECTION "Order your rules" [3413-4318] -->
<!-- EDIT9 SECTION "Order your rules" [3433-4338] -->
<h3 class="sectionedit12" id="be_careful_with_url_parameters">Be careful with URL parameters</h3>
<div class="level3">
@ -272,7 +273,7 @@ For example with this rule on the <code>access</code> parameter:
<td class="col0"> default </td><td class="col1"> accept </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT13 TABLE [4555-4689] -->
<!-- EDIT13 TABLE [4575-4709] -->
<p>
Then a user that try to access to one of the following <em class="u">will be granted</em> !
</p>
@ -302,11 +303,11 @@ You can use the following rules instead:
<td class="col0"> default </td><td class="col1"> accept </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT14 TABLE [4887-5090] --><div class="notetip"><strong>(?i)</strong> means case no sensitive.
<!-- EDIT14 TABLE [4907-5110] --><div class="notetip"><strong>(?i)</strong> means case no sensitive.
</div><div class="notewarning">Remember that rules written on GET parameters must be tested.
</div>
</div>
<!-- EDIT12 SECTION "Be careful with URL parameters" [4319-5227] -->
<!-- EDIT12 SECTION "Be careful with URL parameters" [4339-5247] -->
<h3 class="sectionedit15" id="encoded_characters">Encoded characters</h3>
<div class="level3">
@ -315,7 +316,7 @@ Some characters are encoded in URLs by the browser (such as space,…). To avoid
</p>
</div>
<!-- EDIT15 SECTION "Encoded characters" [5228-5475] -->
<!-- EDIT15 SECTION "Encoded characters" [5248-5495] -->
<h2 class="sectionedit16" id="secure_reverse-proxies">Secure reverse-proxies</h2>
<div class="level2">
@ -361,7 +362,7 @@ It is recommended to secure the channel between reverse-proxies and application
</ul>
</div>
<!-- EDIT16 SECTION "Secure reverse-proxies" [5476-7144] -->
<!-- EDIT16 SECTION "Secure reverse-proxies" [5496-7164] -->
<h2 class="sectionedit17" id="configure_security_settings">Configure security settings</h2>
<div class="level2">
@ -385,12 +386,20 @@ Go in Manager, <code>General parameters</code> » <code>Advanced parameters</cod
</li>
<li class="level1"><div class="li"> <strong>Brute-Force Attack protection</strong>: set to &#039;On&#039; to enable it. The aim of a brute force attack is to gain access to user accounts by repeatedly trying to guess the password of a user. If it is disabled, automated tools may submit thousands of password attempts in a matter of seconds, making it easy for an attacker to beat a password-based authentication system.</div>
</li>
<li class="level1"><div class="li"> <strong>LWP::UserAgent SSL options</strong>: insert here options to pass to LWP::UserAgent object (used by <abbr title="Security Assertion Markup Language">SAML</abbr> or OpenID-Connect to query partners). Example: <code>verify_hostname ⇒ 0</code>, <code>SSL_verify_mode ⇒ 0</code></div>
<li class="level1"><div class="li"> <strong>LWP::UserAgent and SSL options</strong>: insert here options to pass to LWP::UserAgent object (used by <abbr title="Security Assertion Markup Language">SAML</abbr> or OpenID-Connect to query partners). Example: <code>verify_hostname ⇒ 0</code>, <code>SSL_verify_mode ⇒ 0</code></div>
</li>
<li class="level1"><div class="li"> <strong>Content Security Policy</strong>: Portal builds dynamically this header. You can modify default values. Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn&#039;t block the redirects whereas Chrome does). Administrators may have to modify formAction value with wildcard likes *.</div>
</li>
<li class="level1"><div class="li"> <strong>Required token for forms</strong>: To prevent CSRF attack, a token is build for each form. To disable it, set this parameter to &#039;Off&#039;.</div>
</li>
<li class="level1"><div class="li"> <strong>Form timeout</strong>: Form token timeout (default to 120 seconds)</div>
</li>
<li class="level1"><div class="li"> <strong>Use global storage</strong>: Local cache is used by default for one time tokens. To use global storage, set it to &#039;On&#039;</div>
</li>
</ul>
</div>
<!-- EDIT17 SECTION "Configure security settings" [7145-8845] -->
<!-- EDIT17 SECTION "Configure security settings" [7165-9494] -->
<h2 class="sectionedit18" id="fail2ban">Fail2ban</h2>
<div class="level2">
@ -442,7 +451,7 @@ Restart fail2ban
</p>
</div>
<!-- EDIT18 SECTION "Fail2ban" [8846-9900] -->
<!-- EDIT18 SECTION "Fail2ban" [9495-10549] -->
<h2 class="sectionedit19" id="sessions_identifier">Sessions identifier</h2>
<div class="level2">
@ -455,7 +464,7 @@ We recommend to use : <code>Lemonldap::NG::Common::Apache::Session::Generate::SH
</p>
</div>
<!-- EDIT19 SECTION "Sessions identifier" [9901-10163] -->
<!-- EDIT19 SECTION "Sessions identifier" [10550-10812] -->
<h2 class="sectionedit20" id="saml">SAML</h2>
<div class="level2">
@ -464,6 +473,6 @@ See <a href="samlservice.html#security_parameters" class="wikilink1" title="docu
</p>
</div>
<!-- EDIT20 SECTION "SAML" [10164-] --></div>
<!-- EDIT20 SECTION "SAML" [10813-] --></div>
</body>
</html>

16
doc/pages/documentation/current/soapconfbackend.html
View File

@ -59,21 +59,22 @@
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="soap_configuration_backend">SOAP configuration backend</h1>
<h1 class="sectionedit1" id="soap_configuration_backend_deprecated">SOAP configuration backend (deprecated)</h1>
<div class="level1">
<p>
You can share your configuration over the network using SOAP proxy system.
</p>
<div class="notetip">Note that SOAP is not a real configuration backend, but just a proxy system to access to your configuration over the network
</div><div class="noteimportant">SOAP has been deprecated. Prefer to use <a href="restconfbackend.html" class="wikilink1" title="documentation:2.0:restconfbackend">REST configuration backend</a>
</div>
</div>
<!-- EDIT1 SECTION "SOAP configuration backend" [1-261] -->
<!-- EDIT1 SECTION "SOAP configuration backend (deprecated)" [1-384] -->
<h2 class="sectionedit2" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT2 SECTION "Configuration" [262-288] -->
<!-- EDIT2 SECTION "Configuration" [385-411] -->
<h3 class="sectionedit3" id="first_configure_your_real_backend">First, configure your real backend</h3>
<div class="level3">
<ul>
@ -102,7 +103,7 @@ location /index.psgi/config {
}</pre>
</div>
<!-- EDIT3 SECTION "First, configure your real backend" [289-1109] -->
<!-- EDIT3 SECTION "First, configure your real backend" [412-1232] -->
<h3 class="sectionedit4" id="next_configure_soap_for_your_remote_servers">Next, configure SOAP for your remote servers</h3>
<div class="level3">
@ -110,7 +111,10 @@ location /index.psgi/config {
Change configuration in lemonldap-ng.ini :
</p>
<pre class="code file ini"><span class="re1">type</span> <span class="sy0">=</span><span class="re2"> SOAP</span>
<span class="re1">proxy</span> <span class="sy0">=</span><span class="re2"> https://auth.example.com/index.fcgi/config</span></pre>
<span class="co0">; Apache</span>
<span class="re1">proxy</span> <span class="sy0">=</span><span class="re2"> https://auth.example.com/index.fcgi/config</span>
<span class="co0">; Nginx</span>
<span class="re1">proxy</span> <span class="sy0">=</span><span class="re2"> https://auth.example.com/index.pcgi/config</span></pre>
<p>
You can also add some other parameters
@ -121,6 +125,6 @@ You can also add some other parameters
<span class="re1">proxyOptions</span> <span class="sy0">=</span><span class="re2"> <span class="br0">&#123;</span> timeout <span class="sy0">=</span>&gt; 5 <span class="br0">&#125;</span></span></pre>
</div>
<!-- EDIT4 SECTION "Next, configure SOAP for your remote servers" [1110-] --></div>
<!-- EDIT4 SECTION "Next, configure SOAP for your remote servers" [1233-] --></div>
</body>
</html>

8
doc/pages/documentation/current/soapservices.html
View File

@ -44,7 +44,7 @@
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="soap_services">SOAP services</h1>
<h1 class="sectionedit1" id="soap_services_deprecated">SOAP services (deprecated)</h1>
<div class="level1">
<p>
@ -52,7 +52,7 @@
</p>
</div>
<!-- EDIT1 SECTION "SOAP services" [1-172] -->
<!-- EDIT1 SECTION "SOAP services (deprecated)" [1-185] -->
<h2 class="sectionedit2" id="portal_soap_services">Portal SOAP services</h2>
<div class="level2">
@ -101,7 +101,7 @@ SOAP functions are not accessible by network by default. SOAP functions are prot
</div>
</div>
<!-- EDIT2 SECTION "Portal SOAP services" [173-1700] -->
<!-- EDIT2 SECTION "Portal SOAP services" [186-1713] -->
<h2 class="sectionedit3" id="wsdl">WSDL</h2>
<div class="level2">
@ -110,6 +110,6 @@ You can enable WSDL server in the manager. It will deliver WSDL file (/portal.ws
</p>
</div>
<!-- EDIT3 SECTION "WSDL" [1701-] --></div>
<!-- EDIT3 SECTION "WSDL" [1714-] --></div>
</body>
</html>

49
doc/pages/documentation/current/start.html
View File

@ -435,10 +435,7 @@
<h4 id="attacks_and_protection">Attacks and Protection</h4>
<div class="level4">
<div class="notetip"><ul>
<li class="level1"><div class="li"> To learn or find out more about security, go to <a href="security.html" class="wikilink1" title="documentation:2.0:security">Security</a> documentation</div>
</li>
</ul>
<div class="notetip">To learn or find out more about security, go to <a href="security.html" class="wikilink1" title="documentation:2.0:security">Security</a> documentation
</div>
<p>
@ -480,7 +477,7 @@
<td class="col0"> <a href="safejail.html" class="wikilink1" title="documentation:2.0:safejail">XSS</a> </td><td class="col1 centeralign"></td><td class="col2 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT12 TABLE [5913-6427] -->
<!-- EDIT12 TABLE [5908-6422] -->
<p>
</div></div>
</p>
@ -538,7 +535,7 @@
<td class="col0"> <a href="restservices.html" class="wikilink1" title="documentation:2.0:restservices">REST services</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1"> REST server for <a href="authproxy.html" class="wikilink1" title="documentation:2.0:authproxy">Proxy</a> </td>
</tr>
<tr class="row13 rowodd">
<td class="col0"> <a href="soapservices.html" class="wikilink1" title="documentation:2.0:soapservices">SOAP services</a> </td><td class="col1"> SOAP server for <a href="authproxy.html" class="wikilink1" title="documentation:2.0:authproxy">Proxy</a> </td>
<td class="col0"> <a href="soapservices.html" class="wikilink1" title="documentation:2.0:soapservices">SOAP services</a> <em>(deprecated)</em> </td><td class="col1"> SOAP server for <a href="authproxy.html" class="wikilink1" title="documentation:2.0:authproxy">Proxy</a> </td>
</tr>
<tr class="row14 roweven">
<td class="col0"> <a href="status.html" class="wikilink1" title="documentation:2.0:status">Portal Status</a> </td><td class="col1"> Experimental portal status page </td>
@ -550,13 +547,13 @@
<td class="col0"> Upgrade session <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1"> Plugin that explain to user that a more secure authentication is needed instead of rejected it </td>
</tr>
</table></div>
<!-- EDIT13 TABLE [6595-7808] -->
<!-- EDIT13 TABLE [6590-7820] -->
<p>
</div></div>
</p>
</div>
<!-- EDIT9 SECTION "Portal" [2025-7836] -->
<!-- EDIT9 SECTION "Portal" [2025-7848] -->
<h3 class="sectionedit14" id="handlers">Handlers</h3>
<div class="level3">
@ -600,7 +597,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
<td class="col0"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra PreAuth</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 leftalign"> </td><td class="col5 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT15 TABLE [8111-9289] -->
<!-- EDIT15 TABLE [8123-9301] -->
<p>
<em>(*): <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:nodehandler">Node.js handler</a> has not yet reached the same level of functionalities.</em>
</p>
@ -610,7 +607,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
</p>
</div>
<!-- EDIT14 SECTION "Handlers" [7837-9414] -->
<!-- EDIT14 SECTION "Handlers" [7849-9426] -->
<h3 class="sectionedit16" id="llng_databases">LLNG databases</h3>
<div class="level3">
@ -635,7 +632,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="fileconfbackend.html" class="wikilink1" title="documentation:2.0:fileconfbackend">File (JSON)</a> </td><td class="col1"> </td><td class="col2 leftalign">Not shareable between servers except if used in conjunction with <a href="soapconfbackend.html" class="wikilink1" title="documentation:2.0:soapconfbackend">SOAP</a> or with a shared file system (NFS,…). Selected by default during installation. </td>
<td class="col0 centeralign"> <a href="fileconfbackend.html" class="wikilink1" title="documentation:2.0:fileconfbackend">File (JSON)</a> </td><td class="col1"> </td><td class="col2 leftalign">Not shareable between servers except if used in conjunction with <a href="restconfbackend.html" class="wikilink1" title="documentation:2.0:restconfbackend">REST</a> or with a shared file system (NFS,…). Selected by default during installation. </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <a href="yamlconfbackend.html" class="wikilink1" title="documentation:2.0:yamlconfbackend">YAML</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1"> </td><td class="col2 leftalign">Same as <a href="fileconfbackend.html" class="wikilink1" title="documentation:2.0:fileconfbackend">File</a> but in YAML format instead of JSON </td>
@ -650,7 +647,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
<td class="col0 centeralign"> <a href="mongodbconfbackend.html" class="wikilink1" title="documentation:2.0:mongodbconfbackend">MongoDB</a> </td><td class="col1 centeralign"></td><td class="col2"> </td>
</tr>
<tr class="row6 roweven">
<td class="col0 centeralign"> <a href="soapconfbackend.html" class="wikilink1" title="documentation:2.0:soapconfbackend">SOAP</a> </td><td class="col1 centeralign"></td><td class="col2 leftalign"> Proxy backend to be used in conjunction with another configuration backend. <br/><strong>Can be used to secure another backend</strong> for remote servers. </td>
<td class="col0 centeralign"> <a href="soapconfbackend.html" class="wikilink1" title="documentation:2.0:soapconfbackend">SOAP</a> <em>(deprecated)</em> </td><td class="col1 centeralign"></td><td class="col2 leftalign"> Proxy backend to be used in conjunction with another configuration backend. <br/><strong>Can be used to secure another backend</strong> for remote servers. </td>
</tr>
<tr class="row7 rowodd">
<td class="col0 centeralign"> <a href="restconfbackend.html" class="wikilink1" title="documentation:2.0:restconfbackend">REST</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 leftalign"> Proxy backend to be used in conjunction with another configuration backend. <br/><strong>Can be used to secure another backend</strong> for remote servers. </td>
@ -659,7 +656,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
<td class="col0 centeralign"> <a href="localconfbackend.html" class="wikilink1" title="documentation:2.0:localconfbackend">Local</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 leftalign"> </td><td class="col2 leftalign"> Use only lemonldap-ng.ini parameters. </td>
</tr>
</table></div>
<!-- EDIT17 TABLE [9719-10805] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
<!-- EDIT17 TABLE [9731-10834] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
</div>
<p>
</div></div>
@ -688,7 +685,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="filesessionbackend.html" class="wikilink1" title="documentation:2.0:filesessionbackend">File</a> </td><td class="col1"> </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td><td class="col5 leftalign">Not shareable between servers except if used in conjunction with <a href="soapsessionbackend.html" class="wikilink1" title="documentation:2.0:soapsessionbackend">SOAP session backend</a> or with a shared file system (NFS,…). Selected by default during installation. </td>
<td class="col0 centeralign"> <a href="filesessionbackend.html" class="wikilink1" title="documentation:2.0:filesessionbackend">File</a> </td><td class="col1"> </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td><td class="col5 leftalign">Not shareable between servers except if used in conjunction with <a href="restsessionbackend.html" class="wikilink1" title="documentation:2.0:restsessionbackend">REST session backend</a> or with a shared file system (NFS,…). Selected by default during installation. </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <a href="sqlsessionbackend.html" class="wikilink1" title="documentation:2.0:sqlsessionbackend">SQL</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td><td class="col5 leftalign" rowspan="2"> Unoptimized for <a href="documentation/features.html#session_explorer" class="wikilink1" title="documentation:features">session explorer</a> and <a href="documentation/features.html#session_restrictions" class="wikilink1" title="documentation:features">single session</a> features. </td>
@ -710,17 +707,17 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
<strong>Can be used to secure another backend</strong> for remote servers. </td>
</tr>
<tr class="row8 roweven">
<td class="col0 centeralign"> <a href="soapsessionbackend.html" class="wikilink1" title="documentation:2.0:soapsessionbackend">SOAP</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td><td class="col5 leftalign"> Proxy backend to be used in conjunction with another session backend. <br/>
<td class="col0 centeralign"> <a href="soapsessionbackend.html" class="wikilink1" title="documentation:2.0:soapsessionbackend">SOAP</a> <em>(deprecated)</em> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td><td class="col5 leftalign"> Proxy backend to be used in conjunction with another session backend. <br/>
<strong>Can be used to secure another backend</strong> for remote servers. </td>
</tr>
</table></div>
<!-- EDIT18 TABLE [11670-13350] -->
<!-- EDIT18 TABLE [11699-13396] -->
<p>
</div></div>
</p>
</div>
<!-- EDIT16 SECTION "LLNG databases" [9415-13378] -->
<!-- EDIT16 SECTION "LLNG databases" [9427-13424] -->
<h2 class="sectionedit19" id="applications_protection">Applications protection</h2>
<div class="level2">
@ -749,7 +746,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT19 SECTION "Applications protection" [13379-13869] -->
<!-- EDIT19 SECTION "Applications protection" [13425-13915] -->
<h3 class="sectionedit20" id="well_known_compatible_applications">Well known compatible applications</h3>
<div class="level3">
<div class="noteclassic">Here is a list of well known applications that are compatible with <abbr title="LemonLDAP::NG">LL::NG</abbr>. A full list is available on <a href="applications.html" class="wikilink1" title="documentation:2.0:applications">vendor applications page</a>.
@ -847,7 +844,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT20 SECTION "Well known compatible applications" [13870-16083] -->
<!-- EDIT20 SECTION "Well known compatible applications" [13916-16129] -->
<h2 class="sectionedit21" id="advanced_features">Advanced features</h2>
<div class="level2">
@ -904,7 +901,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT21 SECTION "Advanced features" [16084-17266] -->
<!-- EDIT21 SECTION "Advanced features" [16130-17312] -->
<h2 class="sectionedit22" id="mini_howtos">Mini howtos</h2>
<div class="level2">
@ -922,7 +919,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</li>
<li class="level1"><div class="li"> <a href="ldapminihowto.html" class="wikilink1" title="documentation:2.0:ldapminihowto">Configuration and sessions in LDAP</a></div>
</li>
<li class="level1"><div class="li"> <a href="restminihowto.html" class="wikilink1" title="documentation:2.0:restminihowto">Configuration and sessions access by REST</a> <em>(or <a href="soapminihowto.html" class="wikilink1" title="documentation:2.0:soapminihowto">SOAP</a>)</em></div>
<li class="level1"><div class="li"> <a href="restminihowto.html" class="wikilink1" title="documentation:2.0:restminihowto">Configuration and sessions access by REST</a></div>
</li>
<li class="level1"><div class="li"> <a href="activedirectoryminihowto.html" class="wikilink1" title="documentation:2.0:activedirectoryminihowto">Integration in Active Directory (LDAP and Kerberos)</a></div>
</li>
@ -930,7 +927,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</li>
<li class="level1"><div class="li"> <a href="header_remote_user_conversion.html" class="wikilink1" title="documentation:2.0:header_remote_user_conversion">Convert HTTP header into environment variable</a></div>
</li>
<li class="level1"><div class="li"> <a href="renater.html" class="wikilink1" title="documentation:2.0:renater">Connect to Renater Federation</a></div>
<li class="level1"><div class="li"> <a href="renater.html" class="wikilink1" title="documentation:2.0:renater">Connect to Renater Federation</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a></div>
</li>
</ul>
@ -939,7 +936,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT22 SECTION "Mini howtos" [17267-18086] -->
<!-- EDIT22 SECTION "Mini howtos" [17313-18123] -->
<h2 class="sectionedit23" id="exploitation">Exploitation</h2>
<div class="level2">
@ -974,7 +971,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT23 SECTION "Exploitation" [18087-18601] -->
<!-- EDIT23 SECTION "Exploitation" [18124-18638] -->
<h2 class="sectionedit24" id="bug_report">Bug report</h2>
<div class="level2">
@ -983,7 +980,7 @@ See <a href="bugreport.html" class="wikilink1" title="bugreport">How to report a
</p>
</div>
<!-- EDIT24 SECTION "Bug report" [18602-18666] -->
<!-- EDIT24 SECTION "Bug report" [18639-18703] -->
<h2 class="sectionedit25" id="developer_corner">Developer corner</h2>
<div class="level2">
@ -1042,6 +1039,6 @@ If you don&#039;t want to publish your translation <em>(<code>XX</code> must be
</ul>
</div>
<!-- EDIT25 SECTION "Developer corner" [18667-] --></div>
<!-- EDIT25 SECTION "Developer corner" [18704-] --></div>
</body>
</html>

13
doc/pages/documentation/current/status.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:status</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,status"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="status.html"/>
@ -187,7 +187,12 @@ By default Apache handler status process listen to <code>localhost:64321</code>
</p>
<pre class="code apache"> &lt;<span class="kw3">Files</span> *.fcgi&gt;
<span class="kw1">SetHandler</span> fcgid-<span class="kw1">script</span>
<span class="co1">#CGIPassAuth on</span>
<span class="co1"># For Authorization header to be passed, please uncomment one of the following:</span>
<span class="co1"># for Apache &gt;= 2.4.13</span>
<span class="co1">#CGIPassAuth On</span>
<span class="co1"># for Apache &lt; 2.4.13</span>
<span class="co1">#RewriteCond %{HTTP:Authorization} ^(.*)</span>
<span class="co1">#RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]</span>
<span class="kw1">Options</span> +ExecCGI
<span class="kw1">header</span> unset Lm-Remote-<span class="kw1">User</span>
&lt;/<span class="kw3">Files</span>&gt;
@ -211,7 +216,7 @@ Then restart webserver.
</p>
</div>
<!-- EDIT6 SECTION "Configuration" [1127-2799] -->
<!-- EDIT6 SECTION "Configuration" [1127-3029] -->
<h3 class="sectionedit7" id="advanced">Advanced</h3>
<div class="level3">
<ol>
@ -222,6 +227,6 @@ Then restart webserver.
</ol>
</div>
<!-- EDIT7 SECTION "Advanced" [2800-] --></div>
<!-- EDIT7 SECTION "Advanced" [3030-] --></div>
</body>
</html>

4
doc/pages/documentation/current/stayconnected
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/stayconnected?do=login&amp;sectok=df13de1d1df0e6da1b89ce87ded3ea23" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/stayconnected?do=login&amp;sectok=0e94f56711d80a9e3559eb4fc980da70" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -241,7 +241,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Astayconnected&amp;1543524736" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Astayconnected&amp;1545299129" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

64
doc/pages/documentation/current/upgrade.html
View File

@ -65,6 +65,7 @@
<li class="level1"><div class="li"><a href="#supported_servers">Supported servers</a></div></li>
<li class="level1"><div class="li"><a href="#ajax_requests">Ajax requests</a></div></li>
<li class="level1"><div class="li"><a href="#soaprest_services">SOAP/REST services</a></div></li>
<li class="level1"><div class="li"><a href="#cas">CAS</a></div></li>
<li class="level1"><div class="li"><a href="#developer_corner">Developer corner</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#apis">APIs</a></div></li>
@ -127,6 +128,18 @@ For <abbr title="Security Assertion Markup Language">SAML</abbr> features, we re
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> <strong>lemonldap-ng.ini</strong> requires some new fields in portal section. Update yours using the one given installed by default. New requires fields are:</div>
<ul>
<li class="level2"><div class="li"> <strong>staticPrefix</strong> <em>(manager and portal)</em>: the path to static content</div>
</li>
<li class="level2"><div class="li"> <strong>templateDir</strong> <em>(manager and portal)</em>: the path to templates directory</div>
</li>
<li class="level2"><div class="li"> <strong>languages</strong> <em>(manager and portal)</em>: accepted languages</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> Portal skins are now in <code>/usr/share/lemonldap-ng/portal/templates</code>. See <a href="portalcustom.html#skin_customization" class="wikilink1" title="documentation:2.0:portalcustom">skin customization</a> to adapt your templates.</div>
</li>
<li class="level1"><div class="li"> User module in authentication parameters now provides a “Same as authentication” value. You must revalidate it in the manager since all special values must be replaced by this <em>(Multi, Choice, Proxy, Slave, <abbr title="Security Assertion Markup Language">SAML</abbr>, OpenID*,…)</em></div>
</li>
<li class="level1"><div class="li"> <strong>“Multi” doesn&#039;t exist anymore</strong>: it is replaced by <a href="authcombination.html" class="wikilink1" title="documentation:2.0:authcombination">Combination</a>, a more powerful module.</div>
@ -145,7 +158,7 @@ For <abbr title="Security Assertion Markup Language">SAML</abbr> features, we re
</div>
</div>
<!-- EDIT4 SECTION "Configuration" [1026-2072] -->
<!-- EDIT4 SECTION "Configuration" [1026-2600] -->
<h3 class="sectionedit5" id="configuration_refresh">Configuration refresh</h3>
<div class="level3">
@ -155,7 +168,7 @@ Now portal has the same behavior than handlers: it looks to configuration stored
<div class="noteimportant">If you want to use reload mechanism on a portal only host, you must install a handler in Portal host to be able to refresh local cache. Include <code>handler-nginx.conf</code> or <code>handler-apache2.conf</code> for example
</div>
</div>
<!-- EDIT5 SECTION "Configuration refresh" [2073-2493] -->
<!-- EDIT5 SECTION "Configuration refresh" [2601-3022] -->
<h2 class="sectionedit6" id="ldap_connection">LDAP connection</h2>
<div class="level2">
@ -164,7 +177,7 @@ Now LDAP connections are kept open to improve performances. To allow that, <abbr
</p>
</div>
<!-- EDIT6 SECTION "LDAP connection" [2494-2677] -->
<!-- EDIT6 SECTION "LDAP connection" [3023-3206] -->
<h2 class="sectionedit7" id="kerberos_or_ssl_usage">Kerberos or SSL usage</h2>
<div class="level2">
<ul>
@ -175,7 +188,7 @@ Now LDAP connections are kept open to improve performances. To allow that, <abbr
</ul>
</div>
<!-- EDIT7 SECTION "Kerberos or SSL usage" [2678-3186] -->
<!-- EDIT7 SECTION "Kerberos or SSL usage" [3207-3715] -->
<h2 class="sectionedit8" id="logs">Logs</h2>
<div class="level2">
<ul>
@ -186,7 +199,7 @@ Now LDAP connections are kept open to improve performances. To allow that, <abbr
</ul>
</div>
<!-- EDIT8 SECTION "Logs" [3187-3601] -->
<!-- EDIT8 SECTION "Logs" [3716-4130] -->
<h2 class="sectionedit9" id="security">Security</h2>
<div class="level2">
@ -201,7 +214,7 @@ LLNG portal now embeds the following features:
</ul>
</div>
<!-- EDIT9 SECTION "Security" [3602-4169] -->
<!-- EDIT9 SECTION "Security" [4131-4698] -->
<h2 class="sectionedit10" id="handlers">Handlers</h2>
<div class="level2">
<ul>
@ -220,7 +233,7 @@ LLNG portal now embeds the following features:
</ul>
</div>
<!-- EDIT10 SECTION "Handlers" [4170-5254] -->
<!-- EDIT10 SECTION "Handlers" [4699-5784] -->
<h2 class="sectionedit11" id="rules_and_headers">Rules and headers</h2>
<div class="level2">
<ul>
@ -233,7 +246,7 @@ LLNG portal now embeds the following features:
</ul>
</div>
<!-- EDIT11 SECTION "Rules and headers" [5255-5573] -->
<!-- EDIT11 SECTION "Rules and headers" [5785-6103] -->
<h2 class="sectionedit12" id="supported_servers">Supported servers</h2>
<div class="level2">
<ul>
@ -242,7 +255,7 @@ LLNG portal now embeds the following features:
</ul>
</div>
<!-- EDIT12 SECTION "Supported servers" [5574-5719] -->
<!-- EDIT12 SECTION "Supported servers" [6104-6249] -->
<h2 class="sectionedit13" id="ajax_requests">Ajax requests</h2>
<div class="level2">
@ -251,7 +264,7 @@ Before 2.0, an Ajax query launched after session timeout received a 302 code. No
</p>
</div>
<!-- EDIT13 SECTION "Ajax requests" [5720-5917] -->
<!-- EDIT13 SECTION "Ajax requests" [6250-6447] -->
<h2 class="sectionedit14" id="soaprest_services">SOAP/REST services</h2>
<div class="level2">
<ul>
@ -267,13 +280,26 @@ Before 2.0, an Ajax query launched after session timeout received a 302 code. No
<div class="noteimportant"><a href="handlerauthbasic.html" class="wikilink1" title="documentation:2.0:handlerauthbasic">AuthBasic Handler</a> uses now REST services instead of SOAP.
</div>
</div>
<!-- EDIT14 SECTION "SOAP/REST services" [5918-6514] -->
<h2 class="sectionedit15" id="developer_corner">Developer corner</h2>
<!-- EDIT14 SECTION "SOAP/REST services" [6448-7045] -->
<h2 class="sectionedit15" id="cas">CAS</h2>
<div class="level2">
<p>
<abbr title="Central Authentication Service">CAS</abbr> authentication module no more use perl <abbr title="Central Authentication Service">CAS</abbr> client, but our own code. You can now define several <abbr title="Central Authentication Service">CAS</abbr> servers in a specific branch in Manager, like you can define several <abbr title="Security Assertion Markup Language">SAML</abbr> or OpenID Connect providers.
</p>
<p>
<abbr title="Central Authentication Service">CAS</abbr> issuer module has also been improved, you must modify the configuration of <abbr title="Central Authentication Service">CAS</abbr> clients to move them from virtual host branch to <abbr title="Central Authentication Service">CAS</abbr> client branch.
</p>
</div>
<!-- EDIT15 SECTION "CAS" [7046-7423] -->
<h2 class="sectionedit16" id="developer_corner">Developer corner</h2>
<div class="level2">
</div>
<!-- EDIT15 SECTION "Developer corner" [6515-6544] -->
<h3 class="sectionedit16" id="apis">APIs</h3>
<!-- EDIT16 SECTION "Developer corner" [7424-7453] -->
<h3 class="sectionedit17" id="apis">APIs</h3>
<div class="level3">
<p>
@ -281,8 +307,8 @@ Portal has now many REST features and includes an <abbr title="Application Progr
</p>
</div>
<!-- EDIT16 SECTION "APIs" [6545-6706] -->
<h3 class="sectionedit17" id="portal_overview">Portal overview</h3>
<!-- EDIT17 SECTION "APIs" [7454-7615] -->
<h3 class="sectionedit18" id="portal_overview">Portal overview</h3>
<div class="level3">
<p>
@ -303,8 +329,8 @@ Requests are independent objects based on Lemonldap::NG::Portal::Main::Request w
</p>
</div>
<!-- EDIT17 SECTION "Portal overview" [6707-7182] -->
<h3 class="sectionedit18" id="handler">Handler</h3>
<!-- EDIT18 SECTION "Portal overview" [7616-8091] -->
<h3 class="sectionedit19" id="handler">Handler</h3>
<div class="level3">
<p>
@ -316,6 +342,6 @@ If you used self protected CGI, you also need to rewrite them, see <a href="self
</p>
</div>
<!-- EDIT18 SECTION "Handler" [7183-] --></div>
<!-- EDIT19 SECTION "Handler" [8092-] --></div>
</body>
</html>

2
doc/pages/documentation/current/writingrulesand_headers.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:writingrulesand_headers</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,writingrulesand_headers"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="writingrulesand_headers.html"/>