dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update doc (#1976 & #2436)

Browse Source
This commit is contained in:
Christophe Maudoux 2021-01-19 21:49:23 +01:00
parent af243509db
commit ad83c48a9d
4 changed files with 32 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/sources/admin/authchoice.rst
View File

@ -49,9 +49,11 @@ Then, go in ``Choice Parameters``:
- **URL parameter**: parameter name used to set choice value (default:
``lmAuth``)
- **AuthBasic handler parameter**: authentication module used by
AuthBasic handler
- **Allowed modules**: click on ``New chain`` to add a choice.
- **AuthBasic handler parameter**: authentication module called by
AuthBasic handler (:doc:`AuthBasic handler<handlerauthbasic>`)
- **FindUser plugin parameter**: authentication module called by
Find user plugin (:doc:`Find user plugin<finduser>`)
|image0|

8
doc/sources/admin/checkuser.rst
View File

@ -22,19 +22,21 @@ Just enable it in the manager (section “plugins”).
- **Attributes used for searching sessions**: User's attributes used
for searching sessions in backend if ``whatToTrace`` fails. Useful
to look for sessions by mail or givenName. Let it blank to search
by ``whatToTrace`` only.
by ``whatToTrace`` only
- **Display computed sessions**: Rule to define which users can display a
computed session if no SSO session is found
- **Display empty headers**: Rule to define which users can display ALL headers
appended by LemonLDAP::NG including empty ones
- **Display normalized headers**: Rule to define which users see headers name sent by
the web server (see RFC3875)
- **Display empty values**: Rule to define which users can display ALL attributes
even empty ones
- **Display persistent session data**: Rule to define which users can display
persistent session data
- **Hidden headers**: Sent headers whose value is masked except for unrestricted users.
Key is a Virtualhost name and value represents a headers list.
Key is a Virtualhost name and value represents a headers list
A blank value obfuscates ALL relative Virtualhost sent headers.
Note that just valued hearders are masked.
Note that just valued hearders are masked
.. note::

17
doc/sources/admin/finduser.rst
View File

@ -1,7 +1,7 @@
|image0|
FindUser plugin
===============
Find user plugin
================
This plugin allows unauthenticated users to search for an user account to impersonate. This may be useful to randomly provide an
identifier depending on allowed searching attributes.
@ -17,10 +17,10 @@ Just enable it in the Manager (section “plugins”). Then, set searching attri
- **Parameters**:
- **Activation**: Enable/disable this plugin.
- **Activation**: Enable / Disable this plugin
- **Character used as wildcard**: Character that can be used by users as wildcard. An empty value disable wildcarded search requests.
- **Parameters control**: Regular expression used for checking searching values syntax.
- **Searching attributes**: For each attribute, you have to set a key (attribute as defined in UserBD) and a value that will be display in login form (placeholder).
- **Parameters control**: Regular expression used for checking searching values syntax
- **Searching attributes**: For each attribute, you have to set a key (attribute as defined in UserBD) and a value that will be display in login form (placeholder)
- **Excluding attributes**: You can defined here attributes used for excluding accounts. Set keys corresponding to UserBD attributes and values to exclude. A value can be a multivalued list separated by multiValueSeparator parameter (General Parameters > Advanced parameters > Separator)
.. attention::
@ -31,7 +31,12 @@ Just enable it in the Manager (section “plugins”). Then, set searching attri
.. danger::
Of course, searching and excluding attributes must exist in user backend.
This plusgin works only with a users backend and the searching or excluding attributes must exist.
.. danger::
With AuthChoice, you must set which module will be called by this plugin (:doc:`Backend choice by users<authchoice>`).
.. |image0| image:: /documentation/beta.png

19
doc/sources/admin/start.rst
View File

@ -282,12 +282,13 @@ Name Description
:doc:`Global Logout<globallogout>` [8]_ Suggest to close all opened sessions at logout
:doc:`Grant Sessions<grantsession>` Rules to apply before allowing a user to open a session
:doc:`Impersonation<impersonation>` [9]_\ |new| Allow users to use another identity
:doc:`Find user<finduser>` [10]_\ |new| Search for user account
:doc:`Notifications system<notifications>`
:doc:`Portal Status<status>` Experimental portal status page
:doc:`Public pages<public_pages>` Enable public pages system
:doc:`Refresh session API<refreshsessionapi>` [10]_ Plugin that provides an API to refresh a user session
:doc:`Refresh session API<refreshsessionapi>` [11]_ Plugin that provides an API to refresh a user session
:doc:`Reset password by mail<resetpassword>`
:doc:`Reset certificate by mail<resetcertificate>` [11]_\ |image37| Allow users to reset their certificate
:doc:`Reset certificate by mail<resetcertificate>` [12]_\ |image37| Allow users to reset their certificate
:doc:`REST services<restservices>` |new| REST server for :doc:`Proxy<authproxy>`
:doc:`SOAP services<soapservices>` |deprecated| SOAP server for :doc:`Proxy<authproxy>`
:doc:`Stay connected<stayconnected>` |new| Enable persistent connection on same browser
@ -305,12 +306,12 @@ Handlers are software control agents to be installed on your web servers
==================================================================== ========== ============================================================= =========================================== ================================================================================== =============================================== ======================================================================================================================
Handler type Apache LLNG FastCGI/uWSGI server (Nginx, or :doc:`SSOaaS<ssoaas>`) `Plack servers <https://plackperl.org>`__ Node.js ( `express apps <http://expressjs.com/>`__\ or :doc:`SSOaaS<ssoaas>`) :doc:`Self protected apps<selfmadeapplication>` Comment
==================================================================== ========== ============================================================= =========================================== ================================================================================== =============================================== ======================================================================================================================
Main *(default handler)* ✔ ✔ ✔ :doc:`Partial<nodehandler>` ** [12]_ ** ✔
Main *(default handler)* ✔ ✔ ✔ :doc:`Partial<nodehandler>` ** [13]_ ** ✔
:doc:`AuthBasic<handlerauthbasic>` ✔ ✔ ✔ ✔ Designed for some server-to-server applications
:doc:`CDA<cda>` ✔ ✔ ✔ ✔ For Cross Domain Authentication
:doc:`DevOps<devopshandler>` (:doc:`SSOaaS<ssoaas>`) |new| ✔ ✔ ✔ ✔ Allows application developers to define their own rules and headers inside their applications
:doc:`DevOpsST<devopssthandler>` (:doc:`SSOaaS<ssoaas>`) |new| ✔ ✔ ✔ ✔ Enables both :doc:`DevOps<devopshandler>` and :doc:`Service Token<servertoserver>`
:doc:`OAuth2<oauth2handler>` [13]_\ |new| ✔ ✔ ✔ ✔ Uses OpenID Connect/OAuth2 access token to check authentication and authorization, can be used to protect Web Services
:doc:`OAuth2<oauth2handler>` [14]_\ |new| ✔ ✔ ✔ ✔ Uses OpenID Connect/OAuth2 access token to check authentication and authorization, can be used to protect Web Services
:doc:`Secure Token<securetoken>` ✔ ✔ ✔ Designed to secure exchanges between a LLNG reverse-proxy and a remote app
:doc:`Service Token<servertoserver>` |new| *(Server-to-Server)* ✔ ✔ ✔ ✔ ✔ Designed to permit underlying requests *(API-Based Infrastructure)*
:doc:`Zimbra PreAuth<applications/zimbra>` ✔ ✔ ✔
@ -584,18 +585,22 @@ by your language code):
2.0.3
.. [10]
:doc:`Find user plugin<finduser>` is available with LLNG ≥
2.0.11
.. [11]
:doc:`Refresh session API plugin<refreshsessionapi>` is available
with LLNG ≥ 2.0.7
.. [11]
.. [12]
:doc:`Reset certificate by mail plugin<resetcertificate>` is
available with LLNG ≥ 2.0.7
.. [12]
.. [13]
:doc:`Node.js handler<nodehandler>` has not yet reached the same
level of functionalities
.. [13]
.. [14]
:doc:`OAuth2 Handler<oauth2handler>` is available with LLNG ≥ 2.0.4
.. |image0| image:: /icons/kthememgr.png