From affdbfa7197dab958dd6bdda0c7fd2de086729e0 Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Sun, 5 Dec 2010 08:03:39 +0000 Subject: [PATCH] Changelogs => 1.0.1 Unminify for dev --- build/deb/changelog.Debian | 11 +- build/lemonldap-ng/Doxyfile | 2 +- build/lemonldap-ng/README | 191 +--------------------------- build/lemonldap-ng/changelog | 4 + build/lemonldap-ng/debian/changelog | 4 +- build/lemonldap-ng/debian/rules | 4 +- 6 files changed, 21 insertions(+), 195 deletions(-) diff --git a/build/deb/changelog.Debian b/build/deb/changelog.Debian index 90ae1c83b..f861238a1 100644 --- a/build/deb/changelog.Debian +++ b/build/deb/changelog.Debian @@ -1,4 +1,13 @@ -lemonldap-ng (1.0.0-1) unstable; urgency=low +lemonldap-ng (1.0-2) unstable; urgency=low + + * Debian po update: + * pt translation (Closes: #605917) + * de translation (Closes: #605936) + * Minor language improvement (Closes: #605937) + + -- Xavier Guimard Sun, 05 Dec 2010 08:16:08 +0100 + +lemonldap-ng (1.0-1) unstable; urgency=low * New upstream release diff --git a/build/lemonldap-ng/Doxyfile b/build/lemonldap-ng/Doxyfile index a5aaf9efa..e122cd7d1 100644 --- a/build/lemonldap-ng/Doxyfile +++ b/build/lemonldap-ng/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = Lemonldap::NG # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 1.0 +PROJECT_NUMBER = 1.0.1 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/build/lemonldap-ng/README b/build/lemonldap-ng/README index 4bedc6bdd..64409c1fb 100644 --- a/build/lemonldap-ng/README +++ b/build/lemonldap-ng/README @@ -1,193 +1,6 @@ Lemonldap-NG ==================== -Go to http://lemonldap-ng.org/ to get the up-to-date documentation. - -Lemonldap::NG is a modular Web-SSO based on Apache::Session modules. It -simplifies the build of a protected area with a few changes in the application. -It manages both authentication and authorization and provides headers for -accounting. So you can have a full AAA protection for your web space as -described below. - - 1 - Installation - 2 - Authentication, Authorization and Accounting mechanisms - 2.1 - Authentication - 2.2 - Authorization - 2.3 - Accounting - 3 - Session storage system - 4 - Authors - 5 - Copyright and licence - -1 - INSTALLATION -================ - -Lemonldap::NG is a different project than Lemonldap and contains all you need -to use and administer it. So softwares, like Lemonldap webmin module, may not -work with Lemonldap::NG. - -The Apache module part (Lemonldap::NG::Handler) works both with Apache 1.3.x -and 2.x ie mod_perl 1 and 2 (but not with mod_perl 1.99). Portal and Manager -act as CGI, so they can work everywhere. - -See INSTALL file in the source tree for a complete installation documentation. - -2 - AUTHENTICATION, AUTHORIZATION AND ACCOUNTING MECHANISMS -=========================================================== - -Warning: Lemonldap::NG configuration has to be edited using the manager unless -you know exactly what you are doing. The parameters discussed here are all in -the configuration tree. - -2.1 - Authentication - -If a user isn't authenticated and attemps to connect to an area protected by a -Lemonldap::NG compatible handler, he is redirected to a portal. The portal -authenticates user with a ldap bind by default, but you can also use another -authentication sheme like using x509 user certificates (see -Lemonldap::NG::Portal::AuthSSL(3) for more). - -Lemonldap use session cookies generated by Apache::Session so as secure as a -128-bit random cookie. You may use the securedCookie options to avoid session -hijacking. - -You have to manage life of sessions by yourself since Lemonldap::NG knows -nothing about the L module you've choosed, but it's very easy -using a simple cron script because Lemonldap::NG::Portal stores the start -time in the _utime field. -By default, a session stay 10 minutes in the local storage, so in the worth -case, a user is authorized 10 minutes after he lost his rights. - -2.2 - Authorization - -Authorization is controled only by handlers because the portal knows nothing -about the way the user will choose. When configuring your Web-SSO, you have to: - - * choose the ldap attributes you want to use to manage accounting and - authorization. - * create Perl expressions to define user groups (using ldap attributes) - * create an array foreach virtual host associating URI regular expressions and - Perl expressions to use to grant access. - -Example (See Lemonldap::NG::Manager::Conf(3) to see how configuration is stored - - * Exported variables : - - # Custom-Name => LDAP attribute - cn => cn - departmentUID => departmentUID - login => uid - - * User groups : - - # Custom-Name => group definition - group1 => { $departmentUID eq "unit1" or $login = "foo.bar" } - - * Area protection: - - # Each VirtualHost has its own configuration - # associating URL regexp to Perl expression - * www1.domain.com : - ^/protected/.*$ => $groups =~ /\bgroup1\b/ - default => accept - }, - * www2.domain.com => { - ^/site/.*$ => $uid eq "admin" or $groups =~ /\bgroup2\b/ - ^/(js|css) => accept - default => deny - }, - }, - -2.2.1 - Performance - -You can use Perl expressions as complicated as you want and you can use all -the exported LDAP attributes (and create your own attributes: with 'macros' -mechanism) in groups evaluations, area protections or custom HTTP headers -(you just have to call them with a "$"). - -You have to be careful when choosing your expressions: - - * groups and macros are evaluated each time a user is redirected to the portal - * virtual host rules and exported headers are evaluated for each request on a - protected area. - -It is also recommanded to use the groups mechanism to avoid having to evaluate -a long expression at each HTTP request: - - # Virtual hosts : - ... - www1.domain.com : - ^/protected/.*$ => $groups =~ /\bgroup1\b/ - -You can also use LDAP filters, or Perl expression or mixed expressions in -groups definitions. Perl expressions has to be enclosed with {}: - - * group1 => (|(uid=foo.bar)(ou=unit1)) - * group1 => {$uid eq "foo.bar" or $ou eq "unit1"} - * group1 => (|(uid=foo.bar){$ou eq "unit1"}) - -It is also recommanded to use Perl expressions to avoid requiering the LDAP -server more than 2 times per authentication. - -2.3 - Accounting - -2.3.1 - Logging portal access> - -Lemonldap::NG::Portal doesn't log anything by default, but it's easy to -overload log method for normal portal access. - -2.3.2 - Logging application access - -Because a Web-SSO knows nothing about the protected application, it can't do -more than logging URL. As Apache does this fine, L -gives it the name to used in logs. The whatToTrace parameter indicates -which variable Apache has to use ($uid by default). - -The real accounting has to be done by the application itself which knows the -result of SQL transaction for example. - -Lemonldap::NG can export HTTP headers either using a proxy or protecting -directly the application. By default, the Auth-User field is used but you can -change it using the exportedHeaders parameters (in the Manager, each virtual -host as custom headers branch). This parameters contains an associative array -per virtual host: - - * keys are the names of the choosen headers - * values are Perl expressions where you can use user datas stored in the - global storage. - -Example: - - * www1.domain.com : - Auth-User => $uid - Unit => $ou - * www2.domain.com : - Authorization => "Basic ".encode_base64($employeeNumber.":dummy") - Remote-IP => $ip - -3 - SESSION STORAGE SYSTEM - -Lemonldap::NG use 3 levels of cache for authenticated users: - - * an Apache::Session::* module used by lemonldap::NG::Portal to store - authenticated user parameters, - * a Cache::Cache* module used by Lemonldap::NG::Handler to share authenticated - users between Apache's threads or processus and of course between virtual - hosts on the same machine - * Lemonldap::NG::Handler variables : if the same user use the same thread or - processus a second time, no request are needed to grant or refuse access. - This is very efficient with HTTP/1.1 Keep-Alive system. - -So the number of request to the central storage is limited to 1 per active -user each 10 minutes. - -Lemonldap::NG is very fast, but you can increase performance using a -Cache::Cache module that does not use disk access. - -4 - AUTHORS - -See AUTHORS - -5 - COPYRIGHT AND LICENSE - -See COPYING +Go to http://lemonldap-ng.org/ to get the up-to-date documentation or use +local documentation in doc/ directory. diff --git a/build/lemonldap-ng/changelog b/build/lemonldap-ng/changelog index 2e106d3db..7777a9096 100644 --- a/build/lemonldap-ng/changelog +++ b/build/lemonldap-ng/changelog @@ -1,3 +1,7 @@ +lemonldap-ng (1.0.1) stable; urgency=low + + * + lemonldap-ng (1.0) stable; urgency=low * [LEMONLDAP-1] - ldapGroupAttributeNameSearch not well Serialized by diff --git a/build/lemonldap-ng/debian/changelog b/build/lemonldap-ng/debian/changelog index 4516aeb5a..d6fdbe161 100644 --- a/build/lemonldap-ng/debian/changelog +++ b/build/lemonldap-ng/debian/changelog @@ -1,5 +1,5 @@ -lemonldap-ng (1.0-0.1) unstable; urgency=low +lemonldap-ng (1.0.1-0.1) unstable; urgency=low * Local build - -- Xavier Guimard Mon, 02 Aug 2010 16:58:52 +0200 + -- Xavier Guimard Fri, 03 Dec 2010 11:17:24 +0100 diff --git a/build/lemonldap-ng/debian/rules b/build/lemonldap-ng/debian/rules index 1e9005a2d..ad64746f2 100755 --- a/build/lemonldap-ng/debian/rules +++ b/build/lemonldap-ng/debian/rules @@ -90,8 +90,8 @@ install: build $(CURDIR)/debian/tmp$(LMSHAREDIR)/portal-skins/*/ -type f -name *.tpl) # TODO: uncomment this for official releases - test -n "$$LOCALBUILD" || ./scripts/minifierjs $$(find debian/tmp/ -name '*.js') - test -n "$$LOCALBUILD" || ./scripts/minifiercss $$(find debian/tmp/ -name '*.css') + #test -n "$$LOCALBUILD" || ./scripts/minifierjs $$(find debian/tmp/ -name '*.js') + #test -n "$$LOCALBUILD" || ./scripts/minifiercss $$(find debian/tmp/ -name '*.css') # Move perl scripts in /usr/share, links are created by *.postinst scripts mkdir debian/tmp/usr/share/lemonldap-ng/manager debian/tmp/usr/share/lemonldap-ng/portal