dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update documentation

This commit is contained in:
Clément Oudot 2010-11-19 16:47:36 +00:00
parent 58703dcf95
commit b3877e74a9
47 changed files with 3018 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build/lemonldap-ng/doc/css/screen.css
View File

File diff suppressed because one or more lines are too long

2
build/lemonldap-ng/doc/index/alphabetical.html
View File

File diff suppressed because one or more lines are too long

BIN
build/lemonldap-ng/doc/media/documentation/lasso.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

BIN
build/lemonldap-ng/doc/media/documentation/manager-saml-idp-attribute.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

BIN
build/lemonldap-ng/doc/media/documentation/manager-saml-idp-list.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.3 KiB

BIN
build/lemonldap-ng/doc/media/documentation/manager-saml-idp-metadata.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
build/lemonldap-ng/doc/media/documentation/manager-saml-idp-new.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 35 KiB

BIN
build/lemonldap-ng/doc/media/documentation/manager-saml-namid-formats.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.2 KiB

BIN
build/lemonldap-ng/doc/media/documentation/manager-saml-private-key.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
build/lemonldap-ng/doc/media/documentation/manager-saml-service-authn-contexts.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.3 KiB

BIN
build/lemonldap-ng/doc/media/documentation/manager-saml-service-sp-ac.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

BIN
build/lemonldap-ng/doc/media/documentation/manager-saml-service-sp-slo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

BIN
build/lemonldap-ng/doc/media/documentation/manager-saml-sp-new.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 29 KiB

BIN
build/lemonldap-ng/doc/media/documentation/remote-interoperability.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
build/lemonldap-ng/doc/media/documentation/remote-principle.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

BIN
build/lemonldap-ng/doc/media/logos/logo_bpi.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.6 KiB

BIN
build/lemonldap-ng/doc/media/logos/logo_rbn.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.6 KiB

BIN
build/lemonldap-ng/doc/media/logos/sgs_white_small.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.2 KiB

BIN
build/lemonldap-ng/doc/media/screenshots/rbn/rbn-applis.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 197 KiB

BIN
build/lemonldap-ng/doc/media/screenshots/rbn/rbn-portal.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 104 KiB

61
build/lemonldap-ng/doc/pages/contact.html
View File

@ -34,7 +34,9 @@
<p>
<a href="/_detail/icons/xfmail.png?id=contact" class="media" title="icons:xfmail.png"><img src="../media/icons/xfmail.png" class="medialeft" align="left" alt="" /></a>
<div style="width:100px;height:80px;float:left;">
<a href="/_detail/icons/xfmail.png?id=contact" class="media" title="icons:xfmail.png"><img src="../media/icons/xfmail.png" class="media" alt="" /></a>
</div>
</p>
<ul>
@ -47,13 +49,15 @@
</ul>
</div>
<!-- SECTION "Mailing lists" [35-421] -->
<!-- SECTION "Mailing lists" [35-503] -->
<h2><a name="irc" id="irc">IRC</a></h2>
<div class="level2">
<p>
<a href="/_detail/icons/chat.png?id=contact" class="media" title="icons:chat.png"><img src="../media/icons/chat.png" class="medialeft" align="left" alt="" /></a>
<div style="width:100px;height:50px;float:left;">
<a href="/_detail/icons/chat.png?id=contact" class="media" title="icons:chat.png"><img src="../media/icons/chat.png" class="media" alt="" /></a>
</div>
</p>
<p>
@ -72,13 +76,15 @@ No <acronym title="Internet Relay Chat">IRC</acronym> client? <a href="http://we
<iframe src="http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fhome.php%3F%23%21%2Fpages%2FLemonldapNG%2F328254254936&amp;width=300&amp;colorscheme=light&amp;connections=10&amp;stream=false&amp;header=false&amp;height=200" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:300px; height:587px;float:right;" allowTransparency="true"></iframe>
</div>
<!-- SECTION "IRC" [422-992] -->
<!-- SECTION "IRC" [504-1156] -->
<h2><a name="social_networks_and_news" id="social_networks_and_news">Social Networks and News</a></h2>
<div class="level2">
<p>
<a href="/_detail/icons/knewsticker.png?id=contact" class="media" title="icons:knewsticker.png"><img src="../media/icons/knewsticker.png" class="medialeft" align="left" alt="" /></a>
<div style="width:100px;height:100px;float:left;">
<a href="/_detail/icons/knewsticker.png?id=contact" class="media" title="icons:knewsticker.png"><img src="../media/icons/knewsticker.png" class="media" alt="" /></a>
</div>
</p>
<ul>
@ -92,19 +98,16 @@ No <acronym title="Internet Relay Chat">IRC</acronym> client? <a href="http://we
</li>
</ul>
<p>
<br/>
</p>
</div>
<!-- SECTION "Social Networks and News" [993-1388] -->
<!-- SECTION "Social Networks and News" [1157-1630] -->
<h2><a name="reporting_a_bug" id="reporting_a_bug">Reporting a bug</a></h2>
<div class="level2">
<p>
<a href="/_detail/icons/bug.png?id=contact" class="media" title="icons:bug.png"><img src="../media/icons/bug.png" class="medialeft" align="left" alt="" /></a>
<div style="width:100px;height:50px;float:left;">
<a href="/_detail/icons/bug.png?id=contact" class="media" title="icons:bug.png"><img src="../media/icons/bug.png" class="media" alt="" /></a>
</div>
</p>
<p>
@ -117,43 +120,41 @@ We use <a href="http://jira.ow2.org" class="urlextern" title="http://jira.ow2.or
</p>
</div>
<!-- SECTION "Reporting a bug" [1389-1691] -->
<!-- SECTION "Reporting a bug" [1631-2015] -->
<h1><a name="the_team" id="the_team">The team</a></h1>
<div class="level1">
</div>
<!-- SECTION "The team" [1692-1715] -->
<!-- SECTION "The team" [2016-2039] -->
<h2><a name="core_team" id="core_team">Core team</a></h2>
<div class="level2">
<p>
<a href="/_detail/icons/tux.png?id=contact" class="media" title="icons:tux.png"><img src="../media/icons/tux.png" class="medialeft" align="left" alt="" /></a>
<div style="width:100px;height:80px;float:left;">
<a href="/_detail/icons/tux.png?id=contact" class="media" title="icons:tux.png"><img src="../media/icons/tux.png" class="media" alt="" /></a>
</div>
</p>
<ul>
<li class="level1"><div class="li"> Xavier GUIMARD: project leader, lead developer</div>
<li class="level1"><div class="li"> <strong>Xavier GUIMARD</strong>: project leader, lead developer</div>
</li>
<li class="level1"><div class="li"> Clément OUDOT: developer, graphics, documentation, community management</div>
<li class="level1"><div class="li"> <strong>Clément “KPTN” OUDOT</strong>: developer, graphics, documentation, community management</div>
</li>
<li class="level1"><div class="li"> Thomas CHEMINEAU: developer, graphics</div>
<li class="level1"><div class="li"> <strong>Thomas CHEMINEAU</strong>: developer, graphics</div>
</li>
</ul>
<p>
<br/>
</p>
</div>
<!-- SECTION "Core team" [1716-1935] -->
<!-- SECTION "Core team" [2040-2356] -->
<h2><a name="past_and_present_contributors" id="past_and_present_contributors">Past and present contributors</a></h2>
<div class="level2">
<p>
<a href="/_detail/icons/personal.png?id=contact" class="media" title="icons:personal.png"><img src="../media/icons/personal.png" class="medialeft" align="left" alt="" /></a>
<div style="width:100px;height:250px;float:left;">
<a href="/_detail/icons/personal.png?id=contact" class="media" title="icons:personal.png"><img src="../media/icons/personal.png" class="media" alt="" /></a>
</div>
</p>
<ul>
@ -181,11 +182,5 @@ We use <a href="http://jira.ow2.org" class="urlextern" title="http://jira.ow2.or
</li>
</ul>
<p>
<br/>
</p>
</div>
<!-- SECTION "Past and present contributors" [1936-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "Past and present contributors" [2357-] --></div><!-- closes <div class="dokuwiki export">-->

4
build/lemonldap-ng/doc/pages/default_sidebar.html
View File

@ -21,14 +21,14 @@
<hr />
<p style="text-align:center"><strong>Sponsored by</p></strong>
<p style="text-align:center"><strong>Sponsored by</strong></p>
<p>
<a href="http://www.gendarmerie.interieur.gouv.fr/" class="media" title="http://www.gendarmerie.interieur.gouv.fr/" rel="nofollow"><img src="../media/logos/logo_gn.png" class="mediacenter" alt="" /></a>
<a href="http://www.linagora.com" class="media" title="http://www.linagora.com" rel="nofollow"><img src="../media/logos/logo_linagora.png" class="mediacenter" alt="" /></a>
</p>
<hr />
<p style="text-align:center"><strong>Hosted by</p></strong>
<p style="text-align:center"><strong>Hosted by</strong></p>
<p>
<a href="http://www.ow2.org" class="media" title="http://www.ow2.org" rel="nofollow"><img src="../media/logos/ow2.png" class="mediacenter" alt="" width="150" /></a>

18
build/lemonldap-ng/doc/pages/documentation.html
View File

@ -42,24 +42,20 @@
<ul>
<li class="level1"><div class="li"> <a href="documentation/presentation.html" class="wikilink1" title="documentation:presentation">How it works</a></div>
</li>
<li class="level1"><div class="li"> <a href="documentation/features.html" class="wikilink1" title="documentation:features">Main features</a></div>
</li>
<li class="level1"><div class="li"> <a href="documentation/quickstart.html" class="wikilink1" title="documentation:quickstart">Quick start tutorial</a></div>
</li>
</ul>
<p>
<br/>
</p>
</div>
<!-- SECTION "Presentation" [41-283] -->
<!-- SECTION "Presentation" [41-324] -->
<h2><a name="installation_and_configuration" id="installation_and_configuration">Installation and configuration</a></h2>
<div class="level2">
<p>
<div style="width:100px;height:100px;float:left;">
<div style="width:100px;height:120px;float:left;">
<a href="/_detail/icons/windowlist.png?id=documentation" class="media" title="icons:windowlist.png"><img src="../media/icons/windowlist.png" class="media" alt="" /></a>
</div>
@ -80,7 +76,7 @@
</ul>
</div>
<!-- SECTION "Installation and configuration" [284-649] -->
<!-- SECTION "Installation and configuration" [325-690] -->
<h2><a name="development" id="development">Development</a></h2>
<div class="level2">
@ -117,7 +113,7 @@
</ul>
</div>
<!-- SECTION "Development" [650-1574] -->
<!-- SECTION "Development" [691-1615] -->
<h2><a name="other" id="other">Other</a></h2>
<div class="level2">
@ -136,4 +132,4 @@
</ul>
</div>
<!-- SECTION "Other" [1575-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "Other" [1616-] --></div><!-- closes <div class="dokuwiki export">-->

114
build/lemonldap-ng/doc/pages/documentation/1.0/applications.html
View File

@ -32,79 +32,99 @@
<p>
Applications listed bellow are known to be easy to integrate in Lemonldap::NG. As Lemonldap::NG works like classic Web-<acronym title="Single Sign On">SSO</acronym> (like Siteminder™), many other applications are easy to integrate.
Applications listed bellow are known to be easy to integrate in <acronym title="LemonLDAP::NG">LL::NG</acronym>. As <acronym title="LemonLDAP::NG">LL::NG</acronym> works like classic WebSSO (like Siteminder™), many other applications are easy to integrate.
</p>
</div>
<!-- SECTION "Known supported applications" [29-249] -->
<h3><a name="mail_agenda_groupware" id="mail_agenda_groupware">Mail, Agenda, Groupware</a></h3>
<div class="level3">
<table class="inline">
<tr class="row0 roweven">
<td class="col0 leftalign"> </td><th class="col1 centeralign"> Description </th><th class="col2 centeralign"> Procedure </th>
<th class="col0 centeralign"> OBM </th><th class="col1 centeralign"> Sympa </th><th class="col2 centeralign"> Zimbra </th>
</tr>
<tr class="row1 rowodd">
<th class="col0 centeralign"> Bugzilla<br/><a href="/_detail/applications/bugzilla_logo.png?id=documentation%3A1.0%3Aapplications" class="media" title="applications:bugzilla_logo.png"><img src="../../../media/applications/bugzilla_logo.png" class="media" alt="" /></a> </th><td class="col1 centeralign"> Bug tracker </td><td class="col2 centeralign"> <a href="../../applications/bugzilla.html" class="wikilink2" title="applications:bugzilla" rel="nofollow">Procedure</a> </td>
</tr>
<tr class="row2 roweven">
<th class="col0 centeralign"> Dokuwiki<br/><a href="/_detail/wiki/dokuwiki-128.png?id=documentation%3A1.0%3Aapplications" class="media" title="wiki:dokuwiki-128.png"><img src="../../../media/wiki/dokuwiki-128.png" class="media" alt="" /></a> </th><td class="col1 centeralign"> <acronym title="Hypertext Preprocessor">PHP</acronym> Wiki </td><td class="col2 centeralign"> <a href="../../applications/dokuwiki.html" class="wikilink2" title="applications:dokuwiki" rel="nofollow">Procedure</a> </td>
</tr>
<tr class="row3 rowodd">
<th class="col0 centeralign"> Drupal<br/><a href="/_detail/applications/drupal_logo.png?id=documentation%3A1.0%3Aapplications" class="media" title="applications:drupal_logo.png"><img src="../../../media/applications/drupal_logo.png" class="media" alt="" /></a> </th><td class="col1 centeralign"> <acronym title="Content Management System">CMS</acronym> </td><td class="col2 centeralign"> <a href="../../applications/drupal.html" class="wikilink2" title="applications:drupal" rel="nofollow">Procedure</a> </td>
</tr>
<tr class="row4 roweven">
<th class="col0 centeralign"> GLPI<br/><a href="/_detail/applications/glpi_logo.png?id=documentation%3A1.0%3Aapplications" class="media" title="applications:glpi_logo.png"><img src="../../../media/applications/glpi_logo.png" class="media" alt="" /></a> </th><td class="col1 centeralign"> Information Resource-Manager </td><td class="col2 centeralign"> <a href="../../applications/glpi.html" class="wikilink2" title="applications:glpi" rel="nofollow">Procedure</a> </td>
</tr>
<tr class="row5 rowodd">
<th class="col0 centeralign"> GRR<br/><a href="/_detail/applications/grr_logo.png?id=documentation%3A1.0%3Aapplications" class="media" title="applications:grr_logo.png"><img src="../../../media/applications/grr_logo.png" class="media" alt="" /></a> </th><td class="col1 centeralign"> Management of resource reservation </td><td class="col2 centeralign"> <a href="../../applications/grr.html" class="wikilink2" title="applications:grr" rel="nofollow">Procedure</a> </td>
</tr>
<tr class="row6 roweven">
<th class="col0 centeralign"> Liferay<br/><a href="/_detail/applications/liferay_logo.png?id=documentation%3A1.0%3Aapplications" class="media" title="applications:liferay_logo.png"><img src="../../../media/applications/liferay_logo.png" class="media" alt="" /></a> </th><td class="col1 centeralign"> J2EE portal motor </td><td class="col2 centeralign"> <a href="../../applications/liferay.html" class="wikilink2" title="applications:liferay" rel="nofollow">Procedure</a> </td>
</tr>
<tr class="row7 rowodd">
<th class="col0 centeralign"> Mediawiki<br/><a href="/_detail/applications/mediawiki_logo.png?id=documentation%3A1.0%3Aapplications" class="media" title="applications:mediawiki_logo.png"><img src="../../../media/applications/mediawiki_logo.png" class="media" alt="" /></a> </th><td class="col1 centeralign"> <acronym title="Hypertext Preprocessor">PHP</acronym> Wiki </td><td class="col2 centeralign"> <a href="../../applications/mediawiki.html" class="wikilink2" title="applications:mediawiki" rel="nofollow">Procedure</a> </td>
</tr>
<tr class="row8 roweven">
<th class="col0 centeralign"> OBM<br/><a href="/_detail/applications/obm_logo.png?id=documentation%3A1.0%3Aapplications" class="media" title="applications:obm_logo.png"><img src="../../../media/applications/obm_logo.png" class="media" alt="" /></a> </th><td class="col1 centeralign"> Groupware </td><td class="col2 centeralign"> <a href="../../applications/obm.html" class="wikilink2" title="applications:obm" rel="nofollow">Procedure</a> </td>
</tr>
<tr class="row9 rowodd">
<th class="col0 centeralign"> phpLDAPadmin<br/><a href="/_detail/applications/phpldapadmin_logo.png?id=documentation%3A1.0%3Aapplications" class="media" title="applications:phpldapadmin_logo.png"><img src="../../../media/applications/phpldapadmin_logo.png" class="media" alt="" /></a> </th><td class="col1 centeralign"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> management </td><td class="col2 centeralign"> <a href="../../applications/phpldapadmin.html" class="wikilink2" title="applications:phpldapadmin" rel="nofollow">Procedure</a> </td>
</tr>
<tr class="row10 roweven">
<th class="col0 centeralign"> Sympa<br/><a href="/_detail/applications/sympa_logo.png?id=documentation%3A1.0%3Aapplications" class="media" title="applications:sympa_logo.png"><img src="../../../media/applications/sympa_logo.png" class="media" alt="" /></a> </th><td class="col1 centeralign"> Mailing lists motor </td><td class="col2 centeralign"> <a href="../../applications/sympa.html" class="wikilink2" title="applications:sympa" rel="nofollow">Procedure</a> </td>
</tr>
<tr class="row11 rowodd">
<th class="col0 centeralign"> Zimbra<br/><a href="/_detail/applications/zimbra_logo.png?id=documentation%3A1.0%3Aapplications" class="media" title="applications:zimbra_logo.png"><img src="../../../media/applications/zimbra_logo.png" class="media" alt="" /></a> </th><td class="col1 centeralign"> Groupware </td><td class="col2 centeralign"> <a href="../../applications/zimbra.html" class="wikilink2" title="applications:zimbra" rel="nofollow">Procedure</a> </td>
<td class="col0 centeralign"> <a href="../../documentation/1.0/applications/obm.html" class="media" title="documentation:1.0:applications:obm"><img src="../../../media/applications/obm_logo.png" class="media" alt="" /></a> </td><td class="col1 leftalign"> <a href="../../documentation/1.0/applications/sympa.html" class="media" title="documentation:1.0:applications:sympa"><img src="../../../media/applications/sympa_logo.png" class="media" alt="" /></a> </td><td class="col2 rightalign"> <a href="../../documentation/1.0/applications/zimbra.html" class="media" title="documentation:1.0:applications:zimbra"><img src="../../../media/applications/zimbra_logo.png" class="media" alt="" /></a> </td>
</tr>
</table>
</div>
<!-- SECTION "Known supported applications" [29-1655] -->
<!-- SECTION "Mail, Agenda, Groupware" [250-497] -->
<h3><a name="wiki" id="wiki">Wiki</a></h3>
<div class="level3">
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Dokuwiki </th><th class="col1 centeralign"> Mediawiki </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 leftalign"> <a href="../../documentation/1.0/applications/dokuwiki.html" class="media" title="documentation:1.0:applications:dokuwiki"><img src="../../../media/wiki/dokuwiki-128.png" class="media" alt="" /></a> </td><td class="col1 rightalign"> <a href="../../documentation/1.0/applications/mediawiki.html" class="media" title="documentation:1.0:applications:mediawiki"><img src="../../../media/applications/mediawiki_logo.png" class="media" alt="" /></a> </td>
</tr>
</table>
</div>
<h4><a name="cms_portal" id="cms_portal">CMS, Portal</a></h4>
<div class="level4">
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Drupal </th><th class="col1 centeralign"> Liferay </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="../../documentation/1.0/applications/drupal.html" class="media" title="documentation:1.0:applications:drupal"><img src="../../../media/applications/drupal_logo.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="../../documentation/1.0/applications/liferay.html" class="media" title="documentation:1.0:applications:liferay"><img src="../../../media/applications/liferay_logo.png" class="media" alt="" /></a> </td>
</tr>
</table>
</div>
<h4><a name="bugtracker_service_management" id="bugtracker_service_management">Bugtracker, Service Management</a></h4>
<div class="level4">
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Bugzilla </th><th class="col1 leftalign"> GLPI </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="../../documentation/1.0/applications/bugzilla.html" class="media" title="documentation:1.0:applications:bugzilla"><img src="../../../media/applications/bugzilla_logo.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="../../documentation/1.0/applications/glpi.html" class="media" title="documentation:1.0:applications:glpi"><img src="../../../media/applications/glpi_logo.png" class="media" alt="" /></a> </td>
</tr>
</table>
</div>
<h4><a name="other" id="other">Other</a></h4>
<div class="level4">
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> GRR </th><th class="col1 leftalign"> phpLDAPadmin </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="../../documentation/1.0/applications/grr.html" class="media" title="documentation:1.0:applications:grr"><img src="../../../media/applications/grr_logo.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="../../documentation/1.0/applications/phpldapadmin.html" class="media" title="documentation:1.0:applications:phpldapadmin"><img src="../../../media/applications/phpldapadmin_logo.png" class="media" alt="" /></a> </td>
</tr>
</table>
</div>
<!-- SECTION "Wiki" [498-1216] -->
<h2><a name="connectors" id="connectors">Connectors</a></h2>
<div class="level2">
<table class="inline">
<tr class="row0 roweven">
<td class="col0 leftalign"> </td><th class="col1 centeralign"> Description </th><th class="col2 centeralign"> Procedure </th>
<th class="col0 centeralign"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> Auth-Basic </th><th class="col1 centeralign"> Spring </th><th class="col2 centeralign"> Tomcat </th>
</tr>
<tr class="row1 rowodd">
<th class="col0 centeralign"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> Auth-Basic<br/><a href="/_detail/applications/http_logo.png?id=documentation%3A1.0%3Aapplications" class="media" title="applications:http_logo.png"><img src="../../../media/applications/http_logo.png" class="media" alt="" /></a> </th><td class="col1 centeralign"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> Basic Autentication is a standard authentication mechanism used by many web servers (Apache, <acronym title="Internet Information Services">IIS</acronym>, …) and by many applications (Nagios,…) </td><td class="col2 centeralign"> <a href="../../applications/authbasic.html" class="wikilink2" title="applications:authbasic" rel="nofollow">Procedure</a> </td>
</tr>
<tr class="row2 roweven">
<th class="col0 centeralign"> Spring<br/><a href="/_detail/applications/spring_logo.png?id=documentation%3A1.0%3Aapplications" class="media" title="applications:spring_logo.png"><img src="../../../media/applications/spring_logo.png" class="media" alt="" /></a> </th><td class="col1 centeralign"> Spring Security is a security framework for J2EE applications </td><td class="col2 centeralign"> <a href="../../applications/spring.html" class="wikilink2" title="applications:spring" rel="nofollow">Procedure</a> </td>
</tr>
<tr class="row3 rowodd">
<th class="col0 centeralign"> Tomcat<br/><a href="/_detail/applications/tomcat_logo.png?id=documentation%3A1.0%3Aapplications" class="media" title="applications:tomcat_logo.png"><img src="../../../media/applications/tomcat_logo.png" class="media" alt="" /></a> </th><td class="col1 centeralign"> Servlet container </td><td class="col2 centeralign"> <a href="../../applications/tomcat.html" class="wikilink2" title="applications:tomcat" rel="nofollow">Procedure</a> </td>
<td class="col0 centeralign"> <a href="../../documentation/1.0/applications/authbasic.html" class="media" title="documentation:1.0:applications:authbasic"><img src="../../../media/applications/http_logo.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="../../documentation/1.0/applications/spring.html" class="media" title="documentation:1.0:applications:spring"><img src="../../../media/applications/spring_logo.png" class="media" alt="" /></a> </td><td class="col2 rightalign"> <a href="../../documentation/1.0/applications/tomcat.html" class="media" title="documentation:1.0:applications:tomcat"><img src="../../../media/applications/tomcat_logo.png" class="media" alt="" /></a> </td>
</tr>
</table>
</div>
<!-- SECTION "Connectors" [1656-2272] -->
<!-- SECTION "Connectors" [1217-1477] -->
<h2><a name="saml_connectors" id="saml_connectors">SAML connectors</a></h2>
<div class="level2">
<table class="inline">
<tr class="row0 roweven">
<td class="col0 leftalign"> </td><th class="col1 centeralign"> Description </th><th class="col2 centeralign"> Procedure </th>
<th class="col0 centeralign"> Google Apps </th>
</tr>
<tr class="row1 rowodd">
<th class="col0 centeralign"> Google Apps<br/><a href="/_detail/applications/googleapps_logo.png?id=documentation%3A1.0%3Aapplications" class="media" title="applications:googleapps_logo.png"><img src="../../../media/applications/googleapps_logo.png" class="media" alt="" /></a> </th><td class="col1 centeralign"> Gmail, Calendar, … </td><td class="col2 centeralign"> <a href="../../applications/googleapps.html" class="wikilink2" title="applications:googleapps" rel="nofollow">Procedure</a> </td>
<td class="col0 centeralign"> <a href="../../documentation/1.0/applications/googleapps.html" class="media" title="documentation:1.0:applications:googleapps"><img src="../../../media/applications/googleapps_logo.png" class="media" alt="" /></a> </td>
</tr>
</table>
</div>
<!-- SECTION "SAML connectors" [2273-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "SAML connectors" [1478-] --></div><!-- closes <div class="dokuwiki export">-->

330
build/lemonldap-ng/doc/pages/documentation/1.0/applications/obm.html Normal file
View File

@ -0,0 +1,330 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="obm" id="obm">OBM</a></h1>
<div class="level1">
<p>
<a href="/_detail/applications/obm_logo.png?id=documentation%3A1.0%3Aapplications%3Aobm" class="media" title="applications:obm_logo.png"><img src="../../../../media/applications/obm_logo.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- SECTION "OBM" [1-54] -->
<h2><a name="presentation" id="presentation">Presentation</a></h2>
<div class="level2">
<p>
<a href="http://obm.org" class="urlextern" title="http://obm.org" rel="nofollow">OBM</a> is enterprise-class messaging and collaboration platform for workgroup or enterprises with many thousands users. OBM includes Groupware, messaging server, CRM, <acronym title="Lightweight Directory Access Protocol">LDAP</acronym>, Windows Domain, smartphone and <acronym title="Personal Digital Assistant">PDA</acronym> synchronization…
</p>
<p>
OBM is shipped with a <acronym title="LemonLDAP::NG">LL::NG</acronym> plugin with these features:
</p>
<ul>
<li class="level1"><div class="li"> <acronym title="Single Sign On">SSO</acronym> on OBM web interface</div>
</li>
<li class="level1"><div class="li"> Logout</div>
</li>
<li class="level1"><div class="li"> User provisioning (account auto creation at first connection)</div>
</li>
</ul>
</div>
<!-- SECTION "Presentation" [55-488] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
</div>
<!-- SECTION "Configuration" [489-515] -->
<h3><a name="obm1" id="obm1">OBM</a></h3>
<div class="level3">
<p>
To enable <acronym title="LemonLDAP::NG">LL::NG</acronym> authentication plugin, go in <code>/etc/obm/obm_conf.inc</code>:
</p>
<pre class="code file php"><span class="re0">$auth_kind</span> <span class="sy0">=</span> <span class="st_h">'LemonLDAP'</span><span class="sy0">;</span>
&nbsp;
<span class="re0">$lemonldap_config</span> <span class="sy0">=</span> <a href="http://www.php.net/array"><span class="kw3">Array</span></a><span class="br0">&#40;</span>
<span class="st0">&quot;auto_update&quot;</span> <span class="sy0">=&gt;</span> <span class="kw4">true</span><span class="sy0">,</span>
<span class="st0">&quot;auto_update_force_user&quot;</span> <span class="sy0">=&gt;</span> <span class="kw4">true</span><span class="sy0">,</span>
<span class="st0">&quot;auto_update_force_group&quot;</span> <span class="sy0">=&gt;</span> <span class="kw4">false</span><span class="sy0">,</span>
<span class="st0">&quot;url_logout&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;https://OBMURL/logout&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;server_ip_address&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;localhost&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;server_ip_check&quot;</span> <span class="sy0">=&gt;</span> <span class="kw4">false</span><span class="sy0">,</span>
<span class="st0">&quot;debug_level&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;NONE&quot;</span><span class="sy0">,</span>
<span class="co1">// &quot;debug_header_name&quot; =&gt; &quot;HTTP_OBM_UID&quot;,</span>
<span class="co1">// &quot;group_header_name&quot; =&gt; &quot;HTTP_OBM_GROUPS&quot;,</span>
<span class="st0">&quot;headers_map&quot;</span> <span class="sy0">=&gt;</span> <a href="http://www.php.net/array"><span class="kw3">Array</span></a><span class="br0">&#40;</span>
<span class="co1">//&quot;userobm_gid&quot; =&gt; &quot;HTTP_OBM_GID&quot;,</span>
<span class="co1">//&quot;userobm_domain_id&quot; =&gt; ,</span>
<span class="st0">&quot;userobm_login&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_UID&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;userobm_password&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_USERPASSWORD&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobm_password_type&quot; =&gt; ,</span>
<span class="st0">&quot;userobm_perms&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_PERMS&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobm_kind&quot; =&gt; ,</span>
<span class="st0">&quot;userobm_lastname&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_SN&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;userobm_firstname&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_GIVENNAME&quot;</span><span class="sy0">,</span>
<span class="co1">// &quot;userobm_title&quot; =&gt; &quot;HTTP_OBM_TITLE&quot;,</span>
<span class="st0">&quot;userobm_email&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_MAIL&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;userobm_datebegin&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_DATEBEGIN&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobm_account_dateexp&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_delegation_target&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_delegation&quot; =&gt; ,</span>
<span class="st0">&quot;userobm_description&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_DESCRIPTION&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobm_archive&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_hidden&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_status&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_local&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_photo_id&quot; =&gt; ,</span>
<span class="st0">&quot;userobm_phone&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_TELEPHONENUMBER&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobom_phone2&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_mobile&quot; =&gt; ,</span>
<span class="st0">&quot;userobm_fax&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_FACSIMILETELEPHONENUMBER&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobm_fax2&quot; =&gt; ,</span>
<span class="st0">&quot;userobm_company&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_O&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobm_direction&quot; =&gt; ,</span>
<span class="st0">&quot;userobm_service&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_OU&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;userobm_address1&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_POSTALADDRESS&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobm_address2&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_address3&quot; =&gt; ,</span>
<span class="st0">&quot;userobm_zipcode&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_POSTALCODE&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;userobm_town&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_L&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;userobm_zipcode&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_POSTALCODE&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;userobm_town&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_L&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobm_expresspostal&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_host_id&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_web_perms&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_web_list&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_web_all&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_mail_perms&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_mail_ext_perms&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_mail_server_id&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_mail_server_hostname&quot; =&gt; ,</span>
<span class="st0">&quot;userobm_mail_quota&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_MAILQUOTA&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobm_nomade_perms&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_nomade_enable&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_nomade_local_copy&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_email_nomade&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_vacation_enable&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_vacation_datebegin&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_vacation_dateend&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_vacation_message&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_samba_perms&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_samba_home&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_samba_home_drive&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_samba_logon_script&quot; =&gt; ,</span>
<span class="co1">// ---- Unused values ? ----</span>
<span class="st0">&quot;userobm_ext_id&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_SERIALNUMBER&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobm_system&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_nomade_datebegin&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_nomade_dateend&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_location&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_education&quot; =&gt; ,</span>
<span class="br0">&#41;</span><span class="sy0">,</span>
<span class="br0">&#41;</span><span class="sy0">;</span></pre>
<p>
Parameters:
</p>
<ul>
<li class="level1"><div class="li"> <strong>url_logout</strong>: <acronym title="Uniform Resource Locator">URL</acronym> used by OBM to logout, will be caught by <acronym title="LemonLDAP::NG">LL::NG</acronym></div>
</li>
<li class="level1"><div class="li"> <strong>headers_map</strong>: map OBM internal field to <acronym title="LemonLDAP::NG">LL::NG</acronym> header</div>
</li>
</ul>
<p>
Edit also OBM Apache configuration to enable <acronym title="LemonLDAP::NG">LL::NG</acronym> Handler:
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
<span class="kw1">ServerName</span> obm.example.com
&nbsp;
<span class="co1"># SSO protection</span>
PerlHeaderParserHandler My::Package
&nbsp;
<span class="kw1">DocumentRoot</span> /usr/share/obm/php
&nbsp;
...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
<p><div class="noteimportant">OBM Apache configuration must be loaded <strong>after</strong> <acronym title="LemonLDAP::NG">LL::NG</acronym> <a href="../../../documentation/1.0/configlocation.html#apache" class="wikilink1" title="documentation:1.0:configlocation">Apache configuration</a>.
</div></p>
</p>
</div>
<!-- SECTION "OBM" [516-6167] -->
<h3><a name="llng" id="llng">LL::NG</a></h3>
<div class="level3">
</div>
<h4><a name="attributes_and_macros" id="attributes_and_macros">Attributes and macros</a></h4>
<div class="level4">
<p>
You will need to collect all attributes needed to create a user in OBM, this includes:
</p>
<ul>
<li class="level1"><div class="li"> First name</div>
</li>
<li class="level1"><div class="li"> Last name</div>
</li>
<li class="level1"><div class="li"> Login</div>
</li>
<li class="level1"><div class="li"> Mail</div>
</li>
<li class="level1"><div class="li"></div>
</li>
</ul>
<p>
To add these attributes, go in Manager, <code>Variables</code> » <code>Exported Variables</code>.
</p>
<p>
<p><div class="noteimportant">If you plan to forward user&#039;s password to OBM, then you have to keep the password in session: <code>General Parameters</code> » <code>Sessions</code> » <code>Store password in session</code>
</div></p>
</p>
<p>
You may also create these macros to manage OBM administrator account (<code>Variables</code> » <code>Macros</code>):
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0">field </th><th class="col1">value </th>
</tr>
<tr class="row1 rowodd">
<td class="col0"> uidR </td><td class="col1 leftalign"> ($uid =~ /^admin0/i)[0] ? &quot;admin0\@global.virt&quot; : $uid </td>
</tr>
<tr class="row2 roweven">
<td class="col0 leftalign"> mailR </td><td class="col1 leftalign"> ($uid =~ /^admin0/i)[0] ? &quot;&quot; : ($mail =~ /^([^@]+)/)[0] . &quot;\@example.com&quot; </td>
</tr>
</table>
</div>
<h4><a name="virtual_host" id="virtual_host">Virtual host</a></h4>
<div class="level4">
<p>
Create OBM virtual host (for example obm.example.com) in <acronym title="LemonLDAP::NG">LL::NG</acronym> configuration: <code>Virtual Hosts</code> » <code>New virtual host</code>.
</p>
<p>
Then edit rules and headers.
</p>
</div>
<h5><a name="rules" id="rules">Rules</a></h5>
<div class="level5">
<p>
Define at least:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Default rule</strong>: who can access to the application</div>
</li>
<li class="level1"><div class="li"> <strong>Logout rule</strong>: catch OBM logout</div>
</li>
<li class="level1"><div class="li"> <strong>Exceptions</strong>: allow anonymous access for specific URLs (connectors, etc.)</div>
</li>
</ul>
<table class="inline">
<tr class="row0 roweven">
<th class="col0">field </th><th class="col1">value </th>
</tr>
<tr class="row1 rowodd">
<td class="col0">^/logout</td><td class="col1">logout_sso</td>
</tr>
<tr class="row2 roweven">
<td class="col0">^/obm-sync</td><td class="col1">unprotect</td>
</tr>
<tr class="row3 rowodd">
<td class="col0">^/minig</td><td class="col1">unprotect</td>
</tr>
<tr class="row4 roweven">
<td class="col0">^/Microsoft-Server-ActiveSync</td><td class="col1">unprotect</td>
</tr>
<tr class="row5 rowodd">
<td class="col0">^/caldav</td><td class="col1">unprotect</td>
</tr>
<tr class="row6 roweven">
<td class="col0">default</td><td class="col1">accept (or whatever you want)</td>
</tr>
</table>
</div>
<h5><a name="headers" id="headers">Headers</a></h5>
<div class="level5">
<p>
Define headers used in OBM mapping, for example:
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0">field </th><th class="col1">valeur </th>
</tr>
<tr class="row1 rowodd">
<td class="col0">OBM_GIVENNAME</td><td class="col1">$givenName</td>
</tr>
<tr class="row2 roweven">
<td class="col0">OBM_GROUPS</td><td class="col1">$groups</td>
</tr>
<tr class="row3 rowodd">
<td class="col0">OBM_UID</td><td class="col1">$uidR</td>
</tr>
<tr class="row4 roweven">
<td class="col0">OBM_MAIL</td><td class="col1">$mailR</td>
</tr>
<tr class="row5 rowodd">
<td class="col0">OBM_USERPASSWORD</td><td class="col1">$_password</td>
</tr>
</table>
</div>
<h4><a name="other" id="other">Other</a></h4>
<div class="level4">
<p>
Do not forget to add OBM in <a href="../../../documentation/1.0/portalmenu.html#categories_and_applications" class="wikilink1" title="documentation:1.0:portalmenu">applications menu</a>.
</p>
</div>
<!-- SECTION "LL::NG" [6168-] --></div><!-- closes <div class="dokuwiki export">-->

64
build/lemonldap-ng/doc/pages/documentation/1.0/authcas.html
View File

@ -57,12 +57,45 @@
</p>
<p>
They can then be forwarded to applications trough <a href="../../documentation/1.0/writingrulesand_headers.html#headers" class="wikilink1" title="documentation:1.0:writingrulesand_headers">HTTP headers</a>.
</p>
</div>
<!-- SECTION "Presentation" [71-656] -->
<!-- SECTION "Presentation" [71-655] -->
<h2><a name="perl-cas_module_installation" id="perl-cas_module_installation">Perl-CAS module installation</a></h2>
<div class="level2">
<p>
Download the latest version:
</p>
<pre class="code">
wget https://sourcesup.cru.fr/frs/download.php/2476/AuthCAS-1.4.tar.gz
</pre>
<p>
Extract and build the module:
</p>
<pre class="code">
tar zxvf AuthCAS-1.4.tar.gz
cd AuthCAS-1.4/
perl Makefile.PL
make
make test
</pre>
<p>
Install the module:
</p>
<pre class="code">
sudo make install
</pre>
</div>
<!-- SECTION "Perl-CAS module installation" [656-989] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
@ -72,7 +105,6 @@ In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modu
</p>
<p>
<p><div class="notetip">You can then choose any other module for users and password.
</div></p>
</p>
@ -91,7 +123,7 @@ Then, go in <code><acronym title="Central Authentication Service">CAS</acronym>
</li>
<li class="level1"><div class="li"> <strong>Gateways authentication</strong>: force transparent authentication on <acronym title="Central Authentication Service">CAS</acronym> server</div>
</li>
<li class="level1"><div class="li"> <strong><acronym title="Proxy Granting Ticket">PGT</acronym> file</strong>: temporary file where proxy tickets are stored</div>
<li class="level1"><div class="li"> <strong><acronym title="Proxy Granting Ticket">PGT</acronym> file</strong>: temporary file where proxy tickets are stored (by default, <code>/tmp/pgt.txt</code>)</div>
</li>
<li class="level1"><div class="li"> <strong>Proxied services</strong>: list of services for which a proxy ticket is requested:</div>
<ul>
@ -103,5 +135,27 @@ Then, go in <code><acronym title="Central Authentication Service">CAS</acronym>
</li>
</ul>
<p>
<p><div class="notetip">If no proxied services defined, <acronym title="Central Authentication Service">CAS</acronym> authentication will not activate the <acronym title="Central Authentication Service">CAS</acronym> proxy mode.
</div></p>
</p>
<p>
<p><div class="noteimportant">
If you activate proxy mode, you must create the <acronym title="Proxy Granting Ticket">PGT</acronym> file on your system, for example:
</p>
<pre class="code">
touch /tmp/pgt.txt
</pre>
<p>
</div></p>
</p>
</div>
<!-- SECTION "Configuration" [657-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "Configuration" [990-] --></div><!-- closes <div class="dokuwiki export">-->

78
build/lemonldap-ng/doc/pages/documentation/1.0/authnull.html Normal file
View File

@ -0,0 +1,78 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="null" id="null">Null</a></h1>
<div class="level1">
<table class="inline">
<tr class="row0 roweven">
<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2 centeralign"></td>
</tr>
</table>
</div>
<!-- SECTION "Null" [1-84] -->
<h2><a name="presentation" id="presentation">Presentation</a></h2>
<div class="level2">
<p>
<acronym title="LemonLDAP::NG">LL::NG</acronym> Null backend is a transparent backend:
</p>
<ul>
<li class="level1"><div class="li"> Authentication: will create session without prompting any credentials (but will register client <acronym title="Internet Protocol">IP</acronym> and creation date)</div>
</li>
<li class="level1"><div class="li"> Users: will not collect any data (but you can still register environment variables in session)</div>
</li>
<li class="level1"><div class="li"> Password: will not change any password</div>
</li>
</ul>
<p>
You can use Null backend to bypass some authentication process steps.
</p>
</div>
<!-- SECTION "Presentation" [85-492] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Null for authentication, users or password module.
</p>
<p>
Then, go in <code>Null parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module.</div>
</li>
</ul>
</div>
<!-- SECTION "Configuration" [493-] --></div><!-- closes <div class="dokuwiki export">-->

8
build/lemonldap-ng/doc/pages/documentation/1.0/authopenid.html
View File

@ -29,12 +29,12 @@
<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 rightalign"></td><td class="col2"> </td>
<td class="col0 centeralign"></td><td class="col1 centeralign"> </td><td class="col2"> </td>
</tr>
</table>
</div>
<!-- SECTION "OpenID" [1-78] -->
<!-- SECTION "OpenID" [1-79] -->
<h2><a name="presentation" id="presentation">Presentation</a></h2>
<div class="level2">
@ -66,7 +66,7 @@ If OpenID is used as users database, attributes will be requested to the server
</p>
</div>
<!-- SECTION "Presentation" [79-825] -->
<!-- SECTION "Presentation" [80-826] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
@ -125,4 +125,4 @@ To configure requested attributes, go in <code>Variables</code> &gt; <code>Expor
</ul>
</div>
<!-- SECTION "Configuration" [826-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "Configuration" [827-] --></div><!-- closes <div class="dokuwiki export">-->

88
build/lemonldap-ng/doc/pages/documentation/1.0/authproxy.html Normal file
View File

@ -0,0 +1,88 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="proxy" id="proxy">Proxy</a></h1>
<div class="level1">
<table class="inline">
<tr class="row0 roweven">
<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2"> </td>
</tr>
</table>
</div>
<!-- SECTION "Proxy" [1-79] -->
<h2><a name="presentation" id="presentation">Presentation</a></h2>
<div class="level2">
<p>
<acronym title="LemonLDAP::NG">LL::NG</acronym> is able to transfer (trough <acronym title="Simple Object Access Protocol">SOAP</acronym>) authentication credentials to another <acronym title="LemonLDAP::NG">LL::NG</acronym> portal, like a proxy.
</p>
<p>
The difference with <a href="../../documentation/1.0/authremote.html" class="wikilink1" title="documentation:1.0:authremote">remote authentication</a> is that the client will never be redirect to the main <acronym title="LemonLDAP::NG">LL::NG</acronym> portal. This configuration is usable if you want to expose your internal <acronym title="Single Sign On">SSO</acronym> portal to another network (DMZ).
</p>
</div>
<!-- SECTION "Presentation" [80-443] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
</div>
<!-- SECTION "Configuration" [444-470] -->
<h3><a name="external_portal" id="external_portal">External portal</a></h3>
<div class="level3">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Proxy for authentication and users.
</p>
<p>
Then, go in <code>Proxy parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Portal <acronym title="Uniform Resource Locator">URL</acronym></strong>: <acronym title="Uniform Resource Locator">URL</acronym> of internal portal</div>
</li>
<li class="level1"><div class="li"> <strong>Cookie name</strong> (optional): name of the cookie of internal portal, if different from external portal</div>
</li>
<li class="level1"><div class="li"> <strong><acronym title="Simple Object Access Protocol">SOAP</acronym> sessions end point</strong> (optional): <acronym title="Simple Object Access Protocol">SOAP</acronym> end point, if not based on internal portal <acronym title="Uniform Resource Locator">URL</acronym> with <code>index.pl/sessions</code> suffix</div>
</li>
</ul>
</div>
<!-- SECTION "External portal" [471-928] -->
<h3><a name="internal_portal" id="internal_portal">Internal portal</a></h3>
<div class="level3">
<p>
The portal must be configured to accept <acronym title="Simple Object Access Protocol">SOAP</acronym> authentication requests. See <a href="../../documentation/1.0/soapsessionbackend.html" class="wikilink1" title="documentation:1.0:soapsessionbackend">SOAP session backend</a> documentation.
</p>
</div>
<!-- SECTION "Internal portal" [929-] --></div><!-- closes <div class="dokuwiki export">-->

179
build/lemonldap-ng/doc/pages/documentation/1.0/authremote.html Normal file
View File

@ -0,0 +1,179 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="remote" id="remote">Remote</a></h1>
<div class="level1">
<table class="inline">
<tr class="row0 roweven">
<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2"> </td>
</tr>
</table>
<p>
<p><div class="notetip">This module in a <acronym title="LemonLDAP::NG">LL::NG</acronym> specific identity federation protocol. You may rather use standards protocols like <a href="../../documentation/1.0/idpsaml.html" class="wikilink1" title="documentation:1.0:idpsaml">SAML</a>, <a href="../../documentation/1.0/idpopenid.html" class="wikilink2" title="documentation:1.0:idpopenid" rel="nofollow">OpenID</a> or <a href="../../documentation/1.0/idpcas.html" class="wikilink2" title="documentation:1.0:idpcas" rel="nofollow">CAS</a>.
</div></p>
</p>
</div>
<!-- SECTION "Remote" [1-263] -->
<h2><a name="presentation" id="presentation">Presentation</a></h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> The main portal is configured to use <acronym title="Cross Domain Authentication">CDA</acronym>. The secondary portal is declared in the Manager of the main <acronym title="LemonLDAP::NG">LL::NG</acronym> structure (else user will be rejected).</div>
</li>
<li class="level1"><div class="li"> The portal of the secondary <acronym title="LemonLDAP::NG">LL::NG</acronym> structure is configured to delegate authentication to a remote portal. A request to the main session database is done (trough <a href="../../documentation/1.0/soapsessionbackend.html" class="wikilink1" title="documentation:1.0:soapsessionbackend">SOAP session backend</a>) to be sure that the session exists.</div>
</li>
<li class="level1"><div class="li"> If <code>exportedAttr</code> is set, only those attributes are copied in the session database of the secondary <acronym title="LemonLDAP::NG">LL::NG</acronym> structure. Else, all data are copied in the session database.</div>
</li>
</ul>
<p>
<a href="/_detail/documentation/remote-principle.png?id=documentation%3A1.0%3Aauthremote" class="media" title="documentation:remote-principle.png"><img src="../../../media/documentation/remote-principle.png" class="mediacenter" alt="" /></a>
</p>
<ol>
<li class="level1"><div class="li"> User tries to access to an application in the secondary <acronym title="LemonLDAP::NG">LL::NG</acronym> structure without having a session in this area</div>
</li>
<li class="level1"><div class="li"> Redirection to the portal of the secondary area (transparent)</div>
</li>
<li class="level1"><div class="li"> Redirection to the portal of the main area and normal authentication (if not done before)</div>
</li>
<li class="level1"><div class="li"> Redirection to the portal of the secondary area (transparent)</div>
</li>
<li class="level1"><div class="li"> Secondary portal check if remote session is available. It can be done via direct access to the session database or using <acronym title="Simple Object Access Protocol">SOAP</acronym> access. Then it creates the session (with attribute filter)</div>
</li>
<li class="level1"><div class="li"> User can now access to the protected application</div>
</li>
</ol>
<p>
<p><div class="noteclassic">Note that if the user is already authenticated on the first portal, all redirections are transparent.
</div></p>
</p>
</div>
<!-- SECTION "Presentation" [264-1609] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
</div>
<!-- SECTION "Configuration" [1610-1636] -->
<h3><a name="main_llng_structure" id="main_llng_structure">Main LL::NG structure</a></h3>
<div class="level3">
<p>
Go in Manager, and:
</p>
<ul>
<li class="level1"><div class="li"> activate <acronym title="Cross Domain Authentication">CDA</acronym> in <code>General Parameters</code> » <code>Cookies</code> » <code>Multiple domains</code></div>
</li>
<li class="level1"><div class="li"> declare secondary portal in <code>General Parameters</code> » <code>Advanced Parameters</code> » <code>Security</code> » <code>Trusted domains</code></div>
</li>
</ul>
</div>
<!-- SECTION "Main LL::NG structure" [1637-1893] -->
<h3><a name="secondary_llng_structure" id="secondary_llng_structure">Secondary LL::NG structure</a></h3>
<div class="level3">
<p>
Configure the portal to use the remote <acronym title="LemonLDAP::NG">LL::NG</acronym> structure.
</p>
<p>
In Manager, go in <code>General Parameters</code> » <code>Authentication modules</code> and choose Proxy for authentication and users.
</p>
<p>
Then, go in <code>Remote parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Portal <acronym title="Uniform Resource Locator">URL</acronym></strong>: remote portal <acronym title="Uniform Resource Locator">URL</acronym></div>
</li>
<li class="level1"><div class="li"> <strong>Cookie name</strong> (optional): name of the cookie of primary portal, if different from secondary portal</div>
</li>
<li class="level1"><div class="li"> <strong>Sessions module</strong>: set <code>Lemonldap::NG::Common::Apache::Session::<acronym title="Simple Object Access Protocol">SOAP</acronym></code> for <a href="../../documentation/1.0/soapsessionbackend.html" class="wikilink1" title="documentation:1.0:soapsessionbackend">SOAP session backend</a>.</div>
</li>
<li class="level1"><div class="li"> <strong>Sessions module options</strong>:</div>
<ul>
<li class="level2"><div class="li"> <strong>proxy</strong>: <acronym title="Simple Object Access Protocol">SOAP</acronym> sessions end point (see <a href="../../documentation/1.0/soapsessionbackend.html" class="wikilink1" title="documentation:1.0:soapsessionbackend">SOAP session backend</a> documentation)</div>
</li>
</ul>
</li>
</ul>
</div>
<!-- SECTION "Secondary LL::NG structure" [1894-2553] -->
<h3><a name="exampleinteroperability_between_2_organizations" id="exampleinteroperability_between_2_organizations">Example: interoperability between 2 organizations</a></h3>
<div class="level3">
<p>
Using this, we can do a very simple interoperability system between 2 organizations using two <acronym title="LemonLDAP::NG">LL::NG</acronym> structures:
</p>
<ul>
<li class="level1"><div class="li"> each area has 2 portals:</div>
<ul>
<li class="level2"><div class="li"> One standard portal</div>
</li>
<li class="level2"><div class="li"> One remote portal that delegates authentication to the second organization (just an other file on the same server)</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> The normal portal has a link included in the authentication form pointing to the remote portal for the users of the other organization</div>
</li>
</ul>
<p>
So on each main portal, internal users can access normally, and users issued from the other organization have just to click on the link:
</p>
<p>
<a href="/_detail/documentation/remote-interoperability.png?id=documentation%3A1.0%3Aauthremote" class="media" title="documentation:remote-interoperability.png"><img src="../../../media/documentation/remote-interoperability.png" class="mediacenter" alt="" /></a>
</p>
<ol>
<li class="level1"><div class="li"> One user tries to access to the portal</div>
</li>
<li class="level1"><div class="li"> External user clicks to be redirected to the remote type portal</div>
</li>
<li class="level1"><div class="li"> After redirection, normal authentication in the remote portal</div>
</li>
<li class="level1"><div class="li"> Redirection to the remote type portal</div>
</li>
<li class="level1"><div class="li"> Validation of the session: external user has now a local session</div>
</li>
</ol>
</div>
<!-- SECTION "Example: interoperability between 2 organizations" [2554-] --></div><!-- closes <div class="dokuwiki export">-->

284
build/lemonldap-ng/doc/pages/documentation/1.0/authsaml.html Normal file
View File

@ -0,0 +1,284 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="saml" id="saml">SAML</a></h1>
<div class="level1">
<table class="inline">
<tr class="row0 roweven">
<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2"> </td>
</tr>
</table>
</div>
<!-- SECTION "SAML" [1-78] -->
<h2><a name="presentation" id="presentation">Presentation</a></h2>
<div class="level2">
<p>
<acronym title="LemonLDAP::NG">LL::NG</acronym> can use SAML2 to get user identity and grab some attributes defined in user profile on its Identity Provider (IDP). In this case, <acronym title="LemonLDAP::NG">LL::NG</acronym> acts like an SAML2 Service Provider (SP).
</p>
<p>
Several IDPs are allowed, in this case the user will choose the IDP he wants. You can preselect IDP with an IDP resolution rule.
</p>
<p>
For each IDP, you can configure attributes that are collected. Some can be mandatory, so if they are not returned by IDP, the session will not open.
</p>
<p>
<p><div class="notetip"><acronym title="LemonLDAP::NG">LL::NG</acronym> can also act as <a href="../../documentation/1.0/idpsaml.html" class="wikilink1" title="documentation:1.0:idpsaml">SAML IDP</a>, that allows to interconnect two <acronym title="LemonLDAP::NG">LL::NG</acronym> systems.
</div></p>
</p>
</div>
<!-- SECTION "Presentation" [79-682] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
</div>
<!-- SECTION "Configuration" [683-709] -->
<h3><a name="saml_service" id="saml_service">SAML Service</a></h3>
<div class="level3">
<p>
See <a href="../../documentation/1.0/samlservice.html" class="wikilink1" title="documentation:1.0:samlservice">SAML service</a> configuration chapter.
</p>
</div>
<!-- SECTION "SAML Service" [710-790] -->
<h3><a name="authentication_and_userdb" id="authentication_and_userdb">Authentication and UserDB</a></h3>
<div class="level3">
<p>
In <code>General Parameters</code> &gt; <code>Authentication modules</code>, set:
</p>
<ul>
<li class="level1"><div class="li"> Authentication module: <acronym title="Security Assertion Markup Language">SAML</acronym></div>
</li>
<li class="level1"><div class="li"> Users module: <acronym title="Security Assertion Markup Language">SAML</acronym></div>
</li>
</ul>
<p>
<p><div class="notetip">As passwords will not be managed by <acronym title="LemonLDAP::NG">LL::NG</acronym>, you can disable <a href="../../documentation/1.0/portalmenu.html#menu_modules" class="wikilink1" title="documentation:1.0:portalmenu">menu password module</a>.
</div></p>
</p>
</div>
<!-- SECTION "Authentication and UserDB" [791-1074] -->
<h3><a name="register_lemonldapng_on_partner_identity_provider" id="register_lemonldapng_on_partner_identity_provider">Register LemonLDAP::NG on partner Identity Provider</a></h3>
<div class="level3">
<p>
After configuring <acronym title="Security Assertion Markup Language">SAML</acronym> Service, you can export metadata to your partner Identity Provider.
</p>
<p>
They are available at the EntityID <acronym title="Uniform Resource Locator">URL</acronym>, by default: <a href="http://auth.example.com/saml/metadata" class="urlextern" title="http://auth.example.com/saml/metadata" rel="nofollow">http://auth.example.com/saml/metadata</a>.
</p>
</div>
<!-- SECTION "Register LemonLDAP::NG on partner Identity Provider" [1075-1321] -->
<h3><a name="register_partner_identity_provider_on_lemonldapng" id="register_partner_identity_provider_on_lemonldapng">Register partner Identity Provider on LemonLDAP::NG</a></h3>
<div class="level3">
<p>
In the Manager, select node <code><acronym title="Security Assertion Markup Language">SAML</acronym> identity providers</code> and click on <code>New identity provider</code>:
</p>
<p>
<a href="/_detail/documentation/manager-saml-idp-new.png?id=documentation%3A1.0%3Aauthsaml" class="media" title="documentation:manager-saml-idp-new.png"><img src="../../../media/documentation/manager-saml-idp-new.png" class="mediacenter" alt="" /></a>
</p>
<p>
The IDP name is asked, enter it and click OK.
</p>
<p>
Now you have access to the IDP parameters list:
</p>
<p>
<a href="/_detail/documentation/manager-saml-idp-list.png?id=documentation%3A1.0%3Aauthsaml" class="media" title="documentation:manager-saml-idp-list.png"><img src="../../../media/documentation/manager-saml-idp-list.png" class="mediacenter" alt="" /></a>
</p>
</div>
<h4><a name="metadata" id="metadata">Metadata</a></h4>
<div class="level4">
<p>
You must register IDP metadata here. You can do it either by uploading the file, or get it from IDP metadata <acronym title="Uniform Resource Locator">URL</acronym> (this require a network link between your server and the IDP):
</p>
<p>
<a href="/_detail/documentation/manager-saml-idp-metadata.png?id=documentation%3A1.0%3Aauthsaml" class="media" title="documentation:manager-saml-idp-metadata.png"><img src="../../../media/documentation/manager-saml-idp-metadata.png" class="mediacenter" alt="" /></a>
</p>
<p>
<p><div class="notetip">You can also copy/paste the metadata: just click on the Edit button. When the text is pasted, click on the Apply button to keep the value.
</div></p>
</p>
</div>
<h4><a name="exported_attributes" id="exported_attributes">Exported attributes</a></h4>
<div class="level4">
<p>
For each attribute, you can set:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Key name</strong>: name of the key in LemonLDAP::NG session (for example “uid” will then be used as $uid in access rules)</div>
</li>
<li class="level1"><div class="li"> <strong>Mandatory</strong>: if set to On, then session will not open if this attribute is not given by IDP.</div>
</li>
<li class="level1"><div class="li"> <strong>Name</strong>: <acronym title="Security Assertion Markup Language">SAML</acronym> attribute name.</div>
</li>
<li class="level1"><div class="li"> <strong>Friendly Name</strong>: optional, <acronym title="Security Assertion Markup Language">SAML</acronym> attribute friendly name.</div>
</li>
<li class="level1"><div class="li"> <strong>Format</strong> (optional): <acronym title="Security Assertion Markup Language">SAML</acronym> attribute format.</div>
</li>
</ul>
<p>
<a href="/_detail/documentation/manager-saml-idp-attribute.png?id=documentation%3A1.0%3Aauthsaml" class="media" title="documentation:manager-saml-idp-attribute.png"><img src="../../../media/documentation/manager-saml-idp-attribute.png" class="mediacenter" alt="" /></a>
</p>
</div>
<h4><a name="options" id="options">Options</a></h4>
<div class="level4">
</div>
<h5><a name="general_options" id="general_options">General options</a></h5>
<div class="level5">
<ul>
<li class="level1"><div class="li"> <strong>Resolution Rule</strong>: rule that will be applied to preselect an IDP for a user. You have access to all environment variable, like user <acronym title="Internet Protocol">IP</acronym> address.</div>
</li>
</ul>
<p>
For example, to preselect this IDP for users coming from 129.168.0.0/16 network:
</p>
<pre class="code">
$ENV{REMOTE_ADDR} =~ /^192\.168/
</pre>
</div>
<h5><a name="authentication_request" id="authentication_request">Authentication request</a></h5>
<div class="level5">
<ul>
<li class="level1"><div class="li"> <strong>NameID format</strong>: force NameID format here (email, persistent, transient, etc.). If no value, will use first NameID Format activated in metadata.</div>
</li>
<li class="level1"><div class="li"> <strong>Force authentication</strong>: set ForceAuthn flag in authentication request</div>
</li>
<li class="level1"><div class="li"> <strong>Passive authentication</strong>: set IsPassive flag in authentication request</div>
</li>
<li class="level1"><div class="li"> <strong>Allow proxied authentication</strong>: allow an authentication response to be issued from another IDP that the one we register (proxy IDP). If you disallow this, you should also disallow direct login form IDP, because proxy restriction is set in authentication requests.</div>
</li>
<li class="level1"><div class="li"> <strong>Allow login from IDP</strong>: allow a user to connect directly from an IDP link. In this case, authentication is not a response to an issued authentication request, and we have less control on conditions.</div>
</li>
<li class="level1"><div class="li"> <strong>Requested authentication context</strong>: this context is declared in authentication request. When receiving the request, the real authentication context will be mapped ton an internal authentication level (see <a href="../../documentation/1.0/samlservice.html#authentication_contexts" class="wikilink1" title="documentation:1.0:samlservice">how configure the mapping</a>), that you can check to allow or deny session creation.</div>
</li>
</ul>
</div>
<h5><a name="session" id="session">Session</a></h5>
<div class="level5">
<ul>
<li class="level1"><div class="li"> <strong>Adapt session lifetime</strong>: session lifetime will be adapted from <code>SessionNotOnOrAfter</code> value found in authentication response. It means that if the IDP propose to close session earlier than the default LemonLDAP::NG timeout, the session _utime will be modified so that session is erased at the date indicated by the IDP.</div>
</li>
<li class="level1"><div class="li"> <strong>Force UTF-8</strong>: this will force UTF-8 conversion of attributes values collected from IDP.</div>
</li>
</ul>
</div>
<h5><a name="signature" id="signature">Signature</a></h5>
<div class="level5">
<p>
These options override service signature options (see <a href="../../documentation/1.0/samlservice.html#general_options" class="wikilink1" title="documentation:1.0:samlservice">SAML service configuration</a>).
</p>
<ul>
<li class="level1"><div class="li"> <strong>Sign <acronym title="Single Sign On">SSO</acronym> message</strong>: sign <acronym title="Single Sign On">SSO</acronym> message</div>
</li>
<li class="level1"><div class="li"> <strong>Check <acronym title="Single Sign On">SSO</acronym> message signature</strong>: check <acronym title="Single Sign On">SSO</acronym> message signature</div>
</li>
<li class="level1"><div class="li"> <strong>Sign SLO message</strong>: sign SLO message</div>
</li>
<li class="level1"><div class="li"> <strong>Check SLO message signature</strong>: check SLO message signature</div>
</li>
</ul>
</div>
<h5><a name="binding" id="binding">Binding</a></h5>
<div class="level5">
<ul>
<li class="level1"><div class="li"> <strong><acronym title="Single Sign On">SSO</acronym> binding</strong>: force binding to use for <acronym title="Single Sign On">SSO</acronym> (http-redirect, http-post, etc.)</div>
</li>
<li class="level1"><div class="li"> <strong>SLO binding</strong>: force binding to use for SLO (http-redirect, http-post, etc.)</div>
</li>
</ul>
<p>
<p><div class="noteclassic">If no binding defined, the default binding in IDP metadata will be used.
</div></p>
</p>
</div>
<h5><a name="security" id="security">Security</a></h5>
<div class="level5">
<ul>
<li class="level1"><div class="li"> <strong>Encryption mode</strong>: set the encryption mode for this IDP (None, NameID or Assertion).</div>
</li>
<li class="level1"><div class="li"> <strong>Check conditions</strong>: set to Off to disable conditions checking on authentication responses. Use with caution.</div>
</li>
</ul>
</div>
<!-- SECTION "Register partner Identity Provider on LemonLDAP::NG" [1322-] --></div><!-- closes <div class="dokuwiki export">-->

84
build/lemonldap-ng/doc/pages/documentation/1.0/authtwitter.html Normal file
View File

@ -0,0 +1,84 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="twitter" id="twitter">Twitter</a></h1>
<div class="level1">
<table class="inline">
<tr class="row0 roweven">
<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1"> </td><td class="col2"> </td>
</tr>
</table>
</div>
<!-- SECTION "Twitter" [1-75] -->
<h2><a name="presentation" id="presentation">Presentation</a></h2>
<div class="level2">
<p>
<a href="https://twitter.com" class="urlextern" title="https://twitter.com" rel="nofollow">Twitter</a> is a famous short messaging server. Twitter use <a href="http://en.wikipedia.org/wiki/OAuth" class="urlextern" title="http://en.wikipedia.org/wiki/OAuth" rel="nofollow">OAuth</a> protocol to allow applications to reuse its own authentication process (it means, if your are connected to Twitter, other applications can trust Twitter and let you in).
</p>
<p>
You need <a href="http://search.cpan.org/~mmims/Net-Twitter/" class="urlextern" title="http://search.cpan.org/~mmims/Net-Twitter/" rel="nofollow">Net::Twitter</a> package, with a very recent version (&gt;3).
</p>
<p>
You need to register a new application on Twitter to get <acronym title="Application Programming Interface">API</acronym> key and <acronym title="Application Programming Interface">API</acronym> secret. See <a href="http://dev.twitter.com/pages/api_faq" class="urlextern" title="http://dev.twitter.com/pages/api_faq" rel="nofollow">Twitter FAQ</a> on how to do that:.
</p>
</div>
<!-- SECTION "Presentation" [76-668] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Twitter for authentication module.
</p>
<p>
<p><div class="notetip">You can then choose any other module for users and password.
</div></p>
</p>
<p>
Then, go in <code>Twitter parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module.</div>
</li>
<li class="level1"><div class="li"> <strong><acronym title="Application Programming Interface">API</acronym> key</strong>: <acronym title="Application Programming Interface">API</acronym> key from Twitter</div>
</li>
<li class="level1"><div class="li"> <strong><acronym title="Application Programming Interface">API</acronym> secret</strong>: <acronym title="Application Programming Interface">API</acronym> secret from Twitter</div>
</li>
<li class="level1"><div class="li"> <strong>Application name</strong> (optional): Application name (visible in Twitter)</div>
</li>
</ul>
</div>
<!-- SECTION "Configuration" [669-] --></div><!-- closes <div class="dokuwiki export">-->

108
build/lemonldap-ng/doc/pages/documentation/1.0/browseablesessionbackend.html Normal file
View File

@ -0,0 +1,108 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="browseable_session_backend" id="browseable_session_backend">Browseable session backend</a></h1>
<div class="level1">
<p>
Browseable session backend (<a href="http://search.cpan.org/perldoc?Apache::Session::Browseable" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Browseable" rel="nofollow">Apache::Session::Browseable</a>) works exactly like Apache::Session::* corresponding module but add indexes that increase <a href="../../documentation/features.html#session_explorer" class="wikilink1" title="documentation:features">session explorer</a> and <a href="../../documentation/features.html#session_restrictions" class="wikilink1" title="documentation:features">session restrictions</a> performances.
</p>
</div>
<!-- SECTION "Browseable session backend" [1-400] -->
<h2><a name="setup" id="setup">Setup</a></h2>
<div class="level2">
</div>
<!-- SECTION "Setup" [401-419] -->
<h3><a name="prepare_database" id="prepare_database">Prepare database</a></h3>
<div class="level3">
<p>
Database must be prepared exactly like in <a href="../../documentation/1.0/sqlsessionbackend.html#prepare_the_database" class="wikilink1" title="documentation:1.0:sqlsessionbackend">SQL session backend</a> except that a field must be added for each data to index. Example with MySQL and index set to uid+ipAddr (recommended)
</p>
<pre class="code file sql"><span class="kw1">CREATE</span> <span class="kw1">TABLE</span> sessions <span class="br0">&#40;</span>
id char<span class="br0">&#40;</span>32<span class="br0">&#41;</span> <span class="kw1">NOT</span> <span class="kw1">NULL</span> <span class="kw1">PRIMARY</span> <span class="kw1">KEY</span><span class="sy0">,</span>
a_session blob<span class="sy0">,</span>
uid varchar<span class="br0">&#40;</span>255<span class="br0">&#41;</span><span class="sy0">,</span>
ipAddr varchar<span class="br0">&#40;</span>15<span class="br0">&#41;</span><span class="sy0">,</span>
<span class="kw1">KEY</span> uid <span class="br0">&#40;</span>uid<span class="br0">&#41;</span><span class="sy0">,</span>
<span class="kw1">KEY</span> ipAddr <span class="br0">&#40;</span>ipAddr<span class="br0">&#41;</span>
<span class="br0">&#41;</span>;</pre>
</div>
<!-- SECTION "Prepare database" [420-870] -->
<h3><a name="manager" id="manager">Manager</a></h3>
<div class="level3">
<p>
Go in the Manager and set the session module (for example <a href="http://search.cpan.org/perldoc?Apache::Session::Browseable::MySQL" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Browseable::MySQL" rel="nofollow">Apache::Session::Browseable::MySQL</a> for MySQL) in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign" colspan="3"> Required parameters </th>
</tr>
<tr class="row1 rowodd">
<th class="col0 centeralign"> Name </th><th class="col1 centeralign"> Comment </th><th class="col2 centeralign"> Example </th>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <strong>DataSource</strong> </td><td class="col1"> The <a href="http://search.cpan.org/perldoc?DBI" class="urlextern" title="http://search.cpan.org/perldoc?DBI" rel="nofollow">DBI</a> string </td><td class="col2"> dbi:mysql:dbname=sessions </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <strong>UserName</strong> </td><td class="col1"> The database username </td><td class="col2"> lemonldapng </td>
</tr>
<tr class="row4 roweven">
<td class="col0 centeralign"> <strong>Password</strong> </td><td class="col1"> The database password </td><td class="col2"> mysuperpassword </td>
</tr>
<tr class="row5 rowodd">
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index </td><td class="col2"> uid ipAddr </td>
</tr>
</table>
<p>
<p><div class="notetip">Apache::Session::Browseable::MySQL doesn&#039;t use locks so performances are keeped.
</div></p>
</p>
</div>
<!-- SECTION "Manager" [871-1633] -->
<h2><a name="security" id="security">Security</a></h2>
<div class="level2">
<p>
Restrict network access to the database.
</p>
<p>
You can also use different user/password for your servers by overriding parameters <code>globalStorage</code> and <code>globalStorageOptions</code> in lemonldap-ng.ini file.
</p>
</div>
<!-- SECTION "Security" [1634-] --></div><!-- closes <div class="dokuwiki export">-->

72
build/lemonldap-ng/doc/pages/documentation/1.0/filesessionbackend.html Normal file
View File

@ -0,0 +1,72 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="file_session_backend" id="file_session_backend">File session backend</a></h1>
<div class="level1">
<p>
File session backend is the more simple session database. Sessions are stored as files in a single directory. Lock files are stored in another directory. It can not be used to share sessions between different servers except if you share directories (with NFS,…).
</p>
</div>
<!-- SECTION "File session backend" [1-302] -->
<h2><a name="setup" id="setup">Setup</a></h2>
<div class="level2">
<p>
In the manager: set ”<a href="http://search.cpan.org/perldoc?Apache::Session::File" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::File" rel="nofollow">Apache::Session::File</a>” in “General parameters » Sessions » Session storage » Apache::Session module” and add the following parameters (case sensitive):
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign" colspan="3"> Required parameters </th>
</tr>
<tr class="row1 rowodd">
<th class="col0 centeralign"> Name </th><th class="col1 centeralign"> Comment </th><th class="col2 centeralign"> Example </th>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <strong>Directory</strong> </td><td class="col1"> The path to the main directory </td><td class="col2"> /var/lib/lemonldap-ng/sessions </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <strong>LockDirectory</strong> </td><td class="col1"> The path to the lock directory </td><td class="col2"> /var/lib/lemonldap-ng/sessions/lock </td>
</tr>
</table>
</div>
<!-- SECTION "Setup" [303-800] -->
<h2><a name="security" id="security">Security</a></h2>
<div class="level2">
<p>
Restrict access to the directories only to the Apache server. Example:
</p>
<pre class="code shell">chmod 750 /var/lib/lemonldap-ng/sessions /var/lib/lemonldap-ng/sessions/lock
chown www-data:www-data /var/lib/lemonldap-ng/sessions /var/lib/lemonldap-ng/sessions/lock</pre>
</div>
<!-- SECTION "Security" [801-] --></div><!-- closes <div class="dokuwiki export">-->

227
build/lemonldap-ng/doc/pages/documentation/1.0/idpsaml.html Normal file
View File

@ -0,0 +1,227 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="saml_identity_provider" id="saml_identity_provider">SAML Identity Provider</a></h1>
<div class="level1">
</div>
<!-- SECTION "SAML Identity Provider" [1-38] -->
<h2><a name="presentation" id="presentation">Presentation</a></h2>
<div class="level2">
<p>
<acronym title="LemonLDAP::NG">LL::NG</acronym> can act as an <acronym title="Security Assertion Markup Language">SAML</acronym> 2.0 Identity Provider, that can allow to federate <acronym title="LemonLDAP::NG">LL::NG</acronym> with:
</p>
<ul>
<li class="level1"><div class="li"> Another <acronym title="LemonLDAP::NG">LL::NG</acronym> system configured with <a href="../../documentation/1.0/authsaml.html" class="wikilink1" title="documentation:1.0:authsaml">SAML authentication</a></div>
</li>
<li class="level1"><div class="li"> Any <acronym title="Security Assertion Markup Language">SAML</acronym> Service Provider, for example:</div>
</li>
</ul>
<div class="plugin_include_content" id="plugin_include__documentation:1.0:applications">
<div class="level2">
<table class="inline">
<tr class="row0 roweven">
<td class="col0 leftalign"> </td><th class="col1 centeralign"> Description </th><th class="col2 centeralign"> Procedure </th>
</tr>
<tr class="row1 rowodd">
<th class="col0 centeralign"> Google Apps<br/><a href="/_detail/applications/googleapps_logo.png?id=documentation%3A1.0%3Aidpsaml" class="media" title="applications:googleapps_logo.png"><img src="../../../media/applications/googleapps_logo.png" class="media" alt="" /></a> </th><td class="col1 centeralign"> Gmail, Calendar, … </td><td class="col2 centeralign"> <a href="../../applications/googleapps.html" class="wikilink2" title="applications:googleapps" rel="nofollow">Procedure</a> </td>
</tr>
</table>
</div>
</div>
<div class="level2">
</div>
<!-- SECTION "Presentation" [39-323] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
</div>
<!-- SECTION "Configuration" [324-350] -->
<h3><a name="saml_service" id="saml_service">SAML Service</a></h3>
<div class="level3">
<p>
See <a href="../../documentation/1.0/samlservice.html" class="wikilink1" title="documentation:1.0:samlservice">SAML service</a> configuration chapter.
</p>
</div>
<!-- SECTION "SAML Service" [351-431] -->
<h3><a name="issuerdb" id="issuerdb">IssuerDB</a></h3>
<div class="level3">
<p>
Go in <code>General Parameters</code> » <code>Issuer modules</code> » <code><acronym title="Security Assertion Markup Language">SAML</acronym></code> and configure:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Activation</strong>: set to <code>On</code>.</div>
</li>
<li class="level1"><div class="li"> <strong>Path</strong>: keep <code>^/saml/</code> unless you have change <acronym title="Security Assertion Markup Language">SAML</acronym> end points suffix in <a href="../../documentation/1.0/samlservice.html" class="wikilink1" title="documentation:1.0:samlservice">SAML service configuration</a>.</div>
</li>
<li class="level1"><div class="li"> <strong>Use rule</strong>: a rule to allow user to use this module, set to <code>1</code> to always allow.</div>
</li>
</ul>
<p>
<p><div class="notetip">
For example, to allow only users with a strong authentication level:
</p>
<pre class="code">
$authenticationLevel &gt; 2
</pre>
<p>
</div></p>
</p>
</div>
<!-- SECTION "IssuerDB" [432-907] -->
<h3><a name="register_lemonldapng_on_partner_service_provider" id="register_lemonldapng_on_partner_service_provider">Register LemonLDAP::NG on partner Service Provider</a></h3>
<div class="level3">
<p>
After configuring <acronym title="Security Assertion Markup Language">SAML</acronym> Service, you can export metadata to your partner Service Provider.
</p>
<p>
They are available at the EntityID <acronym title="Uniform Resource Locator">URL</acronym>, by default: <a href="http://auth.example.com/saml/metadata" class="urlextern" title="http://auth.example.com/saml/metadata" rel="nofollow">http://auth.example.com/saml/metadata</a>.
</p>
</div>
<!-- SECTION "Register LemonLDAP::NG on partner Service Provider" [908-1152] -->
<h3><a name="register_partner_service_provider_on_lemonldapng" id="register_partner_service_provider_on_lemonldapng">Register partner Service Provider on LemonLDAP::NG</a></h3>
<div class="level3">
<p>
In the Manager, select node <acronym title="Security Assertion Markup Language">SAML</acronym> service providers and click on New service provider:
</p>
<p>
<a href="/_detail/documentation/manager-saml-sp-new.png?id=documentation%3A1.0%3Aidpsaml" class="media" title="documentation:manager-saml-sp-new.png"><img src="../../../media/documentation/manager-saml-sp-new.png" class="mediacenter" alt="" /></a>
</p>
<p>
The SP name is asked, enter it and click OK.
</p>
<p>
Now you have access to the SP parameters list.
</p>
</div>
<h4><a name="metadata" id="metadata">Metadata</a></h4>
<div class="level4">
<p>
You must register SP metadata here. You can do it either by uploading the file, or get it from SP metadata <acronym title="Uniform Resource Locator">URL</acronym> (this require a network link between your server and the SP).
</p>
<p>
<p><div class="notetip">You can also copy/paste the metadata: just click on the Edit button. When the text is pasted, click on the Apply button to keep the value.
</div></p>
</p>
</div>
<h4><a name="exported_attributes" id="exported_attributes">Exported attributes</a></h4>
<div class="level4">
<p>
For each attribute, you can set:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Key name</strong>: name of the key in LemonLDAP::NG session</div>
</li>
<li class="level1"><div class="li"> <strong>Mandatory</strong>: if set to “On”, then this attribute will be sent in authentication response. Else it just will be sent trough an attribute response, if explicitly requested in an attribute request.</div>
</li>
<li class="level1"><div class="li"> <strong>Name</strong>: <acronym title="Security Assertion Markup Language">SAML</acronym> attribute name.</div>
</li>
<li class="level1"><div class="li"> <strong>Friendly Name</strong>: optional, <acronym title="Security Assertion Markup Language">SAML</acronym> attribute friendly name.</div>
</li>
<li class="level1"><div class="li"> <strong>Format</strong>: optional, <acronym title="Security Assertion Markup Language">SAML</acronym> attribute format.</div>
</li>
</ul>
</div>
<h4><a name="options" id="options">Options</a></h4>
<div class="level4">
</div>
<h5><a name="authentication_response" id="authentication_response">Authentication response</a></h5>
<div class="level5">
<ul>
<li class="level1"><div class="li"> <strong>Default NameID format</strong>: if no NameID format is requested, or the NameID format undefined, this NameID format will be used. If no value, the default NameID format is Email.</div>
</li>
<li class="level1"><div class="li"> <strong>One Time Use</strong>: set the OneTimeUse flag in authentication response.</div>
</li>
</ul>
</div>
<h5><a name="signature" id="signature">Signature</a></h5>
<div class="level5">
<p>
These options override service signature options (see <a href="../../documentation/1.0/samlservice.html#general_options" class="wikilink1" title="documentation:1.0:samlservice">SAML service configuration</a>).
</p>
<ul>
<li class="level1"><div class="li"> <strong>Sign <acronym title="Single Sign On">SSO</acronym> message</strong>: sign <acronym title="Single Sign On">SSO</acronym> message</div>
</li>
<li class="level1"><div class="li"> <strong>Check <acronym title="Single Sign On">SSO</acronym> message signature</strong>: check <acronym title="Single Sign On">SSO</acronym> message signature</div>
</li>
<li class="level1"><div class="li"> <strong>Sign SLO message</strong>: sign SLO message</div>
</li>
<li class="level1"><div class="li"> <strong>Check SLO message signature</strong>: check SLO message signature</div>
</li>
</ul>
</div>
<h5><a name="security" id="security">Security</a></h5>
<div class="level5">
<ul>
<li class="level1"><div class="li"> <strong>Encryption mode</strong>: set the encryption mode for this IDP (None, NameID or Assertion).</div>
</li>
</ul>
</div>
<!-- SECTION "Register partner Service Provider on LemonLDAP::NG" [1153-] --></div><!-- closes <div class="dokuwiki export">-->

100
build/lemonldap-ng/doc/pages/documentation/1.0/ldapsessionbackend.html Normal file
View File

@ -0,0 +1,100 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="ldap_session_backend" id="ldap_session_backend">LDAP session backend</a></h1>
<div class="level1">
<p>
An Apache session module was created by <acronym title="LemonLDAP::NG">LL::NG</acronym> team to store sessions in an <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> directory.
</p>
<p>
<p><div class="noteimportant">This module is not part of <acronym title="LemonLDAP::NG">LL::NG</acronym> distibution, and can be found on CPAN: <a href="http://search.cpan.org/dist/Apache-Session-LDAP/" class="urlextern" title="http://search.cpan.org/dist/Apache-Session-LDAP/" rel="nofollow">Apache::Session::LDAP</a>.
</div></p>
</p>
<p>
<p><div class="notetip">This module is also available in the <code>contribs</code> directory of <acronym title="LemonLDAP::NG">LL::NG</acronym> <a href="http://websvn.ow2.org/listing.php?repname=lemonldap&amp;path=%2Ftrunk%2Fcontribs%2Fapache-session-ldap%2F" class="urlextern" title="http://websvn.ow2.org/listing.php?repname=lemonldap&amp;path=%2Ftrunk%2Fcontribs%2Fapache-session-ldap%2F" rel="nofollow">subversion repository</a>.
</div></p>
</p>
<p>
Sessions will be stored as <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> entries, like this:
</p>
<pre class="file">
dn: cn=6fb7c4a170a04668771f03b0a4747f46,ou=sessions,dc=example,dc=com
objectClass: top
objectClass: applicationProcess
cn: 6fb7c4a170a04668771f03b0a4747f46
description: [serialized data]
</pre>
</div>
<!-- SECTION "LDAP session backend" [1-775] -->
<h2><a name="setup" id="setup">Setup</a></h2>
<div class="level2">
<p>
Go in the Manager and set the <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> session module (<a href="http://search.cpan.org/dist/Apache-Session-LDAP/" class="urlextern" title="http://search.cpan.org/dist/Apache-Session-LDAP/" rel="nofollow">Apache::Session::LDAP</a>) in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign" colspan="3"> Required parameters </th>
</tr>
<tr class="row1 rowodd">
<th class="col0 centeralign"> Name </th><th class="col1 centeralign"> Comment </th><th class="col2 centeralign"> Example </th>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <strong>ldapServer</strong> </td><td class="col1"> <acronym title="Uniform Resource Identifier">URI</acronym> of the server </td><td class="col2"> ldap://localhost </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <strong>ldapConfBase</strong> </td><td class="col1"> <acronym title="Distinguished Name">DN</acronym> of sessions branch </td><td class="col2"> ou=sessions,dc=example,dc=com </td>
</tr>
<tr class="row4 roweven">
<td class="col0 centeralign"> <strong>ldapBindDN</strong> </td><td class="col1"> Connection login </td><td class="col2"> cn=admin,dc=example,dc=password </td>
</tr>
<tr class="row5 rowodd">
<td class="col0 centeralign"> <strong>ldapBindPassword</strong> </td><td class="col1"> Connection password </td><td class="col2"> secret </td>
</tr>
</table>
</div>
<!-- SECTION "Setup" [776-1407] -->
<h2><a name="security" id="security">Security</a></h2>
<div class="level2">
<p>
Restrict network access to the <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> directory, and add specific <acronym title="Access Control List">ACL</acronym> to session branch.
</p>
<p>
You can also use different user/password for your servers by overriding parameters <code>globalStorage</code> and <code>globalStorageOptions</code> in lemonldap-ng.ini file.
</p>
</div>
<!-- SECTION "Security" [1408-] --></div><!-- closes <div class="dokuwiki export">-->

80
build/lemonldap-ng/doc/pages/documentation/1.0/memcachedsessionbackend.html Normal file
View File

@ -0,0 +1,80 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="memcached_session_backend" id="memcached_session_backend">Memcached session backend</a></h1>
<div class="level1">
<p>
<p><div class="noteimportant"><a href="http://memcached.org/" class="urlextern" title="http://memcached.org/" rel="nofollow">Memcached</a> can be used with <acronym title="LemonLDAP::NG">LL::NG</acronym>, but some features will not work since Memcached doesn&#039;t provide any parsing system:
</p>
<ul>
<li class="level1"><div class="li"> Session expiration: sessions will never expire (server side)</div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/features.html#session_explorer" class="wikilink1" title="documentation:features">Session explorer</a> will not work</div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/features.html#session_restrictions" class="wikilink1" title="documentation:features">Session restrictions</a> will not work</div>
</li>
</ul>
<p>
To keep Memcached performance level and <acronym title="LemonLDAP::NG">LL::NG</acronym> features, you can replace <a href="http://memcached.org/" class="urlextern" title="http://memcached.org/" rel="nofollow">Memcached</a> by <a href="http://code.google.com/p/redis/" class="urlextern" title="http://code.google.com/p/redis/" rel="nofollow">Redis</a> using <a href="../../documentation/1.0/nosqlsessionbackend.html" class="wikilink1" title="documentation:1.0:nosqlsessionbackend">NoSQL session backend</a>.
</div></p>
</p>
</div>
<!-- SECTION "Memcached session backend" [1-652] -->
<h2><a name="setup" id="setup">Setup</a></h2>
<div class="level2">
<p>
Install and launch a <a href="http://memcached.org/" class="urlextern" title="http://memcached.org/" rel="nofollow">Memcached server</a>.
</p>
<p>
In the manager: set <a href="http://search.cpan.org/perldoc?Apache::Session::Memcached" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Memcached" rel="nofollow">Apache::Session::Memcached</a> in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign" colspan="3"> Required parameters </th>
</tr>
<tr class="row1 rowodd">
<th class="col0 centeralign"> Name </th><th class="col1 centeralign"> Comment </th><th class="col2 centeralign"> Example </th>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <strong>Servers</strong> </td><td class="col1"> Memcached servers </td><td class="col2"> 10.0.0.1:20000 10.0.0.2:20000 </td>
</tr>
</table>
<p>
See <a href="http://search.cpan.org/perldoc?Apache::Session::Memcached" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Memcached" rel="nofollow">Apache::Session::Memcached</a> for optional parameters.
</p>
</div>
<!-- SECTION "Setup" [653-] --></div><!-- closes <div class="dokuwiki export">-->

71
build/lemonldap-ng/doc/pages/documentation/1.0/nosqlsessionbackend.html Normal file
View File

@ -0,0 +1,71 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="redis_session_backend" id="redis_session_backend">Redis session backend</a></h1>
<div class="level1">
<p>
<a href="http://search.cpan.org/perldoc?Apache::Session::Redis" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Redis" rel="nofollow">Apache::Session::Redis</a> is the faster shareable session backend
</p>
</div>
<!-- SECTION "Redis session backend" [1-158] -->
<h2><a name="setup" id="setup">Setup</a></h2>
<div class="level2">
<p>
Install and launch a <a href="http://code.google.com/p/redis/" class="urlextern" title="http://code.google.com/p/redis/" rel="nofollow">Redis server</a>. Install
<a href="http://search.cpan.org/perldoc?Apache::Session::Redis" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Redis" rel="nofollow">Apache::Session::Redis</a> <acronym title="Practical Extraction and Report Language">Perl</acronym> module.
</p>
<p>
In the manager: set <a href="http://search.cpan.org/perldoc?Apache::Session::Redis" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Redis" rel="nofollow">Apache::Session::Redis</a> in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign" colspan="3"> Required parameters </th>
</tr>
<tr class="row1 rowodd">
<th class="col0 centeralign"> Name </th><th class="col1 centeralign"> Comment </th><th class="col2 centeralign"> Example </th>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <strong>server</strong> </td><td class="col1"> Redis server </td><td class="col2"> 127.0.0.1:6379 </td>
</tr>
</table>
</div>
<!-- SECTION "Setup" [159-713] -->
<h2><a name="security" id="security">Security</a></h2>
<div class="level2">
<p>
Restrict network access to the redis server. For remote servers, you can use <a href="../../documentation/1.0/soapsessionbackend.html" class="wikilink1" title="documentation:1.0:soapsessionbackend">SOAP session backend</a> in cunjunction to increase security for remote server that access through an unsecure network
</p>
</div>
<!-- SECTION "Security" [714-] --></div><!-- closes <div class="dokuwiki export">-->

2
build/lemonldap-ng/doc/pages/documentation/1.0/parameterlist.html
View File

@ -442,7 +442,7 @@ The attribute key name can be used directly in <code>lemonldap-ng.ini</code> or
<td class="col0"> Zimbra account type </td><td class="col1"> zimbraBy </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row135 rowodd">
<td class="col0"> Zimbra preauthentication <acronym title="Uniform Resource Locator">URL</acronym> </td><td class="col1"> zimbraUr </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
<td class="col0"> Zimbra preauthentication <acronym title="Uniform Resource Locator">URL</acronym> </td><td class="col1"> zimbraUrl </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row136 roweven">
<td class="col0"> Zimbra local <acronym title="Single Sign On">SSO</acronym> <acronym title="Uniform Resource Locator">URL</acronym> pattern </td><td class="col1"> zimbraSsoUrl </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>

643
build/lemonldap-ng/doc/pages/documentation/1.0/samlservice.html Normal file
View File

@ -0,0 +1,643 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="saml_service_configuration" id="saml_service_configuration">SAML service configuration</a></h1>
<div class="level1">
<p>
<p><div class="noteclassic"><acronym title="Security Assertion Markup Language">SAML</acronym> service configuration is a common step to configure <acronym title="LemonLDAP::NG">LL::NG</acronym> as <a href="../../documentation/1.0/authsaml.html" class="wikilink1" title="documentation:1.0:authsaml">SAML SP</a> or <a href="../../documentation/1.0/idpsaml.html" class="wikilink1" title="documentation:1.0:idpsaml">SAML IDP</a>.
</div></p>
</p>
</div>
<!-- SECTION "SAML service configuration" [1-169] -->
<h2><a name="presentation" id="presentation">Presentation</a></h2>
<div class="level2">
<p>
This documentation explains how configure <acronym title="Security Assertion Markup Language">SAML</acronym> service in <acronym title="LemonLDAP::NG">LL::NG</acronym>, in particular:
</p>
<ul>
<li class="level1"><div class="li"> Install prerequisites</div>
</li>
<li class="level1"><div class="li"> Import or generate security keys</div>
</li>
<li class="level1"><div class="li"> Set <acronym title="Security Assertion Markup Language">SAML</acronym> end points</div>
</li>
</ul>
<p>
<p><div class="noteimportant">Service configuration will be used to generate <acronym title="LemonLDAP::NG">LL::NG</acronym> <acronym title="Security Assertion Markup Language">SAML</acronym> metadata, that will be shared with other providers. It means that if you modify some settings here, you will have to share again the metadata with other providers. In other words, take the time to configure this part before sharing metadata.
</div></p>
</p>
</div>
<!-- SECTION "Presentation" [170-689] -->
<h2><a name="prerequisites" id="prerequisites">Prerequisites</a></h2>
<div class="level2">
</div>
<!-- SECTION "Prerequisites" [690-716] -->
<h3><a name="lasso" id="lasso">Lasso</a></h3>
<div class="level3">
<p>
<a href="/_detail/documentation/lasso.png?id=documentation%3A1.0%3Asamlservice" class="media" title="documentation:lasso.png"><img src="../../../media/documentation/lasso.png" class="mediacenter" alt="" /></a>
</p>
<p>
SAML2 implementation is based on <a href="http://lasso.entrouver.org" class="urlextern" title="http://lasso.entrouver.org" rel="nofollow">Lasso</a>. You will need a very recent version of Lasso (&gt;= 2.3.0).
</p>
</div>
<h4><a name="debianubuntu" id="debianubuntu">Debian/Ubuntu</a></h4>
<div class="level4">
<p>
There are packages available here: <a href="http://deb.entrouvert.org/" class="urlextern" title="http://deb.entrouvert.org/" rel="nofollow">http://deb.entrouvert.org/</a>.
</p>
<p>
You will only need to install liblasso3-perl package:
</p>
<pre class="code">
sudo apt-get install liblasso3-perl
</pre>
</div>
<h4><a name="rhelcentosfedora" id="rhelcentosfedora">RHEL/CentOS/Fedora</a></h4>
<div class="level4">
<p>
Packages should be available soon.
</p>
</div>
<h4><a name="other" id="other">Other</a></h4>
<div class="level4">
<p>
<a href="http://lasso.entrouvert.org/download/" class="urlextern" title="http://lasso.entrouvert.org/download/" rel="nofollow">Download the Lasso tarball</a> and compile it on your system.
</p>
</div>
<!-- SECTION "Lasso" [717-1273] -->
<h3><a name="apache_rewrite_rules" id="apache_rewrite_rules">Apache rewrite rules</a></h3>
<div class="level3">
<p>
Be sure that mod_rewrite is installed and that SAML2 rewrite rules are activated in <code>portal-apache2.conf</code>:
</p>
<pre class="code file apache">&lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
<span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
<span class="kw1">RewriteRule</span> ^/saml/metadata /metadata.pl
<span class="kw1">RewriteRule</span> ^/saml/.* /index.pl
&lt;/<span class="kw3">IfModule</span>&gt;</pre>
</div>
<!-- SECTION "Apache rewrite rules" [1274-1589] -->
<h2><a name="service_configuration" id="service_configuration">Service configuration</a></h2>
<div class="level2">
<p>
Go in Manager and click on <code><acronym title="Security Assertion Markup Language">SAML</acronym> 2 Service</code> node.
</p>
<p>
<p><div class="notetip">You can use #PORTAL# in values to replace the portal <acronym title="Uniform Resource Locator">URL</acronym>.
</div></p>
</p>
</div>
<!-- SECTION "Service configuration" [1590-1753] -->
<h3><a name="entry_identifier" id="entry_identifier">Entry Identifier</a></h3>
<div class="level3">
<p>
Your EntityID, often use as metadata <acronym title="Uniform Resource Locator">URL</acronym>, by default #PORTAL#/saml/metadata.
</p>
<p>
<p><div class="noteclassic">
The value will be use in metadata main markup:
</p>
<pre class="code file xml"><span class="sc3"><span class="re1">&lt;EntityDescriptor</span> <span class="re0">entityID</span>=<span class="st0">&quot;http://auth.example.com/saml/metadata&quot;</span><span class="re2">&gt;</span></span>
...
<span class="sc3"><span class="re1">&lt;/EntityDescriptor<span class="re2">&gt;</span></span></span></pre>
<p>
</div></p>
</p>
<p>
<p><div class="notewarning">If you modify <code>/saml/metadata</code> suffix you have to change corresponding Apache rewrite rule.
</div></p>
</p>
</div>
<!-- SECTION "Entry Identifier" [1754-2151] -->
<h3><a name="security_parameters" id="security_parameters">Security parameters</a></h3>
<div class="level3">
<p>
You can define keys for <acronym title="Security Assertion Markup Language">SAML</acronym> message signature and encryption. If no encryption keys are defined, signature keys are used for signature and encryption.
</p>
<p>
To define keys, you can:
</p>
<ul>
<li class="level1"><div class="li"> import your own private and public keys (<code>Load from a file</code> input)</div>
</li>
<li class="level1"><div class="li"> generate new public and private keys (<code>Generate</code> button)</div>
</li>
</ul>
<p>
<p><div class="notetip">You can enter a password to protect private key with a password. It will be prompted if you generate keys, else you can set it in the <code>Private key password</code>.
</div></p>
</p>
<p>
<a href="/_detail/documentation/manager-saml-private-key.png?id=documentation%3A1.0%3Asamlservice" class="media" title="documentation:manager-saml-private-key.png"><img src="../../../media/documentation/manager-saml-private-key.png" class="mediacenter" alt="" /></a>
</p>
<p>
<p><div class="notetip">You can import a certificate containing the public key instead the raw public key. However, certificate will not be really validated by other <acronym title="Security Assertion Markup Language">SAML</acronym> components (expiration date, common name, etc.), but will just be a public key wrapper.
</div></p>
</p>
</div>
<!-- SECTION "Security parameters" [2152-2980] -->
<h3><a name="nameid_formats" id="nameid_formats">NameID formats</a></h3>
<div class="level3">
<p>
<a href="/_detail/documentation/manager-saml-namid-formats.png?id=documentation%3A1.0%3Asamlservice" class="media" title="documentation:manager-saml-namid-formats.png"><img src="../../../media/documentation/manager-saml-namid-formats.png" class="mediacenter" alt="" /></a>
</p>
<p>
<acronym title="Security Assertion Markup Language">SAML</acronym> can use different NameID formats. The NameID is the main user identifier, carried in <acronym title="Security Assertion Markup Language">SAML</acronym> messages. You can configure here which field of <acronym title="LemonLDAP::NG">LL::NG</acronym> session will be associated to a NameID format.
</p>
<p>
<p><div class="noteclassic">This parameter is used by <a href="../../documentation/1.0/idpsaml.html" class="wikilink1" title="documentation:1.0:idpsaml">SAML IDP</a> to fill the NameID in authentication responses.
</div></p>
</p>
<p>
Customizable NameID formats are:
</p>
<ul>
<li class="level1"><div class="li"> Email</div>
</li>
<li class="level1"><div class="li"> X509</div>
</li>
<li class="level1"><div class="li"> Windows</div>
</li>
<li class="level1"><div class="li"> Kerberos</div>
</li>
</ul>
<p>
<p><div class="notetip">For example, if you are using <a href="../../documentation/1.0/authldap.html" class="wikilink1" title="documentation:1.0:authldap">AD as authentication backend</a>, you can use sAMAccountName for the Windows NameID format.
</div></p>
</p>
<p>
Other NameID formats are automatically managed:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Transient</strong>: NameID is generated</div>
</li>
<li class="level1"><div class="li"> <strong>Persistent</strong>: NameID is restored from previous sessions</div>
</li>
<li class="level1"><div class="li"> <strong>Undefined</strong>: Default NameID format is used</div>
</li>
</ul>
</div>
<!-- SECTION "NameID formats" [2981-3793] -->
<h3><a name="authentication_contexts" id="authentication_contexts">Authentication contexts</a></h3>
<div class="level3">
<p>
<a href="/_detail/documentation/manager-saml-service-authn-contexts.png?id=documentation%3A1.0%3Asamlservice" class="media" title="documentation:manager-saml-service-authn-contexts.png"><img src="../../../media/documentation/manager-saml-service-authn-contexts.png" class="mediacenter" alt="" /></a>
</p>
<p>
Each <acronym title="LemonLDAP::NG">LL::NG</acronym> authentication module has an authentication level, which can be associated to an <a href="http://docs.oasis-open.org/security/saml/v2.0/saml-authn-context-2.0-os.pdf" class="urlextern" title="http://docs.oasis-open.org/security/saml/v2.0/saml-authn-context-2.0-os.pdf" rel="nofollow">SAML authentication context</a>.
</p>
<p>
<p><div class="noteclassic">This parameter is used by <a href="../../documentation/1.0/idpsaml.html" class="wikilink1" title="documentation:1.0:idpsaml">SAML IDP</a> to fill the authentication context in authentication responses. It will use the authentication level registered in user session to match the <acronym title="Security Assertion Markup Language">SAML</acronym> authentication context. It is also used by <a href="../../documentation/1.0/authsaml.html" class="wikilink1" title="documentation:1.0:authsaml">SAML SP</a> to fill the authentication level in user session, based on authentication response authentication context.
</div></p>
</p>
<p>
Customizable NameID formats are:
</p>
<ul>
<li class="level1"><div class="li"> Password</div>
</li>
<li class="level1"><div class="li"> Password protected transport</div>
</li>
<li class="level1"><div class="li"> TLS client</div>
</li>
<li class="level1"><div class="li"> Kerberos</div>
</li>
</ul>
</div>
<!-- SECTION "Authentication contexts" [3794-4580] -->
<h3><a name="organization" id="organization">Organization</a></h3>
<div class="level3">
<p>
<p><div class="noteclassic">
This concerns all parameters for the Organization metadata section:
</p>
<pre class="code file xml"><span class="sc3"><span class="re1">&lt;Organization<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;OrganizationName</span> <span class="re0">xml:lang</span>=<span class="st0">&quot;en&quot;</span><span class="re2">&gt;</span></span>Example<span class="sc3"><span class="re1">&lt;/OrganizationName<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;OrganizationDisplayName</span> <span class="re0">xml:lang</span>=<span class="st0">&quot;en&quot;</span><span class="re2">&gt;</span></span>Example<span class="sc3"><span class="re1">&lt;/OrganizationDisplayName<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;OrganizationURL</span> <span class="re0">xml:lang</span>=<span class="st0">&quot;en&quot;</span><span class="re2">&gt;</span></span>http://www.example.com<span class="sc3"><span class="re1">&lt;/OrganizationURL<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/Organization<span class="re2">&gt;</span></span></span></pre>
<p>
</div></p>
</p>
<ul>
<li class="level1"><div class="li"> <strong>Display Name</strong>: should be displayed on IDP, this is often your society name</div>
</li>
<li class="level1"><div class="li"> <strong>Name</strong>: internal name</div>
</li>
<li class="level1"><div class="li"> <strong><acronym title="Uniform Resource Locator">URL</acronym></strong>: <acronym title="Uniform Resource Locator">URL</acronym> of your society</div>
</li>
</ul>
</div>
<!-- SECTION "Organization" [4581-5092] -->
<h3><a name="service_provider" id="service_provider">Service Provider</a></h3>
<div class="level3">
<p>
<p><div class="noteclassic">
This concerns all parameters for the Service Provider metadata section:
</p>
<pre class="code file xml"><span class="sc3"><span class="re1">&lt;SPSSODescriptor<span class="re2">&gt;</span></span></span>
...
<span class="sc3"><span class="re1">&lt;/SPSSODescriptor<span class="re2">&gt;</span></span></span></pre>
<p>
</div></p>
</p>
</div>
<h4><a name="general_options" id="general_options">General options</a></h4>
<div class="level4">
<ul>
<li class="level1"><div class="li"> <strong>Signed Authentication Request</strong>: set to On to always sign authentication request.</div>
</li>
<li class="level1"><div class="li"> <strong>Want Assertions Signed</strong>: set to On to require that received assertions are signed.</div>
</li>
</ul>
<p>
<p><div class="notetip">These options can then be overridden for each Identity Provider.
</div></p>
</p>
</div>
<h4><a name="single_logout" id="single_logout">Single Logout</a></h4>
<div class="level4">
<p>
For each binding you can set:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Location</strong>: Access Point for SLO request.</div>
</li>
<li class="level1"><div class="li"> <strong>Response Location</strong>: Access Point for SLO response.</div>
</li>
</ul>
<p>
<a href="/_detail/documentation/manager-saml-service-sp-slo.png?id=documentation%3A1.0%3Asamlservice" class="media" title="documentation:manager-saml-service-sp-slo.png"><img src="../../../media/documentation/manager-saml-service-sp-slo.png" class="mediacenter" alt="" /></a>
</p>
<p>
Available bindings are:
</p>
<ul>
<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> Redirect</div>
</li>
<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> POST</div>
</li>
<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> <acronym title="Simple Object Access Protocol">SOAP</acronym></div>
</li>
</ul>
</div>
<h4><a name="assertion_consumer" id="assertion_consumer">Assertion Consumer</a></h4>
<div class="level4">
<p>
For each binding you can set:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Default</strong>: will this binding be used by default for authentication response.</div>
</li>
<li class="level1"><div class="li"> <strong>Location</strong>: Access Point for <acronym title="Single Sign On">SSO</acronym> request and response.</div>
</li>
</ul>
<p>
<a href="/_detail/documentation/manager-saml-service-sp-ac.png?id=documentation%3A1.0%3Asamlservice" class="media" title="documentation:manager-saml-service-sp-ac.png"><img src="../../../media/documentation/manager-saml-service-sp-ac.png" class="mediacenter" alt="" /></a>
</p>
<p>
Available bindings are:
</p>
<ul>
<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> Artifact</div>
</li>
<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> POST</div>
</li>
</ul>
</div>
<h4><a name="artifact_resolution" id="artifact_resolution">Artifact Resolution</a></h4>
<div class="level4">
<p>
The only authorized binding is <acronym title="Simple Object Access Protocol">SOAP</acronym>. This should be set as Default.
</p>
</div>
<!-- SECTION "Service Provider" [5093-6256] -->
<h3><a name="identity_provider" id="identity_provider">Identity Provider</a></h3>
<div class="level3">
<p>
<p><div class="noteclassic">
This concerns all parameters for the Service Provider metadata section:
</p>
<pre class="code file xml"><span class="sc3"><span class="re1">&lt;IDPSSODescriptor<span class="re2">&gt;</span></span></span>
...
<span class="sc3"><span class="re1">&lt;/IDPSSODescriptor<span class="re2">&gt;</span></span></span></pre>
<p>
</div></p>
</p>
</div>
<h4><a name="general_parameters" id="general_parameters">General parameters</a></h4>
<div class="level4">
<ul>
<li class="level1"><div class="li"> <strong>Want Authentication Request Signed</strong>: set to On to require that received authentication request are signed.</div>
</li>
</ul>
<p>
<p><div class="notetip">This option can then be overridden for each Service Provider.
</div></p>
</p>
</div>
<h4><a name="single_sign_on" id="single_sign_on">Single Sign On</a></h4>
<div class="level4">
<p>
For each binding you can set:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Location</strong>: Access Point for <acronym title="Single Sign On">SSO</acronym> request.</div>
</li>
<li class="level1"><div class="li"> <strong>Response Location</strong>: Access Point for <acronym title="Single Sign On">SSO</acronym> response.</div>
</li>
</ul>
<p>
Available bindings are:
</p>
<ul>
<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> Redirect</div>
</li>
<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> POST</div>
</li>
<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> Artifact</div>
</li>
<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> <acronym title="Simple Object Access Protocol">SOAP</acronym></div>
</li>
</ul>
</div>
<h4><a name="single_logout1" id="single_logout1">Single Logout</a></h4>
<div class="level4">
<p>
For each binding you can set:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Location</strong>: Access Point for SLO request.</div>
</li>
<li class="level2"><div class="li"> <strong>Response Location</strong>: Access Point for SLO response.</div>
</li>
</ul>
<p>
Available bindings are:
</p>
<ul>
<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> Redirect</div>
</li>
<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> POST</div>
</li>
<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> <acronym title="Simple Object Access Protocol">SOAP</acronym></div>
</li>
</ul>
</div>
<h4><a name="artifact_resolution1" id="artifact_resolution1">Artifact Resolution</a></h4>
<div class="level4">
<p>
The only authorized binding is <acronym title="Simple Object Access Protocol">SOAP</acronym>. This should be set as Default.
</p>
</div>
<!-- SECTION "Identity Provider" [6257-7245] -->
<h3><a name="attribute_authority" id="attribute_authority">Attribute Authority</a></h3>
<div class="level3">
<p>
<p><div class="noteclassic">
This concerns all parameters for the Attribute Authority metadata section
</p>
<pre class="code file xml"><span class="sc3"><span class="re1">&lt;AttributeAuthorityDescriptor<span class="re2">&gt;</span></span></span>
...
<span class="sc3"><span class="re1">&lt;/AttributeAuthorityDescriptor<span class="re2">&gt;</span></span></span></pre>
<p>
</div></p>
</p>
</div>
<h4><a name="attribute_service" id="attribute_service">Attribute Service</a></h4>
<div class="level4">
<p>
This is the only service to configure, and it accept only the <acronym title="Simple Object Access Protocol">SOAP</acronym> binding.
</p>
<p>
Response Location should be empty, as <acronym title="Simple Object Access Protocol">SOAP</acronym> responses are directly returned (synchronous binding).
</p>
</div>
<!-- SECTION "Attribute Authority" [7246-7657] -->
<h3><a name="advanced" id="advanced">Advanced</a></h3>
<div class="level3">
<p>
These parameters are not mandatory to run <acronym title="Security Assertion Markup Language">SAML</acronym> service, but can help to customize it:
</p>
<ul>
<li class="level1"><div class="li"> <strong>IDP resolution cookie name</strong>: by default, it&#039;s the <acronym title="LemonLDAP::NG">LL::NG</acronym> cookie name suffixed by <code>idp</code>, for example: <code>lemonldapidp</code>.</div>
</li>
<li class="level1"><div class="li"> <strong>UTF8 metadata conversion</strong>: set to On to force partner&#039;s metadata conversion.</div>
</li>
</ul>
</div>
<h4><a name="saml_sessions_module_name_and_options" id="saml_sessions_module_name_and_options">SAML sessions module name and options</a></h4>
<div class="level4">
<p>
By default, the main session module is used to store <acronym title="Security Assertion Markup Language">SAML</acronym> temporary data (like relay-states), but <acronym title="Security Assertion Markup Language">SAML</acronym> sessions need to use a session module compatible with the <a href="../../documentation/features.html#session_restrictions" class="wikilink1" title="documentation:features">sessions restrictions feature</a>.
</p>
<p>
This is not the case of <a href="../../documentation/1.0/memcachedsessionbackend.html" class="wikilink1" title="documentation:1.0:memcachedsessionbackend">Memcached</a> for example. In this case, you can choose a different module to manage <acronym title="Security Assertion Markup Language">SAML</acronym> sessions.
</p>
<p>
<p><div class="notetip">You can also choose a different session module to split <acronym title="Single Sign On">SSO</acronym> sessions and <acronym title="Security Assertion Markup Language">SAML</acronym> sessions.
</div></p>
</p>
</div>
<h4><a name="common_domain_cookie" id="common_domain_cookie">Common Domain Cookie</a></h4>
<div class="level4">
<p>
<p><div class="noteclassic">Common Domain Cookie is also know as <a href="http://www.switch.ch/aai/support/tools/wayf.html" class="urlextern" title="http://www.switch.ch/aai/support/tools/wayf.html" rel="nofollow">WAYF Service</a>.
</div></p>
</p>
<p>
The common domain is used by <a href="../../documentation/1.0/authsaml.html" class="wikilink1" title="documentation:1.0:authsaml">SAML SP</a> to find an Identity Provider for the user, and by <a href="../../documentation/1.0/idpsaml.html" class="wikilink1" title="documentation:1.0:idpsaml">SAML IDP</a> to register itself in user&#039;s IDP list.
</p>
<p>
Configuration parameters are:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Activation</strong>: Set to On to enable Common Domain Cookie support.</div>
</li>
<li class="level1"><div class="li"> <strong>Common domain</strong>: Name of the common domain (where common cookie is available).</div>
</li>
<li class="level1"><div class="li"> <strong>Reader <acronym title="Uniform Resource Locator">URL</acronym></strong>: <acronym title="Uniform Resource Locator">URL</acronym> used by <acronym title="Security Assertion Markup Language">SAML</acronym> SP to read the cookie. Leave blank to deactivate the feature.</div>
</li>
<li class="level1"><div class="li"> <strong>Writer <acronym title="Uniform Resource Locator">URL</acronym></strong>: <acronym title="Uniform Resource Locator">URL</acronym> used by <acronym title="Security Assertion Markup Language">SAML</acronym> IDP to write the cookie. Leave blank to deactivate the feature.</div>
</li>
</ul>
</div>
<!-- SECTION "Advanced" [7658-] --></div><!-- closes <div class="dokuwiki export">-->

6
build/lemonldap-ng/doc/pages/documentation/1.0/soapconfbackend.html
View File

@ -52,7 +52,7 @@ You can share your configuration over the network using <acronym title="Simple O
<li class="level1"><div class="li"> Configure Apache to allow remote access: in <code>portal-apache2.conf</code>, remote <acronym title="Simple Object Access Protocol">SOAP</acronym> access is disabled by default. Change it:</div>
</li>
</ul>
<pre class="code apache"><span class="co1"># SOAP functions for sessions access (disabled by default)</span>
<pre class="code apache"><span class="co1"># SOAP functions for configuration access (disabled by default)</span>
&lt;<span class="kw3">Location</span> /index.pl/config&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
@ -60,7 +60,7 @@ You can share your configuration over the network using <acronym title="Simple O
&lt;/<span class="kw3">Location</span>&gt;</pre>
</div>
<!-- SECTION "First, configure your real backend" [289-936] -->
<!-- SECTION "First, configure your real backend" [289-941] -->
<h3><a name="next_configure_soap_for_your_remote_servers" id="next_configure_soap_for_your_remote_servers">Next, configure SOAP for your remote servers</a></h3>
<div class="level3">
@ -83,4 +83,4 @@ You can also add some other parameters
<span class="re1">proxyOptions</span> <span class="sy0">=</span><span class="re2"> <span class="br0">&#123;</span> timeout <span class="sy0">=</span>&gt; <span class="nu0">5</span> <span class="br0">&#125;</span></span></pre>
</div>
<!-- SECTION "Next, configure SOAP for your remote servers" [937-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "Next, configure SOAP for your remote servers" [942-] --></div><!-- closes <div class="dokuwiki export">-->

130
build/lemonldap-ng/doc/pages/documentation/1.0/soapsessionbackend.html Normal file
View File

@ -0,0 +1,130 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="soap_session_backend" id="soap_session_backend">SOAP session backend</a></h1>
<div class="level1">
<p>
<acronym title="LemonLDAP::NG">LL::NG</acronym> portal provides <acronym title="Simple Object Access Protocol">SOAP</acronym> end points for sessions management:
</p>
<ul>
<li class="level1"><div class="li"> <strong>sessions/</strong>: read only access to sessions (enough for distant Handlers)</div>
</li>
<li class="level1"><div class="li"> <strong>adminSessions/</strong>: read/write access to sessions (required for distant Portal or distant Manager)</div>
</li>
</ul>
<p>
This session backend can be used to share sessions stored in a non-network backend (like <a href="../../documentation/1.0/filesessionbackend.html" class="wikilink1" title="documentation:1.0:filesessionbackend">file session backend</a>) or in a network backend protected with a firewall that only accepts <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> flows.
</p>
<p>
Most of the time, <acronym title="Simple Object Access Protocol">SOAP</acronym> session backend is used by Handlers installed on external servers.
</p>
<p>
To configure it, <acronym title="Simple Object Access Protocol">SOAP</acronym> session backend will be set trough Manager in global configuration (used by all Hanlders), and the real session backend will be configured for local components in lemonldap-ng.ini.
</p>
</div>
<!-- SECTION "SOAP session backend" [1-792] -->
<h2><a name="setup" id="setup">Setup</a></h2>
<div class="level2">
</div>
<!-- SECTION "Setup" [793-811] -->
<h3><a name="manager" id="manager">Manager</a></h3>
<div class="level3">
<p>
First, active <acronym title="Simple Object Access Protocol">SOAP</acronym> in <code>General parameters</code> » <code>Advanced parameters</code> » <code><acronym title="Simple Object Access Protocol">SOAP</acronym></code>.
</p>
<p>
Then, set <code>Lemonldap::NG::Common::Apache::Session::<acronym title="Simple Object Access Protocol">SOAP</acronym></code> in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign" colspan="3"> Required parameters </th>
</tr>
<tr class="row1 rowodd">
<th class="col0 centeralign"> Name </th><th class="col1 centeralign"> Comment </th><th class="col2 centeralign"> Example </th>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <strong>proxy</strong> </td><td class="col1"> <acronym title="Uniform Resource Locator">URL</acronym> of sessions <acronym title="Simple Object Access Protocol">SOAP</acronym> end point </td><td class="col2"> http://auth.example.com/index.pl/sessions </td>
</tr>
</table>
</div>
<!-- SECTION "Manager" [812-1283] -->
<h3><a name="apache" id="apache">Apache</a></h3>
<div class="level3">
<p>
Sessions <acronym title="Simple Object Access Protocol">SOAP</acronym> end points access must be allowed in Apache portal configuration (for example, access by <acronym title="Internet Protocol">IP</acronym> range):
</p>
<pre class="code file apache"><span class="co1"># SOAP functions for sessions management (disabled by default)</span>
&lt;<span class="kw3">Location</span> /index.pl/adminSessions&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
<span class="kw1">Allow</span> from 192.168.2.0/24
&lt;/<span class="kw3">Location</span>&gt;
&nbsp;
<span class="co1"># SOAP functions for sessions access (disabled by default)</span>
&lt;<span class="kw3">Location</span> /index.pl/sessions&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
<span class="kw1">Allow</span> from 192.168.2.0/24
&lt;/<span class="kw3">Location</span>&gt;</pre>
</div>
<!-- SECTION "Apache" [1284-1789] -->
<h3><a name="real_session_backend" id="real_session_backend">Real session backend</a></h3>
<div class="level3">
<p>
Real session backend will be configured in <code>lemonldap-ng.ini</code>, in <code>portal</code> section (the portal hosts the <acronym title="Simple Object Access Protocol">SOAP</acronym> service for sessions, and will do the link between <acronym title="Simple Object Access Protocol">SOAP</acronym> requests and real sessions).
</p>
<p>
For example, if real sessions are stored in <a href="../../documentation/1.0/filesessionbackend.html" class="wikilink1" title="documentation:1.0:filesessionbackend">files</a>:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">globalStorage</span> <span class="sy0">=</span><span class="re2"> Apache::Session::File</span>
<span class="re1">globalStorageOptions</span> <span class="sy0">=</span><span class="re2"> <span class="br0">&#123;</span> 'Directory' <span class="sy0">=</span>&gt; '/var/lib/lemonldap-ng/sessions/', 'LockDirectory' <span class="sy0">=</span> '/var/lib/lemonldap-ng/sessions/lock/', <span class="br0">&#125;</span></span></pre>
<p>
<p><div class="notetip">If your sessions explorer is on the same server that the portal, either use the <strong>adminSessions</strong> end point in Manager configuration, or override the <code>globalStorage</code> and <code>globalStorageOptions</code> parameters in section all (and not portal) of <code>lemonldap-ng.ini</code>.
</div></p>
</p>
</div>
<!-- SECTION "Real session backend" [1790-] --></div><!-- closes <div class="dokuwiki export">-->

184
build/lemonldap-ng/doc/pages/documentation/1.0/sqlsessionbackend.html Normal file
View File

@ -0,0 +1,184 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="sql_session_backend" id="sql_session_backend">SQL session backend</a></h1>
<div class="level1">
<p>
<acronym title="Structured Query Language">SQL</acronym> session backend can be used with many <acronym title="Structured Query Language">SQL</acronym> databases such as:
</p>
<ul>
<li class="level1"><div class="li"> <a href="http://search.cpan.org/perldoc?Apache::Session::MySQL" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::MySQL" rel="nofollow">MySQL</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://search.cpan.org/perldoc?Apache::Session::Postgres" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Postgres" rel="nofollow">PostgreSQL</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://search.cpan.org/perldoc?Apache::Session::Oracle" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Oracle" rel="nofollow">Oracle</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://search.cpan.org/perldoc?Apache::Session::Informix" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Informix" rel="nofollow">Informix</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://search.cpan.org/perldoc?Apache::Session::Sybase" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Sybase" rel="nofollow">Sybase</a></div>
</li>
<li class="level1"><div class="li"> ….</div>
</li>
</ul>
</div>
<!-- SECTION "SQL session backend" [1-468] -->
<h2><a name="setup" id="setup">Setup</a></h2>
<div class="level2">
</div>
<!-- SECTION "Setup" [469-487] -->
<h3><a name="prepare_the_database" id="prepare_the_database">Prepare the database</a></h3>
<div class="level3">
<p>
Your database must have a specific table to host sessions. Here are some examples for main databases servers.
</p>
</div>
<h4><a name="mysql" id="mysql">MySQL</a></h4>
<div class="level4">
<p>
Create a database if necessary:
</p>
<pre class="code">
mysqladmin create lemonldapng
</pre>
<p>
Create sessions table:
</p>
<pre class="code file sql"><span class="kw1">CREATE</span> <span class="kw1">TABLE</span> sessions <span class="br0">&#40;</span>
id char<span class="br0">&#40;</span>32<span class="br0">&#41;</span> <span class="kw1">NOT</span> <span class="kw1">NULL</span> <span class="kw1">PRIMARY</span> <span class="kw1">KEY</span><span class="sy0">,</span>
a_session blob
<span class="br0">&#41;</span>;</pre>
</div>
<h4><a name="postgresql" id="postgresql">PostgreSQL</a></h4>
<div class="level4">
<p>
Create user and role:
</p>
<pre class="code">
su - postgres
createuser lemonldap-ng -P
</pre>
<pre class="code">
Entrez le mot de passe pour le nouveau rôle : &lt;PASSWORD&gt;
Entrez-le de nouveau : &lt;PASSWORD&gt;
Le nouveau rôle est-il un super-utilisateur ? (o/n) n
Le nouveau rôle doit-il être autorisé à créer des bases de données ? (o/n) n
Le nouveau rôle doit-il être autorisé à créer de nouveaux rôles ? (o/n) n
</pre>
<p>
Create database:
</p>
<pre class="code">
createdb -O lemonldap-ng lemonldap-ng
</pre>
<p>
Create table:
</p>
<pre class="code">
psql -h 127.0.0.1 -U lemonldap-ng -W lemonldap-ng
</pre>
<pre class="code">
Mot de passe pour l&#039;utilisateur lemonldap-ng :
[...]
lemonldap-ng=&gt; create table sessions ( id char(32) not null primary key, a_session text );
lemonldap-ng=&gt; q
</pre>
</div>
<!-- SECTION "Prepare the database" [488-1607] -->
<h3><a name="manager" id="manager">Manager</a></h3>
<div class="level3">
<p>
Go in the Manager and set the session module (for example <a href="http://search.cpan.org/perldoc?Apache::Session::Postgres" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Postgres" rel="nofollow">Apache::Session::Postgres</a> for PostgreSQL) in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign" colspan="3"> Required parameters </th>
</tr>
<tr class="row1 rowodd">
<th class="col0 centeralign"> Name </th><th class="col1 centeralign"> Comment </th><th class="col2 centeralign"> Example </th>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <strong>DataSource</strong> </td><td class="col1"> The <a href="http://search.cpan.org/perldoc?DBI" class="urlextern" title="http://search.cpan.org/perldoc?DBI" rel="nofollow">DBI</a> string </td><td class="col2"> dbi:Pg:dbname=sessions </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <strong>UserName</strong> </td><td class="col1"> The database username </td><td class="col2"> lemonldapng </td>
</tr>
<tr class="row4 roweven">
<td class="col0 centeralign"> <strong>Password</strong> </td><td class="col1"> The database password </td><td class="col2"> mysuperpassword </td>
</tr>
<tr class="row5 rowodd">
<td class="col0 centeralign"> <strong>Commit</strong> </td><td class="col1"> Required for PostgreSQL </td><td class="col2"> 1 </td>
</tr>
</table>
<p>
You must read the man page corresponding to your database (<a href="http://search.cpan.org/perldoc?Apache::Session::MySQL" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::MySQL" rel="nofollow">Apache::Session::MySQL</a>, …) to learn more about parameters. You must also install the database connector (<a href="http://search.cpan.org/perldoc?DBD::Oracle" class="urlextern" title="http://search.cpan.org/perldoc?DBD::Oracle" rel="nofollow">DBD::Oracle</a>, <a href="http://search.cpan.org/perldoc?DBD::Pg" class="urlextern" title="http://search.cpan.org/perldoc?DBD::Pg" rel="nofollow">DBD::Pg</a>,…)
</p>
<p>
If you choose to use MySQL, read <a href="../../documentation/1.0/performances.html#apachesession_performances" class="wikilink1" title="documentation:1.0:performances">how to increase MySQL performances</a>.
</p>
</div>
<!-- SECTION "Manager" [1608-2721] -->
<h2><a name="security" id="security">Security</a></h2>
<div class="level2">
<p>
Restrict network access to the database.
</p>
<p>
You can also use different user/password for your servers by overriding parameters <code>globalStorage</code> and <code>globalStorageOptions</code> in lemonldap-ng.ini file.
</p>
</div>
<!-- SECTION "Security" [2722-] --></div><!-- closes <div class="dokuwiki export">-->

83
build/lemonldap-ng/doc/pages/documentation/1.0/start.html
View File

@ -136,19 +136,19 @@
<td class="col0"> <a href="../../documentation/1.0/authopenid.html" class="wikilink1" title="documentation:1.0:authopenid">OpenID</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td>
</tr>
<tr class="row7 rowodd">
<td class="col0"> <a href="../../documentation/1.0/authtwitter.html" class="wikilink2" title="documentation:1.0:authtwitter" rel="nofollow">Twitter</a> </td><td class="col1 centeralign"></td><td class="col2 leftalign"> </td><td class="col3 leftalign"> </td>
<td class="col0"> <a href="../../documentation/1.0/authtwitter.html" class="wikilink1" title="documentation:1.0:authtwitter">Twitter</a> </td><td class="col1 centeralign"></td><td class="col2 leftalign"> </td><td class="col3 leftalign"> </td>
</tr>
<tr class="row8 roweven">
<td class="col0"> <a href="../../documentation/1.0/authsaml.html" class="wikilink2" title="documentation:1.0:authsaml" rel="nofollow">SAML 2.0 / Shibboleth</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td>
<td class="col0"> <a href="../../documentation/1.0/authsaml.html" class="wikilink1" title="documentation:1.0:authsaml">SAML 2.0 / Shibboleth</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td>
</tr>
<tr class="row9 rowodd">
<td class="col0"> <a href="../../documentation/1.0/authnull.html" class="wikilink2" title="documentation:1.0:authnull" rel="nofollow">Null</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td>
<td class="col0"> <a href="../../documentation/1.0/authnull.html" class="wikilink1" title="documentation:1.0:authnull">Null</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td>
</tr>
<tr class="row10 roweven">
<td class="col0"> <a href="../../documentation/1.0/authproxy.html" class="wikilink2" title="documentation:1.0:authproxy" rel="nofollow">Proxy LL::NG</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td>
<td class="col0"> <a href="../../documentation/1.0/authproxy.html" class="wikilink1" title="documentation:1.0:authproxy">Proxy LL::NG</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td>
</tr>
<tr class="row11 rowodd">
<td class="col0"> <a href="../../documentation/1.0/authremote.html" class="wikilink2" title="documentation:1.0:authremote" rel="nofollow">Remote LL::NG</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td>
<td class="col0"> <a href="../../documentation/1.0/authremote.html" class="wikilink1" title="documentation:1.0:authremote">Remote LL::NG</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td>
</tr>
<tr class="row12 roweven">
<td class="col0"> <a href="../../documentation/1.0/authmulti.html" class="wikilink2" title="documentation:1.0:authmulti" rel="nofollow">Stack multiple backends</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td>
@ -193,27 +193,41 @@
<div style="width:100px;height:150px;float:left;">
<a href="/_detail/icons/kmultiple.png?id=documentation%3A1.0%3Astart" class="media" title="icons:kmultiple.png"><img src="../../../media/icons/kmultiple.png" class="media" alt="" /></a>
</div>
</p>
<p>
Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Session" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session" rel="nofollow">Apache::Session</a> modules family. All <a href="http://search.cpan.org/perldoc?Apache::Session" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session" rel="nofollow">Apache::Session</a> style modules are useable except for some features.
</p>
<ul>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/filesessionbackend.html" class="wikilink2" title="documentation:1.0:filesessionbackend" rel="nofollow">File session backend</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/sqlsessionbackend.html" class="wikilink2" title="documentation:1.0:sqlsessionbackend" rel="nofollow">SQL session backend</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/ldapsessionbackend.html" class="wikilink2" title="documentation:1.0:ldapsessionbackend" rel="nofollow">LDAP session backend</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/soapsessionbackend.html" class="wikilink2" title="documentation:1.0:soapsessionbackend" rel="nofollow">SOAP session backend</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/memcachedsessionbackend.html" class="wikilink2" title="documentation:1.0:memcachedsessionbackend" rel="nofollow">Memcached session backend</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/filesessionbackend.html" class="wikilink2" title="documentation:1.0:filesessionbackend" rel="nofollow">noSQL session backend (Redis)</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/browseablesessionbackend.html" class="wikilink2" title="documentation:1.0:browseablesessionbackend" rel="nofollow">Browseable session backend</a></div>
</li>
</ul>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Backend </th><th class="col1 centeralign"> Shareable </th><th class="col2 centeralign"> <a href="../../documentation/features.html#session_explorer" class="wikilink1" title="documentation:features">Session explorer</a> </th><th class="col3 centeralign"> <a href="../../documentation/features.html#session_restrictions" class="wikilink1" title="documentation:features">Session restrictions</a> </th><th class="col4 centeralign"> Session expiration </th><th class="col5 centeralign"> Comment </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="../../documentation/1.0/filesessionbackend.html" class="wikilink1" title="documentation:1.0:filesessionbackend">File</a> </td><td class="col1"> </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td><td class="col5 leftalign">Not shareable between servers except if used in conjunction with <a href="../../documentation/1.0/soapsessionbackend.html" class="wikilink1" title="documentation:1.0:soapsessionbackend">SOAP session backend</a> or with a shared file system (NFS,…). Selected by default during installation. </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <a href="../../documentation/1.0/sqlsessionbackend.html" class="wikilink1" title="documentation:1.0:sqlsessionbackend">SQL</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td><td class="col5 leftalign" rowspan="2"> Unoptimized for <a href="../../documentation/features.html#session_explorer" class="wikilink1" title="documentation:features">session explorer</a> and <a href="../../documentation/features.html#session_restrictions" class="wikilink1" title="documentation:features">single session</a> features. </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <a href="../../documentation/1.0/ldapsessionbackend.html" class="wikilink1" title="documentation:1.0:ldapsessionbackend">LDAP</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td>
</tr>
<tr class="row4 roweven">
<td class="col0 centeralign"> <a href="../../documentation/1.0/memcachedsessionbackend.html" class="wikilink1" title="documentation:1.0:memcachedsessionbackend">Memcached</a> </td><td class="col1 centeralign"></td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 leftalign"> Must be secured by network access control. </td>
</tr>
<tr class="row5 rowodd">
<td class="col0 centeralign"> <a href="../../documentation/1.0/nosqlsessionbackend.html" class="wikilink1" title="documentation:1.0:nosqlsessionbackend">NoSQL (Redis)</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td><td class="col5 leftalign"> The faster. Must be secured by network access control. </td>
</tr>
<tr class="row6 roweven">
<td class="col0 centeralign"> <a href="../../documentation/1.0/browseablesessionbackend.html" class="wikilink1" title="documentation:1.0:browseablesessionbackend">Browseable (SQL)</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td><td class="col5 leftalign"> <strong>Optimized</strong> for <a href="../../documentation/features.html#session_explorer" class="wikilink1" title="documentation:features">session explorer</a> and <a href="../../documentation/features.html#session_restrictions" class="wikilink1" title="documentation:features">single session</a> features. </td>
</tr>
<tr class="row7 rowodd">
<td class="col0 centeralign"> <a href="../../documentation/1.0/soapsessionbackend.html" class="wikilink1" title="documentation:1.0:soapsessionbackend">SOAP</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td><td class="col5 leftalign"> Proxy backend to be used in conjunction with another session backend. <br/><strong>Can be used to secure another backend</strong> for remote servers. </td>
</tr>
</table>
</div>
<!-- SECTION "Sessions" [2415-2911] -->
<!-- SECTION "Sessions" [2415-4228] -->
<h3><a name="identity_provider" id="identity_provider">Identity provider</a></h3>
<div class="level3">
@ -225,7 +239,7 @@
</p>
<ul>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/idpsaml.html" class="wikilink2" title="documentation:1.0:idpsaml" rel="nofollow">SAML / Shibboleth identity provider</a></div>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/idpsaml.html" class="wikilink1" title="documentation:1.0:idpsaml">SAML / Shibboleth identity provider</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/idpopenid.html" class="wikilink2" title="documentation:1.0:idpopenid" rel="nofollow">OpenID identity provider</a></div>
</li>
@ -234,7 +248,7 @@
</ul>
</div>
<!-- SECTION "Identity provider" [2912-3182] -->
<!-- SECTION "Identity provider" [4229-4499] -->
<h2><a name="applications_protection" id="applications_protection">Applications protection</a></h2>
<div class="level2">
@ -255,7 +269,7 @@
</ul>
</div>
<!-- SECTION "Applications protection" [3183-3498] -->
<!-- SECTION "Applications protection" [4500-4815] -->
<h2><a name="advanced_features" id="advanced_features">Advanced features</a></h2>
<div class="level2">
@ -282,7 +296,22 @@
</p>
</div>
<!-- SECTION "Advanced features" [3499-3690] -->
<!-- SECTION "Advanced features" [4816-5007] -->
<h2><a name="mini_howto" id="mini_howto">Mini howto</a></h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/mysqlminihowto.html" class="wikilink2" title="documentation:1.0:mysqlminihowto" rel="nofollow">Configuration and sessions in MySQL</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/ldapminihowto.html" class="wikilink2" title="documentation:1.0:ldapminihowto" rel="nofollow">Configuration and sessions in LDAP</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/soapminihowto.html" class="wikilink2" title="documentation:1.0:soapminihowto" rel="nofollow">Configuration and sessions access by SOAP</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/activedirectoryminihowto.html" class="wikilink2" title="documentation:1.0:activedirectoryminihowto" rel="nofollow">Integration in Active Directory (LDAP backend and Kerberos)</a></div>
</li>
</ul>
</div>
<!-- SECTION "Mini howto" [5008-5305] -->
<h2><a name="exploitation" id="exploitation">Exploitation</a></h2>
<div class="level2">
@ -309,4 +338,4 @@
</ul>
</div>
<!-- SECTION "Exploitation" [3691-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "Exploitation" [5306-] --></div><!-- closes <div class="dokuwiki export">-->

68
build/lemonldap-ng/doc/pages/documentation/features.html Normal file
View File

@ -0,0 +1,68 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="main_features" id="main_features">Main features</a></h1>
<div class="level1">
</div>
<!-- SECTION "Main features" [1-29] -->
<h2><a name="sessions" id="sessions">Sessions</a></h2>
<div class="level2">
</div>
<!-- SECTION "Sessions" [30-51] -->
<h3><a name="session_explorer" id="session_explorer">Session explorer</a></h3>
<div class="level3">
<p>
<acronym title="LemonLDAP::NG">LL::NG</acronym> Manager has a session explorer module that can be used to browse opened sessions:
</p>
<ul>
<li class="level1"><div class="li"> by users</div>
</li>
<li class="level1"><div class="li"> by <acronym title="Internet Protocol">IP</acronym></div>
</li>
<li class="level1"><div class="li"> by double <acronym title="Internet Protocol">IP</acronym> (sessions opened from multiple computers)</div>
</li>
</ul>
</div>
<!-- SECTION "Session explorer" [52-251] -->
<h3><a name="session_restrictions" id="session_restrictions">Session restrictions</a></h3>
<div class="level3">
<p>
By default, a user can open several sessions. <acronym title="LemonLDAP::NG">LL::NG</acronym> can restrict this:
</p>
<ul>
<li class="level1"><div class="li"> Allow only one session per user</div>
</li>
<li class="level1"><div class="li"> Allow only one session per <acronym title="Internet Protocol">IP</acronym></div>
</li>
</ul>
</div>
<!-- SECTION "Session restrictions" [252-] --></div><!-- closes <div class="dokuwiki export">-->

69
build/lemonldap-ng/doc/pages/references.html
View File

@ -34,6 +34,12 @@ They use LemonLDAP::NG!
<!-- SECTION "References" [1-51] -->
<h2><a name="region_basse-normandie" id="region_basse-normandie">Région Basse-Normandie</a></h2>
<div class="level2">
<p>
<a href="/_detail/logos/logo_rbn.png?id=references" class="media" title="logos:logo_rbn.png"><img src="../media/logos/logo_rbn.png" class="medialeft" align="left" alt="" /></a>
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0"> Nb users </th><td class="col1"> ~1800 </td>
@ -49,10 +55,27 @@ They use LemonLDAP::NG!
</tr>
</table>
<p>
<a href="/_detail/screenshots/rbn/rbn-portal.png?id=references" class="media" title="screenshots:rbn:rbn-portal.png"><img src="../media/screenshots/rbn/rbn-portal.png" class="medialeft" align="left" alt="" width="300" /></a>
<a href="/_detail/screenshots/rbn/rbn-applis.png?id=references" class="media" title="screenshots:rbn:rbn-applis.png"><img src="../media/screenshots/rbn/rbn-applis.png" class="media" alt="" width="300" /></a>
</p>
<p>
<br/>
</p>
</div>
<!-- SECTION "Région Basse-Normandie" [52-245] -->
<!-- SECTION "Région Basse-Normandie" [52-360] -->
<h2><a name="gendarmerie_nationale" id="gendarmerie_nationale">Gendarmerie Nationale</a></h2>
<div class="level2">
<p>
<a href="/_detail/logos/logo_gn.png?id=references" class="media" title="logos:logo_gn.png"><img src="../media/logos/logo_gn.png" class="medialeft" align="left" alt="" /></a>
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0"> Nb users </th><td class="col1"> 105.000 </td>
@ -61,14 +84,26 @@ They use LemonLDAP::NG!
<th class="col0"> Nb protected applications </th><td class="col1"> ~100 </td>
</tr>
<tr class="row2 roweven">
<th class="col0"> Applications </th><td class="col1"> Sympa, MediaWiki, </td>
<th class="col0"> Applications </th><td class="col1"> OBM, RoundCube, Sympa, MediaWiki,…</td>
</tr>
</table>
<p>
<br/>
</p>
</div>
<!-- SECTION "Gendarmerie Nationale" [246-382] -->
<!-- SECTION "Gendarmerie Nationale" [361-541] -->
<h2><a name="bibliotheque_publique_d_information" id="bibliotheque_publique_d_information">Bibliothèque Publique d&#039;Information</a></h2>
<div class="level2">
<p>
<a href="/_detail/logos/logo_bpi.png?id=references" class="media" title="logos:logo_bpi.png"><img src="../media/logos/logo_bpi.png" class="medialeft" align="left" alt="" /></a>
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0"> Nb users </th><td class="col1"> ~500 </td>
@ -82,9 +117,15 @@ They use LemonLDAP::NG!
</table>
</div>
<!-- SECTION "Bibliothèque Publique d'Information" [383-544] -->
<!-- SECTION "Bibliothèque Publique d'Information" [542-730] -->
<h2><a name="linagora" id="linagora">LINAGORA</a></h2>
<div class="level2">
<p>
<a href="/_detail/logos/logo_linagora.png?id=references" class="media" title="logos:logo_linagora.png"><img src="../media/logos/logo_linagora.png" class="medialeft" align="left" alt="" /></a>
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0"> Nb users </th><td class="col1"> ~150 </td>
@ -101,9 +142,15 @@ They use LemonLDAP::NG!
</table>
</div>
<!-- SECTION "LINAGORA" [545-732] -->
<!-- SECTION "LINAGORA" [731-950] -->
<h2><a name="sgs" id="sgs">SGS</a></h2>
<div class="level2">
<p>
<a href="/_detail/logos/sgs_white_small.jpg?id=references" class="media" title="logos:sgs_white_small.jpg"><img src="../media/logos/sgs_white_small.jpg" class="medialeft" align="left" alt="" /></a>
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0"> Nb users </th><td class="col1"> ~50 </td>
@ -113,8 +160,16 @@ They use LemonLDAP::NG!
</tr>
</table>
<p>
<br/>
<br/>
</p>
</div>
<!-- SECTION "SGS" [733-805] -->
<!-- SECTION "SGS" [951-1064] -->
<h2><a name="south_bay_community_network" id="south_bay_community_network">South Bay Community Network</a></h2>
<div class="level2">
<table class="inline">
@ -140,4 +195,4 @@ Protected sites:
</ul>
</div>
<!-- SECTION "South Bay Community Network" [806-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "South Bay Community Network" [1065-] --></div><!-- closes <div class="dokuwiki export">-->

2
build/lemonldap-ng/doc/pages/start.html
View File

@ -281,6 +281,6 @@ LemonLDAP::NG is the first <acronym title="Single Sign On">SSO</acronym> softwar
<a href="/_detail/icons/clock.png?id=start" class="media" title="icons:clock.png"><img src="../media/icons/clock.png" class="media" alt="" /></a>
</div>
</p>
<ul class="rss"><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1830" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1830" rel="nofollow">Help in progress</a> by guimard (2010/11/14 07:19)</div></li><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1829" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1829" rel="nofollow">Typo</a> by guimard (2010/11/14 07:18)</div></li><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1828" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1828" rel="nofollow">Some Page-speed tips</a> by guimard (2010/11/14 07:18)</div></li><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1827" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1827" rel="nofollow">Apache2 files only for Debian</a> by guimard (2010/11/14 07:17)</div></li><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1826" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1826" rel="nofollow">Update documentation</a> by clement_oudot (2010/11/08 18:19)</div></li></ul>
<ul class="rss"><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1834" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1834" rel="nofollow">Add boolOrPerlExpr type in Manager (#LEMONLDAP-239)</a> by clement_oudot (2010/11/18 15:30)</div></li><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1833" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1833" rel="nofollow">Closes #235 &quot;Session creation test in Manager does not work ...</a> by guimard (2010/11/17 05:07)</div></li><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1832" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1832" rel="nofollow">Fix SAML SLO bug with AuthChoice (#LEMONLDAP-237)</a> by clement_oudot (2010/11/15 15:15)</div></li><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1831" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1831" rel="nofollow">Doc update</a> by guimard (2010/11/14 08:22)</div></li><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1830" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1830" rel="nofollow">Help in progress</a> by guimard (2010/11/14 07:19)</div></li></ul>
</div>
<!-- SECTION "SVN activity" [3129-] --></div><!-- closes <div class="dokuwiki export">-->