Documentation update
This commit is contained in:
parent
821c731f00
commit
c9f496d7c6
|
@ -63,11 +63,6 @@
|
|||
<h2 class="heading-1"><span id=
|
||||
"HLemonLDAP3A3ANG">LemonLDAP::NG</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="c1"><img src="logo_lemonldap-ng_400px.png" alt=
|
||||
"logo_lemonldap-ng_400px.png" /></div>
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG est un <span class=
|
||||
"wikilink"><a href=
|
||||
"2-FAQ-fr.html#HQu27estcequ27unWebSSO3F">Web-SSO</a></span> modulaire
|
||||
|
@ -142,8 +137,10 @@
|
|||
<p class="paragraph"></p>Lemonldap::NG est composé de 3
|
||||
éléments s'appuyant sur 3 bases de données :
|
||||
|
||||
<p class="paragraph"></p><img src="lemonldap-ng-architecture.png" alt=
|
||||
"lemonldap-ng-architecture.png" />
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="c1"><img src="lemonldap-ng-architecture.png" alt=
|
||||
"lemonldap-ng-architecture.png" /></div>
|
||||
|
||||
<p class="paragraph"></p>Composants de Lemonldap::NG :
|
||||
|
||||
|
@ -192,8 +189,10 @@
|
|||
<h3 class="heading-1-1"><span id=
|
||||
"HCinC3A9matique">Cinématique</span></h3>
|
||||
|
||||
<p class="paragraph"></p><img src="lemonldap-ng-cinematique.png" alt=
|
||||
"lemonldap-ng-cinematique.png" />
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="c1"><img src="lemonldap-ng-cinematique.png" alt=
|
||||
"lemonldap-ng-cinematique.png" /></div>
|
||||
|
||||
<p class="paragraph"></p>Détail du fonctionnement :
|
||||
|
||||
|
|
|
@ -63,11 +63,6 @@
|
|||
<h2 class="heading-1"><span id=
|
||||
"HLemonLDAP3A3ANG">LemonLDAP::NG</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="c1"><img src="logo_lemonldap-ng_400px.png" alt=
|
||||
"logo_lemonldap-ng_400px.png" /></div>
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG is a modular Web-SSO based on
|
||||
Apache::Session modules. It simplifies the build of a protected area with
|
||||
a few changes in the application. It manages both authentication and
|
||||
|
@ -130,8 +125,10 @@
|
|||
<p class="paragraph"></p>Lemonldap::NG est composed by 3 elements and 3
|
||||
databases :
|
||||
|
||||
<p class="paragraph"></p><img src="lemonldap-ng-architecture.png" alt=
|
||||
"lemonldap-ng-architecture.png" />
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="c1"><img src="lemonldap-ng-architecture.png" alt=
|
||||
"lemonldap-ng-architecture.png" /></div>
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG components :
|
||||
|
||||
|
@ -166,8 +163,10 @@
|
|||
|
||||
<h3 class="heading-1-1"><span id="HKinematics">Kinematics</span></h3>
|
||||
|
||||
<p class="paragraph"></p><img src="lemonldap-ng-cinematique.png" alt=
|
||||
"lemonldap-ng-cinematique.png" />
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="c1"><img src="lemonldap-ng-cinematique.png" alt=
|
||||
"lemonldap-ng-cinematique.png" /></div>
|
||||
|
||||
<p class="paragraph"></p>Detail of operations :
|
||||
|
||||
|
|
|
@ -251,9 +251,10 @@
|
|||
par une simple connexion HTTP(S). Le serveur SOAP accède lui
|
||||
à la configuration par un des systèmes
|
||||
précédents (File ou DBI). Pour plus d'informations, voir
|
||||
la page <span class="wikilink"><a href=
|
||||
"4.3-Configure-SOAP-fr.html">Utilisation des Web
|
||||
Services</a></span>.</li>
|
||||
la page <a class="wikicreatelink" href=
|
||||
"/xwiki/bin/edit/NG/DocSOAP?parent=NG.FAQ"><span class=
|
||||
"wikicreatelinktext">Utilisation des Web Services</span><span class=
|
||||
"wikicreatelinkqm">?</span></a>.</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
|
|
|
@ -70,10 +70,25 @@
|
|||
<ul>
|
||||
<li><a href="#HGC3A9nC3A9ral">Général</a></li>
|
||||
|
||||
<li><a href="#HLDAP">LDAP</a></li>
|
||||
<li><a href="#HPortail">Portail</a></li>
|
||||
|
||||
<li><a href="#HFonctionnalitC3A9sC3A9tendues">Fonctionnalités
|
||||
étendues</a></li>
|
||||
<li><a href="#HStockagedelaconfiguration">Stockage de la
|
||||
configuration</a></li>
|
||||
|
||||
<li><a href="#HStockagedessessions">Stockage des sessions</a></li>
|
||||
|
||||
<li><a href="#HMC3A9thodesd27authentification">Méthodes
|
||||
d'authentification</a></li>
|
||||
|
||||
<li><a href="#HBased27utilisateurs">Base d'utilisateurs</a></li>
|
||||
|
||||
<li><a href="#HBasedemotsdepasse">Base de mots de passe</a></li>
|
||||
|
||||
<li><a href="#HSpC3A9cificitC3A9sLDAP">Spécificités
|
||||
LDAP</a></li>
|
||||
|
||||
<li><a href="#HFonctionnalitC3A9savancC3A9es">Fonctionnalités
|
||||
avancées</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
|
@ -134,18 +149,6 @@
|
|||
<li><span class="wikilink"><a href=
|
||||
"3.3-Install-from-redhat-packages.html">Installation sous RHEL/CentOS
|
||||
à partir des paquets</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"3.4-Install-of-MySQL-storage.html">Utilisation de MySQL pour le
|
||||
stockage des sessions et/ou de la configuration</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocLDAPStorage">Utilisation de LDAP pour le stockage
|
||||
de la configuration</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"3.5-Install-of-example-fr.html">Installation l'exemple
|
||||
fourni</a></span></li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
|
@ -160,22 +163,121 @@
|
|||
"4.1-Configuration-overview.html">Vision globale de la
|
||||
configuration</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href="4.1-RBAC-model.html">Modèle
|
||||
RBAC</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.1-Configuration-parameter-list.html">Liste des paramètres de
|
||||
configuration</a></span> (en)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HPortail">Portail</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href="4.1-Configure-portal-menu.html">Menu
|
||||
du portail</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.1-HTML-templates-customization.html">Personnalisation des canevas
|
||||
HTML pour le portail</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href="4.1-RBAC-model.html">Modèle
|
||||
RBAC</a></span> (en)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HLDAP">LDAP</span></h4>
|
||||
<h4 class="heading-1-1-1"><span id="HStockagedelaconfiguration">Stockage
|
||||
de la configuration</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocFileStorage">Fichiers</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"3.4-Install-of-MySQL-storage.html">MySQL</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocLDAPStorage">LDAP</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.3-Configure-SOAP-fr.htmlStorage">SOAP</a></span> (en)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HStockagedessessions">Stockage des
|
||||
sessions</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocFileSessionStorage">Fichiers</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocMySQLSessionStorage">MySQL</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocLDAPSessionStorage">LDAP</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.3-Configure-SOAP-fr.htmlSessionStorage">SOAP</a></span> (en)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HMC3A9thodesd27authentification">Méthodes
|
||||
d'authentification</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href="/xwiki/bin/view/NG/AuthLDAP">LDAP,
|
||||
Active Directory</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/SSL">SSL</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href="/xwiki/bin/view/NG/Kerberos">Apache,
|
||||
Kerberos</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/CAS">CAS</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/AuthRemote">Distante</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/AuthMulti">Multiple</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/AuthSAML">SAML</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.3-Configure-Liberty-Alliance-fr.html">Liberty Alliance (projet
|
||||
FederID)</a></span> (fr)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HBased27utilisateurs">Base
|
||||
d'utilisateurs</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href="/xwiki/bin/view/NG/UserDBLDAP">LDAP,
|
||||
Active Directory</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/UserDBNull">Vide</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/AuthRemote">Distante</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/UserDBMulti">Multiple</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/UserDBSAML">SAML</a></span> (en)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HBasedemotsdepasse">Base de mots de
|
||||
passe</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/PasswordDBLDAP">LDAP, Active Directory</a></span>
|
||||
(en)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HSpC3A9cificitC3A9sLDAP">Spécificités LDAP</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href=
|
||||
|
@ -188,29 +290,25 @@
|
|||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HFonctionnalitC3A9sC3A9tendues">Fonctionnalités
|
||||
étendues</span></h4>
|
||||
"HFonctionnalitC3A9savancC3A9es">Fonctionnalités
|
||||
avancées</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.3-Configure-SOAP-fr.html">Utilisation des Web Services (modules
|
||||
SOAP)</a></span> (fr)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.3-Configure-Liberty-Alliance-fr.html">Utilisation de Liberty Alliance
|
||||
pour la fédération d'identités (projet
|
||||
FederID)</a></span> (fr)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/SSL">Authentification SSL</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/Kerberos">Authentification Kerberos</a></span>
|
||||
"/xwiki/bin/view/NG/CDA">Authentification "cross domain"</a></span>
|
||||
(en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/Notifications">Système de
|
||||
notifications</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/SeveralIndependantPortals">Gestion de plusieurs
|
||||
portails indépendants</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/ResetPassword">Envoi d'un nouveau mot de passe par
|
||||
mail</a></span> (en)</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HProtectiondesapplications">Protection
|
||||
|
@ -297,6 +395,20 @@
|
|||
<span class="wikiexternallink"><a href="http://www.sympa.org/">Site
|
||||
web officiel</a></span></td>
|
||||
</tr>
|
||||
|
||||
<tr class="table-even">
|
||||
<td><strong class="strong">Bugzilla</strong><br />
|
||||
<img src="/xwiki/bin/download/NG/Documentation/bugzilla_logo.png" alt=
|
||||
"bugzilla_logo.png" /></td>
|
||||
|
||||
<td>Gestionnaire de bugs<br />
|
||||
<br />
|
||||
<span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocAppBugzilla">Procédure SSO</a></span>
|
||||
(en)<br />
|
||||
<span class="wikiexternallink"><a href="http://www.bugzilla.org/">Site
|
||||
web officiel</a></span></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HConnecteurs">Connecteurs</span></h4>
|
||||
|
@ -343,7 +455,9 @@
|
|||
"maison"</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li>Comment modifier mon application?</li>
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocAppSelfMade">Comment modifier mon application
|
||||
?</a></span></li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HAutres">Autres</span></h3><img src=
|
||||
|
@ -362,26 +476,32 @@
|
|||
"HDocumentationpourlesdC3A9veloppeurs">Documentation pour les
|
||||
développeurs</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Voir la <span class="wikiexternallink"><a href=
|
||||
"http://lemonldap.objectweb.org/NG/devel-doc/">documentation
|
||||
Doxygen</a></span>
|
||||
<ul class="star">
|
||||
<li>Voir la <span class="wikiexternallink"><a href=
|
||||
"http://lemonldap.objectweb.org/NG/devel-doc/">documentation
|
||||
Doxygen</a></span></li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HFAQ">FAQ</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Voir la page <span class="wikilink"><a href=
|
||||
"2-FAQ-fr.html">FAQ</a></span>.
|
||||
<ul class="star">
|
||||
<li>Voir la page <span class="wikilink"><a href=
|
||||
"2-FAQ-fr.html">FAQ</a></span>.</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HErreurs">Erreurs</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Voir la page <span class="wikilink"><a href=
|
||||
"6-Errors-fr.html">erreurs</a></span>.
|
||||
<ul class="star">
|
||||
<li>Voir la page <span class="wikilink"><a href=
|
||||
"6-Errors-fr.html">erreurs</a></span>.</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HFormations">Formations</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikiexternallink"><a href=
|
||||
"http://www.linagora.org/article166.html">Le WebSSO LemonLDAP::NG
|
||||
(LINAGORA)</a></span> (fr)</li>
|
||||
"http://linagora.org/contrib/annuaires/formations/websso_lemonldap_ng">Le
|
||||
WebSSO LemonLDAP::NG (LINAGORA)</a></span> (fr)</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
|
|
|
@ -69,9 +69,24 @@
|
|||
<ul>
|
||||
<li><a href="#HGeneral">General</a></li>
|
||||
|
||||
<li><a href="#HLDAP">LDAP</a></li>
|
||||
<li><a href="#HPortal">Portal</a></li>
|
||||
|
||||
<li><a href="#HExtendedfeatures">Extended features</a></li>
|
||||
<li><a href="#HConfigurationbackends">Configuration
|
||||
backends</a></li>
|
||||
|
||||
<li><a href="#HSessionbackends">Session backends</a></li>
|
||||
|
||||
<li><a href="#HAuthenticationbackends">Authentication
|
||||
backends</a></li>
|
||||
|
||||
<li><a href="#HUserdatabasebackends">User database backends</a></li>
|
||||
|
||||
<li><a href="#HPassworddatabasebackends">Password database
|
||||
backends</a></li>
|
||||
|
||||
<li><a href="#HLDAPspecificities">LDAP specificities</a></li>
|
||||
|
||||
<li><a href="#HAdvancedfeatures">Advanced features</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
|
@ -129,18 +144,6 @@
|
|||
<li><span class="wikilink"><a href=
|
||||
"3.3-Install-from-redhat-packages.html">Installation on RHEL/CentOS with
|
||||
packages</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"3.4-Install-of-MySQL-storage.html">Use of MySQL for sessions and/or
|
||||
configuration storage</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocLDAPStorage">Use of LDAP for configuration
|
||||
storage</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"3.5-Install-of-example.html">Provided example
|
||||
installation</a></span></li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
|
@ -154,22 +157,120 @@
|
|||
"4.1-Configuration-overview.html">Configuration overview</a></span>
|
||||
(en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href="4.1-RBAC-model.html">RBAC
|
||||
model</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.1-Configuration-parameter-list.html">Configuration parameters
|
||||
list</a></span> (en)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HPortal">Portal</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.1-Configure-portal-menu.html">Portal menu</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.1-HTML-templates-customization.html">HTML templates
|
||||
customization</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href="4.1-RBAC-model.html">RBAC
|
||||
model</a></span> (en)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HLDAP">LDAP</span></h4>
|
||||
<h4 class="heading-1-1-1"><span id="HConfigurationbackends">Configuration
|
||||
backends</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocFileStorage">File</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"3.4-Install-of-MySQL-storage.html">MySQL</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocLDAPStorage">LDAP</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.3-Configure-SOAP-fr.htmlStorage">SOAP</a></span> (en)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HSessionbackends">Session
|
||||
backends</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocFileSessionStorage">File</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocMySQLSessionStorage">MySQL</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocLDAPSessionStorage">LDAP</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.3-Configure-SOAP-fr.htmlSessionStorage">SOAP</a></span> (en)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HAuthenticationbackends">Authentication backends</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href="/xwiki/bin/view/NG/AuthLDAP">LDAP,
|
||||
Active Directory</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/SSL">SSL</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href="/xwiki/bin/view/NG/Kerberos">Apache,
|
||||
Kerberos</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/CAS">CAS</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/AuthRemote">Remote</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/AuthMulti">Multiple</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/AuthSAML">SAML</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.3-Configure-Liberty-Alliance-fr.html">Liberty Alliance (FederID
|
||||
project)</a></span> (fr)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HUserdatabasebackends">User database
|
||||
backends</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href="/xwiki/bin/view/NG/UserDBLDAP">LDAP,
|
||||
Active Directory</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/UserDBNull">Null</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/AuthRemote">Remote</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/UserDBMulti">Multiple</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/UserDBSAML">SAML</a></span> (en)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HPassworddatabasebackends">Password
|
||||
database backends</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/PasswordDBLDAP">LDAP, Active Directory</a></span>
|
||||
(en)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HLDAPspecificities">LDAP
|
||||
specificities</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href=
|
||||
|
@ -180,27 +281,24 @@
|
|||
schema extension</a></span> (en)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HExtendedfeatures">Extended
|
||||
<h4 class="heading-1-1-1"><span id="HAdvancedfeatures">Advanced
|
||||
features</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href="4.3-Configure-SOAP-fr.html">Web
|
||||
Services (SOAP)</a></span> (fr)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.3-Configure-Liberty-Alliance-fr.html">Liberty Alliance (FederID
|
||||
project)</a></span> (fr)</li>
|
||||
|
||||
<li><span class="wikilink"><a href="/xwiki/bin/view/NG/SSL">SSL
|
||||
authentication</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/Kerberos">Kerberos authentication</a></span>
|
||||
(en)</li>
|
||||
<li><span class="wikilink"><a href="/xwiki/bin/view/NG/CDA">Cross-Domain
|
||||
Authentication</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/Notifications">Notifications system</a></span>
|
||||
(en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/SeveralIndependantPortals">Management of several
|
||||
independant portals</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/ResetPassword">Reset password by mail</a></span>
|
||||
(en)</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HApplicationprotection">Application
|
||||
|
@ -283,6 +381,19 @@
|
|||
<span class="wikiexternallink"><a href=
|
||||
"http://www.sympa.org/">Official website</a></span></td>
|
||||
</tr>
|
||||
|
||||
<tr class="table-even">
|
||||
<td><strong class="strong">Bugzilla</strong><br />
|
||||
<img src="/xwiki/bin/download/NG/Documentation/bugzilla_logo.png" alt=
|
||||
"bugzilla_logo.png" /></td>
|
||||
|
||||
<td>Bugtracker<br />
|
||||
<br />
|
||||
<span class="wikilink"><a href="/xwiki/bin/view/NG/DocAppBugzilla">SSO
|
||||
procedure</a></span> (en)<br />
|
||||
<span class="wikiexternallink"><a href=
|
||||
"http://www.bugzilla.org/">Official website</a></span></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HConnectors">Connectors</span></h4>
|
||||
|
@ -326,7 +437,9 @@
|
|||
<h4 class="heading-1-1-1"><span id="HSelfmade">Self-made</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li>How to modify my application?</li>
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocAppSelfMade">How to modify my
|
||||
application?</a></span></li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HOthers">Others</span></h3><img src=
|
||||
|
@ -343,26 +456,32 @@
|
|||
<h4 class="heading-1-1-1"><span id="HDevelopersdocumentation">Developers
|
||||
documentation</span></h4>
|
||||
|
||||
<p class="paragraph"></p>See <span class="wikiexternallink"><a href=
|
||||
"http://lemonldap.objectweb.org/NG/devel-doc/">Doxygen
|
||||
documentation</a></span>
|
||||
<ul class="star">
|
||||
<li>See <span class="wikiexternallink"><a href=
|
||||
"http://lemonldap.objectweb.org/NG/devel-doc/">Doxygen
|
||||
documentation</a></span></li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HFAQ">FAQ</span></h4>
|
||||
|
||||
<p class="paragraph"></p>See <span class="wikilink"><a href=
|
||||
"2-FAQ.html">FAQ</a></span> page.
|
||||
<ul class="star">
|
||||
<li>See <span class="wikilink"><a href="2-FAQ.html">FAQ</a></span>
|
||||
page.</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HErrors">Errors</span></h4>
|
||||
|
||||
<p class="paragraph"></p>See <span class="wikilink"><a href=
|
||||
"6-Errors.html">errors</a></span> page.
|
||||
<ul class="star">
|
||||
<li>See <span class="wikilink"><a href="6-Errors.html">errors</a></span>
|
||||
page.</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HTraining">Training</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikiexternallink"><a href=
|
||||
"http://www.linagora.org/article166.html">The WebSSO LemonLDAP::NG
|
||||
(LINAGORA)</a></span> (fr)</li>
|
||||
"http://linagora.org/contrib/annuaires/formations/websso_lemonldap_ng">The
|
||||
WebSSO LemonLDAP::NG (LINAGORA)</a></span> (fr)</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
|
|
|
@ -69,6 +69,8 @@
|
|||
<ul>
|
||||
<li><a href="#HMandatory">Mandatory</a></li>
|
||||
|
||||
<li><a href="#HResetPasswordbyMail">Reset Password by Mail</a></li>
|
||||
|
||||
<li><a href="#HExtras">Extras</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
@ -85,6 +87,10 @@
|
|||
<li><a href="#HYUM">YUM</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li><a href=
|
||||
"#HLinkbetweenLemonLDAP3A3ANGversionsandCPANmodulesversions">Link
|
||||
between LemonLDAP::NG versions and CPAN modules versions</a></li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HApache">Apache</span></h3>
|
||||
|
@ -142,12 +148,25 @@
|
|||
<li>XML::LibXSLT</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HResetPasswordbyMail">Reset Password
|
||||
by Mail</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li>String::Random</li>
|
||||
|
||||
<li>MIME::Lite</li>
|
||||
|
||||
<li>Email::Date::Format</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HExtras">Extras</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li>Lasso</li>
|
||||
|
||||
<li>CAS</li>
|
||||
|
||||
<li>Test::POD</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HOther">Other</span></h3>
|
||||
|
@ -161,12 +180,14 @@
|
|||
"HInstalldependenciesonyoursystem">Install dependencies on your
|
||||
system</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HAPTGET">APT-GET</span></h4><br />
|
||||
<br />
|
||||
<h4 class="heading-1-1-1"><span id="HAPTGET">APT-GET</span></h4>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
# apt-get install apache2 libapache2-mod-perl2 libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl libsoap-lite-perl libhtml-template-perl libregexp-assemble-perl libjs-jquery libxml-libxml-perl libcrypt-rijndael-perl libio-string-perl libxml-libxslt-perl
|
||||
# apt-get install libstring-random-perl libemail-date-format-perl libmime-lite-perl
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
|
@ -185,6 +206,54 @@
|
|||
# yum install httpd mod_perl perl-Apache-Session perl-LDAP perl-XML-SAX perl-XML-NamespaceSupport perl-HTML-Template perl-Regexp-Assemble perl-Error perl-IPC-ShareLite perl-Cache-Cache perl-FreezeThaw perl-XML-Simple perl-version perl-CGI-Session perl-DBD-Pg perl-XML-LibXML-Common perl-BSD-Resource perl-XML-LibXML perl-Crypt-Rijndael perl-IO-<span class="java-object">String</span> perl-XML-LibXSLT
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HLinkbetweenLemonLDAP3A3ANGversionsandCPANmodulesversions">Link between
|
||||
LemonLDAP::NG versions and CPAN modules versions</span></h3><br />
|
||||
<br />
|
||||
All lemonLDAP::NG Perl modules are published on <span class=
|
||||
"wikiexternallink"><a href=
|
||||
"http://search.cpan.org/~guimard/">CPAN</a></span>. Here is the
|
||||
correspondance between LemonLDAP::NG version and CPAN versions:<br />
|
||||
<br />
|
||||
|
||||
<table class="wiki-table" cellpadding="0" cellspacing="0" border="0">
|
||||
<tr>
|
||||
<th>LemonLDAP::NG</th>
|
||||
|
||||
<th>Common</th>
|
||||
|
||||
<th>Handler</th>
|
||||
|
||||
<th>Manager</th>
|
||||
|
||||
<th>Portal</th>
|
||||
</tr>
|
||||
|
||||
<tr class="table-odd">
|
||||
<td>0.9.3</td>
|
||||
|
||||
<td>0.91</td>
|
||||
|
||||
<td>0.90</td>
|
||||
|
||||
<td>0.87</td>
|
||||
|
||||
<td>0.86</td>
|
||||
</tr>
|
||||
|
||||
<tr class="table-even">
|
||||
<td>0.9.4</td>
|
||||
|
||||
<td>0.92</td>
|
||||
|
||||
<td>0.91</td>
|
||||
|
||||
<td>0.88</td>
|
||||
|
||||
<td>0.87</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
|
|
|
@ -132,21 +132,9 @@ $ tar zxvf lemonldap-ng-*.tar.gz
|
|||
First check and install the <span class="wikilink"><a href=
|
||||
"3.1-Install-prerequesites.html">prerequisites</a></span>.<br />
|
||||
<br />
|
||||
If you just want to install a handler or a portal or a manager:<br />
|
||||
For full install:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
$ cd lemonldap-ng-*/Lemonldap-NG-(Portal|Handler|Manager|Common)
|
||||
$ perl Makefile.PL && make && make test
|
||||
$ sudo make install
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Else for full modules install:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
$ cd lemonldap-ng-*
|
||||
|
@ -154,6 +142,87 @@ $ make && make test
|
|||
$ sudo make install
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>You can choose other Makefile targets:
|
||||
|
||||
<ul class="star">
|
||||
<li>Perl libraries install :
|
||||
|
||||
<ul class="star">
|
||||
<li>install_libs (all Perl libraries)</li>
|
||||
|
||||
<li>install_portal_libs</li>
|
||||
|
||||
<li>install_manager_libs</li>
|
||||
|
||||
<li>install_handler_libs</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>Binaries install :
|
||||
|
||||
<ul class="star">
|
||||
<li>install_bin (/usr/local/lemonldap-ng/bin)</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>Web sites install :
|
||||
|
||||
<ul class="star">
|
||||
<li>install_site (all sites including install_doc_site)</li>
|
||||
|
||||
<li>install_portal_site (/usr/local/lemonldap-ng/htdocs/portal)</li>
|
||||
|
||||
<li>install_manager_site
|
||||
(/usr/local/lemonldap-ng/htdocs/manager)</li>
|
||||
|
||||
<li>install_handler_site (/usr/local/lemonldap-ng/handler)</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>Documentation install :
|
||||
|
||||
<ul class="star">
|
||||
<li>install_doc_site (/usr/local/lemonldap-ng/htdocs/doc)</li>
|
||||
|
||||
<li>install_examples_site (/usr/local/lemonldap-ng/examples)</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>You can also pass parameters to the make install command, with this
|
||||
syntax:
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
$ sudo make install PARAM=VALUE PARAM=VALUE ...
|
||||
</pre>
|
||||
</div><br />
|
||||
<br />
|
||||
Available parameters are:
|
||||
|
||||
<ul class="star">
|
||||
<li>ERASECONFIG: set to 0 if you want to keep your configuration files
|
||||
(default: 1)</li>
|
||||
|
||||
<li>DESTDIR: only for packaging, install the product in a jailroot
|
||||
(default: "")</li>
|
||||
|
||||
<li>PREFIX: installation directory (default: /usr/local)</li>
|
||||
|
||||
<li>CRONDIR: Cronfile directory (default:
|
||||
$PREFIX/etc/lemonldap-ng/cron.d)</li>
|
||||
|
||||
<li>APACHEUSER: user running Apache</li>
|
||||
|
||||
<li>APACHEGROUP: group running Apache</li>
|
||||
|
||||
<li>DNSDOMAIN: Main DNS domain (default: example.com)</li>
|
||||
|
||||
<li>LDAPHOST: LDAP server (default: localhost)</li>
|
||||
|
||||
<li>LDAPPORT: LDAP port (default: 389)</li>
|
||||
|
||||
<li>LDAPSUFFIX: LDAP suffix (default: dc=example,dc=com)</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
|
|
|
@ -98,7 +98,7 @@
|
|||
<li>lemonldap-ng-conf: contains default configuration (DNS domain:
|
||||
example.com)</li>
|
||||
|
||||
<li>lemonldap-ng-test: containts sampel CGI test page</li>
|
||||
<li>lemonldap-ng-test: contains sample CGI test page</li>
|
||||
|
||||
<li>lemonldap-ng-handler: contains Apache Handler implementation
|
||||
(agent)</li>
|
||||
|
|
|
@ -56,9 +56,8 @@
|
|||
|
||||
<body>
|
||||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id=
|
||||
"HUseofMySQLforsessionsand2Forconfigurationstorage">Use of MySQL for
|
||||
sessions and/or configuration storage</span></h2>
|
||||
<h2 class="heading-1"><span id="HUseofMySQLforconfigurationstorage">Use of
|
||||
MySQL for configuration storage</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
|
@ -70,8 +69,6 @@
|
|||
<li><a href="#HDatabasecreation">Database creation</a></li>
|
||||
|
||||
<li><a href="#HConfigurationtable">Configuration table</a></li>
|
||||
|
||||
<li><a href="#HSessiontable">Session table</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
|
@ -80,11 +77,11 @@
|
|||
configuration</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HSetconfigStorageforLemonLDAP3A3ANGmodules">Set
|
||||
configStorage for LemonLDAP::NG modules</a></li>
|
||||
<li><a href="#HDefaultconfiguration">Default configuration</a></li>
|
||||
|
||||
<li><a href="#HSetApache3A3ASessionbackend">Set Apache::Session
|
||||
backend</a></li>
|
||||
<li><a href=
|
||||
"#HOverrideconfigStorageforLemonLDAP3A3ANGmodules">Override
|
||||
configStorage for LemonLDAP::NG modules</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
@ -99,12 +96,12 @@
|
|||
<h4 class="heading-1-1-1"><span id="HDatabasecreation">Database
|
||||
creation</span></h4><br />
|
||||
<br />
|
||||
For example, create the database "lemonldapng" :<br />
|
||||
For example, create the database "lemonldap-ng" :<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
# mysqladmin create lemonldapng
|
||||
# mysqladmin create lemonldap-ng
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
|
@ -142,48 +139,34 @@ CREATE TABLE lmConfig (
|
|||
</pre>
|
||||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HSessiontable">Session
|
||||
table</span></h4>
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG configuration</span></h3>
|
||||
|
||||
<p class="paragraph"></p>The choice of Apache::Session::* module is free.
|
||||
See Apache::Session::Store::* or Apache::Session::* to know how to
|
||||
configure the module.
|
||||
<h4 class="heading-1-1-1"><span id="HDefaultconfiguration">Default
|
||||
configuration</span></h4>
|
||||
|
||||
<p class="paragraph"></p>If you want to use Apache::Session::MySQL, you
|
||||
can create the database like this:
|
||||
<p class="paragraph"></p>You can set this directly in <strong class=
|
||||
"strong">storage.conf</strong>:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
CREATE TABLE sessions (
|
||||
id <span class="java-object">char</span>(32),
|
||||
a_session text
|
||||
);
|
||||
type = DBI
|
||||
dbiChain = DBI:mysql:database=lemonldap-ng;host=1.2.3.4
|
||||
dbiUser = lemonldap
|
||||
dbiPassword = password
|
||||
dbiTable = lmConfig
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG configuration</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HSetconfigStorageforLemonLDAP3A3ANGmodules">Set configStorage for
|
||||
LemonLDAP::NG modules</span></h4>
|
||||
"HOverrideconfigStorageforLemonLDAP3A3ANGmodules">Override configStorage
|
||||
for LemonLDAP::NG modules</span></h4>
|
||||
|
||||
<p class="paragraph"></p>By default, configStorage use the "File" backend,
|
||||
like:
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
configStorage => {
|
||||
type => <span class="java-quote">"File"</span>,
|
||||
dirName => <span class="java-quote">"/etc/lemonldap-ng/conf/"</span>,
|
||||
},
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>You have to replace it with MySQL parameters, for
|
||||
example:
|
||||
<p class="paragraph"></p>Edit for example <strong class=
|
||||
"strong">portal/index.pl</strong> or <strong class=
|
||||
"strong">handler/MyHandler.pm</strong>:
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -197,48 +180,7 @@ configStorage => {
|
|||
</pre>
|
||||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HSetApache3A3ASessionbackend">Set
|
||||
Apache::Session backend</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Go to the Manager and go in <strong class=
|
||||
"strong">General Parameters > Session Storage</strong>. Then change
|
||||
<strong class="strong">Apache::Session module</strong> to
|
||||
"Apache::Session::MySQL" and in <strong class="strong">Apache::Session
|
||||
parameters</strong> configure the following options:
|
||||
|
||||
<ul class="star">
|
||||
<li>DataSource (for example:
|
||||
DBI:mysql:database=lemonldapng;host=127.0.0.1)</li>
|
||||
|
||||
<li>UserName</li>
|
||||
|
||||
<li>Password</li>
|
||||
|
||||
<li>TableName</li>
|
||||
|
||||
<li>LockDataSource</li>
|
||||
|
||||
<li>LockUserName</li>
|
||||
|
||||
<li>LockPassword</li>
|
||||
</ul>You can also set the session module in perl scripts:
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
globalStorage => <span class="java-quote">"Apache::Session::MySQL"</span>,
|
||||
globalStorageOptions => {
|
||||
DataSource => <span class=
|
||||
"java-quote">"dbi:mysql:database=lemonldapng;host=127.0.0.1"</span>,
|
||||
UserName => <span class="java-quote">"db_user"</span>,
|
||||
Password => <span class="java-quote">"db_password"</span>,
|
||||
TableName => <span class="java-quote">"sessions"</span>,
|
||||
LockDataSource => <span class=
|
||||
"java-quote">"dbi:mysql:database=lemonldapng;host=127.0.0.1"</span>,
|
||||
LockUserName => <span class="java-quote">"db_user"</span>,
|
||||
LockPassword => <span class="java-quote">"db_password"</span>,
|
||||
},
|
||||
</pre>
|
||||
</div>
|
||||
<p class="paragraph"></p>
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
|
|
|
@ -66,61 +66,70 @@
|
|||
<li><a href="#HUsergroups">User groups</a></li>
|
||||
|
||||
<li><a href="#HVirtualhosts">Virtual hosts</a></li>
|
||||
|
||||
<li><a href="#HTogofurther">To go further</a></li>
|
||||
</ul>Connect to the manager with your browser (for example <span class=
|
||||
"nobr"><a href=
|
||||
"http://manager.example.com">http://manager.example.com</a></span>) to
|
||||
start configure your WebSSO.
|
||||
|
||||
<p class="paragraph"></p>You have to set at least some parameters:
|
||||
<p class="paragraph"></p>You can now configure a default installation,
|
||||
with an LDAP directory.
|
||||
|
||||
<h3 class="heading-1-1"><span id="HGeneralparameters">General
|
||||
parameters</span></h3>
|
||||
|
||||
<ul class="star">
|
||||
<li>Authentication parameters -> portal URL to access to the
|
||||
authentication portal.</li>
|
||||
<li>Authentication parameters:
|
||||
|
||||
<li>Domain: the cookie domain. All protected VirtualHosts have to be
|
||||
under it.</li>
|
||||
<ul class="star">
|
||||
<li>portal: URL to access to the authentication portal.</li>
|
||||
|
||||
<li>LDAP parameters -> LDAP Server.</li>
|
||||
<li>domain: the cookie domain. All protected VirtualHosts have to be
|
||||
under it (or you have to use <span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/CDA">Cross Domain
|
||||
Authentication</a></span>).</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>LDAP parameters -> LDAP Accout and password: required only if
|
||||
anonymous binds are not accepted.</li>
|
||||
<li>LDAP parameters:
|
||||
|
||||
<li>Session Storage -> Apache::Session module: how to store user
|
||||
sessions. You can use all module that inherit from Apache::Session like
|
||||
Apache::Session::MySQL.</li>
|
||||
<ul class="star">
|
||||
<li>ldapServer: LDAP Server.</li>
|
||||
|
||||
<li>Session Storage -> Apache::Session Module parameters: see
|
||||
Apache::Session::<Choosen module>.</li>
|
||||
<li>managerDn and managerPassword: required only if anonymous binds
|
||||
are not accepted.</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HUsergroups">User groups</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Use the "New Group" button to add your first
|
||||
group. On the left, set the keyword which will be used later and set on
|
||||
the right the corresponding rule. You can use :
|
||||
the right the corresponding rule. You can use a Perl condition enclosed
|
||||
with {}. All variables declared in "General parameters -> exported
|
||||
attributes" can be used with a "$".
|
||||
|
||||
<ul class="star">
|
||||
<li>an LDAP filter (it will be tested with the user uid)</li>
|
||||
</ul>or
|
||||
<p class="paragraph"></p>For example:
|
||||
|
||||
<ul class="star">
|
||||
<li>a Perl condition enclosed with {}. All variables declared in
|
||||
"General parameters -> LDAP attributes" can be used with a "$". For
|
||||
example: MyGroup / { $uid eq "foo" or $uid eq "bar" }</li>
|
||||
</ul>
|
||||
<div class="code">
|
||||
<pre>
|
||||
MyGroup => { $uid eq <span class=
|
||||
"java-quote">"foo"</span> or $uid eq <span class="java-quote">"bar"</span> }
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HVirtualhosts">Virtual hosts</span></h3>
|
||||
|
||||
<p class="paragraph"></p>You have to create a virtual host for each Apache
|
||||
host (virtual or real) protected by Lemonldap::NG even if just a
|
||||
sub-directory is protected. Else, user who want to access to the protected
|
||||
area will be rejected with a "500 Internal Server Error" message and the
|
||||
apache logs will explain the problem.
|
||||
|
||||
<p class="paragraph"></p>Each virtual host has 2 groups of parameters:
|
||||
<h3 class="heading-1-1"><span id="HVirtualhosts">Virtual
|
||||
hosts</span></h3><br />
|
||||
<br />
|
||||
You have to create a virtual host for each Apache host (virtual or real)
|
||||
protected by LemonLDAP::NG even if just a sub-directory is protected.
|
||||
Else, user who want to access to the protected area will be rejected with
|
||||
a "500 Internal Server Error" message and the apache logs will explain the
|
||||
problem.<br />
|
||||
<br />
|
||||
Each virtual host has 2 groups of parameters:
|
||||
|
||||
<ul class="star">
|
||||
<li>Headers: the headers added to the apache request. Default: Auth-User
|
||||
|
@ -132,11 +141,22 @@
|
|||
<li>default: the default rule</li>
|
||||
|
||||
<li>personalized rules: association of a Perl regular expression and
|
||||
a condition. For example: ^/restricted.*$ / $groups =~
|
||||
/bMyGroupb/</li>
|
||||
a condition.</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
</ul>For example:
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
^/restricted.*$ => $groups =~ /\bMyGroup\b/
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HTogofurther">To go
|
||||
further</span></h3><br />
|
||||
<br />
|
||||
See the <span class="wikilink"><a href=
|
||||
"4.1-Configuration-parameter-list.html">full parameters list</a></span>.
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -128,21 +128,25 @@
|
|||
},
|
||||
modules => {
|
||||
appslist => 1,
|
||||
password => 1,
|
||||
logout => 1,
|
||||
password => USER_CAN_CHANGE_PASSWORD,
|
||||
logout => DISPLAY_LOGOUT,
|
||||
},
|
||||
# CUSTOM FUNCTION : <span class=
|
||||
"java-keyword">if</span> you want to create customFunctions in rules, declare them here
|
||||
#customFunctions => 'function1 function2',
|
||||
}
|
||||
);<br /><br /> $template->param( AUTH_ERROR => $menu->error );
|
||||
$template->param( AUTH_ERROR_TYPE => $menu->error_type );
|
||||
$template->param( DISPLAY_APPSLIST => $menu->displayModule(<span class="java-quote">"appslist"</span>) );
|
||||
$template->param( DISPLAY_PASSWORD => $menu->displayModule(<span class="java-quote">"password"</span>) );
|
||||
$template->param( DISPLAY_LOGOUT => $menu->displayModule(<span class="java-quote">"logout"</span>) );
|
||||
$template->param( DISPLAY_TAB => $menu->displayTab );
|
||||
$template->param( LOGOUT_URL => <span class=
|
||||
);<br /><br /> $template->param( AUTH_USER => $portal->{sessionInfo}->{$user_attr} );
|
||||
$template->param( AUTOCOMPLETE => AUTOCOMPLETE );
|
||||
$template->param( SKIN => $skin )
|
||||
$template->param( AUTH_ERROR => $menu->error );
|
||||
$template->param( AUTH_ERROR_TYPE => $menu->error_type );
|
||||
$template->param( DISPLAY_APPSLIST => $menu->displayModule(<span class="java-quote">"appslist"</span>) );
|
||||
$template->param( DISPLAY_PASSWORD => $menu->displayModule(<span class="java-quote">"password"</span>) );
|
||||
$template->param( DISPLAY_LOGOUT => $menu->displayModule(<span class="java-quote">"logout"</span>) );
|
||||
$template->param( DISPLAY_TAB => $menu->displayTab );
|
||||
$template->param( LOGOUT_URL => <span class=
|
||||
"java-quote">"$ENV{SCRIPT_NAME}?logout=1"</span> );
|
||||
$template->param( REQUIRE_OLDPASSWORD => REQUIRE_OLDPASSWORD );
|
||||
<span class=
|
||||
"java-keyword">if</span> ( $menu->displayModule(<span class="java-quote">"appslist"</span>) ) {
|
||||
$template->param( APPSLIST_MENU => $menu->appslistMenu );
|
||||
|
@ -164,8 +168,8 @@
|
|||
<pre>
|
||||
modules => {
|
||||
appslist => 1,
|
||||
password => 1,
|
||||
logout => 1,
|
||||
password => USER_CAN_CHANGE_PASSWORD,
|
||||
logout => DISPLAY_LOGOUT,
|
||||
},
|
||||
</pre>
|
||||
</div>
|
||||
|
@ -182,7 +186,7 @@ modules => {
|
|||
modules => {
|
||||
appslist => 1,
|
||||
password => '$employeeType =~ /binternalb/',
|
||||
logout => 1,
|
||||
logout => DISPLAY_LOGOUT,
|
||||
},
|
||||
</pre>
|
||||
</div>
|
||||
|
|
|
@ -66,6 +66,8 @@
|
|||
"#HLemonLDAP3A3ANGskinsandHTML3A3ATemplatePerlmodule">LemonLDAP::NG
|
||||
skins and HTML::Template Perl module</a></li>
|
||||
|
||||
<li><a href="#HTemplatesconfiguration">Templates configuration</a></li>
|
||||
|
||||
<li>
|
||||
<a href="#HTemplatesvariablesprovidedbyportal2Findexpl">Templates
|
||||
variables provided by portal/index.pl</a>
|
||||
|
@ -78,6 +80,9 @@
|
|||
|
||||
<li><a href="#Hmenutplspecificvariables">menu.tpl specific
|
||||
variables</a></li>
|
||||
|
||||
<li><a href="#Hnotificationtplspecificvariables">notification.tpl
|
||||
specific variables</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
|
@ -109,7 +114,7 @@
|
|||
|
||||
<p class="paragraph"></p>LemonLDAP::NG portal use "skins", located in the
|
||||
skins/ directory of the portal. Each skin is a particular directory, for
|
||||
example skins/default/ for the default skin.
|
||||
example skins/pastel/ for the provided skin.
|
||||
|
||||
<p class="paragraph"></p>Here is the list of required template files:
|
||||
|
||||
|
@ -118,19 +123,59 @@
|
|||
|
||||
<li>menu.tpl: template for the menu page.</li>
|
||||
|
||||
<li>error.tpl: tempalte for the error page.</li>
|
||||
<li>error.tpl: template for the error page.</li>
|
||||
|
||||
<li>header.tpl: common header (included in above templates).</li>
|
||||
|
||||
<li>footer.tpl: common footer (included in above templates).</li>
|
||||
|
||||
<li>notification.tpl: template to display notifications.</li>
|
||||
|
||||
<li>password.tpl: template for the password modification tab.</li>
|
||||
</ul>Each template include a CSS file, named "styles.css".
|
||||
|
||||
<p class="paragraph"></p>Icons and javascripts are in skins/common/.
|
||||
|
||||
<p class="paragraph"></p>To create your own skin, just copy the default
|
||||
skin to another directory (eg.: skins/myskin/) and edit templates and CSS
|
||||
files. Advanced customization can be done by editing the portal/index.pl.
|
||||
|
||||
<h3 class="heading-1-1"><span id="HTemplatesconfiguration">Templates
|
||||
configuration</span></h3>
|
||||
|
||||
<p class="paragraph"></p>In portal/index.pl, you can find some
|
||||
configuration variables:
|
||||
|
||||
<ul class="star">
|
||||
<li>XWiki.MySkin: name of the skin (ex: "pastel")</li>
|
||||
|
||||
<li>$skin_dir: full system path to skins</li>
|
||||
|
||||
<li>$appsxmlfile: application XML file (<span class="wikilink"><a href=
|
||||
"4.1-Configure-portal-menu.html">learn more</a></span>)</li>
|
||||
|
||||
<li>$appsimgpath: web path to application logos</li>
|
||||
|
||||
<li>$user_attr: session attribute to display as connected user (ex:
|
||||
"uid")</li>
|
||||
|
||||
<li>USER_CAN_CHANGE_PASSWORD: constant to enable the password
|
||||
modification tab</li>
|
||||
|
||||
<li>REQUIRE_OLDPASSWORD: constant to display the "old password"
|
||||
field</li>
|
||||
|
||||
<li>DISPLAY_LOGOUT: constant to display the logout tab</li>
|
||||
|
||||
<li>AUTOCOMPLETE: constant to set the autocomplete tag in forms (default
|
||||
to "on").</li>
|
||||
|
||||
<li>DISPLAY_RESETPASSWORD: constant to display the "reset password"
|
||||
form.</li>
|
||||
</ul>And in Menu constructor, you can use condition for tab display
|
||||
(<span class="wikilink"><a href="4.1-Configure-portal-menu.html">learn
|
||||
more</a></span>)
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HTemplatesvariablesprovidedbyportal2Findexpl">Templates variables
|
||||
provided by portal/index.pl</span></h3>
|
||||
|
@ -155,27 +200,39 @@
|
|||
<li>warning: not a fatal error, need user action.</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>REQUIRE_OLDPASSWORD: boolean to display "old password" field</li>
|
||||
|
||||
<li>DISPLAY_PASSWORD: boolean to display the password tab</li>
|
||||
|
||||
<li>AUTOCOMPLETE: "on" or "off" to enable/disable autocomplete in
|
||||
forms</li>
|
||||
|
||||
<li>SKIN: name of the skin</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="Hlogintplspecificvariables">login.tpl
|
||||
specific variables</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li>AUTH_URL: URL submitted for redirection.</li>
|
||||
<li>AUTH_URL: URL submitted for redirection</li>
|
||||
|
||||
<li>DISPLAY_FORM: set to 1 if a form can be displayed.</li>
|
||||
<li>DISPLAY_FORM: set to 1 if a form can be displayed</li>
|
||||
|
||||
<li>LOGIN: submitted login</li>
|
||||
|
||||
<li>DISPLAY_RESETPASSWORD: boolean to display the "reset password"
|
||||
form</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="Hmenutplspecificvariables">menu.tpl
|
||||
specific variables</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li>LOGOUT_URL: URL for logout.</li>
|
||||
<li>LOGOUT_URL: URL for logout</li>
|
||||
|
||||
<li>DISPLAY_APPSLIST: boolean to display the appslist tab</li>
|
||||
|
||||
<li>DISPLAY_PASSWORD: boolean to display the password tab</li>
|
||||
|
||||
<li>DISPLAY_LOGOUT: boolean to display the logout tab</li>
|
||||
|
||||
<li>DISPLAY_TAB: name of the pre-selected tab</li>
|
||||
|
@ -183,6 +240,16 @@
|
|||
<li>APPSLIST_MENU: html code of appslist menu div</li>
|
||||
|
||||
<li>APPSLIST_DESC: html code of appslist description divs</li>
|
||||
|
||||
<li>AUTH_USER: identity of connected user</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"Hnotificationtplspecificvariables">notification.tpl specific
|
||||
variables</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li>NOTIFICATION: content of notifications (HTML code)</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HTemplatestructure">Template
|
||||
|
@ -203,8 +270,6 @@
|
|||
<ul class="star">
|
||||
<li>div id=header</li>
|
||||
|
||||
<li>div class=message</li>
|
||||
|
||||
<li>(html content)</li>
|
||||
|
||||
<li>div id=footer</li>
|
||||
|
|
|
@ -77,6 +77,8 @@
|
|||
|
||||
<li><a href="#HPasswordPolicyinLemonLDAP3A3ANG">Password Policy in
|
||||
LemonLDAP::NG</a></li>
|
||||
|
||||
<li><a href="#HSeealso">See also</a></li>
|
||||
</ul><strong class="strong">Documentation applicable for LemonLDAP::NG
|
||||
>= 0.9.1</strong>
|
||||
|
||||
|
@ -101,7 +103,8 @@
|
|||
|
||||
<p class="paragraph"></p>Documentation on how to set ppolicy in OpenLDAP
|
||||
can be found here: <span class="wikiexternallink"><a href=
|
||||
"http://www.linagora.org/article165.html">http://www.linagora.org/article165.html</a></span>
|
||||
"http://www.linagora.org/contrib/annuaires/documentations/overlay_ppolicy_openldap">
|
||||
http://www.linagora.org/contrib/annuaires/documentations/overlay_ppolicy_openldap</a></span>
|
||||
(fr).
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HPerlNet3A3ALDAPmodule">Perl Net::LDAP
|
||||
|
@ -141,8 +144,12 @@
|
|||
<li>Password expiration time</li>
|
||||
|
||||
<li>Password graces used</li>
|
||||
</ul>To activate Password Policy, you have to set a new parameter inside
|
||||
you portal perl script (e.g. portal/index.pl), like:
|
||||
</ul>Since LemonLDAP:NG 0.9.4, password policy can be used to force
|
||||
password change is the password was reset (attribute pwdReset: TRUE in
|
||||
user entry).
|
||||
|
||||
<p class="paragraph"></p>To activate Password Policy, you have to set a
|
||||
new parameter inside you portal perl script (e.g. portal/index.pl), like:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
|
@ -159,6 +166,16 @@
|
|||
);
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HSeealso">See also</span></h3>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href="/xwiki/bin/view/NG/AuthLDAP">Auth
|
||||
LDAP</a></span></li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/PasswordDBLDAP">Password DBLDAP</a></span></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
|
|
|
@ -54,537 +54,6 @@
|
|||
</head>
|
||||
|
||||
<body>
|
||||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id=
|
||||
"HUtilisationdesWebServices28modulesSOAP29">Utilisation des Web Services
|
||||
(modules SOAP)</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HPrC3A9requis">Pré-requis</a></li>
|
||||
|
||||
<li><a href="#HWebServicepourl27authentification">Web Service pour
|
||||
l'authentification</a></li>
|
||||
|
||||
<li>
|
||||
<a href="#HWebServicepourl27accC3A8sauxsessions">Web Service pour
|
||||
l'accès aux sessions</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HPrC3A9sentation">Présentation</a></li>
|
||||
|
||||
<li><a href="#HInstallationduscriptserveurSOAP">Installation du
|
||||
script serveur SOAP</a></li>
|
||||
|
||||
<li><a href="#HConfigurationApache">Configuration Apache</a></li>
|
||||
|
||||
<li><a href="#HConfigurationd27unhandler">Configuration d'un
|
||||
handler</a></li>
|
||||
|
||||
<li><a href="#HConfigurationd27unportail">Configuration d'un
|
||||
portail</a></li>
|
||||
|
||||
<li><a href="#HConfigurationC3A0traversleManager">Configuration
|
||||
à travers le Manager</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<a href="#HWebServicepourl27accC3A8sC3A0laconfiguration">Web Service
|
||||
pour l'accès à la configuration</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HPrC3A9sentation-1">Présentation</a></li>
|
||||
|
||||
<li><a href="#HInstallationduscriptserveurSOAP-1">Installation du
|
||||
script serveur SOAP</a></li>
|
||||
|
||||
<li><a href="#HConfigurationApache-1">Configuration Apache</a></li>
|
||||
|
||||
<li><a href=
|
||||
"#HConfigurationd27unhandler2Cd27unportailoud27unmanager">Configuration
|
||||
d'un handler, d'un portail ou d'un manager</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<a href="#HSC3A9curisationdesWebServices">Sécurisation des Web
|
||||
Services</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HHTTPBASIC">HTTP-BASIC</a></li>
|
||||
|
||||
<li><a href="#HSSL2FTLS">SSL/TLS</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HPrC3A9requis">Pré-requis</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Le module Perl SOAP::Lite doit être
|
||||
installé sur le système.
|
||||
|
||||
<ul class="star">
|
||||
<li>Pour un environnement Debian :</li>
|
||||
</ul>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
# apt-get install libsoap-lite-perl
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<ul class="star">
|
||||
<li>Pour un environnement Red Hat :</li>
|
||||
</ul>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
# yum install perl-SOAP-Lite
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HWebServicepourl27authentification">Web
|
||||
Service pour l'authentification</span></h3><br />
|
||||
<br />
|
||||
À partie de la version 0.9.3, les fonctionnalités SOAP sont
|
||||
incluse dans le portail. Il suffit de les activer avec l'option
|
||||
<strong class="strong">"<tt>Soap => 1</tt>"</strong>.<br />
|
||||
<br />
|
||||
Le portail est alors capable de répondre aux sollicitations web
|
||||
classiques et aux requêtes SOAP. Il propose 2 fonctions SOAP:
|
||||
|
||||
<ul class="star">
|
||||
<li>getCookies(user,password) : retourne le ou les cookies
|
||||
générés par le portail et un code d'erreur (0 si
|
||||
tout va bien)</li>
|
||||
|
||||
<li>error(language,code) : retourne le texte correspondant à
|
||||
l'erreur.</li>
|
||||
</ul>Exemple de script client :<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
#!/usr/bin/perl -l
|
||||
use SOAP::Lite;
|
||||
use Data::Dumper;<br /><br />my $soap = SOAP::Lite->proxy('http://auth.example.com/')
|
||||
->uri('urn:/Lemonldap/NG/Common/CGI/SOAPService');<br /><br />my $r = $soap->getCookies( 'user', 'password' );<br /><br /># Catch SOAP errors
|
||||
<span class="java-keyword">if</span> ( $r->fault ) {
|
||||
print STDERR <span class=
|
||||
"java-quote">"SOAP Error: "</span> . $r->fault->{faultstring};
|
||||
}
|
||||
<span class="java-keyword">else</span> {
|
||||
my $res = $r->result();<br /><br /> # If authentication failed, display error
|
||||
<span class="java-keyword">if</span> ( $res->{error} ) {
|
||||
print STDERR <span class="java-quote">"Error: "</span>
|
||||
. $soap->error( 'fr', $res->{error} )->result();
|
||||
}<br /><br /> # print session-ID
|
||||
<span class="java-keyword">else</span> {
|
||||
print <span class=
|
||||
"java-quote">"Cookie: lemonldap="</span> . $res->{cookies}->{lemonldap};
|
||||
}
|
||||
}
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HWebServicepourl27accC3A8sauxsessions">Web Service pour l'accès
|
||||
aux sessions</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HPrC3A9sentation">Présentation</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Ce Web Service permet au portail
|
||||
(Lemonldap::NG::Portal) et au handler (Lemonldap::NG::Handler)
|
||||
d'accéder en lecture et en écriture aux sessions WebSSO.
|
||||
Cela permet par exemple à un handler d'aller
|
||||
récupérer les sessions à distance avec une simple
|
||||
requête SOAP (sur HTTP). Pour des architectures plus complexes, cela
|
||||
permet également de disposer de plusieurs portails qui enregistrent
|
||||
les sessions à distance.
|
||||
|
||||
<p class="paragraph"></p><img src=
|
||||
"/xwiki/bin/download/NG/DocSOAP/DIA-Fonctionnement_LemonLDAP%3A%3ANG_SOAP_Sessions-1.png"
|
||||
alt="DIA-Fonctionnement_LemonLDAP::NG_SOAP_Sessions-1.png" />
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HInstallationduscriptserveurSOAP">Installation du script serveur
|
||||
SOAP</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Au niveau du serveur principal,
|
||||
c'est-à-dire celui qui stocke les sessions, le script suivant doit
|
||||
être installé, par exemple dans
|
||||
/var/www/lemonldapng/soap/sessions.pl :
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
#! /usr/bin/perl<br /><br />use Lemonldap::NG::Manager::SOAPServer;<br /><br />Lemonldap::NG::Manager::SOAPServer->start (
|
||||
realSessionStorage => <span class=
|
||||
"java-quote">"Apache::Session::File"</span>,
|
||||
realSessionStorageOptions => { Directory => <span class=
|
||||
"java-quote">"/tmp"</span>, },
|
||||
type => <span class="java-quote">"sessions"</span>,
|
||||
AuthorizedFunctions => <span class=
|
||||
"java-quote">"<span class="java-keyword">new</span> get set delete"</span>,
|
||||
);
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Les paramètres de l'objet SOAPServer sont
|
||||
les suivants :
|
||||
|
||||
<ul class="star">
|
||||
<li>realSessionStorage : Module Apache::Session à utiliser</li>
|
||||
|
||||
<li>realSessionStorageOptions : Options du module Apache::Session</li>
|
||||
|
||||
<li>type : "sessions" ou "config"</li>
|
||||
|
||||
<li>AuthorizedFunctions : Fonctions SOAP autorisées :
|
||||
|
||||
<ul class="star">
|
||||
<li>new : créer une nouvelle session (et donc un nouveau
|
||||
session_id)</li>
|
||||
|
||||
<li>get : lire une session</li>
|
||||
|
||||
<li>set : écrire une session</li>
|
||||
|
||||
<li>delete : supprimer une session</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>Un handler n'a besoin que de lire des sessions (fonction "get"), par
|
||||
contre un portail devra les écrire (fonctions "new", "set" et
|
||||
"delete").
|
||||
|
||||
<p class="paragraph"></p>On peut donc utiliser toutes les méthodes
|
||||
de stockage de sessions, comme par exemple MySQL :
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
#! /usr/bin/perl<br /><br />use Lemonldap::NG::Manager::SOAPServer;<br /><br />Lemonldap::NG::Manager::SOAPServer->start (
|
||||
realSessionStorage => <span class=
|
||||
"java-quote">"Apache::Session::MySQL"</span>,
|
||||
realSessionStorageOptions => {
|
||||
DataSource => <span class=
|
||||
"java-quote">"DBI:mysql:database=lemonldapng;host=127.0.0.1"</span>,
|
||||
UserName => <span class=
|
||||
"java-quote">"ssoadmin"</span>,
|
||||
Password => <span class=
|
||||
"java-quote">"ssopasswd"</span>,
|
||||
LockDataSource => <span class=
|
||||
"java-quote">"DBI:mysql:database=lemonldapng;host=127.0.0.1"</span>,
|
||||
LockUserName => <span class=
|
||||
"java-quote">"ssoadmin"</span>,
|
||||
LockPassword => <span class=
|
||||
"java-quote">"ssopasswd"</span>,
|
||||
},
|
||||
type => <span class="java-quote">"sessions"</span>,
|
||||
AuthorizedFunctions => <span class=
|
||||
"java-quote">"<span class="java-keyword">new</span> get set delete"</span>,
|
||||
);
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HConfigurationApache">Configuration
|
||||
Apache</span></h4>
|
||||
|
||||
<p class="paragraph"></p>L'accès au script SOAP doit être
|
||||
autorisé par Apache, par exemple :
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
Alias /soap /<span class=
|
||||
"java-keyword">var</span>/www/lemonldapng/soap<br /><br /><Files ~ <span class="java-quote">".(pl)$"</span>>
|
||||
SetHandler perl-script
|
||||
PerlHandler ModPerl::Registry
|
||||
PerlSendHeader On
|
||||
</Files><br /><br /><Directory /<span class=
|
||||
"java-keyword">var</span>/www/lemonldapng/soap>
|
||||
AllowOverride None
|
||||
Options +ExecCGI +FollowSymLinks -Indexes
|
||||
</Directory>
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Cette configuration est
|
||||
généralement ajoutée au fichier de configuration
|
||||
Apache du portail et du manager.
|
||||
|
||||
<p class="paragraph"></p>L'accès au script SOAP peut être
|
||||
protégé des différentes manières :
|
||||
|
||||
<ul class="star">
|
||||
<li>HTTP-BASIC : un identifiant et un mot de passe doivent être
|
||||
fournis par le client SOAP</li>
|
||||
|
||||
<li>SSL/TLS : un certificat client doit être fourni par le client
|
||||
SOAP</li>
|
||||
</ul>Voir les documentations des modules SOAP::Lite et SOAP::Transport
|
||||
pour plus d'informations sur ces sujets.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HConfigurationd27unhandler">Configuration d'un handler</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Le handler effectue une requête SOAP pour
|
||||
lire les informations de sessions, en fournissant l'identifiant de
|
||||
sessions retrouvé dans le cookie fourni par le navigateur de
|
||||
l'utilisateur.
|
||||
|
||||
<p class="paragraph"></p>La configuration SOAP est effectué au
|
||||
niveau de la fonction init() du module, en surchargeant les
|
||||
paramètres de configuration globalStorage et globalStorageOptions :
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
<span class="java-keyword">package</span> Handler;<br /><br />use strict ;
|
||||
use Lemonldap::NG::Handler::SharedConf qw(:all) ;<br /><br />our $VERSION = '0.01' ;
|
||||
our @ISA = qw(Lemonldap::NG::Handler::SharedConf) ;<br /><br />*EXPORT_TAGS = *Lemonldap::NG::Handler::SharedConf::EXPORT_TAGS ;
|
||||
*EXPORT_OK = *Lemonldap::NG::Handler::SharedConf::EXPORT_OK ;
|
||||
*EXPORT = *Lemonldap::NG::Handler::SharedConf::EXPORT ;<br /><br /><b class="bold">PACKAGE</b>->init ({
|
||||
globalStorage => <span class=
|
||||
"java-quote">"Lemonldap::NG::Manager::Apache::Session::SOAP"</span>,
|
||||
globalStorageOptions => {
|
||||
proxy => <span class=
|
||||
"java-quote">"http://websso.mydomain.com/soap/sessions.pl"</span>,
|
||||
proxyOptions => {
|
||||
timeout => <span class=
|
||||
"java-quote">"5"</span>,
|
||||
},
|
||||
},
|
||||
configStorage => {
|
||||
type => <span class="java-quote">"DBI"</span>,
|
||||
dbiChain => <span class=
|
||||
"java-quote">"DBI:mysql:database=lemonldapng;host=127.0.0.1"</span>,
|
||||
dbiUser => <span class=
|
||||
"java-quote">"ssoadmin"</span>,
|
||||
dbiPassword => <span class=
|
||||
"java-quote">"ssopasswd"</span>,
|
||||
dbiTable => <span class=
|
||||
"java-quote">"lmConfig"</span>,
|
||||
},<br /><br /> localStorage => <span class="java-quote">"Cache::FileCache"</span>,
|
||||
localStorageOptions => {},
|
||||
https => <span class="java-quote">"0"</span>,
|
||||
}) ;<br /><br />1;
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HConfigurationd27unportail">Configuration d'un portail</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Pour le portail, on procède de la
|
||||
même manière :
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
#!/usr/bin/perl<br /><br />use Lemonldap::NG::Portal::SharedConf;<br /><br />my $portal = Lemonldap::NG::Portal::SharedConf-><span class="java-keyword">new</span>(
|
||||
globalStorage => <span class=
|
||||
"java-quote">"Lemonldap::NG::Manager::Apache::Session::SOAP"</span>,
|
||||
globalStorageOptions => {
|
||||
proxy => <span class=
|
||||
"java-quote">"http://websso.mydomain.com/soap/sessions.pl"</span>,
|
||||
proxyOptions => {
|
||||
timeout => <span class="java-quote">"5"</span>,
|
||||
},
|
||||
},
|
||||
configStorage => {
|
||||
type => <span class="java-quote">"DBI"</span>,
|
||||
dbiChain => <span class=
|
||||
"java-quote">"DBI:mysql:database=lemonldapng;host=127.0.0.1"</span>,
|
||||
dbiUser => <span class=
|
||||
"java-quote">"ssoadmin"</span>,
|
||||
dbiPassword => <span class=
|
||||
"java-quote">"ssopasswd"</span>,
|
||||
dbiTable => <span class=
|
||||
"java-quote">"lmConfig"</span>,},
|
||||
);
|
||||
...
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HConfigurationC3A0traversleManager">Configuration à travers le
|
||||
Manager</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Il est possible d'éviter de surcharger les
|
||||
paramètres de configuration dans le portail et le handler en
|
||||
agissant directement sur la configuration des sessions au niveau du
|
||||
Manager.
|
||||
|
||||
<p class="paragraph"></p>Pour cela, il suffit de se rendre dans la partie
|
||||
"Stockage des Sessions" puis de remplir correctement les paramètres
|
||||
:
|
||||
|
||||
<ul class="star">
|
||||
<li>Module Apache::Session :
|
||||
Lemonldap::NG::Manager::Apache::Session::SOAP</li>
|
||||
|
||||
<li>Paramètres du module Apache::Session :
|
||||
|
||||
<ul class="star">
|
||||
<li>proxy : <span class="nobr"><a href=
|
||||
"http://websso.mydomain.com/soap/sessions.pl">http://websso.mydomain.com/soap/sessions.pl</a></span></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>Attention cependant, en activant cette configuration, tous les
|
||||
éléments du WebSSO passeront par SOAP pour lire et
|
||||
écrire les sessions.
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HWebServicepourl27accC3A8sC3A0laconfiguration">Web Service pour
|
||||
l'accès à la configuration</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HPrC3A9sentation">Présentation</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Ce Web Service permet au portail
|
||||
(Lemonldap::NG::Portal), au manager (Lemonldap::NG::Manager) et au handler
|
||||
(Lemonldap::NG::Handler) d'accéder en lecture et en écriture
|
||||
à la configuration du WebSSO.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HInstallationduscriptserveurSOAP">Installation du script serveur
|
||||
SOAP</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Au niveau du serveur principal,
|
||||
c'est-à-dire celui qui stocke les sessions, le script suivant doit
|
||||
être installé, par exemple dans
|
||||
/var/www/lemonldapng/soap/config.pl :
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
#!/usr/bin/perl<br /><br />use Lemonldap::NG::Manager::SOAPServer;<br /><br />Lemonldap::NG::Manager::SOAPServer->start(
|
||||
configStorage => {
|
||||
type => 'DBI',
|
||||
dbiChain => <span class=
|
||||
"java-quote">"DBI:mysql:database=lemonldapng;host=127.0.0.1"</span>,
|
||||
dbiUser => <span class="java-quote">"ssoadmin"</span>,
|
||||
dbiPassword => <span class="java-quote">"ssopasswd"</span>,
|
||||
dbiTable => <span class="java-quote">"lmConfig"</span>,
|
||||
}
|
||||
);
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Tout comme pour le Web Service des sessions, il
|
||||
est possible d'utiliser d'autres type que "DBI" (par exemple "File").
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HConfigurationApache">Configuration
|
||||
Apache</span></h4><br />
|
||||
<br />
|
||||
Elle est identique à celle des sessions, si les scripts sessions.pl
|
||||
et config.pl sont bien dans le même répertoire :<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
Alias /soap /<span class=
|
||||
"java-keyword">var</span>/www/lemonldapng/soap<br /><br /><Files ~ <span class="java-quote">".(pl)$"</span>> SetHandler perl-script PerlHandler ModPerl::Registry PerlSendHeader On </Files><br /><br /><Directory /<span class="java-keyword">var</span>/www/lemonldapng/soap> AllowOverride None Options +ExecCGI +FollowSymLinks -Indexes </Directory>
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HConfigurationd27unhandler2Cd27unportailoud27unmanager">Configuration
|
||||
d'un handler, d'un portail ou d'un manager</span></h4><br />
|
||||
<br />
|
||||
Pour tous ces éléments, il suffit de remplacer le
|
||||
paramètre configStorage :<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
…
|
||||
configStorage => {
|
||||
type => <span class="java-quote">"SOAP"</span>,
|
||||
proxy => <span class=
|
||||
"java-quote">"http://websso.mydomain.com/soap/config.pl"</span>,
|
||||
},
|
||||
...
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>L'accès à la configuration se fera
|
||||
alors par SOAP.
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HSC3A9curisationdesWebServices">Sécurisation des Web
|
||||
Services</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HHTTPBASIC">HTTP-BASIC</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Si le serveur SOAP est protégé par
|
||||
une authentification BASIC, le client (par exemple un handler) doit
|
||||
être paramétré ainsi :
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
<span class=
|
||||
"java-keyword">package</span> My::Package;<br /><br /> use base Lemonldap::NG::Handler::SharedConf;<br /><br /> <b class="bold">PACKAGE</b>->init ( {
|
||||
localStorage => <span class=
|
||||
"java-quote">"Cache::FileCache"</span>,
|
||||
localStorageOptions => {
|
||||
'namespace' => 'MyNamespace',
|
||||
'default_expires_in' => 600,
|
||||
},
|
||||
configStorage => {
|
||||
type => 'SOAP',
|
||||
proxy => 'http://manager.example.com/soapserver.pl',
|
||||
User => 'http-user',
|
||||
Password => 'pass',
|
||||
},
|
||||
https => 1,
|
||||
} );
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HSSL2FTLS">SSL/TLS</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Si le serveur SOAP requiert un certificat client,
|
||||
le client (par exemple un handler) doit être paramétré
|
||||
ainsi :
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
<span class=
|
||||
"java-keyword">package</span> My::Package;<br /><br /> use base Lemonldap::NG::Handler::SharedConf;<br /><br /> $ENV{HTTPS_CERT_FILE} = 'client-cert.pem';
|
||||
$ENV{HTTPS_KEY_FILE} = 'client-key.pem';<br /><br /> __PACKAGE__->init ( {
|
||||
localStorage => <span class=
|
||||
"java-quote">"Cache::FileCache"</span>,
|
||||
localStorageOptions => {
|
||||
'namespace' => 'MyNamespace',
|
||||
'default_expires_in' => 600,
|
||||
},
|
||||
configStorage => {
|
||||
type => 'SOAP',
|
||||
proxy => 'http://manager.example.com/soapserver.pl',
|
||||
},
|
||||
https => 1,
|
||||
} );
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -124,8 +124,9 @@
|
|||
|
||||
<li>Secondary portal check if remote session is available. It can be
|
||||
done via direct access to the session database or using <span class=
|
||||
"wikilink"><a href="4.3-Configure-SOAP-fr.html">SOAP access</a></span>.
|
||||
Then it creates the session (with attribute filter)</li>
|
||||
"wikilink"><a href="4.3-Configure-SOAP-fr.htmlSessionStorage">SOAP
|
||||
access</a></span>. Then it creates the session (with attribute
|
||||
filter)</li>
|
||||
|
||||
<li>User can now access to the protected application</li>
|
||||
</ol>Note that if the user is already authenticated on the first portal,
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
|
@ -51,6 +51,11 @@
|
|||
}
|
||||
/*]]>*/
|
||||
</style>
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
span.c1 {text-decoration: underline}
|
||||
/*]]>*/
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
|
@ -75,6 +80,9 @@
|
|||
|
||||
<li><a href="#HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG
|
||||
configuration</a></li>
|
||||
|
||||
<li><a href="#HSympaautologin28version3E3D09429">Sympa auto-login
|
||||
(version >=0.9.4)</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
@ -93,12 +101,16 @@
|
|||
<h4 class="heading-1-1-1"><span id=
|
||||
"HPresentation">Presentation</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Sympa provide a magic authentication mecanism,
|
||||
<p class="paragraph"></p>Sympa provides a magic authentication mecanism,
|
||||
which display a special button on the interface. When the user click on
|
||||
it, if he has already an SSO session, he is directly authenticated.
|
||||
|
||||
<p class="paragraph"></p>This works for CAS, Shibboleth and LemonLDAP::NG.
|
||||
|
||||
<p class="paragraph"></p>For Lemonldap::NG you an also add the "sympa
|
||||
auto-login" feature (since 0.9.4) so users are automatically authenticated
|
||||
into Sympa.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HSympaconfiguration">Sympa
|
||||
configuration</span></h4><br />
|
||||
<br />
|
||||
|
@ -118,25 +130,17 @@
|
|||
generic_sso
|
||||
service_name LemonLDAP::NG
|
||||
service_id lemonldapng
|
||||
http_header_prefix HTTP
|
||||
email_http_header HTTP_EMAIL
|
||||
netid_http_header HTTP_AUTH-USER
|
||||
email_http_header HTTP_MAIL
|
||||
netid_http_header HTTP_AUTH_USER
|
||||
internal_email_by_netid 1
|
||||
logout_url <span class="nobr"><a href=
|
||||
"http://sympa.example.com/wws/logout">http://sympa.example.com/wws/logout</a></span><br /><br />ldap
|
||||
host localhost:389
|
||||
timeout 20
|
||||
bind_dn cn=admin,dc=example,dc=com
|
||||
bind_password secret
|
||||
suffix dc=example,dc=com
|
||||
get_dn_by_uid_filter (uid=[sender])
|
||||
get_dn_by_email_filter (|(mail=[sender])(n2atraliasmail=[sender]))
|
||||
alternative_email_attribute n2atrmaildrop
|
||||
email_attribute mail
|
||||
scope sub
|
||||
authentication_info_url <span class="nobr"><a href=
|
||||
"http://sympa.example.com">http://sympa.example.com</a></span>
|
||||
"http://sympa.example.com/wws/logout">http://sympa.example.com/wws/logout</a></span>
|
||||
</pre>
|
||||
|
||||
<ol>
|
||||
<li>Additional authentication schemes can be set but they will be
|
||||
ignored with Lemonldap::NG auto-login feature</li>
|
||||
</ol>
|
||||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HApacheconfiguration">Apache
|
||||
|
@ -153,7 +157,8 @@ generic_sso
|
|||
<pre>
|
||||
# The following lines must be set once <span class=
|
||||
"java-keyword">for</span> all virtualhosts
|
||||
NameVirtualHost *<br /><br />PerlRequire /opt/lemonldap-ng/handler/Handler.pm
|
||||
NameVirtualHost *<br /><br />PerlRequire /<span class=
|
||||
"java-keyword">var</span>/lib/lemonldap-ng/handler/MyHandler.pm
|
||||
PerlOptions +GlobalRequest
|
||||
<Files ~ <span class="java-quote">".(pl)$"</span>>
|
||||
SetHandler perl-script
|
||||
|
@ -162,14 +167,20 @@ PerlOptions +GlobalRequest
|
|||
</Files><br /><br /># Define here all <span class=
|
||||
"java-keyword">protected</span> virtualhosts
|
||||
<VirtualHost *>
|
||||
ServerName sympa.example.com<br /><br /> # WebSSO protection
|
||||
<Location /wws/sso_login/lemonldapng>
|
||||
PerlHeaderParserHandler Handler
|
||||
</Location><br /><br /> <Location /reload>
|
||||
PerlHeaderParserHandler Handler->reload
|
||||
</Location><br /><br /> RedirectMatch ^/$ /wws
|
||||
ServerName sympa.example.com<br /><br /> # WebSSO protection :<br /><br /> # * with auto-login
|
||||
PerlHeaderParserHandler Handler<br /><br /> # * without auto-login
|
||||
#<Location /wws/sso_login/lemonldapng>
|
||||
# PerlHeaderParserHandler Handler
|
||||
#</Location>
|
||||
#<br /><br /> # Optional : reload mechanism (see doc <span class=
|
||||
"java-keyword">for</span> more)
|
||||
<Location /reload>
|
||||
PerlHeaderParserHandler Handler->reload
|
||||
</Location><br /><br /> # Sympa normal configuration (example)
|
||||
RedirectMatch ^/$ /wws
|
||||
Alias /wwsicons /usr/share/sympa/icons
|
||||
ScriptAlias /wws /usr/lib/cgi-bin/sympa/wwsympa.fcgi<br /><br /> LogLevel warn
|
||||
ScriptAlias /wws /usr/lib/cgi-bin/sympa/wwsympa.fcgi<br /><br /> # Logging
|
||||
LogLevel warn
|
||||
ErrorLog /<span class=
|
||||
"java-keyword">var</span>/log/apache2/sympa-error.log
|
||||
CustomLog /<span class=
|
||||
|
@ -185,11 +196,11 @@ PerlOptions +GlobalRequest
|
|||
|
||||
<div class="code">
|
||||
<pre>
|
||||
pla.example.com
|
||||
sympa.example.com
|
||||
</pre>
|
||||
</div><br />
|
||||
<br />
|
||||
Then create the access rule:
|
||||
Then create the access rule. Example:
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -202,9 +213,36 @@ pla.example.com
|
|||
<div class="code">
|
||||
<pre>
|
||||
Auth-User => $uid
|
||||
email => $email
|
||||
mail => $mail
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HSympaautologin28version3E3D09429">Sympa auto-login (version
|
||||
>=0.9.4)</span></h4>
|
||||
|
||||
<p class="paragraph"></p>To avoid that users need to click on the
|
||||
"authenticate" button, you can use Lemonldap::NG::Handler::SympaAutoLogin
|
||||
instead of Lemonldap::NG::Handler::SharedConf :
|
||||
|
||||
<ul class="star">
|
||||
<li>edit the file /var/lib/lemonldap-ng/handler/MyHandler.pm and replace
|
||||
"SharedConf" by "SympaAutoLogin"</li>
|
||||
|
||||
<li>store the Sympa secret in /etc/lemonldap-ng/sympa.secret (parameter
|
||||
"cookie" from sympa.conf)</li>
|
||||
|
||||
<li>change the rights of /etc/lemonldap-ng/sympa.secret to 600 (can be
|
||||
owned by root because it's read at Apache startup only)</li>
|
||||
|
||||
<li>restart Apache</li>
|
||||
</ul><strong class="strong">Warning</strong> : you must have and header
|
||||
named "mail" and containing the good user's mail value (the one used by
|
||||
Sympa).
|
||||
|
||||
<p class="paragraph"></p><strong class="strong">Note</strong> : this
|
||||
configuration <span class="c1">enforces</span> your sympa security, as the
|
||||
sympa auth cookie is neither visible nor editable by users.
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
|
|
|
@ -57,50 +57,6 @@
|
|||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id="HContacts">Contacts</span></h2>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HLemonLDAP">LemonLDAP</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HMailinglists">Mailing
|
||||
lists</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li>Devel: lemonldap-dev AT ow2.org (<span class=
|
||||
"wikiexternallink"><a href=
|
||||
"http://mail-archive.ow2.org/lemonldap-dev/index.html">Archives</a></span>)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HCoreteam">Core team</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li>Eric German, germanlinux AT yahoo.com: Leader</li>
|
||||
|
||||
<li>Habib ZITOUNI zitouni.habib AT gmail.com (version 3)</li>
|
||||
|
||||
<li>Hamza AISSAT asthamza AT hotmail.fr (version 3)</li>
|
||||
|
||||
<li>Casimir ANTUNES (webmin)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HContributors">Contributors</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li>Sebastien DIAZ: sebastien.diaz AT gmail.com module pour sympa
|
||||
pluglemonsympa (liste de discussion)</li>
|
||||
|
||||
<li>Apache::Authenlemonldap: module CPAN à installer sur un
|
||||
serveur apache qui permet de décoder les en-têtes
|
||||
envoyées par lemonldap.</li>
|
||||
|
||||
<li>Lemonldap::Cluster::Status: module CPAN qui permet de superviser un
|
||||
cluster de serveurs lemonldap de la même manière qu'un
|
||||
server-status individuel.</li>
|
||||
|
||||
<li>Valve lemonldap pour Tomcat: valve java a installer sur un serveur
|
||||
Tomcat qui permet de décoder les entetes envoyées par
|
||||
lemonldap. Auteurs : Itin avec : BOIREAU Oliver CHECCO Jean-Thomas GZADY
|
||||
Mounir RIVIERE Daniel</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HLemonLDAP3A3ANG">LemonLDAP::NG</span></h3>
|
||||
|
||||
|
@ -120,23 +76,54 @@
|
|||
<h4 class="heading-1-1-1"><span id="HCoreteam">Core team</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li>Xavier Guimard, x.guimard AT free.fr: Leader</li>
|
||||
<li>Xavier GUIMARD: Leader</li>
|
||||
|
||||
<li>Thomas Chemineau: Developer</li>
|
||||
<li>Thomas CHEMINEAU: Developer</li>
|
||||
|
||||
<li>Clément Oudot: Graphics, documentation, tests</li>
|
||||
<li>Clément OUDOT: Developer, LDAP expert, graphics,
|
||||
documentation, tests</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HContributors">Contributors</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li>Erwan Legall: <span class="wikilink"><a href=
|
||||
<li>Erwan LEGALL: <span class="wikilink"><a href=
|
||||
"5-Appli-Dokuwiki.html">Dokuwiki pugin</a></span></li>
|
||||
|
||||
<li>Pascal Pejac: <span class="wikilink"><a href=
|
||||
<li>Pascal PEJAC: <span class="wikilink"><a href=
|
||||
"5-Appli-Tomcat-Valve.html">Tomcat valve</a></span></li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HOldLemonLDAPteam">Old LemonLDAP
|
||||
team</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HCoreteam">Core team</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li>Eric GERMAN: Leader and founder</li>
|
||||
|
||||
<li>Habib ZITOUNI</li>
|
||||
|
||||
<li>Hamza AISSAT</li>
|
||||
|
||||
<li>Casimir ANTUNES</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HContributors">Contributors</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li>Sebastien DIAZ</li>
|
||||
|
||||
<li>Oliver BOIREAU</li>
|
||||
|
||||
<li>Jean-Thomas CHECCO</li>
|
||||
|
||||
<li>Mounir GZADY</li>
|
||||
|
||||
<li>Daniel RIVIERE</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
|
|
|
@ -61,33 +61,40 @@
|
|||
<p class="paragraph"></p>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HVersion0928published29">Version 0.9 (published)</a></li>
|
||||
<li><a href="#HVersion0928publishedin200829">Version 0.9 (published in
|
||||
2008)</a></li>
|
||||
|
||||
<li><a href="#HVersion09328published29">Version 0.9.3
|
||||
(published)</a></li>
|
||||
<li><a href="#HVersion09328publishedinJanuary200929">Version 0.9.3
|
||||
(published in January 2009)</a></li>
|
||||
|
||||
<li><a href="#HVersion09428200929">Version 0.9.4 (2009)</a></li>
|
||||
<li><a href="#HVersion09428plannedforJune200929">Version 0.9.4 (planned
|
||||
for June 2009)</a></li>
|
||||
|
||||
<li><a href="#HVersion1028200929">Version 1.0 (2009)</a></li>
|
||||
<li><a href="#HVersion1028plannedfordecember200929">Version 1.0 (planned
|
||||
for december 2009)</a></li>
|
||||
|
||||
<li><a href="#HVersion20">Version 2.0</a></li>
|
||||
<li><a href="#HVersion2028notplanned29">Version 2.0 (not
|
||||
planned)</a></li>
|
||||
</ul><strong class="strong">Icons legend:</strong><br />
|
||||
<img src="ok.png" alt="ok.png" /> Task finished<br />
|
||||
<img src="warning_triangle.png" alt="warning_triangle.png" /> Work in
|
||||
progress<br />
|
||||
<img src="error.png" alt="error.png" /> To be done<br />
|
||||
|
||||
<h3 class="heading-1-1"><span id="HVersion0928published29">Version 0.9
|
||||
(published)</span></h3><img src="ok.png" alt="ok.png" /> Liberty Alliance
|
||||
authentication module (<span class="wikilink"><a href=
|
||||
<h3 class="heading-1-1"><span id="HVersion0928publishedin200829">Version
|
||||
0.9 (published in 2008)</span></h3><img src="ok.png" alt="ok.png" />
|
||||
Liberty Alliance authentication module (<span class="wikilink"><a href=
|
||||
"4.3-Configure-Liberty-Alliance-fr.html">learn more</a></span>)<br />
|
||||
<img src="ok.png" alt="ok.png" /> Skins for Manager and Portal<br />
|
||||
<img src="ok.png" alt="ok.png" /> SOAP access to configuration and
|
||||
sessions (<span class="wikilink"><a href=
|
||||
"4.3-Configure-SOAP-fr.html">learn more</a></span>)<br />
|
||||
"4.3-Configure-SOAP-fr.htmlStorage">Configuration</a></span>, <span class=
|
||||
"wikilink"><a href=
|
||||
"4.3-Configure-SOAP-fr.htmlSessionStorage">Sessions</a></span>)<br />
|
||||
|
||||
<h3 class="heading-1-1"><span id="HVersion09328published29">Version 0.9.3
|
||||
(published)</span></h3><img src="ok.png" alt="ok.png" /> Dissociate
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HVersion09328publishedinJanuary200929">Version 0.9.3 (published in
|
||||
January 2009)</span></h3><img src="ok.png" alt="ok.png" /> Dissociate
|
||||
authentication and user backend capabilities (for example, to choose LDAP
|
||||
for authentication, and MySQL for reading user's information)<br />
|
||||
<img src="ok.png" alt="ok.png" /> Add a Menu.pm to portal modules, to
|
||||
|
@ -109,8 +116,9 @@
|
|||
more</a></span>)<br />
|
||||
<img src="ok.png" alt="ok.png" /> Packages for RedHat/CentOS<br />
|
||||
|
||||
<h3 class="heading-1-1"><span id="HVersion09428200929">Version 0.9.4
|
||||
(2009)</span></h3><img src="ok.png" alt="ok.png" /> Notification
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HVersion09428plannedforJune200929">Version 0.9.4 (planned for June
|
||||
2009)</span></h3><img src="ok.png" alt="ok.png" /> Notification
|
||||
system<br />
|
||||
<img src="ok.png" alt="ok.png" /> Chaining portals system (<span class=
|
||||
"wikilink"><a href="/xwiki/bin/view/NG/AuthRemote">learn
|
||||
|
@ -124,17 +132,28 @@
|
|||
<img src="ok.png" alt="ok.png" /> LDAP backend for configuration
|
||||
(<span class="wikilink"><a href="/xwiki/bin/view/NG/DocLDAPStorage">learn
|
||||
more</a></span>)<br />
|
||||
<img src="warning_triangle.png" alt="warning_triangle.png" /> Conditionnal
|
||||
portal, to manage several indpendant portals with one LemonLDAP::NG
|
||||
instance<br />
|
||||
<img src="warning_triangle.png" alt="warning_triangle.png" /> Rewrite SOAP
|
||||
documentation<br />
|
||||
<img src="error.png" alt="error.png" /> Merge AuthSSL and AuthApache<br />
|
||||
<img src="error.png" alt="error.png" /> Manage the "Password must change"
|
||||
case with ppolicy in Portal<br />
|
||||
<img src="ok.png" alt="ok.png" /> Conditionnal portal, to manage several
|
||||
indpendant portals with one LemonLDAP::NG instance (<span class=
|
||||
"wikilink"><a href="/xwiki/bin/view/NG/SeveralIndependantPortals">learn
|
||||
more</a></span>)<br />
|
||||
<img src="ok.png" alt="ok.png" /> Manage the "Password must change" case
|
||||
with ppolicy in Portal<br />
|
||||
<img src="ok.png" alt="ok.png" /> Display connected user in Menu
|
||||
(<span class="wikilink"><a href=
|
||||
"4.1-HTML-templates-customization.html">learn more</a></span>)<br />
|
||||
<img src="ok.png" alt="ok.png" /> Rewrite SOAP documentation (<span class=
|
||||
"wikilink"><a href=
|
||||
"4.3-Configure-SOAP-fr.htmlStorage">Configuration</a></span>, <span class=
|
||||
"wikilink"><a href=
|
||||
"4.3-Configure-SOAP-fr.htmlSessionStorage">Sessions</a></span>)<br />
|
||||
<img src="ok.png" alt="ok.png" /> Use PasswordDBLDAP in Menu.pm<br />
|
||||
<img src="ok.png" alt="ok.png" /> Move group management in UserDB<br />
|
||||
<img src="ok.png" alt="ok.png" /> Mail (reset password)
|
||||
customization<br />
|
||||
|
||||
<h3 class="heading-1-1"><span id="HVersion1028200929">Version 1.0
|
||||
(2009)</span></h3><img src="warning_triangle.png" alt=
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HVersion1028plannedfordecember200929">Version 1.0 (planned for december
|
||||
2009)</span></h3><img src="warning_triangle.png" alt=
|
||||
"warning_triangle.png" /> Monitoring scripts (MRTG, Cacti, Nagios)<br />
|
||||
<img src="warning_triangle.png" alt="warning_triangle.png" /> Handler POST
|
||||
functionnalities, to fill authentication forms with login/password<br />
|
||||
|
@ -145,12 +164,15 @@
|
|||
"4.1-Configuration-parameter-list.html">learn more</a></span>)<br />
|
||||
<img src="error.png" alt="error.png" /> Configuration migration
|
||||
scripts<br />
|
||||
<img src="error.png" alt="error.png" /> Change configuration storage to
|
||||
XML<br />
|
||||
<img src="error.png" alt="error.png" /> Refactor Portal/Menu.pm and
|
||||
Portal/Simple.pm<br />
|
||||
<img src="error.png" alt="error.png" /> Split Apache configuration files
|
||||
(Handler, Portal, Manager)<br />
|
||||
<img src="error.png" alt="error.png" /> Use i18n in Session Explorer<br />
|
||||
|
||||
<h3 class="heading-1-1"><span id="HVersion20">Version
|
||||
2.0</span></h3><img src="error.png" alt="error.png" /> Rewrite Manager
|
||||
with JQuery and Ajax<br />
|
||||
<h3 class="heading-1-1"><span id="HVersion2028notplanned29">Version 2.0
|
||||
(not planned)</span></h3><img src="error.png" alt="error.png" /> Rewrite
|
||||
Manager with JQuery and Ajax<br />
|
||||
<img src="error.png" alt="error.png" /> Manage Apache virtualhost
|
||||
configuration through LDAP backend<br />
|
||||
<img src="error.png" alt="error.png" /> SAML2 authentication and user
|
||||
|
@ -161,6 +183,11 @@
|
|||
<img src="error.png" alt="error.png" /> LQL parser (LDAP Query
|
||||
Language)<br />
|
||||
<img src="error.png" alt="error.png" /> Shared "grant" function<br />
|
||||
<img src="error.png" alt="error.png" /> User keystore for POST
|
||||
authentications<br />
|
||||
<img src="error.png" alt="error.png" /> Use <span class=
|
||||
"wikiexternallink"><a href=
|
||||
"http://www.yaml.de/en/overview.html">YAML</a></span> in Portal templates
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
|
|
Loading…
Reference in New Issue
Block a user