dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Work on documentation (#171)

Browse Source
This commit is contained in:
Clément Oudot 2010-10-22 15:44:20 +00:00
parent 8b7cc1e225
commit ccb33642f9
42 changed files with 3142 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build/lemonldap-ng/doc/index/alphabetical.html
View File

@ -16,4 +16,4 @@
</head>
<body>
<div class="dokuwiki export"><h1>Alphabetical Index</h1><div class="level2"><p>A&nbsp;B&nbsp;<a href="#c">C</a>&nbsp;<a href="#d">D</a>&nbsp;<a href="#e">E</a>&nbsp;F&nbsp;G&nbsp;H&nbsp;<a href="#i">I</a>&nbsp;J&nbsp;K&nbsp;<a href="#l">L</a>&nbsp;<a href="#m">M</a>&nbsp;N&nbsp;O&nbsp;<a href="#p">P</a>&nbsp;<a href="#q">Q</a>&nbsp;<a href="#r">R</a>&nbsp;<a href="#s">S</a>&nbsp;T&nbsp;U&nbsp;V&nbsp;W&nbsp;X&nbsp;Y&nbsp;Z&nbsp;</p><p><a href="../index.html" class="wikilink1" title="Back to main index">Back to main index</a></p></div><div></div><a name="c"></a><h2>C</h2><div class="level2"><a href="../pages/documentation/conferences.html" class="wikilink1">conferences</a><br /><a href="../pages/contact.html" class="wikilink1">contact</a><br /></div><a name="d"></a><h2>D</h2><div class="level2"><a href="../pages/default_sidebar.html" class="wikilink1">default_sidebar</a><br /><a href="../pages/documentation.html" class="wikilink1">documentation</a><br /><a href="../pages/wiki/dokuwiki.html" class="wikilink1">dokuwiki</a><br /><a href="../pages/download.html" class="wikilink1">download</a><br /></div><a name="e"></a><h2>E</h2><div class="level2"><a href="../pages/documentation/1.00/error.html" class="wikilink1">error</a><br /></div><a name="i"></a><h2>I</h2><div class="level2"><a href="../pages/documentation/1.00/installdeb.html" class="wikilink1">installdeb</a><br /><a href="../pages/documentation/1.00/installrpm.html" class="wikilink1">installrpm</a><br /><a href="../pages/documentation/1.00/installtarball.html" class="wikilink1">installtarball</a><br /></div><a name="l"></a><h2>L</h2><div class="level2"><a href="../pages/documentation/1.00/logs.html" class="wikilink1">logs</a><br /></div><a name="m"></a><h2>M</h2><div class="level2"><a href="../pages/menu1.html" class="wikilink1">menu1</a><br /></div><a name="p"></a><h2>P</h2><div class="level2"><a href="../pages/playground/playground.html" class="wikilink1">playground</a><br /><a href="../pages/documentation/1.00/prereq.html" class="wikilink1">prereq</a><br /><a href="../pages/documentation/presentation.html" class="wikilink1">presentation</a><br /></div><a name="q"></a><h2>Q</h2><div class="level2"><a href="../pages/documentation/quickstart.html" class="wikilink1">quickstart</a><br /></div><a name="r"></a><h2>R</h2><div class="level2"><a href="../pages/references.html" class="wikilink1">references</a><br /></div><a name="s"></a><h2>S</h2><div class="level2"><a href="../pages/screenshots.html" class="wikilink1">screenshots</a><br /><a href="../pages/start.html" class="wikilink1">start</a><br /><a href="../pages/documentation/1.00/status.html" class="wikilink1">status</a><br /><a href="../pages/wiki/syntax.html" class="wikilink1">syntax</a><br /></div><br /><br /><hr /><div class="level2"><p><a href="../index.html" class="wikilink1" title="Back to main index">Back to main index</a></p></div>
<div class="dokuwiki export"><h1>Alphabetical Index</h1><div class="level2"><p>A&nbsp;B&nbsp;<a href="#c">C</a>&nbsp;<a href="#d">D</a>&nbsp;<a href="#e">E</a>&nbsp;F&nbsp;G&nbsp;H&nbsp;<a href="#i">I</a>&nbsp;J&nbsp;K&nbsp;<a href="#l">L</a>&nbsp;<a href="#m">M</a>&nbsp;N&nbsp;O&nbsp;<a href="#p">P</a>&nbsp;<a href="#q">Q</a>&nbsp;<a href="#r">R</a>&nbsp;<a href="#s">S</a>&nbsp;T&nbsp;<a href="#u">U</a>&nbsp;V&nbsp;W&nbsp;X&nbsp;Y&nbsp;Z&nbsp;</p><p><a href="../index.html" class="wikilink1" title="Back to main index">Back to main index</a></p></div><div></div><a name="c"></a><h2>C</h2><div class="level2"><a href="../pages/documentation/conferences.html" class="wikilink1">conferences</a><br /><a href="../pages/documentation/1.00/configlocation.html" class="wikilink1">configlocation</a><br /><a href="../pages/documentation/1.00/configvhost.html" class="wikilink1">configvhost</a><br /><a href="../pages/contact.html" class="wikilink1">contact</a><br /></div><a name="d"></a><h2>D</h2><div class="level2"><a href="../pages/default_sidebar.html" class="wikilink1">default_sidebar</a><br /><a href="../pages/documentation.html" class="wikilink1">documentation</a><br /><a href="../pages/wiki/dokuwiki.html" class="wikilink1">dokuwiki</a><br /><a href="../pages/download.html" class="wikilink1">download</a><br /></div><a name="e"></a><h2>E</h2><div class="level2"><a href="../pages/documentation/1.00/error.html" class="wikilink1">error</a><br /></div><a name="i"></a><h2>I</h2><div class="level2"><a href="../pages/documentation/1.00/installdeb.html" class="wikilink1">installdeb</a><br /><a href="../pages/documentation/1.00/installrpm.html" class="wikilink1">installrpm</a><br /><a href="../pages/documentation/1.00/installtarball.html" class="wikilink1">installtarball</a><br /></div><a name="l"></a><h2>L</h2><div class="level2"><a href="../pages/documentation/1.00/logs.html" class="wikilink1">logs</a><br /></div><a name="m"></a><h2>M</h2><div class="level2"><a href="../pages/menu1.html" class="wikilink1">menu1</a><br /></div><a name="p"></a><h2>P</h2><div class="level2"><a href="../pages/documentation/1.00/parameterlist.html" class="wikilink1">parameterlist</a><br /><a href="../pages/playground/playground.html" class="wikilink1">playground</a><br /><a href="../pages/documentation/1.00/prereq.html" class="wikilink1">prereq</a><br /><a href="../pages/documentation/presentation.html" class="wikilink1">presentation</a><br /></div><a name="q"></a><h2>Q</h2><div class="level2"><a href="../pages/documentation/quickstart.html" class="wikilink1">quickstart</a><br /></div><a name="r"></a><h2>R</h2><div class="level2"><a href="../pages/references.html" class="wikilink1">references</a><br /></div><a name="s"></a><h2>S</h2><div class="level2"><a href="../pages/screenshots.html" class="wikilink1">screenshots</a><br /><a href="../pages/start.html" class="wikilink1">start</a><br /><a href="../pages/documentation/1.00/status.html" class="wikilink1">status</a><br /><a href="../pages/wiki/syntax.html" class="wikilink1">syntax</a><br /></div><a name="u"></a><h2>U</h2><div class="level2"><a href="../pages/documentation/1.00/upgrade.html" class="wikilink1">upgrade</a><br /></div><br /><br /><hr /><div class="level2"><p><a href="../index.html" class="wikilink1" title="Back to main index">Back to main index</a></p></div>

BIN
build/lemonldap-ng/doc/media/icons/agt_web.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.0 KiB

BIN
build/lemonldap-ng/doc/media/icons/antivirus.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.1 KiB

BIN
build/lemonldap-ng/doc/media/icons/browser.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.2 KiB

BIN
build/lemonldap-ng/doc/media/icons/bug.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.9 KiB

BIN
build/lemonldap-ng/doc/media/icons/clean.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.6 KiB

BIN
build/lemonldap-ng/doc/media/icons/clock.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.4 KiB

BIN
build/lemonldap-ng/doc/media/icons/database.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.7 KiB

BIN
build/lemonldap-ng/doc/media/icons/drop.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.9 KiB

BIN
build/lemonldap-ng/doc/media/icons/firewall.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.7 KiB

BIN
build/lemonldap-ng/doc/media/icons/gpg.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.3 KiB

BIN
build/lemonldap-ng/doc/media/icons/kmenuedit.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.9 KiB

BIN
build/lemonldap-ng/doc/media/icons/personal.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.6 KiB

BIN
build/lemonldap-ng/doc/media/icons/tux.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.3 KiB

BIN
build/lemonldap-ng/doc/media/icons/utilities.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.2 KiB

48
build/lemonldap-ng/doc/pages/contact.html
View File

@ -73,8 +73,10 @@ No <acronym title="Internet Relay Chat">IRC</acronym> client? <a href="http://we
</p>
<iframe src="http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fhome.php%3F%23%21%2Fpages%2FLemonldapNG%2F328254254936&amp;width=300&amp;colorscheme=light&amp;connections=10&amp;stream=false&amp;header=false&amp;height=200" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:300px; height:587px;float:right;" allowTransparency="true"></iframe>
</div>
<!-- SECTION "IRC" [303-460] -->
<!-- SECTION "IRC" [303-873] -->
<h2><a name="social_networks_and_news" id="social_networks_and_news">Social Networks and News</a></h2>
<div class="level2">
@ -95,30 +97,44 @@ No <acronym title="Internet Relay Chat">IRC</acronym> client? <a href="http://we
</ul>
<p>
<br/>
</p>
</div>
<!-- SECTION "Social Networks and News" [461-855] -->
<!-- SECTION "Social Networks and News" [874-1269] -->
<h2><a name="reporting_a_bug" id="reporting_a_bug">Reporting a bug</a></h2>
<div class="level2">
<p>
<a href="/_detail/icons/bug.png?id=contact" class="media" title="icons:bug.png"><img src="../media/icons/bug.png" class="medialeft" align="left" alt="" /></a>
</p>
<p>
We use <a href="http://jira.ow2.org" class="urlextern" title="http://jira.ow2.org" rel="nofollow">OW2 JIRA</a> to list bugs and features. You can first check on <a href="http://jira.ow2.org/browse/LEMONLDAP" class="urlextern" title="http://jira.ow2.org/browse/LEMONLDAP" rel="nofollow">LemonLDAP::NG JIRA project</a> that your bug is not already referenced, and then create it (with a registered account).
</p>
<p>
<br/>
</p>
</div>
<!-- SECTION "Reporting a bug" [856-1132] -->
<!-- SECTION "Reporting a bug" [1270-1572] -->
<h1><a name="the_team" id="the_team">The team</a></h1>
<div class="level1">
</div>
<!-- SECTION "The team" [1133-1156] -->
<!-- SECTION "The team" [1573-1596] -->
<h2><a name="core_team" id="core_team">Core team</a></h2>
<div class="level2">
<p>
<a href="/_detail/icons/tux.png?id=contact" class="media" title="icons:tux.png"><img src="../media/icons/tux.png" class="medialeft" align="left" alt="" /></a>
</p>
<ul>
<li class="level1"><div class="li"> Xavier GUIMARD: project leader, lead developer</div>
</li>
@ -128,10 +144,22 @@ We use <a href="http://jira.ow2.org" class="urlextern" title="http://jira.ow2.or
</li>
</ul>
<p>
<br/>
</p>
</div>
<!-- SECTION "Core team" [1157-1350] -->
<!-- SECTION "Core team" [1597-1816] -->
<h2><a name="past_and_present_contributors" id="past_and_present_contributors">Past and present contributors</a></h2>
<div class="level2">
<p>
<a href="/_detail/icons/personal.png?id=contact" class="media" title="icons:personal.png"><img src="../media/icons/personal.png" class="medialeft" align="left" alt="" /></a>
</p>
<ul>
<li class="level1"><div class="li"> Erwan LEGALL</div>
</li>
@ -157,5 +185,11 @@ We use <a href="http://jira.ow2.org" class="urlextern" title="http://jira.ow2.or
</li>
</ul>
<p>
<br/>
</p>
</div>
<!-- SECTION "Past and present contributors" [1351-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "Past and present contributors" [1817-] --></div><!-- closes <div class="dokuwiki export">-->

463
build/lemonldap-ng/doc/pages/documentation/1.00/configlocation.html Normal file
View File

@ -0,0 +1,463 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="configuration_overview" id="configuration_overview">Configuration overview</a></h1>
<div class="level1">
</div>
<!-- SECTION "Configuration overview" [1-38] -->
<h2><a name="backends" id="backends">Backends</a></h2>
<div class="level2">
<p>
LemonLDAP::NG configuration is stored in a backend (File, database, …), that allows all modules to access it.
</p>
<p>
<p><div class="notetip">Detailled configuration backends documentation is available <a href="../../documentation/1.00/start.html#configuration1" class="wikilink1" title="documentation:1.00:start">here</a>.
</div></p>
</p>
<p>
By default, configuration is stored in files, so access trough network is not possible. To allow this, use <acronym title="Simple Object Access Protocol">SOAP</acronym> for configuration access, or use a network service like <acronym title="Structured Query Language">SQL</acronym> database or <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> directory.
</p>
<p>
Configuration backend can be set in the <a href="#local_file" title="documentation:1.00:configlocation &crarr;" class="wikilink1">local configuration file</a>, in <code>configuration</code> section.
</p>
<p>
For example, to configure the <code>File</code> configuration backend:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>configuration<span class="br0">&#93;</span></span>
<span class="re1">type</span><span class="sy0">=</span><span class="re2">File</span>
<span class="re1">dirName</span> <span class="sy0">=</span><span class="re2"> /usr/local/lemonldap-ng/data/conf</span></pre>
</div>
<!-- SECTION "Backends" [39-749] -->
<h2><a name="manager" id="manager">Manager</a></h2>
<div class="level2">
<p>
Most of configuration can be done trough LemonLDAP::NG Manager (by default <a href="http://manager.example.com" class="urlextern" title="http://manager.example.com" rel="nofollow">http://manager.example.com</a>).
</p>
<p>
By default, Manager is protected to allow only localhost. This can be changed in <code>etc/manager-apache2.conf</code>:
</p>
<pre class="code file apache"> &lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/manager/&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
<span class="kw1">Allow</span> from 127.0.0.0/8
<span class="kw1">Options</span> +ExecCGI
&lt;/<span class="kw3">Directory</span>&gt;</pre>
<p>
<p><div class="notetip">You can change allowed <acronym title="Internet Protocol">IP</acronym>, or add an Apache authentication module. When LemonLDAP::NG will be fully configured, you can also protect Manager with the Handler, as any other web application.
</div></p>
</p>
<p>
The Manager displays main branches:
</p>
<ul>
<li class="level1"><div class="li"> <strong>General Parameters</strong>: authentication modules, portal, etc.</div>
</li>
<li class="level1"><div class="li"> <strong>Variables</strong>: user information, macros and groups used to fill <acronym title="Single Sign On">SSO</acronym> session</div>
</li>
<li class="level1"><div class="li"> <strong>Virtual Hosts</strong>: access rules, headers, etc.</div>
</li>
<li class="level1"><div class="li"> <strong><acronym title="Security Assertion Markup Language">SAML</acronym> 2 Service</strong>: <acronym title="Security Assertion Markup Language">SAML</acronym> metadata administration</div>
</li>
<li class="level1"><div class="li"> <strong><acronym title="Security Assertion Markup Language">SAML</acronym> identity providers</strong>: Registered IDP</div>
</li>
<li class="level1"><div class="li"> <strong><acronym title="Security Assertion Markup Language">SAML</acronym> service providers</strong>: Registered SP</div>
</li>
</ul>
<p>
LemonLDAP::NG configuration is mainly a key/value structure, so Manager will present all keys into a structured tree. A click on a key will display the associated value.
</p>
<p>
When modifying a value, always click on the <code>Apply</code> button if available, to be sure the value is saved. When all modifications are done, click on <code>Save</code> to store configuration.
</p>
<p>
<p><div class="notewarning">LemonLDAP::NG will do some checks on configuration and display errors if any. Configuration <strong>is not saved</strong> if errors occur.
</div></p>
</p>
</div>
<!-- SECTION "Manager" [750-2274] -->
<h2><a name="apache" id="apache">Apache</a></h2>
<div class="level2">
<p>
<p><div class="noteimportant">LemonLDAP::NG does not manage Apache configuration
</div></p>
</p>
<p>
LemonLDAP::NG ships 3 Apache configuration files:
</p>
<ul>
<li class="level1"><div class="li"> <strong>portal-apache2.conf</strong>: Portal virtual host, with <acronym title="Simple Object Access Protocol">SOAP</acronym> and Issuer end points</div>
</li>
<li class="level1"><div class="li"> <strong>manager-apache2.conf</strong>: Manager virtual host</div>
</li>
<li class="level1"><div class="li"> <strong>handler-apache2.conf</strong> : Handler declaration, reload and sample virtual hosts</div>
</li>
</ul>
<p>
These files must be included in Apache configuration, either with <code>Include</code> directives in <code>httpd.conf</code> (see <a href="../../documentation/quickstart.html#apache" class="wikilink1" title="documentation:quickstart">quick start example</a>), or with symbolic links in Apache configuration directory (like <code>/etc/httpd/conf.d</code>).
</p>
<p>
<p><div class="notewarning">Mod <acronym title="Practical Extraction and Report Language">Perl</acronym> must be loaded before LemonLDAP::NG, so include configuration after the mod_perl <code>LoadModule</code> directive.
</div></p>
</p>
</div>
<!-- SECTION "Apache" [2275-3034] -->
<h3><a name="portal" id="portal">Portal</a></h3>
<div class="level3">
<p>
In Portal virtual host, you will find several configuration parts:
</p>
<ul>
<li class="level1"><div class="li"> Standard virtual host directives, to serve portal pages:</div>
</li>
</ul>
<pre class="code file apache"> <span class="kw1">ServerName</span> auth.example.com
&nbsp;
<span class="co1"># DocumentRoot</span>
<span class="kw1">DocumentRoot</span> /usr/local/lemonldap-ng/htdocs/portal/
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/portal/&gt;
<span class="kw1">Order</span> <span class="kw1">allow</span>,<span class="kw1">deny</span>
<span class="kw1">Allow</span> from <span class="kw2">all</span>
<span class="kw1">Options</span> +ExecCGI
&lt;/<span class="kw3">Directory</span>&gt;
&nbsp;
<span class="co1"># Perl script</span>
&lt;<span class="kw3">Files</span> *.pl&gt;
<span class="kw1">SetHandler</span> perl-<span class="kw1">script</span>
PerlResponseHandler ModPerl::Registry
&lt;/<span class="kw3">Files</span>&gt;
&nbsp;
<span class="co1"># Directory index</span>
&lt;<span class="kw3">IfModule</span> mod_dir.c&gt;
<span class="kw1">DirectoryIndex</span> index.pl index.html
&lt;/<span class="kw3">IfModule</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> <acronym title="Simple Object Access Protocol">SOAP</acronym> end points (inactivated by default):</div>
</li>
</ul>
<pre class="code file apache"> <span class="co1"># SOAP functions for sessions management (disabled by default)</span>
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/portal//index.pl/adminSessions&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
&lt;/<span class="kw3">Directory</span>&gt;
&nbsp;
<span class="co1"># SOAP functions for sessions access (disabled by default)</span>
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/portal//index.pl/sessions&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
&lt;/<span class="kw3">Directory</span>&gt;
&nbsp;
<span class="co1"># SOAP functions for configuration access (disabled by default)</span>
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/portal//index.pl/config&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
&lt;/<span class="kw3">Directory</span>&gt;
&nbsp;
<span class="co1"># SOAP functions for notification insertion (disabled by default)</span>
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/portal//index.pl/notification&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
&lt;/<span class="kw3">Directory</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> Issuer rewrite rules (requires <code>mod_rewrite</code>):</div>
</li>
</ul>
<pre class="code file apache"> <span class="co1"># SAML2 Issuer</span>
&lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
<span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
<span class="kw1">RewriteRule</span> ^/saml/metadata /metadata.pl
<span class="kw1">RewriteRule</span> ^/saml/.* /index.pl
&lt;/<span class="kw3">IfModule</span>&gt;
&nbsp;
<span class="co1"># CAS Issuer</span>
&lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
<span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
<span class="kw1">RewriteRule</span> ^/cas/.* /index.pl
&lt;/<span class="kw3">IfModule</span>&gt;
&nbsp;
<span class="co1"># OpenID Issuer</span>
&lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
<span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
<span class="kw1">RewriteRule</span> ^/openidserver/.* /index.pl
&lt;/<span class="kw3">IfModule</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> Some <acronym title="Practical Extraction and Report Language">Perl</acronym> optimizations:</div>
</li>
</ul>
<pre class="code file apache"><span class="co1"># Best performance under ModPerl::Registry</span>
<span class="co1"># Uncomment this to increase performance of Portal</span>
&lt;Perl&gt;
<span class="kw1">require</span> Lemonldap::NG::Portal::SharedConf;
Lemonldap::NG::Portal::SharedConf-&gt;compile(
qw(delete <span class="kw1">header</span> cache read_from_client cookie <span class="kw1">redirect</span> unescapeHTML));
<span class="co1"># Uncomment this line if you use Lemonldap::NG menu</span>
<span class="kw1">require</span> Lemonldap::NG::Portal::Menu;
<span class="co1"># Uncomment this line if you use portal SOAP capabilities</span>
<span class="kw1">require</span> SOAP::Lite;
&lt;/Perl&gt;</pre>
</div>
<!-- SECTION "Portal" [3035-5628] -->
<h3><a name="manager1" id="manager1">Manager</a></h3>
<div class="level3">
<p>
Manager virtual host is used to serve configuration interface and local documentation.
</p>
<ul>
<li class="level1"><div class="li"> Configuration interface access is protected:</div>
</li>
</ul>
<pre class="code file apache"> <span class="kw1">DocumentRoot</span> /usr/local/lemonldap-ng/htdocs/manager/
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/manager/&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
<span class="kw1">Allow</span> from 127.0.0.0/8
<span class="kw1">Options</span> +ExecCGI
&lt;/<span class="kw3">Directory</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> Local documentation is open to all:</div>
</li>
</ul>
<pre class="code file apache"> <span class="kw1">Alias</span> /doc/ /usr/local/lemonldap-ng/htdocs/doc/
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/doc/&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Allow</span> from <span class="kw2">all</span>
&lt;/<span class="kw3">Directory</span>&gt;</pre>
</div>
<!-- SECTION "Manager" [5629-6274] -->
<h3><a name="handler" id="handler">Handler</a></h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> Load Handler in Apache memory:</div>
</li>
</ul>
<pre class="code file apache">PerlOptions +GlobalRequest
PerlRequire /usr/local/lemonldap-ng/handler/MyHandler.pm</pre>
<p>
<p><div class="noteimportant">The Handler must be loaded before any protected virtual host.
</div></p>
</p>
<ul>
<li class="level1"><div class="li"> Catch error pages:</div>
</li>
</ul>
<pre class="code file apache"><span class="kw1">ErrorDocument</span> 403 http://auth.example.com/?lmError=403
<span class="kw1">ErrorDocument</span> <span class="nu0">500</span> http://auth.example.com/?lmError=<span class="nu0">500</span></pre>
<ul>
<li class="level1"><div class="li"> Reload virtual host:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
<span class="kw1">ServerName</span> reload.example.com
&nbsp;
<span class="co1"># Configuration reload mechanism (only 1 per physical server is</span>
<span class="co1"># needed): choose your URL to avoid restarting Apache when</span>
<span class="co1"># configuration change</span>
&lt;<span class="kw3">Location</span> /reload&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
<span class="kw1">Allow</span> from 127.0.0.0/8
PerlHeaderParserHandler My::Package-&gt;refresh
&lt;/<span class="kw3">Location</span>&gt;
&nbsp;
<span class="co1"># Uncomment this to activate status module</span>
<span class="co1">#&lt;Location /status&gt;</span>
<span class="co1"># Order deny,allow</span>
<span class="co1"># Deny from all</span>
<span class="co1"># Allow from 127.0.0.0/8</span>
<span class="co1"># PerlHeaderParserHandler My::Package-&gt;status</span>
<span class="co1">#&lt;/Location&gt;</span>
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
Then, to protect a standard virutal host, the only configuration line to add is:
</p>
<pre class="code file apache">PerlHeaderParserHandler My::Package</pre>
</div>
<!-- SECTION "Handler" [6275-7490] -->
<h2><a name="configuration_reload" id="configuration_reload">Configuration reload</a></h2>
<div class="level2">
<p>
<p><div class="noteclassic">As Handlers keep configuration in cache, when configuration change, it should be updated in Handlers. An Apache restart will work, but LemonLDAP::NG offers the mean to reload them trough an <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> request. Configuration reload will then be effective in less than 10 minutes.
</div></p>
</p>
<p>
After configuration is saved by Manager, LemonLDAP::NG will try to reload configuration on distant Handlers. This can be configured in LemonLDAP::NG ini file, in the section <code>apply</code>:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>apply<span class="br0">&#93;</span></span>
&nbsp;
# URL used to reload configuration
reload.example.com<span class="sy0">=</span><span class="re2">http://reload.example.com/reload</span>
<span class="co0">;reloaddist.example.com=http://reloaddist.example.com/reload</span></pre>
<p>
<p><div class="notetip">You only need a reload <acronym title="Uniform Resource Locator">URL</acronym> per physical servers, as Handlers share the same configuration cache on each physical server.
</div></p>
</p>
<p>
The <code>reload</code> target is managed in Apache configuration, inside a virtual host protected by LemonLDAP::NG Handler, for example:
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
<span class="kw1">ServerName</span> reload.example.com
&nbsp;
&lt;<span class="kw3">Location</span> /reload&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
<span class="kw1">Allow</span> from 127.0.0.0/8
PerlHeaderParserHandler My::Package-&gt;refresh
&lt;/<span class="kw3">Location</span>&gt;
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
<p><div class="noteimportant">You must allow access to Manager <acronym title="Internet Protocol">IP</acronym>.
</div></p>
</p>
</div>
<!-- SECTION "Configuration reload" [7491-8767] -->
<h2><a name="local_file" id="local_file">Local file</a></h2>
<div class="level2">
<p>
LemonLDAP::NG configuration can be managed in a local file with <a href="http://en.wikipedia.org/wiki/INI_file" class="urlextern" title="http://en.wikipedia.org/wiki/INI_file" rel="nofollow">INI format</a>. This file is called <code>lemonldap-ng.ini</code> and has the following sections:
</p>
<ul>
<li class="level1"><div class="li"> <strong>configuration</strong>: where configuration is stored</div>
</li>
<li class="level1"><div class="li"> <strong>apply</strong>: reload <acronym title="Uniform Resource Locator">URL</acronym> for distant Hanlders</div>
</li>
<li class="level1"><div class="li"> <strong>all</strong>: parameters for all modules</div>
</li>
<li class="level1"><div class="li"> <strong>portal</strong>: parameters only for Portal</div>
</li>
<li class="level1"><div class="li"> <strong>manager</strong>: parameters only for Manager</div>
</li>
<li class="level1"><div class="li"> <strong>handler</strong>: parameters only for Handler</div>
</li>
</ul>
<p>
When you set a parameter in <code>lemonldap-ng.ini</code>, it will override the parameter from the global configuration.
</p>
<p>
For example, to override configured skin for portal:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">portalSkin</span> <span class="sy0">=</span><span class="re2"> dark</span></pre>
<p>
<p><div class="notetip">You need to know the technical name of configuration parameter to do this. You can refer to <a href="../../documentation/1.00/parameterlist.html" class="wikilink1" title="documentation:1.00:parameterlist">parameter list</a> to find it.
</div></p>
</p>
</div>
<!-- SECTION "Local file" [8768-9625] -->
<h2><a name="script_files" id="script_files">Script files</a></h2>
<div class="level2">
<p>
LemonLDAP::NG allows to override any configuration parameter directly in script file. However, it is not advised to edit such files, as they are part of the program, and will be erased at next upgrade.
</p>
<p>
<p><div class="notetip">You also need to know the technical name of configuration parameter to do this. You can refer to <a href="../../documentation/1.00/parameterlist.html" class="wikilink1" title="documentation:1.00:parameterlist">parameter list</a> to find it.
</div></p>
</p>
</div>
<!-- SECTION "Script files" [9626-10014] -->
<h3><a name="portal1" id="portal1">Portal</a></h3>
<div class="level3">
<p>
For example, in portal/index.pl:
</p>
<pre class="code file perl"><span class="kw1">my</span> <span class="re0">$portal</span> <span class="sy0">=</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">SharedConf</span><span class="sy0">-&gt;</span><span class="me1">new</span><span class="br0">&#40;</span>
<span class="br0">&#123;</span>
portalSkin <span class="sy0">=&gt;</span> <span class="st_h">'dark'</span><span class="sy0">,</span>
<span class="br0">&#125;</span>
<span class="br0">&#41;</span><span class="sy0">;</span></pre>
</div>
<!-- SECTION "Portal" [10015-10185] -->
<h3><a name="handler1" id="handler1">Handler</a></h3>
<div class="level3">
<p>
For example, in handler/MyHandler.pm:
</p>
<pre class="code file perl">__PACKAGE__<span class="sy0">-&gt;</span><span class="me1">init</span><span class="br0">&#40;</span>
<span class="br0">&#123;</span>
domain <span class="sy0">=&gt;</span> <span class="st_h">'acme.com'</span><span class="sy0">,</span>
<span class="br0">&#125;</span>
<span class="br0">&#41;</span><span class="sy0">;</span></pre>
</div>
<!-- SECTION "Handler" [10186-] --></div><!-- closes <div class="dokuwiki export">-->

239
build/lemonldap-ng/doc/pages/documentation/1.00/configvhost.html Normal file
View File

@ -0,0 +1,239 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="manage_virtual_hosts" id="manage_virtual_hosts">Manage virtual hosts</a></h1>
<div class="level1">
<p>
LemonLDAP::NG configuration is build around Apache virtual hosts. Each virtual host is a protected resource, with access rules, headers, POST data and options.
</p>
</div>
<!-- SECTION "Manage virtual hosts" [1-197] -->
<h2><a name="apache_configuration" id="apache_configuration">Apache configuration</a></h2>
<div class="level2">
<p>
To protect a virtual host in Apache, the LemonLDAP::NG Handler must be activated (see <a href="../../documentation/1.00/configlocation.html#apache" class="wikilink1" title="documentation:1.00:configlocation">Apache global configuration</a>).
</p>
<p>
Then you can take any virtual host, and simply add this line to protect it:
</p>
<pre class="code file apache">PerlHeaderParserHandler My::Package</pre>
<p>
For example, a protected virtual host for a local application:
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
<span class="kw1">ServerName</span> localsite.example.com
&nbsp;
PerlHeaderParserHandler My::Package
&nbsp;
<span class="kw1">DocumentRoot</span> /var/www/localsite
&nbsp;
<span class="kw1">ErrorLog</span> /var/log/apache2/localsite_error.log
<span class="kw1">CustomLog</span> /var/log/apache2/localsite_access.log combined
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
And a protected virtual host with LemonLDAP::NG as reverse proxy:
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
<span class="kw1">ServerName</span> proxysite.example.com
&nbsp;
PerlHeaderParserHandler My::Package
&nbsp;
<span class="kw1">ProxyPreserveHost</span> <span class="kw2">on</span>
<span class="kw1">ProxyPass</span> / http://APPLICATION_IP/
<span class="kw1">ProxyPassReverse</span> / http://APPLICATION_IP/
&nbsp;
<span class="kw1">ErrorLog</span> /var/log/apache2/proxysite_error.log
<span class="kw1">CustomLog</span> /var/log/apache2/proxysite_access.log combined
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
<p><div class="noteclassic">The <code>ProxyPreserveHost</code> directive will forward the Host header to the protected application
</div></p>
</p>
<p>
<p><div class="notetip">Using the reverse proxy mode, you will not have the <code>REMOTE_USER</code> environment variable set. Indeed, this variable is set by the Handler on the physical server hosting the Handler, and not on other servers where the Handler is not installed.
</p>
<p>
But this magic Apache configuration will let you transform the Auth-User <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> header in <code>REMOTE_USER</code> envronment variable:
</p>
<pre class="code file apache"><span class="kw1">SetEnvIfNoCase</span> Auth-<span class="kw1">User</span> <span class="st0">&quot;(.*)&quot;</span> REMOTE_USER=$<span class="nu0">1</span></pre>
<p>
</div></p>
</p>
</div>
<!-- SECTION "Apache configuration" [198-1899] -->
<h2><a name="lemonldapng_configuration" id="lemonldapng_configuration">LemonLDAP::NG configuration</a></h2>
<div class="level2">
<p>
An apache virtual host protected by LemonLDAP::NG Handler must be registered in LemonLDAP::NG configuration.
</p>
<p>
To do this, use the Manager, and go in <code>Virtual Hosts</code> branch. You can add, delete or modify a virtual host here.
</p>
<p>
A virtual host contains:
</p>
<ul>
<li class="level1"><div class="li"> Access rules: check user&#039;s right on <acronym title="Uniform Resource Locator">URL</acronym> patterns</div>
</li>
<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> headers: forge information sent to protected applications</div>
</li>
<li class="level1"><div class="li"> POST data: use form replay</div>
</li>
<li class="level1"><div class="li"> Options: redirection port and protocol</div>
</li>
</ul>
</div>
<!-- SECTION "LemonLDAP::NG configuration" [1900-2387] -->
<h3><a name="access_rules" id="access_rules">Access rules</a></h3>
<div class="level3">
<p>
There is a <code>default</code> access rule which is used if no other access rule match the current <acronym title="Uniform Resource Locator">URL</acronym>. Else, each access rule refers to an <acronym title="Uniform Resource Locator">URL</acronym> pattern.
</p>
<p>
Access rule value is an expression, evaluated for each request, and returning 1 if user is authorized, 0 else.
</p>
<p>
Access rules examples:
</p>
<pre class="code">
^/site/.*$ =&gt; $uid eq &quot;admin&quot; or $groups =~ /\bgroup2\b/
^/(js|css) =&gt; accept
default =&gt; deny
</pre>
<p>
Access rules accepts special targets:
</p>
<ul>
<li class="level1"><div class="li"> <strong>accept</strong>: all authenticated users can pass</div>
</li>
<li class="level1"><div class="li"> <strong>deny</strong>: nobody is welcomed</div>
</li>
<li class="level1"><div class="li"> <strong>unprotect</strong>: all is open!</div>
</li>
<li class="level1"><div class="li"> <strong>logout_sso</strong>: request is not forwarded to application, <acronym title="Single Sign On">SSO</acronym> session is closed</div>
</li>
<li class="level1"><div class="li"> <strong>logout_app</strong>: request is forwarded to application, <acronym title="Single Sign On">SSO</acronym> session remains open</div>
</li>
<li class="level1"><div class="li"> <strong>logout_app_sso</strong>: request is forwarded to application, <acronym title="Single Sign On">SSO</acronym> session is closed</div>
</li>
</ul>
<p>
<p><div class="notetip">The logout* targets can have an <acronym title="Uniform Resource Locator">URL</acronym> as parameter. By default, user will be redirected on portal if no <acronym title="Uniform Resource Locator">URL</acronym> defined, or on the specified <acronym title="Uniform Resource Locator">URL</acronym> if any.
</div></p>
</p>
</div>
<!-- SECTION "Access rules" [2388-3368] -->
<h3><a name="http_headers" id="http_headers">HTTP headers</a></h3>
<div class="level3">
<p>
Headers are sent to application, they are not visible to users.
</p>
<p>
Headers value can be a single session key or a full <acronym title="Practical Extraction and Report Language">Perl</acronym> expression. For example:
</p>
<pre class="code">
Auth-User =&gt; $uid
Unit =&gt; &#039;Unit-&#039;.$ou
</pre>
<p>
<p><div class="notetip">By default, <acronym title="Single Sign On">SSO</acronym> cookie is hidden, so protected applications cannot get <acronym title="Single Sign On">SSO</acronym> session key. But you can forward this key if it is really needed:
</p>
<pre class="code">
Session-ID =&gt; $_session_id
</pre>
<p>
</div></p>
</p>
</div>
<!-- SECTION "HTTP headers" [3369-3795] -->
<h3><a name="post_data" id="post_data">POST data</a></h3>
<div class="level3">
<p>
<img src="/lib/images/smileys/fixme.gif" class="middle" alt="FIXME" /> Add link to form replay page
</p>
</div>
<!-- SECTION "POST data" [3796-3852] -->
<h3><a name="options" id="options">Options</a></h3>
<div class="level3">
<p>
Two options are available:
</p>
<ul>
<li class="level1"><div class="li"> Port</div>
</li>
<li class="level1"><div class="li"> HTTPS</div>
</li>
</ul>
<p>
These options are used to build redirection <acronym title="Uniform Resource Locator">URL</acronym> (when user is not logged, or for <acronym title="Cross Domain Authentication">CDA</acronym> requests). By default, default values are used. These options are only here to override default values.
</p>
</div>
<!-- SECTION "Options" [3853-] --></div><!-- closes <div class="dokuwiki export">-->

14
build/lemonldap-ng/doc/pages/documentation/1.00/error.html
View File

@ -39,18 +39,18 @@
<p>
→ LemonLDAP::NG uses a key to crypt/decrypt some data. You have to set its value in Manager.
→ LemonLDAP::NG uses a key to crypt/decrypt some datas. You have to set its value in Manager.
</p>
</div>
<!-- SECTION "Lemonldap::NG::Common" [117-313] -->
<!-- SECTION "Lemonldap::NG::Common" [117-314] -->
<h2><a name="lemonldapnghandler" id="lemonldapnghandler">Lemonldap::NG::Handler</a></h2>
<div class="level2">
<pre class="file">Unable to clear local cache</pre>
<p>
→ Local cache cannot be cleard, check the localStorage and localStorageOptions
→ Local cache cannot be cleard, check the localStorage and localStorageOptions or file permissions
</p>
<pre class="file">Status module can not be loaded without localStorage parameter</pre>
@ -62,7 +62,7 @@
<p>
→ The configuration cannot be loaded. Check configStorage and configStorageOptions.
→ The configuration cannot be loaded. Check configStorage and configStorageOptionsor file permissions.
</p>
<pre class="file">User rejected because VirtualHost XXXX has no configuration</pre>
@ -72,7 +72,7 @@
</p>
</div>
<!-- SECTION "Lemonldap::NG::Handler" [314-899] -->
<!-- SECTION "Lemonldap::NG::Handler" [315-939] -->
<h2><a name="lemonldapngmanager" id="lemonldapngmanager">Lemonldap::NG::Manager</a></h2>
<div class="level2">
<pre class="file">XXXX was not found in tree</pre>
@ -83,7 +83,7 @@
</p>
</div>
<!-- SECTION "Lemonldap::NG::Manager" [900-1025] -->
<!-- SECTION "Lemonldap::NG::Manager" [940-1065] -->
<h2><a name="lemonldapngportal" id="lemonldapngportal">Lemonldap::NG::Portal</a></h2>
<div class="level2">
<pre class="file">User XXXX was not granted to open session</pre>
@ -118,4 +118,4 @@
</p>
</div>
<!-- SECTION "Lemonldap::NG::Portal" [1026-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "Lemonldap::NG::Portal" [1066-] --></div><!-- closes <div class="dokuwiki export">-->

4
build/lemonldap-ng/doc/pages/documentation/1.00/installtarball.html
View File

@ -91,7 +91,7 @@ $ tar zxvf lemonldap-ng-*.tar.gz
<p>
First check and install the [prereq|prerequisites].
First check and install the <a href="../../documentation/1.00/prereq.html" class="wikilink1" title="documentation:1.00:prereq">prerequisites</a>.
</p>
<p>
@ -196,8 +196,6 @@ Available parameters are:
</li>
<li class="level1"><div class="li"> <strong>VHOSTLISTEN</strong>: how listen parameter is configured for virtual hosts in Apache (default: \*:80)</div>
</li>
<li class="level1"><div class="li"> <strong>WITHLA</strong>: install Liberty Alliance portal (default: 0) </div>
</li>
</ul>
</div>

22
build/lemonldap-ng/doc/pages/documentation/1.00/logs.html
View File

@ -32,7 +32,7 @@
<p>
By default, LemonLDAP::NG uses Apache logs to store user actions:
By default, LemonLDAP::NG uses Apache logs to store user actions and other messages:
</p>
<ul>
<li class="level1"><div class="li"> Error log: all messages emitted by the program, depending on the configured log level</div>
@ -55,21 +55,33 @@ To configure the user identifier in access log, go in Manager, <code>General Par
</p>
</div>
<!-- SECTION "Apache logging" [21-588] -->
<!-- SECTION "Apache logging" [21-607] -->
<h2><a name="syslog" id="syslog">Syslog</a></h2>
<div class="level2">
<p>
LemonLDAP::NG can also use syslog.
LemonLDAP::NG can also use syslog (only for user actions).
</p>
<p>
In Manager, set syslog facility in <code>General Parameters</code> &gt; <code>Logging</code> &gt; <code>Syslog facility</code>.
</p>
<p>
The messages are stored with the facilities :
</p>
<ul>
<li class="level1"><div class="li"> <strong>info</strong> for user actions</div>
</li>
<li class="level1"><div class="li"> <strong>notice</strong> for good authentications or external exchange (<acronym title="Security Assertion Markup Language">SAML</acronym>, OpenID,…)</div>
</li>
<li class="level1"><div class="li"> <strong>warn</strong> for failed authentications</div>
</li>
</ul>
</div>
<!-- SECTION "Syslog" [589-740] -->
<!-- SECTION "Syslog" [608-980] -->
<h2><a name="override_logging_functions" id="override_logging_functions">Override logging functions</a></h2>
<div class="level2">
@ -86,4 +98,4 @@ Example:
<span class="re1">userNotice</span> <span class="sy0">=</span><span class="re2"> sub <span class="br0">&#123;</span> my <span class="br0">&#40;</span>$self, $message<span class="br0">&#41;</span> <span class="sy0">=</span> @_</span><span class="co0">; ... }</span></pre>
</div>
<!-- SECTION "Override logging functions" [741-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "Override logging functions" [981-] --></div><!-- closes <div class="dokuwiki export">-->

462
build/lemonldap-ng/doc/pages/documentation/1.00/parameterlist.html Normal file
View File

@ -0,0 +1,462 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="parameter_list" id="parameter_list">Parameter list</a></h1>
<div class="level1">
<p>
<p><div class="notetip">
Click on a column header to sort table.
The attribute key name can be used directly in <code>lemonldap-ng.ini</code> or in <acronym title="Practical Extraction and Report Language">Perl</acronym> scripts to override configuration parameters.
</div></p>
</p>
<p>
<div class="sortable sort2"><table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Full name </th><th class="col1 centeralign"> Key name </th><th class="col2 centeralign"> Portal </th><th class="col3 leftalign"> Handler </th><th class="col4 leftalign"> Manager </th>
</tr>
<tr class="row1 rowodd">
<td class="col0"> Authentication backend </td><td class="col1"> authentication </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> User backend </td><td class="col1"> userDB </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row3 rowodd">
<td class="col0"> Password backend </td><td class="col1"> passwordDB </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row4 roweven">
<td class="col0"> Session backend </td><td class="col1"> globalStorage </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row5 rowodd">
<td class="col0"> Session backend options </td><td class="col1"> globalStorageOptions </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row6 roweven">
<td class="col0"> <acronym title="Security Assertion Markup Language">SAML</acronym> Session backend </td><td class="col1"> samlStorage </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row7 rowodd">
<td class="col0"> <acronym title="Security Assertion Markup Language">SAML</acronym> Session backend options </td><td class="col1"> samlStorageOptions </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row8 roweven">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> Session backend </td><td class="col1"> casStorage </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row9 rowodd">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> Session backend options </td><td class="col1"> casStorageOptions </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row10 roweven">
<td class="col0"> Configuration backend </td><td class="col1"> configStorage </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td>
</tr>
<tr class="row11 rowodd">
<td class="col0"> Cache backend </td><td class="col1"> localStorage </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td>
</tr>
<tr class="row12 roweven">
<td class="col0"> Cache backend options </td><td class="col1"> localStorageOptions </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td>
</tr>
<tr class="row13 rowodd">
<td class="col0"> Notification backend </td><td class="col1"> notificationStorage </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row14 roweven">
<td class="col0"> Notification backend options </td><td class="col1"> notificationStorageOptions </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row15 rowodd">
<td class="col0"> Remote user </td><td class="col1"> whatToTrace </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row16 roweven">
<td class="col0"> Custom functions </td><td class="col1"> customFunctions </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td>
</tr>
<tr class="row17 rowodd">
<td class="col0 leftalign"> Headers sent </td><td class="col1"> exportedHeaders </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row18 roweven">
<td class="col0"> Access rules </td><td class="col1"> locationRules </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row19 rowodd">
<td class="col0"> Portal <acronym title="Uniform Resource Locator">URL</acronym> </td><td class="col1"> portal </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row20 roweven">
<td class="col0"> Name of the cookie </td><td class="col1"> cookieName </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row21 rowodd">
<td class="col0"> Main <acronym title="Domain Name System">DNS</acronym> domain </td><td class="col1"> domain </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row22 roweven">
<td class="col0"> <acronym title="Cross Domain Authentication">CDA</acronym> activation </td><td class="col1"> cda </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row23 rowodd">
<td class="col0"> Cookie security </td><td class="col1"> securedCookie </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row24 roweven">
<td class="col0"> Cookie expiration </td><td class="col1"> cookieExpiration </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row25 rowodd">
<td class="col0"> Attributes from user backend </td><td class="col1"> exportedVars </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row26 roweven">
<td class="col0"> Local groups </td><td class="col1 leftalign"> groups </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row27 rowodd">
<td class="col0"> Macros </td><td class="col1 leftalign"> macros </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row28 roweven">
<td class="col0"> Session lifetime for cronjob </td><td class="col1"> timeout </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row29 rowodd">
<td class="col0"> Syslog facility </td><td class="col1"> syslog </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row30 roweven">
<td class="col0"> <acronym title="Simple Object Access Protocol">SOAP</acronym> activation </td><td class="col1"> Soap </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row31 rowodd">
<td class="col0"> Attributes exported in <acronym title="Simple Object Access Protocol">SOAP</acronym> </td><td class="col1 leftalign"> exportedAttr </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row32 roweven">
<td class="col0"> Store password in session </td><td class="col1"> storePassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row33 rowodd">
<td class="col0"> Notification activation </td><td class="col1"> notification </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row34 roweven">
<td class="col0"> Trusted domains </td><td class="col1"> trustedDomains </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row35 rowodd">
<td class="col0"> Rule for session granting </td><td class="col1"> grantSessionRule </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row36 roweven">
<td class="col0"> Status module </td><td class="col1"> status </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row37 rowodd">
<td class="col0"> Force HTTPS in redirection </td><td class="col1"> https </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row38 roweven">
<td class="col0"> Force port in redirection </td><td class="col1"> port </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row39 rowodd">
<td class="col0"> Protection scheme </td><td class="col1"> protection </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4 centeralign"></td>
</tr>
<tr class="row40 roweven">
<td class="col0"> Use XForwardedFor for <acronym title="Internet Protocol">IP</acronym> </td><td class="col1"> useXForwardedForIP </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4 centeralign"></td>
</tr>
<tr class="row41 rowodd">
<td class="col0"> Multi values separator </td><td class="col1 leftalign"> multiValuesSeparator </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td>
</tr>
<tr class="row42 roweven">
<td class="col0"> <acronym title="Simple Mail Transfer Protocol">SMTP</acronym> server </td><td class="col1"> SMTPServer </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row43 rowodd">
<td class="col0 leftalign"> Mail From address </td><td class="col1"> mailFrom </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row44 roweven">
<td class="col0"> Regular expression for random password </td><td class="col1"> randomPasswordRegexp </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row45 rowodd">
<td class="col0"> Subject for password mail </td><td class="col1"> mailSubject </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row46 roweven">
<td class="col0"> Body for password mail </td><td class="col1"> mailBody </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row47 rowodd">
<td class="col0"> Subject for confirmation mail </td><td class="col1"> mailConfirmSubject </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row48 roweven">
<td class="col0"> Body for confirmation mail </td><td class="col1"> mailConfirmBody </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row49 rowodd">
<td class="col0"> <acronym title="Uniform Resource Locator">URL</acronym> for mail reset </td><td class="col1"> mailUrl </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row50 roweven">
<td class="col0"> Skin name </td><td class="col1"> portalSkin </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row51 rowodd">
<td class="col0"> Display logout module </td><td class="col1"> portalDisplayLogout </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row52 roweven">
<td class="col0"> Display reset password form </td><td class="col1"> portalDisplayResetPassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row53 rowodd">
<td class="col0"> Display change password module </td><td class="col1"> portalDisplayChangePassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row54 roweven">
<td class="col0"> Display applications list </td><td class="col1"> portalDisplayAppslist </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row55 rowodd">
<td class="col0"> Allow form autocompletion </td><td class="col1"> portalAutocomplete </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row56 roweven">
<td class="col0"> Require old password (change) </td><td class="col1"> portalRequireOldPassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row57 rowodd">
<td class="col0"> User name session field </td><td class="col1"> portalUserAttr </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row58 roweven">
<td class="col0"> Open links in new window </td><td class="col1"> portalOpenLinkInNewWindow </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row59 rowodd">
<td class="col0"> Anti frame protection </td><td class="col1"> portalAntiFrame </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row60 roweven">
<td class="col0"> Delete other session </td><td class="col1"> singleSession </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row61 rowodd">
<td class="col0"> Delete other session if <acronym title="Internet Protocol">IP</acronym> differs </td><td class="col1"> singleIP </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row62 roweven">
<td class="col0"> Do not allow several users for 1 <acronym title="Internet Protocol">IP</acronym> </td><td class="col1"> singleUserByIP </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row63 rowodd">
<td class="col0"> Display other sessions </td><td class="col1"> notifyOther </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row64 roweven">
<td class="col0"> Display deleted sessions </td><td class="col1"> notifyDeleted </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row65 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> server or Net::<acronym title="Lightweight Directory Access Protocol">LDAP</acronym> connexion string </td><td class="col1"> ldapServer </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row66 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> Port </td><td class="col1"> ldapPort </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row67 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> search base </td><td class="col1"> ldapBase </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row68 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> Bind <acronym title="Distinguished Name">DN</acronym> </td><td class="col1"> managerDn </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row69 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> Bind Password </td><td class="col1"> managerPassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row70 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> main search filter </td><td class="col1"> LDAPFilter </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row71 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> authentication search filter </td><td class="col1"> AuthLDAPFilter </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row72 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> mail search filter </td><td class="col1"> mailLDAPFilter </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row73 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> password policy control </td><td class="col1"> ldapPpolicyControl </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row74 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> extended SetPassword modify </td><td class="col1"> ldapSetPassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row75 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups base </td><td class="col1"> ldapGroupBase </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row76 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups objectClass </td><td class="col1"> ldapGroupObjectClass </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row77 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups member attribute </td><td class="col1"> ldapGroupAttributeName </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row78 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups member link value </td><td class="col1"> ldapGroupAttributeNameUser </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row79 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups name attribute </td><td class="col1"> ldapGroupAttributeNameSearch </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row80 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> activate recursive groups </td><td class="col1"> ldapGroupRecursive </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row81 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> group link attribute name </td><td class="col1"> ldapGroupAttributeNameGroup </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row82 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> change password as user </td><td class="col1"> ldapChangePasswordAsUser </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row83 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> password encoding </td><td class="col1"> ldapPwdEnc </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row84 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> timeout </td><td class="col1"> ldapTimeout </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row85 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> version </td><td class="col1"> ldapVersion </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row86 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> binary attributes </td><td class="col1"> ldapRaw </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row87 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> authentication level </td><td class="col1"> ldapAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row88 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Connection chain </td><td class="col1"> dbiAuthChain </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row89 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Connection user </td><td class="col1"> dbiAuthUser</td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row90 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Connection password </td><td class="col1"> dbiAuthPassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row91 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Authentication table </td><td class="col1"> dbiAuthTable </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row92 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Login column </td><td class="col1"> dbiAuthLoginCol </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row93 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Password column </td><td class="col1"> dbiAuthPasswordCol </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row94 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Password hash </td><td class="col1"> dbiAuthPasswordHash </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row95 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> UserDB connection chain </td><td class="col1"> dbiUserChain </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row96 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> UserDB connection user </td><td class="col1"> dbiUserUser </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row97 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> UserDB connection password </td><td class="col1"> dbiUserPassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row98 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> UserDB table </td><td class="col1"> dbiUserTable </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row99 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Mail column </td><td class="col1"> dbiPasswordMailCol </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row100 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Pivot from user table </td><td class="col1"> userPivot </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row101 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> authentication level </td><td class="col1"> dbiAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row102 roweven">
<td class="col0"> <acronym title="Secure Sockets Layer">SSL</acronym> user field in certificate </td><td class="col1"> SSLVar </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row103 rowodd">
<td class="col0"> <acronym title="Secure Sockets Layer">SSL</acronym> map with <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> attribute </td><td class="col1"> SSLLDAPField </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row104 roweven">
<td class="col0"> <acronym title="Secure Sockets Layer">SSL</acronym> force <acronym title="Secure Sockets Layer">SSL</acronym> authentication </td><td class="col1"> SSLRequire </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row105 rowodd">
<td class="col0"> <acronym title="Secure Sockets Layer">SSL</acronym> authentication level </td><td class="col1"> SSLAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row106 roweven">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> server <acronym title="Uniform Resource Locator">URL</acronym> </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_url </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row107 rowodd">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> CA file </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_CAFile </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row108 roweven">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> force authentication renewal </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_renew </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row109 rowodd">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> force gateway authentication </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_gateway </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row110 roweven">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> <acronym title="Proxy Granting Ticket">PGT</acronym> temporary file </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_pgtFile </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row111 rowodd">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> proxied services </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_proxiedServices </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row112 roweven">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> authentication level </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_authnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row113 rowodd">
<td class="col0"> Remote portal </td><td class="col1"> remotePortal </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row114 roweven">
<td class="col0"> Remote Session backend </td><td class="col1"> remoteGlobalStorage </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row115 rowodd">
<td class="col0"> Remote Session backend options </td><td class="col1"> remoteGlobalStorageOptions </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row116 roweven">
<td class="col0"> Remote cookie name </td><td class="col1"> remoteCookieName </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row117 rowodd">
<td class="col0"> Proxy portal <acronym title="Uniform Resource Locator">URL</acronym> </td><td class="col1"> soapAuthService </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row118 roweven">
<td class="col0"> Proxy cookie name </td><td class="col1"> remoteCookieName </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row119 rowodd">
<td class="col0"> Proxy session <acronym title="Simple Object Access Protocol">SOAP</acronym> end point </td><td class="col1"> soapSessionService </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row120 roweven">
<td class="col0"> Twitter application key </td><td class="col1"> twitterKey </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row121 rowodd">
<td class="col0"> Twitter application secret </td><td class="col1"> twitterSecret </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row122 roweven">
<td class="col0"> Twitter application name </td><td class="col1"> twitterAppName </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row123 rowodd">
<td class="col0"> Twitter authentication level </td><td class="col1"> twitterAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row124 roweven">
<td class="col0"> OpenID secret token </td><td class="col1"> openIdSecret </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row125 rowodd">
<td class="col0"> OpenID allowed domains </td><td class="col1"> openIdIDPList </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row126 roweven">
<td class="col0"> OpenID authentication level </td><td class="col1"> openIdAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row127 rowodd">
<td class="col0"> Apache authentication level </td><td class="col1"> apacheAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row128 roweven">
<td class="col0"> Null authentication level </td><td class="col1"> nullAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row129 rowodd">
<td class="col0"> Choice <acronym title="Uniform Resource Locator">URL</acronym> parameter </td><td class="col1"> authChoiceParam </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row130 roweven">
<td class="col0"> Choice modules </td><td class="col1"> authChoiceModules </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row131 rowodd">
<td class="col0"> Multi overridden parameters </td><td class="col1"> multi </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row132 roweven">
<td class="col0"> Zimbra preauthentication key </td><td class="col1"> zimbraPreAuthKey </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row133 rowodd">
<td class="col0"> Zimbra account session key </td><td class="col1"> zimbraAccountKey </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row134 roweven">
<td class="col0"> Zimbra account type </td><td class="col1"> zimbraBy </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row135 rowodd">
<td class="col0"> Zimbra preauthentication <acronym title="Uniform Resource Locator">URL</acronym> </td><td class="col1"> zimbraUr </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row136 roweven">
<td class="col0"> Zimbra local <acronym title="Single Sign On">SSO</acronym> <acronym title="Uniform Resource Locator">URL</acronym> pattern </td><td class="col1"> zimbraSsoUrl </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row137 rowodd">
<td class="col0"> Sympa shared secret </td><td class="col1"> sympaSecret </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row138 roweven">
<td class="col0"> Sympa mail session key </td><td class="col1"> sympaMailKey </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
</table>
</div>
</p>
</div>
</div><!-- closes <div class="dokuwiki export">-->

22
build/lemonldap-ng/doc/pages/documentation/1.00/prereq.html
View File

@ -79,7 +79,7 @@ different versions of Apache/mod_perl.
</li>
<li class="level1"><div class="li"> Cache::Cache</div>
</li>
<li class="level1"><div class="li"> DBI</div>
<li class="level1"><div class="li"> <acronym title="Database Interface">DBI</acronym></div>
</li>
<li class="level1"><div class="li"> <acronym title="Extensible Markup Language">XML</acronym>::Simple</div>
</li>
@ -122,7 +122,7 @@ different versions of Apache/mod_perl.
</div>
<!-- SECTION "Reset password by mail" [1672-1764] -->
<h3><a name="saml2_or_liberty_alliance" id="saml2_or_liberty_alliance">SAML2 or Liberty Alliance</a></h3>
<h3><a name="saml2" id="saml2">SAML2</a></h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> <a href="http://lasso.entrouvert.org/" class="urlextern" title="http://lasso.entrouvert.org/" rel="nofollow">Lasso</a></div>
@ -136,7 +136,7 @@ different versions of Apache/mod_perl.
</ul>
</div>
<!-- SECTION "SAML2 or Liberty Alliance" [1765-1895] -->
<!-- SECTION "SAML2" [1765-1875] -->
<h3><a name="cas" id="cas">CAS</a></h3>
<div class="level3">
<ul>
@ -145,7 +145,7 @@ different versions of Apache/mod_perl.
</ul>
</div>
<!-- SECTION "CAS" [1896-1969] -->
<!-- SECTION "CAS" [1876-1949] -->
<h3><a name="openid" id="openid">OpenID</a></h3>
<div class="level3">
<ul>
@ -156,7 +156,7 @@ different versions of Apache/mod_perl.
</ul>
</div>
<!-- SECTION "OpenID" [1970-2052] -->
<!-- SECTION "OpenID" [1950-2032] -->
<h3><a name="twitter" id="twitter">Twitter</a></h3>
<div class="level3">
<ul>
@ -165,7 +165,7 @@ different versions of Apache/mod_perl.
</ul>
</div>
<!-- SECTION "Twitter" [2053-2089] -->
<!-- SECTION "Twitter" [2033-2069] -->
<h3><a name="pod_unit_tests" id="pod_unit_tests">POD unit tests</a></h3>
<div class="level3">
<ul>
@ -174,7 +174,7 @@ different versions of Apache/mod_perl.
</ul>
</div>
<!-- SECTION "POD unit tests" [2090-2130] -->
<!-- SECTION "POD unit tests" [2070-2110] -->
<h2><a name="other" id="other">Other</a></h2>
<div class="level2">
<ul>
@ -183,12 +183,12 @@ different versions of Apache/mod_perl.
</ul>
</div>
<!-- SECTION "Other" [2131-2247] -->
<!-- SECTION "Other" [2111-2227] -->
<h2><a name="install_dependencies_on_your_system" id="install_dependencies_on_your_system">Install dependencies on your system</a></h2>
<div class="level2">
</div>
<!-- SECTION "Install dependencies on your system" [2248-2297] -->
<!-- SECTION "Install dependencies on your system" [2228-2277] -->
<h3><a name="apt-get" id="apt-get">APT-GET</a></h3>
<div class="level3">
<pre class="code">
@ -196,7 +196,7 @@ different versions of Apache/mod_perl.
</pre>
</div>
<!-- SECTION "APT-GET" [2298-2822] -->
<!-- SECTION "APT-GET" [2278-2802] -->
<h3><a name="yum" id="yum">YUM</a></h3>
<div class="level3">
@ -215,4 +215,4 @@ Choose a repository which hosted <acronym title="Practical Extraction and Report
</pre>
</div>
<!-- SECTION "YUM" [2823-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "YUM" [2803-] --></div><!-- closes <div class="dokuwiki export">-->

54
build/lemonldap-ng/doc/pages/documentation/1.00/start.html
View File

@ -38,7 +38,7 @@
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.00/installrpm.html" class="wikilink1" title="documentation:1.00:installrpm">Installation on RHEL/CentOS with packages</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.00/upgrade.html" class="wikilink2" title="documentation:1.00:upgrade" rel="nofollow">Upgrade from 0.9.4</a></div>
<li class="level1"><div class="li"> <a href="../../documentation/1.00/upgrade.html" class="wikilink1" title="documentation:1.00:upgrade">Upgrade from 0.9.4</a></div>
</li>
</ul>
@ -48,17 +48,61 @@
<div class="level2">
</div>
<!-- SECTION "Configuration" [339-366] -->
<!-- SECTION "Configuration" [339-365] -->
<h3><a name="overview" id="overview">Overview</a></h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> <a href="../../documentation/1.00/configlocation.html" class="wikilink1" title="documentation:1.00:configlocation">Configuration location</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.00/configvhost.html" class="wikilink1" title="documentation:1.00:configvhost">Manage virtual hosts</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.00/parameterlist.html" class="wikilink1" title="documentation:1.00:parameterlist">Parameters list</a></div>
</li>
</ul>
</div>
<!-- SECTION "Overview" [366-511] -->
<h3><a name="portal" id="portal">Portal</a></h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> <a href="../../documentation/1.00/portalcustom.html" class="wikilink2" title="documentation:1.00:portalcustom" rel="nofollow">Portal customization</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.00/portalmenu.html" class="wikilink2" title="documentation:1.00:portalmenu" rel="nofollow">Manage applications menu</a></div>
</li>
</ul>
</div>
<!-- SECTION "Portal" [512-616] -->
<h3><a name="authentication" id="authentication">Authentication</a></h3>
<div class="level3">
</div>
<!-- SECTION "Authentication" [617-642] -->
<h3><a name="configuration1" id="configuration1">Configuration</a></h3>
<div class="level3">
</div>
<!-- SECTION "Configuration" [643-667] -->
<h3><a name="sessions" id="sessions">Sessions</a></h3>
<div class="level3">
</div>
<!-- SECTION "Sessions" [668-687] -->
<h3><a name="identity_provider" id="identity_provider">Identity provider</a></h3>
<div class="level3">
</div>
<!-- SECTION "Identity provider" [688-717] -->
<h2><a name="applications_protection" id="applications_protection">Applications protection</a></h2>
<div class="level2">
</div>
<!-- SECTION "Applications protection" [367-404] -->
<!-- SECTION "Applications protection" [718-755] -->
<h2><a name="advanced_features" id="advanced_features">Advanced features</a></h2>
<div class="level2">
</div>
<!-- SECTION "Advanced features" [405-436] -->
<!-- SECTION "Advanced features" [756-787] -->
<h2><a name="exploitation" id="exploitation">Exploitation</a></h2>
<div class="level2">
<ul>
@ -71,4 +115,4 @@
</ul>
</div>
<!-- SECTION "Exploitation" [437-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "Exploitation" [788-] --></div><!-- closes <div class="dokuwiki export">-->

17
build/lemonldap-ng/doc/pages/documentation/1.00/status.html
View File

@ -35,6 +35,13 @@
When status feature is activated, Handlers and portal will collect statistics and save them in their local cache. This means that if several Handlers are deployed, each will manage its own statistics.
</p>
<p>
<p><div class="notetip">
This page can be browsed for example by <a href="http://oss.oetiker.ch/mrtg/" class="urlextern" title="http://oss.oetiker.ch/mrtg/" rel="nofollow">mrtg</a> using the script <strong>lmng-mrtg</strong>
</div></p>
</p>
<p>
The statistics are collected trough a daemon launched by the Handler. It can be seen in system processes, for example:
@ -56,12 +63,12 @@ Example of status page:
</p>
</div>
<!-- SECTION "Presentation" [31-1069] -->
<!-- SECTION "Presentation" [31-1197] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
</div>
<!-- SECTION "Configuration" [1070-1096] -->
<!-- SECTION "Configuration" [1198-1224] -->
<h3><a name="apache" id="apache">Apache</a></h3>
<div class="level3">
@ -81,12 +88,12 @@ Then restart Apache.
</p>
<p>
<p><div class="notetip">You should change the <code>Allow</code> directive to match administration IP, or use another Apache protection mean.
<p><div class="notetip">You should change the <code>Allow</code> directive to match administration <acronym title="Internet Protocol">IP</acronym>, or use another Apache protection mean.
</div></p>
</p>
</div>
<!-- SECTION "Apache" [1097-1557] -->
<!-- SECTION "Apache" [1225-1685] -->
<h3><a name="lemonldapng" id="lemonldapng">LemonLDAP::NG</a></h3>
<div class="level3">
@ -104,4 +111,4 @@ Then restart Apache.
</p>
</div>
<!-- SECTION "LemonLDAP::NG" [1558-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "LemonLDAP::NG" [1686-] --></div><!-- closes <div class="dokuwiki export">-->

203
build/lemonldap-ng/doc/pages/documentation/1.00/upgrade.html Normal file
View File

@ -0,0 +1,203 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="upgrade_from_094_to_10" id="upgrade_from_094_to_10">Upgrade from 0.9.4 to 1.0</a></h1>
<div class="level1">
<p>
<p><div class="noteclassic">If you are using packages, they should have done the upgrade process for you, but you can check here that all is in order.
</div></p>
</p>
</div>
<!-- SECTION "Upgrade from 0.9.4 to 1.0" [1-178] -->
<h2><a name="apache_configuration" id="apache_configuration">Apache configuration</a></h2>
<div class="level2">
<p>
Now LemonLDAP::NG is shipped with 3 Apache configuration files:
</p>
<ul>
<li class="level1"><div class="li"> <strong>portal-apache2.conf</strong>: portal virtual host</div>
</li>
<li class="level1"><div class="li"> <strong>manager-apache2.conf</strong>: manager virtual host</div>
</li>
<li class="level1"><div class="li"> <strong>handler-apache2.conf</strong>: handler declaration and protected application virtual hosts</div>
</li>
</ul>
<p>
<p><div class="noteimportant">If you are still using Apache 1, those files are named <strong>portal-apache.conf</strong>, <strong>manager-apache.conf</strong>, <strong>handler-apache.conf</strong>, but some features will not work (automatic post,…).
</div></p>
</p>
<p>
You need to update these files with all your Apache configuration customization.
</p>
</div>
<!-- SECTION "Apache configuration" [179-756] -->
<h2><a name="lemonldapng_configuration_files" id="lemonldapng_configuration_files">LemonLDAP::NG configuration files</a></h2>
<div class="level2">
<p>
LemonLDAP::NG 0.9.4 used local files for some settings:
</p>
<ul>
<li class="level1"><div class="li"> <strong>apply.conf</strong>: <acronym title="Uniform Resource Identifier">URI</acronym> used by Manager to apply changes</div>
</li>
<li class="level1"><div class="li"> <strong>storage.conf</strong>: Configuration location and Cache settings</div>
</li>
<li class="level1"><div class="li"> <strong>apps-list.xml</strong>: Application menu</div>
</li>
</ul>
<p>
Those file are not used anymore, and merged into <code>lemonldap-ng.ini</code>.
</p>
<p>
There is a script in the bin/ directory called <code>lmMigrateConfFiles2ini</code> designed to parse old configuration files and copy parameters in the new file.
</p>
<p>
Script options:
</p>
<ul>
<li class="level1"><div class="li"> <strong>--dir,-d</strong>: path to main configuration directory (default: /etc/lemonldap-ng)</div>
</li>
<li class="level1"><div class="li"> <strong>--storage,-s</strong>: path to storage.conf (if not stored in conf dir)</div>
</li>
<li class="level1"><div class="li"> <strong>--apply,-a</strong>: path to apply.conf (if not stored in conf dir)</div>
</li>
<li class="level1"><div class="li"> <strong>--menuxml,-m</strong>: path to apps-list.xml (if not stored in conf dir)</div>
</li>
<li class="level1"><div class="li"> <strong>--ini,-i</strong>: path to lemonldap-ng.ini (if not stored in conf dir)</div>
</li>
<li class="level1"><div class="li"> <strong>--preserve,-p</strong>: do not erase old files after import</div>
</li>
<li class="level1"><div class="li"> <strong>--help,-h</strong>: show this message</div>
</li>
<li class="level1"><div class="li"> <strong>--verbose,-v</strong>: let me tell you my life</div>
</li>
</ul>
<p>
Here is how you can use it, if you installed LemonLDAP::NG from the tarball in the /usr/local/lemonldap-ng directory:
</p>
<pre class="code">
$ sudo /usr/local/lemonldap-ng/bin/lmMigrateConfFiles2ini -d /usr/local/lemonldap-ng/etc -v -p
</pre>
<p>
Remove the <code>-p</code> options if you want to delete old files.
</p>
<p>
<p><div class="noteimportant">The migration of application list in ini file will work, but it will then be hard to update. You should use the Manager and reconfigure all categories and applications trough it, and then comment application list in ini file.
</div></p>
</p>
</div>
<!-- SECTION "LemonLDAP::NG configuration files" [757-2342] -->
<h2><a name="customized_scripts_parameters" id="customized_scripts_parameters">Customized scripts parameters</a></h2>
<div class="level2">
<p>
Before 1.0, we used to override some configuration parameters by editing perl scripts (like <code>portal/index.pl</code>) and setting values like this :
</p>
<pre class="code file perl"><span class="kw1">my</span> <span class="re0">$portal</span> <span class="sy0">=</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">SharedConf</span><span class="sy0">-&gt;</span><span class="me1">new</span><span class="br0">&#40;</span> <span class="br0">&#123;</span>
portal <span class="sy0">=&gt;</span> <span class="st_h">'auth.example.com'</span><span class="sy0">,</span>
cookieName <span class="sy0">=&gt;</span> <span class="st_h">'lemonldap'</span><span class="sy0">,</span>
ldapPort <span class="sy0">=&gt;</span> <span class="st_h">'390'</span><span class="sy0">,</span>
<span class="br0">&#125;</span> <span class="br0">&#41;</span><span class="sy0">;</span></pre>
<p>
The new <code>lemonldap-ng.ini</code> file should be now used to do this, as perl scripts are program files that are erased on software updates. You have to know too that all configuration parameters are now available in Manager interface.
</p>
<p>
If you still need to customize those program files, please prefer to copy them:
</p>
<pre class="code">
# cp portal/index.pl portal/indexcustom.pl
</pre>
<p>
And declare your custom file in Apache configuration
</p>
<pre class="code file apache"><span class="kw1">DirectoryIndex</span> indexcustom.pl</pre>
<p>
This will prevent your local modifications to be dropped when you will update your LemonLDAP::NG version.
</p>
</div>
<!-- SECTION "Customized scripts parameters" [2343-3283] -->
<h2><a name="liberty_alliance_portal" id="liberty_alliance_portal">Liberty Alliance portal</a></h2>
<div class="level2">
<p>
Liberty Alliance portal was removed. So ID-FF authentication is no more supported.
</p>
<p>
To replace it, LemonLDAP::NG has now SAML2 authentication backend.
</p>
</div>
<!-- SECTION "Liberty Alliance portal" [3284-3473] -->
<h2><a name="dbi_configuration_backend" id="dbi_configuration_backend">DBI configuration backend</a></h2>
<div class="level2">
<p>
<acronym title="Database Interface">DBI</acronym> configuration has been removed. You now have two choices to store configuration in a database:
</p>
<ul>
<li class="level1"><div class="li"> RDBI</div>
</li>
<li class="level1"><div class="li"> CDBI</div>
</li>
</ul>
<p>
<img src="/lib/images/smileys/fixme.gif" class="middle" alt="FIXME" /> add links to RDBI and CDBI conf
</p>
</div>
<!-- SECTION "DBI configuration backend" [3474-] --></div><!-- closes <div class="dokuwiki export">-->

21
build/lemonldap-ng/doc/pages/documentation/conferences.html
View File

@ -26,21 +26,28 @@
<div class="level1">
</div>
<!-- SECTION "Conferences" [1-27] -->
<!-- SECTION "Conferences" [1-28] -->
<h2><a name="jdll_2010" id="jdll_2010">JDLL 2010</a></h2>
<div class="level2">
<object id="__sse5451129" width="425" height="355"><param name="movie" value="http://static.slidesharecdn.com/swf/ssplayer2.swf?doc=jdll2010lemonldap-ng100preview-101015064952-phpapp02&rel=0&stripped_title=jdll-2010-lemonldapng100preview&userName=coudot" /><param name="allowFullScreen" value="true"/><param name="allowScriptAccess" value="always"/><embed name="__sse5451129" src="http://static.slidesharecdn.com/swf/ssplayer2.swf?doc=jdll2010lemonldap-ng100preview-101015064952-phpapp02&rel=0&stripped_title=jdll-2010-lemonldapng100preview&userName=coudot" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="355"></embed></object>
</div>
<!-- SECTION "JDLL 2010" [29-755] -->
<h2><a name="rmlllsm_2010" id="rmlllsm_2010">RMLL/LSM 2010</a></h2>
<div class="level2">
<object id="__sse4702308" width="425" height="355"><param name="movie" value="http://static.slidesharecdn.com/swf/ssplayer2.swf?doc=rmll2010lemonldapngsaml-100707111400-phpapp02&rel=0&stripped_title=rmll2010-lemon-ldapngsaml" /><param name="allowFullScreen" value="true"/><param name="allowScriptAccess" value="always"/><embed name="__sse4702308" src="http://static.slidesharecdn.com/swf/ssplayer2.swf?doc=rmll2010lemonldapngsaml-100707111400-phpapp02&rel=0&stripped_title=rmll2010-lemon-ldapngsaml" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="355"></embed></object>
</div>
<!-- SECTION "RMLL/LSM 2010" [28-700] -->
<!-- SECTION "RMLL/LSM 2010" [756-1428] -->
<h2><a name="solution_linux_2010" id="solution_linux_2010">Solution Linux 2010</a></h2>
<div class="level2">
<object width="425" height="355"><param name="movie" value="http://static.slidesharecdn.com/swf/ssplayer2.swf?doc=sl2010lemonldapngsaml-100321123520-phpapp01&rel=0&stripped_title=lemonldapng-et-le-support-saml2" /><param name="allowFullScreen" value="true"/><param name="allowScriptAccess" value="always"/><embed src="http://static.slidesharecdn.com/swf/ssplayer2.swf?doc=sl2010lemonldapngsaml-100321123520-phpapp01&rel=0&stripped_title=lemonldapng-et-le-support-saml2" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="355"></embed></object>
</div>
<!-- SECTION "Solution Linux 2010" [701-1349] -->
<!-- SECTION "Solution Linux 2010" [1429-2077] -->
<h2><a name="rmlllsm_2009" id="rmlllsm_2009">RMLL/LSM 2009</a></h2>
<div class="level2">
@ -51,25 +58,25 @@ You can see the video here: <a href="http://marcelhaise.com/rmll2009/#LemonLDAP"
</p>
</div>
<!-- SECTION "RMLL/LSM 2009" [1350-2123] -->
<!-- SECTION "RMLL/LSM 2009" [2078-2851] -->
<h2><a name="linux_tag_2009" id="linux_tag_2009">Linux Tag 2009</a></h2>
<div class="level2">
<object style="margin:0px" width="425" height="355"><param name="movie" value="http://static.slidesharecdn.com/swf/ssplayer2.swf?doc=linuxtag2009websso-090626095530-phpapp01&rel=0&stripped_title=websso-and-access-management-with-lemonldapng" /><param name="allowFullScreen" value="true"/><param name="allowScriptAccess" value="always"/><embed src="http://static.slidesharecdn.com/swf/ssplayer2.swf?doc=linuxtag2009websso-090626095530-phpapp01&rel=0&stripped_title=websso-and-access-management-with-lemonldapng" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="355"></embed></object>
</div>
<!-- SECTION "Linux Tag 2009" [2124-2808] -->
<!-- SECTION "Linux Tag 2009" [2852-3536] -->
<h2><a name="solution_linux_2009" id="solution_linux_2009">Solution Linux 2009</a></h2>
<div class="level2">
<object style="margin:0px" width="425" height="355"><param name="movie" value="http://static.slidesharecdn.com/swf/ssplayer2.swf?doc=sl2009websso-ldapcou-tch-090421111509-phpapp02&rel=0&stripped_title=sl2009-identity-management-cycle-ldap-synchronization-and-websso" /><param name="allowFullScreen" value="true"/><param name="allowScriptAccess" value="always"/><embed src="http://static.slidesharecdn.com/swf/ssplayer2.swf?doc=sl2009websso-ldapcou-tch-090421111509-phpapp02&rel=0&stripped_title=sl2009-identity-management-cycle-ldap-synchronization-and-websso" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="355"></embed></object>
</div>
<!-- SECTION "Solution Linux 2009" [2809-3548] -->
<!-- SECTION "Solution Linux 2009" [3537-4276] -->
<h2><a name="ow2_annual_conference" id="ow2_annual_conference">OW2 annual conference</a></h2>
<div class="level2">
<object style="margin:0px" width="425" height="355"><param name="movie" value="http://static.slidesharecdn.com/swf/ssplayer2.swf?doc=ow2-lemonldap-ng-090506090158-phpapp02&stripped_title=lemonldapng-opensource-websso-of-the-french-administrations-1394404" /><param name="allowFullScreen" value="true"/><param name="allowScriptAccess" value="always"/><embed src="http://static.slidesharecdn.com/swf/ssplayer2.swf?doc=ow2-lemonldap-ng-090506090158-phpapp02&stripped_title=lemonldapng-opensource-websso-of-the-french-administrations-1394404" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="355"></embed></object>
</div>
<!-- SECTION "OW2 annual conference" [3549-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "OW2 annual conference" [4277-] --></div><!-- closes <div class="dokuwiki export">-->

463
build/lemonldap-ng/doc/pages/documentation/latest/configlocation.html Normal file
View File

@ -0,0 +1,463 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="configuration_overview" id="configuration_overview">Configuration overview</a></h1>
<div class="level1">
</div>
<!-- SECTION "Configuration overview" [1-38] -->
<h2><a name="backends" id="backends">Backends</a></h2>
<div class="level2">
<p>
LemonLDAP::NG configuration is stored in a backend (File, database, …), that allows all modules to access it.
</p>
<p>
<p><div class="notetip">Detailled configuration backends documentation is available <a href="../../documentation/latest/start.html#configuration1" class="wikilink1" title="documentation:latest:start">here</a>.
</div></p>
</p>
<p>
By default, configuration is stored in files, so access trough network is not possible. To allow this, use <acronym title="Simple Object Access Protocol">SOAP</acronym> for configuration access, or use a network service like <acronym title="Structured Query Language">SQL</acronym> database or <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> directory.
</p>
<p>
Configuration backend can be set in the <a href="#local_file" title="documentation:latest:configlocation &crarr;" class="wikilink1">local configuration file</a>, in <code>configuration</code> section.
</p>
<p>
For example, to configure the <code>File</code> configuration backend:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>configuration<span class="br0">&#93;</span></span>
<span class="re1">type</span><span class="sy0">=</span><span class="re2">File</span>
<span class="re1">dirName</span> <span class="sy0">=</span><span class="re2"> /usr/local/lemonldap-ng/data/conf</span></pre>
</div>
<!-- SECTION "Backends" [39-749] -->
<h2><a name="manager" id="manager">Manager</a></h2>
<div class="level2">
<p>
Most of configuration can be done trough LemonLDAP::NG Manager (by default <a href="http://manager.example.com" class="urlextern" title="http://manager.example.com" rel="nofollow">http://manager.example.com</a>).
</p>
<p>
By default, Manager is protected to allow only localhost. This can be changed in <code>etc/manager-apache2.conf</code>:
</p>
<pre class="code file apache"> &lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/manager/&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
<span class="kw1">Allow</span> from 127.0.0.0/8
<span class="kw1">Options</span> +ExecCGI
&lt;/<span class="kw3">Directory</span>&gt;</pre>
<p>
<p><div class="notetip">You can change allowed <acronym title="Internet Protocol">IP</acronym>, or add an Apache authentication module. When LemonLDAP::NG will be fully configured, you can also protect Manager with the Handler, as any other web application.
</div></p>
</p>
<p>
The Manager displays main branches:
</p>
<ul>
<li class="level1"><div class="li"> <strong>General Parameters</strong>: authentication modules, portal, etc.</div>
</li>
<li class="level1"><div class="li"> <strong>Variables</strong>: user information, macros and groups used to fill <acronym title="Single Sign On">SSO</acronym> session</div>
</li>
<li class="level1"><div class="li"> <strong>Virtual Hosts</strong>: access rules, headers, etc.</div>
</li>
<li class="level1"><div class="li"> <strong><acronym title="Security Assertion Markup Language">SAML</acronym> 2 Service</strong>: <acronym title="Security Assertion Markup Language">SAML</acronym> metadata administration</div>
</li>
<li class="level1"><div class="li"> <strong><acronym title="Security Assertion Markup Language">SAML</acronym> identity providers</strong>: Registered IDP</div>
</li>
<li class="level1"><div class="li"> <strong><acronym title="Security Assertion Markup Language">SAML</acronym> service providers</strong>: Registered SP</div>
</li>
</ul>
<p>
LemonLDAP::NG configuration is mainly a key/value structure, so Manager will present all keys into a structured tree. A click on a key will display the associated value.
</p>
<p>
When modifying a value, always click on the <code>Apply</code> button if available, to be sure the value is saved. When all modifications are done, click on <code>Save</code> to store configuration.
</p>
<p>
<p><div class="notewarning">LemonLDAP::NG will do some checks on configuration and display errors if any. Configuration <strong>is not saved</strong> if errors occur.
</div></p>
</p>
</div>
<!-- SECTION "Manager" [750-2274] -->
<h2><a name="apache" id="apache">Apache</a></h2>
<div class="level2">
<p>
<p><div class="noteimportant">LemonLDAP::NG does not manage Apache configuration
</div></p>
</p>
<p>
LemonLDAP::NG ships 3 Apache configuration files:
</p>
<ul>
<li class="level1"><div class="li"> <strong>portal-apache2.conf</strong>: Portal virtual host, with <acronym title="Simple Object Access Protocol">SOAP</acronym> and Issuer end points</div>
</li>
<li class="level1"><div class="li"> <strong>manager-apache2.conf</strong>: Manager virtual host</div>
</li>
<li class="level1"><div class="li"> <strong>handler-apache2.conf</strong> : Handler declaration, reload and sample virtual hosts</div>
</li>
</ul>
<p>
These files must be included in Apache configuration, either with <code>Include</code> directives in <code>httpd.conf</code> (see <a href="../../documentation/quickstart.html#apache" class="wikilink1" title="documentation:quickstart">quick start example</a>), or with symbolic links in Apache configuration directory (like <code>/etc/httpd/conf.d</code>).
</p>
<p>
<p><div class="notewarning">Mod <acronym title="Practical Extraction and Report Language">Perl</acronym> must be loaded before LemonLDAP::NG, so include configuration after the mod_perl <code>LoadModule</code> directive.
</div></p>
</p>
</div>
<!-- SECTION "Apache" [2275-3034] -->
<h3><a name="portal" id="portal">Portal</a></h3>
<div class="level3">
<p>
In Portal virtual host, you will find several configuration parts:
</p>
<ul>
<li class="level1"><div class="li"> Standard virtual host directives, to serve portal pages:</div>
</li>
</ul>
<pre class="code file apache"> <span class="kw1">ServerName</span> auth.example.com
&nbsp;
<span class="co1"># DocumentRoot</span>
<span class="kw1">DocumentRoot</span> /usr/local/lemonldap-ng/htdocs/portal/
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/portal/&gt;
<span class="kw1">Order</span> <span class="kw1">allow</span>,<span class="kw1">deny</span>
<span class="kw1">Allow</span> from <span class="kw2">all</span>
<span class="kw1">Options</span> +ExecCGI
&lt;/<span class="kw3">Directory</span>&gt;
&nbsp;
<span class="co1"># Perl script</span>
&lt;<span class="kw3">Files</span> *.pl&gt;
<span class="kw1">SetHandler</span> perl-<span class="kw1">script</span>
PerlResponseHandler ModPerl::Registry
&lt;/<span class="kw3">Files</span>&gt;
&nbsp;
<span class="co1"># Directory index</span>
&lt;<span class="kw3">IfModule</span> mod_dir.c&gt;
<span class="kw1">DirectoryIndex</span> index.pl index.html
&lt;/<span class="kw3">IfModule</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> <acronym title="Simple Object Access Protocol">SOAP</acronym> end points (inactivated by default):</div>
</li>
</ul>
<pre class="code file apache"> <span class="co1"># SOAP functions for sessions management (disabled by default)</span>
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/portal//index.pl/adminSessions&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
&lt;/<span class="kw3">Directory</span>&gt;
&nbsp;
<span class="co1"># SOAP functions for sessions access (disabled by default)</span>
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/portal//index.pl/sessions&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
&lt;/<span class="kw3">Directory</span>&gt;
&nbsp;
<span class="co1"># SOAP functions for configuration access (disabled by default)</span>
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/portal//index.pl/config&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
&lt;/<span class="kw3">Directory</span>&gt;
&nbsp;
<span class="co1"># SOAP functions for notification insertion (disabled by default)</span>
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/portal//index.pl/notification&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
&lt;/<span class="kw3">Directory</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> Issuer rewrite rules (requires <code>mod_rewrite</code>):</div>
</li>
</ul>
<pre class="code file apache"> <span class="co1"># SAML2 Issuer</span>
&lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
<span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
<span class="kw1">RewriteRule</span> ^/saml/metadata /metadata.pl
<span class="kw1">RewriteRule</span> ^/saml/.* /index.pl
&lt;/<span class="kw3">IfModule</span>&gt;
&nbsp;
<span class="co1"># CAS Issuer</span>
&lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
<span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
<span class="kw1">RewriteRule</span> ^/cas/.* /index.pl
&lt;/<span class="kw3">IfModule</span>&gt;
&nbsp;
<span class="co1"># OpenID Issuer</span>
&lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
<span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
<span class="kw1">RewriteRule</span> ^/openidserver/.* /index.pl
&lt;/<span class="kw3">IfModule</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> Some <acronym title="Practical Extraction and Report Language">Perl</acronym> optimizations:</div>
</li>
</ul>
<pre class="code file apache"><span class="co1"># Best performance under ModPerl::Registry</span>
<span class="co1"># Uncomment this to increase performance of Portal</span>
&lt;Perl&gt;
<span class="kw1">require</span> Lemonldap::NG::Portal::SharedConf;
Lemonldap::NG::Portal::SharedConf-&gt;compile(
qw(delete <span class="kw1">header</span> cache read_from_client cookie <span class="kw1">redirect</span> unescapeHTML));
<span class="co1"># Uncomment this line if you use Lemonldap::NG menu</span>
<span class="kw1">require</span> Lemonldap::NG::Portal::Menu;
<span class="co1"># Uncomment this line if you use portal SOAP capabilities</span>
<span class="kw1">require</span> SOAP::Lite;
&lt;/Perl&gt;</pre>
</div>
<!-- SECTION "Portal" [3035-5628] -->
<h3><a name="manager1" id="manager1">Manager</a></h3>
<div class="level3">
<p>
Manager virtual host is used to serve configuration interface and local documentation.
</p>
<ul>
<li class="level1"><div class="li"> Configuration interface access is protected:</div>
</li>
</ul>
<pre class="code file apache"> <span class="kw1">DocumentRoot</span> /usr/local/lemonldap-ng/htdocs/manager/
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/manager/&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
<span class="kw1">Allow</span> from 127.0.0.0/8
<span class="kw1">Options</span> +ExecCGI
&lt;/<span class="kw3">Directory</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> Local documentation is open to all:</div>
</li>
</ul>
<pre class="code file apache"> <span class="kw1">Alias</span> /doc/ /usr/local/lemonldap-ng/htdocs/doc/
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/doc/&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Allow</span> from <span class="kw2">all</span>
&lt;/<span class="kw3">Directory</span>&gt;</pre>
</div>
<!-- SECTION "Manager" [5629-6274] -->
<h3><a name="handler" id="handler">Handler</a></h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> Load Handler in Apache memory:</div>
</li>
</ul>
<pre class="code file apache">PerlOptions +GlobalRequest
PerlRequire /usr/local/lemonldap-ng/handler/MyHandler.pm</pre>
<p>
<p><div class="noteimportant">The Handler must be loaded before any protected virtual host.
</div></p>
</p>
<ul>
<li class="level1"><div class="li"> Catch error pages:</div>
</li>
</ul>
<pre class="code file apache"><span class="kw1">ErrorDocument</span> 403 http://auth.example.com/?lmError=403
<span class="kw1">ErrorDocument</span> <span class="nu0">500</span> http://auth.example.com/?lmError=<span class="nu0">500</span></pre>
<ul>
<li class="level1"><div class="li"> Reload virtual host:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
<span class="kw1">ServerName</span> reload.example.com
&nbsp;
<span class="co1"># Configuration reload mechanism (only 1 per physical server is</span>
<span class="co1"># needed): choose your URL to avoid restarting Apache when</span>
<span class="co1"># configuration change</span>
&lt;<span class="kw3">Location</span> /reload&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
<span class="kw1">Allow</span> from 127.0.0.0/8
PerlHeaderParserHandler My::Package-&gt;refresh
&lt;/<span class="kw3">Location</span>&gt;
&nbsp;
<span class="co1"># Uncomment this to activate status module</span>
<span class="co1">#&lt;Location /status&gt;</span>
<span class="co1"># Order deny,allow</span>
<span class="co1"># Deny from all</span>
<span class="co1"># Allow from 127.0.0.0/8</span>
<span class="co1"># PerlHeaderParserHandler My::Package-&gt;status</span>
<span class="co1">#&lt;/Location&gt;</span>
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
Then, to protect a standard virutal host, the only configuration line to add is:
</p>
<pre class="code file apache">PerlHeaderParserHandler My::Package</pre>
</div>
<!-- SECTION "Handler" [6275-7490] -->
<h2><a name="configuration_reload" id="configuration_reload">Configuration reload</a></h2>
<div class="level2">
<p>
<p><div class="noteclassic">As Handlers keep configuration in cache, when configuration change, it should be updated in Handlers. An Apache restart will work, but LemonLDAP::NG offers the mean to reload them trough an <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> request. Configuration reload will then be effective in less than 10 minutes.
</div></p>
</p>
<p>
After configuration is saved by Manager, LemonLDAP::NG will try to reload configuration on distant Handlers. This can be configured in LemonLDAP::NG ini file, in the section <code>apply</code>:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>apply<span class="br0">&#93;</span></span>
&nbsp;
# URL used to reload configuration
reload.example.com<span class="sy0">=</span><span class="re2">http://reload.example.com/reload</span>
<span class="co0">;reloaddist.example.com=http://reloaddist.example.com/reload</span></pre>
<p>
<p><div class="notetip">You only need a reload <acronym title="Uniform Resource Locator">URL</acronym> per physical servers, as Handlers share the same configuration cache on each physical server.
</div></p>
</p>
<p>
The <code>reload</code> target is managed in Apache configuration, inside a virtual host protected by LemonLDAP::NG Handler, for example:
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
<span class="kw1">ServerName</span> reload.example.com
&nbsp;
&lt;<span class="kw3">Location</span> /reload&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
<span class="kw1">Allow</span> from 127.0.0.0/8
PerlHeaderParserHandler My::Package-&gt;refresh
&lt;/<span class="kw3">Location</span>&gt;
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
<p><div class="noteimportant">You must allow access to Manager <acronym title="Internet Protocol">IP</acronym>.
</div></p>
</p>
</div>
<!-- SECTION "Configuration reload" [7491-8767] -->
<h2><a name="local_file" id="local_file">Local file</a></h2>
<div class="level2">
<p>
LemonLDAP::NG configuration can be managed in a local file with <a href="http://en.wikipedia.org/wiki/INI_file" class="urlextern" title="http://en.wikipedia.org/wiki/INI_file" rel="nofollow">INI format</a>. This file is called <code>lemonldap-ng.ini</code> and has the following sections:
</p>
<ul>
<li class="level1"><div class="li"> <strong>configuration</strong>: where configuration is stored</div>
</li>
<li class="level1"><div class="li"> <strong>apply</strong>: reload <acronym title="Uniform Resource Locator">URL</acronym> for distant Hanlders</div>
</li>
<li class="level1"><div class="li"> <strong>all</strong>: parameters for all modules</div>
</li>
<li class="level1"><div class="li"> <strong>portal</strong>: parameters only for Portal</div>
</li>
<li class="level1"><div class="li"> <strong>manager</strong>: parameters only for Manager</div>
</li>
<li class="level1"><div class="li"> <strong>handler</strong>: parameters only for Handler</div>
</li>
</ul>
<p>
When you set a parameter in <code>lemonldap-ng.ini</code>, it will override the parameter from the global configuration.
</p>
<p>
For example, to override configured skin for portal:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">portalSkin</span> <span class="sy0">=</span><span class="re2"> dark</span></pre>
<p>
<p><div class="notetip">You need to know the technical name of configuration parameter to do this. You can refer to <a href="../../documentation/latest/parameterlist.html" class="wikilink1" title="documentation:latest:parameterlist">parameter list</a> to find it.
</div></p>
</p>
</div>
<!-- SECTION "Local file" [8768-9625] -->
<h2><a name="script_files" id="script_files">Script files</a></h2>
<div class="level2">
<p>
LemonLDAP::NG allows to override any configuration parameter directly in script file. However, it is not advised to edit such files, as they are part of the program, and will be erased at next upgrade.
</p>
<p>
<p><div class="notetip">You also need to know the technical name of configuration parameter to do this. You can refer to <a href="../../documentation/latest/parameterlist.html" class="wikilink1" title="documentation:latest:parameterlist">parameter list</a> to find it.
</div></p>
</p>
</div>
<!-- SECTION "Script files" [9626-10014] -->
<h3><a name="portal1" id="portal1">Portal</a></h3>
<div class="level3">
<p>
For example, in portal/index.pl:
</p>
<pre class="code file perl"><span class="kw1">my</span> <span class="re0">$portal</span> <span class="sy0">=</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">SharedConf</span><span class="sy0">-&gt;</span><span class="me1">new</span><span class="br0">&#40;</span>
<span class="br0">&#123;</span>
portalSkin <span class="sy0">=&gt;</span> <span class="st_h">'dark'</span><span class="sy0">,</span>
<span class="br0">&#125;</span>
<span class="br0">&#41;</span><span class="sy0">;</span></pre>
</div>
<!-- SECTION "Portal" [10015-10185] -->
<h3><a name="handler1" id="handler1">Handler</a></h3>
<div class="level3">
<p>
For example, in handler/MyHandler.pm:
</p>
<pre class="code file perl">__PACKAGE__<span class="sy0">-&gt;</span><span class="me1">init</span><span class="br0">&#40;</span>
<span class="br0">&#123;</span>
domain <span class="sy0">=&gt;</span> <span class="st_h">'acme.com'</span><span class="sy0">,</span>
<span class="br0">&#125;</span>
<span class="br0">&#41;</span><span class="sy0">;</span></pre>
</div>
<!-- SECTION "Handler" [10186-] --></div><!-- closes <div class="dokuwiki export">-->

239
build/lemonldap-ng/doc/pages/documentation/latest/configvhost.html Normal file
View File

@ -0,0 +1,239 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="manage_virtual_hosts" id="manage_virtual_hosts">Manage virtual hosts</a></h1>
<div class="level1">
<p>
LemonLDAP::NG configuration is build around Apache virtual hosts. Each virtual host is a protected resource, with access rules, headers, POST data and options.
</p>
</div>
<!-- SECTION "Manage virtual hosts" [1-197] -->
<h2><a name="apache_configuration" id="apache_configuration">Apache configuration</a></h2>
<div class="level2">
<p>
To protect a virtual host in Apache, the LemonLDAP::NG Handler must be activated (see <a href="../../documentation/latest/configlocation.html#apache" class="wikilink1" title="documentation:latest:configlocation">Apache global configuration</a>).
</p>
<p>
Then you can take any virtual host, and simply add this line to protect it:
</p>
<pre class="code file apache">PerlHeaderParserHandler My::Package</pre>
<p>
For example, a protected virtual host for a local application:
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
<span class="kw1">ServerName</span> localsite.example.com
&nbsp;
PerlHeaderParserHandler My::Package
&nbsp;
<span class="kw1">DocumentRoot</span> /var/www/localsite
&nbsp;
<span class="kw1">ErrorLog</span> /var/log/apache2/localsite_error.log
<span class="kw1">CustomLog</span> /var/log/apache2/localsite_access.log combined
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
And a protected virtual host with LemonLDAP::NG as reverse proxy:
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
<span class="kw1">ServerName</span> proxysite.example.com
&nbsp;
PerlHeaderParserHandler My::Package
&nbsp;
<span class="kw1">ProxyPreserveHost</span> <span class="kw2">on</span>
<span class="kw1">ProxyPass</span> / http://APPLICATION_IP/
<span class="kw1">ProxyPassReverse</span> / http://APPLICATION_IP/
&nbsp;
<span class="kw1">ErrorLog</span> /var/log/apache2/proxysite_error.log
<span class="kw1">CustomLog</span> /var/log/apache2/proxysite_access.log combined
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
<p><div class="noteclassic">The <code>ProxyPreserveHost</code> directive will forward the Host header to the protected application
</div></p>
</p>
<p>
<p><div class="notetip">Using the reverse proxy mode, you will not have the <code>REMOTE_USER</code> environment variable set. Indeed, this variable is set by the Handler on the physical server hosting the Handler, and not on other servers where the Handler is not installed.
</p>
<p>
But this magic Apache configuration will let you transform the Auth-User <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> header in <code>REMOTE_USER</code> envronment variable:
</p>
<pre class="code file apache"><span class="kw1">SetEnvIfNoCase</span> Auth-<span class="kw1">User</span> <span class="st0">&quot;(.*)&quot;</span> REMOTE_USER=$<span class="nu0">1</span></pre>
<p>
</div></p>
</p>
</div>
<!-- SECTION "Apache configuration" [198-1899] -->
<h2><a name="lemonldapng_configuration" id="lemonldapng_configuration">LemonLDAP::NG configuration</a></h2>
<div class="level2">
<p>
An apache virtual host protected by LemonLDAP::NG Handler must be registered in LemonLDAP::NG configuration.
</p>
<p>
To do this, use the Manager, and go in <code>Virtual Hosts</code> branch. You can add, delete or modify a virtual host here.
</p>
<p>
A virtual host contains:
</p>
<ul>
<li class="level1"><div class="li"> Access rules: check user&#039;s right on <acronym title="Uniform Resource Locator">URL</acronym> patterns</div>
</li>
<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> headers: forge information sent to protected applications</div>
</li>
<li class="level1"><div class="li"> POST data: use form replay</div>
</li>
<li class="level1"><div class="li"> Options: redirection port and protocol</div>
</li>
</ul>
</div>
<!-- SECTION "LemonLDAP::NG configuration" [1900-2387] -->
<h3><a name="access_rules" id="access_rules">Access rules</a></h3>
<div class="level3">
<p>
There is a <code>default</code> access rule which is used if no other access rule match the current <acronym title="Uniform Resource Locator">URL</acronym>. Else, each access rule refers to an <acronym title="Uniform Resource Locator">URL</acronym> pattern.
</p>
<p>
Access rule value is an expression, evaluated for each request, and returning 1 if user is authorized, 0 else.
</p>
<p>
Access rules examples:
</p>
<pre class="code">
^/site/.*$ =&gt; $uid eq &quot;admin&quot; or $groups =~ /\bgroup2\b/
^/(js|css) =&gt; accept
default =&gt; deny
</pre>
<p>
Access rules accepts special targets:
</p>
<ul>
<li class="level1"><div class="li"> <strong>accept</strong>: all authenticated users can pass</div>
</li>
<li class="level1"><div class="li"> <strong>deny</strong>: nobody is welcomed</div>
</li>
<li class="level1"><div class="li"> <strong>unprotect</strong>: all is open!</div>
</li>
<li class="level1"><div class="li"> <strong>logout_sso</strong>: request is not forwarded to application, <acronym title="Single Sign On">SSO</acronym> session is closed</div>
</li>
<li class="level1"><div class="li"> <strong>logout_app</strong>: request is forwarded to application, <acronym title="Single Sign On">SSO</acronym> session remains open</div>
</li>
<li class="level1"><div class="li"> <strong>logout_app_sso</strong>: request is forwarded to application, <acronym title="Single Sign On">SSO</acronym> session is closed</div>
</li>
</ul>
<p>
<p><div class="notetip">The logout* targets can have an <acronym title="Uniform Resource Locator">URL</acronym> as parameter. By default, user will be redirected on portal if no <acronym title="Uniform Resource Locator">URL</acronym> defined, or on the specified <acronym title="Uniform Resource Locator">URL</acronym> if any.
</div></p>
</p>
</div>
<!-- SECTION "Access rules" [2388-3368] -->
<h3><a name="http_headers" id="http_headers">HTTP headers</a></h3>
<div class="level3">
<p>
Headers are sent to application, they are not visible to users.
</p>
<p>
Headers value can be a single session key or a full <acronym title="Practical Extraction and Report Language">Perl</acronym> expression. For example:
</p>
<pre class="code">
Auth-User =&gt; $uid
Unit =&gt; &#039;Unit-&#039;.$ou
</pre>
<p>
<p><div class="notetip">By default, <acronym title="Single Sign On">SSO</acronym> cookie is hidden, so protected applications cannot get <acronym title="Single Sign On">SSO</acronym> session key. But you can forward this key if it is really needed:
</p>
<pre class="code">
Session-ID =&gt; $_session_id
</pre>
<p>
</div></p>
</p>
</div>
<!-- SECTION "HTTP headers" [3369-3795] -->
<h3><a name="post_data" id="post_data">POST data</a></h3>
<div class="level3">
<p>
<img src="/lib/images/smileys/fixme.gif" class="middle" alt="FIXME" /> Add link to form replay page
</p>
</div>
<!-- SECTION "POST data" [3796-3852] -->
<h3><a name="options" id="options">Options</a></h3>
<div class="level3">
<p>
Two options are available:
</p>
<ul>
<li class="level1"><div class="li"> Port</div>
</li>
<li class="level1"><div class="li"> HTTPS</div>
</li>
</ul>
<p>
These options are used to build redirection <acronym title="Uniform Resource Locator">URL</acronym> (when user is not logged, or for <acronym title="Cross Domain Authentication">CDA</acronym> requests). By default, default values are used. These options are only here to override default values.
</p>
</div>
<!-- SECTION "Options" [3853-] --></div><!-- closes <div class="dokuwiki export">-->

14
build/lemonldap-ng/doc/pages/documentation/latest/error.html
View File

@ -39,18 +39,18 @@
<p>
→ LemonLDAP::NG uses a key to crypt/decrypt some data. You have to set its value in Manager.
→ LemonLDAP::NG uses a key to crypt/decrypt some datas. You have to set its value in Manager.
</p>
</div>
<!-- SECTION "Lemonldap::NG::Common" [117-313] -->
<!-- SECTION "Lemonldap::NG::Common" [117-314] -->
<h2><a name="lemonldapnghandler" id="lemonldapnghandler">Lemonldap::NG::Handler</a></h2>
<div class="level2">
<pre class="file">Unable to clear local cache</pre>
<p>
→ Local cache cannot be cleard, check the localStorage and localStorageOptions
→ Local cache cannot be cleard, check the localStorage and localStorageOptions or file permissions
</p>
<pre class="file">Status module can not be loaded without localStorage parameter</pre>
@ -62,7 +62,7 @@
<p>
→ The configuration cannot be loaded. Check configStorage and configStorageOptions.
→ The configuration cannot be loaded. Check configStorage and configStorageOptionsor file permissions.
</p>
<pre class="file">User rejected because VirtualHost XXXX has no configuration</pre>
@ -72,7 +72,7 @@
</p>
</div>
<!-- SECTION "Lemonldap::NG::Handler" [314-899] -->
<!-- SECTION "Lemonldap::NG::Handler" [315-939] -->
<h2><a name="lemonldapngmanager" id="lemonldapngmanager">Lemonldap::NG::Manager</a></h2>
<div class="level2">
<pre class="file">XXXX was not found in tree</pre>
@ -83,7 +83,7 @@
</p>
</div>
<!-- SECTION "Lemonldap::NG::Manager" [900-1025] -->
<!-- SECTION "Lemonldap::NG::Manager" [940-1065] -->
<h2><a name="lemonldapngportal" id="lemonldapngportal">Lemonldap::NG::Portal</a></h2>
<div class="level2">
<pre class="file">User XXXX was not granted to open session</pre>
@ -118,4 +118,4 @@
</p>
</div>
<!-- SECTION "Lemonldap::NG::Portal" [1026-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "Lemonldap::NG::Portal" [1066-] --></div><!-- closes <div class="dokuwiki export">-->

4
build/lemonldap-ng/doc/pages/documentation/latest/installtarball.html
View File

@ -91,7 +91,7 @@ $ tar zxvf lemonldap-ng-*.tar.gz
<p>
First check and install the [prereq|prerequisites].
First check and install the <a href="../../documentation/latest/prereq.html" class="wikilink1" title="documentation:latest:prereq">prerequisites</a>.
</p>
<p>
@ -196,8 +196,6 @@ Available parameters are:
</li>
<li class="level1"><div class="li"> <strong>VHOSTLISTEN</strong>: how listen parameter is configured for virtual hosts in Apache (default: \*:80)</div>
</li>
<li class="level1"><div class="li"> <strong>WITHLA</strong>: install Liberty Alliance portal (default: 0) </div>
</li>
</ul>
</div>

22
build/lemonldap-ng/doc/pages/documentation/latest/logs.html
View File

@ -32,7 +32,7 @@
<p>
By default, LemonLDAP::NG uses Apache logs to store user actions:
By default, LemonLDAP::NG uses Apache logs to store user actions and other messages:
</p>
<ul>
<li class="level1"><div class="li"> Error log: all messages emitted by the program, depending on the configured log level</div>
@ -55,21 +55,33 @@ To configure the user identifier in access log, go in Manager, <code>General Par
</p>
</div>
<!-- SECTION "Apache logging" [21-588] -->
<!-- SECTION "Apache logging" [21-607] -->
<h2><a name="syslog" id="syslog">Syslog</a></h2>
<div class="level2">
<p>
LemonLDAP::NG can also use syslog.
LemonLDAP::NG can also use syslog (only for user actions).
</p>
<p>
In Manager, set syslog facility in <code>General Parameters</code> &gt; <code>Logging</code> &gt; <code>Syslog facility</code>.
</p>
<p>
The messages are stored with the facilities :
</p>
<ul>
<li class="level1"><div class="li"> <strong>info</strong> for user actions</div>
</li>
<li class="level1"><div class="li"> <strong>notice</strong> for good authentications or external exchange (<acronym title="Security Assertion Markup Language">SAML</acronym>, OpenID,…)</div>
</li>
<li class="level1"><div class="li"> <strong>warn</strong> for failed authentications</div>
</li>
</ul>
</div>
<!-- SECTION "Syslog" [589-740] -->
<!-- SECTION "Syslog" [608-980] -->
<h2><a name="override_logging_functions" id="override_logging_functions">Override logging functions</a></h2>
<div class="level2">
@ -86,4 +98,4 @@ Example:
<span class="re1">userNotice</span> <span class="sy0">=</span><span class="re2"> sub <span class="br0">&#123;</span> my <span class="br0">&#40;</span>$self, $message<span class="br0">&#41;</span> <span class="sy0">=</span> @_</span><span class="co0">; ... }</span></pre>
</div>
<!-- SECTION "Override logging functions" [741-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "Override logging functions" [981-] --></div><!-- closes <div class="dokuwiki export">-->

462
build/lemonldap-ng/doc/pages/documentation/latest/parameterlist.html Normal file
View File

@ -0,0 +1,462 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="parameter_list" id="parameter_list">Parameter list</a></h1>
<div class="level1">
<p>
<p><div class="notetip">
Click on a column header to sort table.
The attribute key name can be used directly in <code>lemonldap-ng.ini</code> or in <acronym title="Practical Extraction and Report Language">Perl</acronym> scripts to override configuration parameters.
</div></p>
</p>
<p>
<div class="sortable sort2"><table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Full name </th><th class="col1 centeralign"> Key name </th><th class="col2 centeralign"> Portal </th><th class="col3 leftalign"> Handler </th><th class="col4 leftalign"> Manager </th>
</tr>
<tr class="row1 rowodd">
<td class="col0"> Authentication backend </td><td class="col1"> authentication </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> User backend </td><td class="col1"> userDB </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row3 rowodd">
<td class="col0"> Password backend </td><td class="col1"> passwordDB </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row4 roweven">
<td class="col0"> Session backend </td><td class="col1"> globalStorage </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row5 rowodd">
<td class="col0"> Session backend options </td><td class="col1"> globalStorageOptions </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row6 roweven">
<td class="col0"> <acronym title="Security Assertion Markup Language">SAML</acronym> Session backend </td><td class="col1"> samlStorage </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row7 rowodd">
<td class="col0"> <acronym title="Security Assertion Markup Language">SAML</acronym> Session backend options </td><td class="col1"> samlStorageOptions </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row8 roweven">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> Session backend </td><td class="col1"> casStorage </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row9 rowodd">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> Session backend options </td><td class="col1"> casStorageOptions </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row10 roweven">
<td class="col0"> Configuration backend </td><td class="col1"> configStorage </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td>
</tr>
<tr class="row11 rowodd">
<td class="col0"> Cache backend </td><td class="col1"> localStorage </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td>
</tr>
<tr class="row12 roweven">
<td class="col0"> Cache backend options </td><td class="col1"> localStorageOptions </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td>
</tr>
<tr class="row13 rowodd">
<td class="col0"> Notification backend </td><td class="col1"> notificationStorage </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row14 roweven">
<td class="col0"> Notification backend options </td><td class="col1"> notificationStorageOptions </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row15 rowodd">
<td class="col0"> Remote user </td><td class="col1"> whatToTrace </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row16 roweven">
<td class="col0"> Custom functions </td><td class="col1"> customFunctions </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td>
</tr>
<tr class="row17 rowodd">
<td class="col0 leftalign"> Headers sent </td><td class="col1"> exportedHeaders </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row18 roweven">
<td class="col0"> Access rules </td><td class="col1"> locationRules </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row19 rowodd">
<td class="col0"> Portal <acronym title="Uniform Resource Locator">URL</acronym> </td><td class="col1"> portal </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row20 roweven">
<td class="col0"> Name of the cookie </td><td class="col1"> cookieName </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row21 rowodd">
<td class="col0"> Main <acronym title="Domain Name System">DNS</acronym> domain </td><td class="col1"> domain </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row22 roweven">
<td class="col0"> <acronym title="Cross Domain Authentication">CDA</acronym> activation </td><td class="col1"> cda </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row23 rowodd">
<td class="col0"> Cookie security </td><td class="col1"> securedCookie </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row24 roweven">
<td class="col0"> Cookie expiration </td><td class="col1"> cookieExpiration </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row25 rowodd">
<td class="col0"> Attributes from user backend </td><td class="col1"> exportedVars </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row26 roweven">
<td class="col0"> Local groups </td><td class="col1 leftalign"> groups </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row27 rowodd">
<td class="col0"> Macros </td><td class="col1 leftalign"> macros </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row28 roweven">
<td class="col0"> Session lifetime for cronjob </td><td class="col1"> timeout </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row29 rowodd">
<td class="col0"> Syslog facility </td><td class="col1"> syslog </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row30 roweven">
<td class="col0"> <acronym title="Simple Object Access Protocol">SOAP</acronym> activation </td><td class="col1"> Soap </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row31 rowodd">
<td class="col0"> Attributes exported in <acronym title="Simple Object Access Protocol">SOAP</acronym> </td><td class="col1 leftalign"> exportedAttr </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row32 roweven">
<td class="col0"> Store password in session </td><td class="col1"> storePassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row33 rowodd">
<td class="col0"> Notification activation </td><td class="col1"> notification </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row34 roweven">
<td class="col0"> Trusted domains </td><td class="col1"> trustedDomains </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row35 rowodd">
<td class="col0"> Rule for session granting </td><td class="col1"> grantSessionRule </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row36 roweven">
<td class="col0"> Status module </td><td class="col1"> status </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row37 rowodd">
<td class="col0"> Force HTTPS in redirection </td><td class="col1"> https </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row38 roweven">
<td class="col0"> Force port in redirection </td><td class="col1"> port </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row39 rowodd">
<td class="col0"> Protection scheme </td><td class="col1"> protection </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4 centeralign"></td>
</tr>
<tr class="row40 roweven">
<td class="col0"> Use XForwardedFor for <acronym title="Internet Protocol">IP</acronym> </td><td class="col1"> useXForwardedForIP </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4 centeralign"></td>
</tr>
<tr class="row41 rowodd">
<td class="col0"> Multi values separator </td><td class="col1 leftalign"> multiValuesSeparator </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td>
</tr>
<tr class="row42 roweven">
<td class="col0"> <acronym title="Simple Mail Transfer Protocol">SMTP</acronym> server </td><td class="col1"> SMTPServer </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row43 rowodd">
<td class="col0 leftalign"> Mail From address </td><td class="col1"> mailFrom </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row44 roweven">
<td class="col0"> Regular expression for random password </td><td class="col1"> randomPasswordRegexp </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row45 rowodd">
<td class="col0"> Subject for password mail </td><td class="col1"> mailSubject </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row46 roweven">
<td class="col0"> Body for password mail </td><td class="col1"> mailBody </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row47 rowodd">
<td class="col0"> Subject for confirmation mail </td><td class="col1"> mailConfirmSubject </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row48 roweven">
<td class="col0"> Body for confirmation mail </td><td class="col1"> mailConfirmBody </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row49 rowodd">
<td class="col0"> <acronym title="Uniform Resource Locator">URL</acronym> for mail reset </td><td class="col1"> mailUrl </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row50 roweven">
<td class="col0"> Skin name </td><td class="col1"> portalSkin </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row51 rowodd">
<td class="col0"> Display logout module </td><td class="col1"> portalDisplayLogout </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row52 roweven">
<td class="col0"> Display reset password form </td><td class="col1"> portalDisplayResetPassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row53 rowodd">
<td class="col0"> Display change password module </td><td class="col1"> portalDisplayChangePassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row54 roweven">
<td class="col0"> Display applications list </td><td class="col1"> portalDisplayAppslist </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row55 rowodd">
<td class="col0"> Allow form autocompletion </td><td class="col1"> portalAutocomplete </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row56 roweven">
<td class="col0"> Require old password (change) </td><td class="col1"> portalRequireOldPassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row57 rowodd">
<td class="col0"> User name session field </td><td class="col1"> portalUserAttr </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row58 roweven">
<td class="col0"> Open links in new window </td><td class="col1"> portalOpenLinkInNewWindow </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row59 rowodd">
<td class="col0"> Anti frame protection </td><td class="col1"> portalAntiFrame </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row60 roweven">
<td class="col0"> Delete other session </td><td class="col1"> singleSession </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row61 rowodd">
<td class="col0"> Delete other session if <acronym title="Internet Protocol">IP</acronym> differs </td><td class="col1"> singleIP </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row62 roweven">
<td class="col0"> Do not allow several users for 1 <acronym title="Internet Protocol">IP</acronym> </td><td class="col1"> singleUserByIP </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row63 rowodd">
<td class="col0"> Display other sessions </td><td class="col1"> notifyOther </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row64 roweven">
<td class="col0"> Display deleted sessions </td><td class="col1"> notifyDeleted </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row65 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> server or Net::<acronym title="Lightweight Directory Access Protocol">LDAP</acronym> connexion string </td><td class="col1"> ldapServer </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row66 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> Port </td><td class="col1"> ldapPort </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row67 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> search base </td><td class="col1"> ldapBase </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row68 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> Bind <acronym title="Distinguished Name">DN</acronym> </td><td class="col1"> managerDn </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row69 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> Bind Password </td><td class="col1"> managerPassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row70 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> main search filter </td><td class="col1"> LDAPFilter </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row71 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> authentication search filter </td><td class="col1"> AuthLDAPFilter </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row72 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> mail search filter </td><td class="col1"> mailLDAPFilter </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row73 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> password policy control </td><td class="col1"> ldapPpolicyControl </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row74 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> extended SetPassword modify </td><td class="col1"> ldapSetPassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row75 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups base </td><td class="col1"> ldapGroupBase </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row76 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups objectClass </td><td class="col1"> ldapGroupObjectClass </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row77 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups member attribute </td><td class="col1"> ldapGroupAttributeName </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row78 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups member link value </td><td class="col1"> ldapGroupAttributeNameUser </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row79 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups name attribute </td><td class="col1"> ldapGroupAttributeNameSearch </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row80 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> activate recursive groups </td><td class="col1"> ldapGroupRecursive </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row81 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> group link attribute name </td><td class="col1"> ldapGroupAttributeNameGroup </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row82 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> change password as user </td><td class="col1"> ldapChangePasswordAsUser </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row83 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> password encoding </td><td class="col1"> ldapPwdEnc </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row84 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> timeout </td><td class="col1"> ldapTimeout </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row85 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> version </td><td class="col1"> ldapVersion </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row86 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> binary attributes </td><td class="col1"> ldapRaw </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row87 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> authentication level </td><td class="col1"> ldapAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row88 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Connection chain </td><td class="col1"> dbiAuthChain </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row89 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Connection user </td><td class="col1"> dbiAuthUser</td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row90 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Connection password </td><td class="col1"> dbiAuthPassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row91 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Authentication table </td><td class="col1"> dbiAuthTable </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row92 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Login column </td><td class="col1"> dbiAuthLoginCol </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row93 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Password column </td><td class="col1"> dbiAuthPasswordCol </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row94 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Password hash </td><td class="col1"> dbiAuthPasswordHash </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row95 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> UserDB connection chain </td><td class="col1"> dbiUserChain </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row96 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> UserDB connection user </td><td class="col1"> dbiUserUser </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row97 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> UserDB connection password </td><td class="col1"> dbiUserPassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row98 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> UserDB table </td><td class="col1"> dbiUserTable </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row99 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Mail column </td><td class="col1"> dbiPasswordMailCol </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row100 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Pivot from user table </td><td class="col1"> userPivot </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row101 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> authentication level </td><td class="col1"> dbiAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row102 roweven">
<td class="col0"> <acronym title="Secure Sockets Layer">SSL</acronym> user field in certificate </td><td class="col1"> SSLVar </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row103 rowodd">
<td class="col0"> <acronym title="Secure Sockets Layer">SSL</acronym> map with <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> attribute </td><td class="col1"> SSLLDAPField </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row104 roweven">
<td class="col0"> <acronym title="Secure Sockets Layer">SSL</acronym> force <acronym title="Secure Sockets Layer">SSL</acronym> authentication </td><td class="col1"> SSLRequire </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row105 rowodd">
<td class="col0"> <acronym title="Secure Sockets Layer">SSL</acronym> authentication level </td><td class="col1"> SSLAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row106 roweven">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> server <acronym title="Uniform Resource Locator">URL</acronym> </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_url </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row107 rowodd">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> CA file </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_CAFile </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row108 roweven">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> force authentication renewal </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_renew </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row109 rowodd">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> force gateway authentication </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_gateway </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row110 roweven">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> <acronym title="Proxy Granting Ticket">PGT</acronym> temporary file </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_pgtFile </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row111 rowodd">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> proxied services </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_proxiedServices </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row112 roweven">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> authentication level </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_authnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row113 rowodd">
<td class="col0"> Remote portal </td><td class="col1"> remotePortal </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row114 roweven">
<td class="col0"> Remote Session backend </td><td class="col1"> remoteGlobalStorage </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row115 rowodd">
<td class="col0"> Remote Session backend options </td><td class="col1"> remoteGlobalStorageOptions </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row116 roweven">
<td class="col0"> Remote cookie name </td><td class="col1"> remoteCookieName </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row117 rowodd">
<td class="col0"> Proxy portal <acronym title="Uniform Resource Locator">URL</acronym> </td><td class="col1"> soapAuthService </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row118 roweven">
<td class="col0"> Proxy cookie name </td><td class="col1"> remoteCookieName </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row119 rowodd">
<td class="col0"> Proxy session <acronym title="Simple Object Access Protocol">SOAP</acronym> end point </td><td class="col1"> soapSessionService </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row120 roweven">
<td class="col0"> Twitter application key </td><td class="col1"> twitterKey </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row121 rowodd">
<td class="col0"> Twitter application secret </td><td class="col1"> twitterSecret </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row122 roweven">
<td class="col0"> Twitter application name </td><td class="col1"> twitterAppName </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row123 rowodd">
<td class="col0"> Twitter authentication level </td><td class="col1"> twitterAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row124 roweven">
<td class="col0"> OpenID secret token </td><td class="col1"> openIdSecret </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row125 rowodd">
<td class="col0"> OpenID allowed domains </td><td class="col1"> openIdIDPList </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row126 roweven">
<td class="col0"> OpenID authentication level </td><td class="col1"> openIdAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row127 rowodd">
<td class="col0"> Apache authentication level </td><td class="col1"> apacheAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row128 roweven">
<td class="col0"> Null authentication level </td><td class="col1"> nullAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row129 rowodd">
<td class="col0"> Choice <acronym title="Uniform Resource Locator">URL</acronym> parameter </td><td class="col1"> authChoiceParam </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row130 roweven">
<td class="col0"> Choice modules </td><td class="col1"> authChoiceModules </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row131 rowodd">
<td class="col0"> Multi overridden parameters </td><td class="col1"> multi </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row132 roweven">
<td class="col0"> Zimbra preauthentication key </td><td class="col1"> zimbraPreAuthKey </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row133 rowodd">
<td class="col0"> Zimbra account session key </td><td class="col1"> zimbraAccountKey </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row134 roweven">
<td class="col0"> Zimbra account type </td><td class="col1"> zimbraBy </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row135 rowodd">
<td class="col0"> Zimbra preauthentication <acronym title="Uniform Resource Locator">URL</acronym> </td><td class="col1"> zimbraUr </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row136 roweven">
<td class="col0"> Zimbra local <acronym title="Single Sign On">SSO</acronym> <acronym title="Uniform Resource Locator">URL</acronym> pattern </td><td class="col1"> zimbraSsoUrl </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row137 rowodd">
<td class="col0"> Sympa shared secret </td><td class="col1"> sympaSecret </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row138 roweven">
<td class="col0"> Sympa mail session key </td><td class="col1"> sympaMailKey </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
</table>
</div>
</p>
</div>
</div><!-- closes <div class="dokuwiki export">-->

22
build/lemonldap-ng/doc/pages/documentation/latest/prereq.html
View File

@ -79,7 +79,7 @@ different versions of Apache/mod_perl.
</li>
<li class="level1"><div class="li"> Cache::Cache</div>
</li>
<li class="level1"><div class="li"> DBI</div>
<li class="level1"><div class="li"> <acronym title="Database Interface">DBI</acronym></div>
</li>
<li class="level1"><div class="li"> <acronym title="Extensible Markup Language">XML</acronym>::Simple</div>
</li>
@ -122,7 +122,7 @@ different versions of Apache/mod_perl.
</div>
<!-- SECTION "Reset password by mail" [1672-1764] -->
<h3><a name="saml2_or_liberty_alliance" id="saml2_or_liberty_alliance">SAML2 or Liberty Alliance</a></h3>
<h3><a name="saml2" id="saml2">SAML2</a></h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> <a href="http://lasso.entrouvert.org/" class="urlextern" title="http://lasso.entrouvert.org/" rel="nofollow">Lasso</a></div>
@ -136,7 +136,7 @@ different versions of Apache/mod_perl.
</ul>
</div>
<!-- SECTION "SAML2 or Liberty Alliance" [1765-1895] -->
<!-- SECTION "SAML2" [1765-1875] -->
<h3><a name="cas" id="cas">CAS</a></h3>
<div class="level3">
<ul>
@ -145,7 +145,7 @@ different versions of Apache/mod_perl.
</ul>
</div>
<!-- SECTION "CAS" [1896-1969] -->
<!-- SECTION "CAS" [1876-1949] -->
<h3><a name="openid" id="openid">OpenID</a></h3>
<div class="level3">
<ul>
@ -156,7 +156,7 @@ different versions of Apache/mod_perl.
</ul>
</div>
<!-- SECTION "OpenID" [1970-2052] -->
<!-- SECTION "OpenID" [1950-2032] -->
<h3><a name="twitter" id="twitter">Twitter</a></h3>
<div class="level3">
<ul>
@ -165,7 +165,7 @@ different versions of Apache/mod_perl.
</ul>
</div>
<!-- SECTION "Twitter" [2053-2089] -->
<!-- SECTION "Twitter" [2033-2069] -->
<h3><a name="pod_unit_tests" id="pod_unit_tests">POD unit tests</a></h3>
<div class="level3">
<ul>
@ -174,7 +174,7 @@ different versions of Apache/mod_perl.
</ul>
</div>
<!-- SECTION "POD unit tests" [2090-2130] -->
<!-- SECTION "POD unit tests" [2070-2110] -->
<h2><a name="other" id="other">Other</a></h2>
<div class="level2">
<ul>
@ -183,12 +183,12 @@ different versions of Apache/mod_perl.
</ul>
</div>
<!-- SECTION "Other" [2131-2247] -->
<!-- SECTION "Other" [2111-2227] -->
<h2><a name="install_dependencies_on_your_system" id="install_dependencies_on_your_system">Install dependencies on your system</a></h2>
<div class="level2">
</div>
<!-- SECTION "Install dependencies on your system" [2248-2297] -->
<!-- SECTION "Install dependencies on your system" [2228-2277] -->
<h3><a name="apt-get" id="apt-get">APT-GET</a></h3>
<div class="level3">
<pre class="code">
@ -196,7 +196,7 @@ different versions of Apache/mod_perl.
</pre>
</div>
<!-- SECTION "APT-GET" [2298-2822] -->
<!-- SECTION "APT-GET" [2278-2802] -->
<h3><a name="yum" id="yum">YUM</a></h3>
<div class="level3">
@ -215,4 +215,4 @@ Choose a repository which hosted <acronym title="Practical Extraction and Report
</pre>
</div>
<!-- SECTION "YUM" [2823-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "YUM" [2803-] --></div><!-- closes <div class="dokuwiki export">-->

54
build/lemonldap-ng/doc/pages/documentation/latest/start.html
View File

@ -38,7 +38,7 @@
</li>
<li class="level1"><div class="li"> <a href="../../documentation/latest/installrpm.html" class="wikilink1" title="documentation:latest:installrpm">Installation on RHEL/CentOS with packages</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/latest/upgrade.html" class="wikilink2" title="documentation:latest:upgrade" rel="nofollow">Upgrade from 0.9.4</a></div>
<li class="level1"><div class="li"> <a href="../../documentation/latest/upgrade.html" class="wikilink1" title="documentation:latest:upgrade">Upgrade from 0.9.4</a></div>
</li>
</ul>
@ -48,17 +48,61 @@
<div class="level2">
</div>
<!-- SECTION "Configuration" [339-366] -->
<!-- SECTION "Configuration" [339-365] -->
<h3><a name="overview" id="overview">Overview</a></h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> <a href="../../documentation/latest/configlocation.html" class="wikilink1" title="documentation:latest:configlocation">Configuration location</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/latest/configvhost.html" class="wikilink1" title="documentation:latest:configvhost">Manage virtual hosts</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/latest/parameterlist.html" class="wikilink1" title="documentation:latest:parameterlist">Parameters list</a></div>
</li>
</ul>
</div>
<!-- SECTION "Overview" [366-511] -->
<h3><a name="portal" id="portal">Portal</a></h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> <a href="../../documentation/latest/portalcustom.html" class="wikilink2" title="documentation:latest:portalcustom" rel="nofollow">Portal customization</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/latest/portalmenu.html" class="wikilink2" title="documentation:latest:portalmenu" rel="nofollow">Manage applications menu</a></div>
</li>
</ul>
</div>
<!-- SECTION "Portal" [512-616] -->
<h3><a name="authentication" id="authentication">Authentication</a></h3>
<div class="level3">
</div>
<!-- SECTION "Authentication" [617-642] -->
<h3><a name="configuration1" id="configuration1">Configuration</a></h3>
<div class="level3">
</div>
<!-- SECTION "Configuration" [643-667] -->
<h3><a name="sessions" id="sessions">Sessions</a></h3>
<div class="level3">
</div>
<!-- SECTION "Sessions" [668-687] -->
<h3><a name="identity_provider" id="identity_provider">Identity provider</a></h3>
<div class="level3">
</div>
<!-- SECTION "Identity provider" [688-717] -->
<h2><a name="applications_protection" id="applications_protection">Applications protection</a></h2>
<div class="level2">
</div>
<!-- SECTION "Applications protection" [367-404] -->
<!-- SECTION "Applications protection" [718-755] -->
<h2><a name="advanced_features" id="advanced_features">Advanced features</a></h2>
<div class="level2">
</div>
<!-- SECTION "Advanced features" [405-436] -->
<!-- SECTION "Advanced features" [756-787] -->
<h2><a name="exploitation" id="exploitation">Exploitation</a></h2>
<div class="level2">
<ul>
@ -71,4 +115,4 @@
</ul>
</div>
<!-- SECTION "Exploitation" [437-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "Exploitation" [788-] --></div><!-- closes <div class="dokuwiki export">-->

17
build/lemonldap-ng/doc/pages/documentation/latest/status.html
View File

@ -35,6 +35,13 @@
When status feature is activated, Handlers and portal will collect statistics and save them in their local cache. This means that if several Handlers are deployed, each will manage its own statistics.
</p>
<p>
<p><div class="notetip">
This page can be browsed for example by <a href="http://oss.oetiker.ch/mrtg/" class="urlextern" title="http://oss.oetiker.ch/mrtg/" rel="nofollow">mrtg</a> using the script <strong>lmng-mrtg</strong>
</div></p>
</p>
<p>
The statistics are collected trough a daemon launched by the Handler. It can be seen in system processes, for example:
@ -56,12 +63,12 @@ Example of status page:
</p>
</div>
<!-- SECTION "Presentation" [31-1069] -->
<!-- SECTION "Presentation" [31-1197] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
</div>
<!-- SECTION "Configuration" [1070-1096] -->
<!-- SECTION "Configuration" [1198-1224] -->
<h3><a name="apache" id="apache">Apache</a></h3>
<div class="level3">
@ -81,12 +88,12 @@ Then restart Apache.
</p>
<p>
<p><div class="notetip">You should change the <code>Allow</code> directive to match administration IP, or use another Apache protection mean.
<p><div class="notetip">You should change the <code>Allow</code> directive to match administration <acronym title="Internet Protocol">IP</acronym>, or use another Apache protection mean.
</div></p>
</p>
</div>
<!-- SECTION "Apache" [1097-1557] -->
<!-- SECTION "Apache" [1225-1685] -->
<h3><a name="lemonldapng" id="lemonldapng">LemonLDAP::NG</a></h3>
<div class="level3">
@ -104,4 +111,4 @@ Then restart Apache.
</p>
</div>
<!-- SECTION "LemonLDAP::NG" [1558-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "LemonLDAP::NG" [1686-] --></div><!-- closes <div class="dokuwiki export">-->

203
build/lemonldap-ng/doc/pages/documentation/latest/upgrade.html Normal file
View File

@ -0,0 +1,203 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="upgrade_from_094_to_10" id="upgrade_from_094_to_10">Upgrade from 0.9.4 to 1.0</a></h1>
<div class="level1">
<p>
<p><div class="noteclassic">If you are using packages, they should have done the upgrade process for you, but you can check here that all is in order.
</div></p>
</p>
</div>
<!-- SECTION "Upgrade from 0.9.4 to 1.0" [1-178] -->
<h2><a name="apache_configuration" id="apache_configuration">Apache configuration</a></h2>
<div class="level2">
<p>
Now LemonLDAP::NG is shipped with 3 Apache configuration files:
</p>
<ul>
<li class="level1"><div class="li"> <strong>portal-apache2.conf</strong>: portal virtual host</div>
</li>
<li class="level1"><div class="li"> <strong>manager-apache2.conf</strong>: manager virtual host</div>
</li>
<li class="level1"><div class="li"> <strong>handler-apache2.conf</strong>: handler declaration and protected application virtual hosts</div>
</li>
</ul>
<p>
<p><div class="noteimportant">If you are still using Apache 1, those files are named <strong>portal-apache.conf</strong>, <strong>manager-apache.conf</strong>, <strong>handler-apache.conf</strong>, but some features will not work (automatic post,…).
</div></p>
</p>
<p>
You need to update these files with all your Apache configuration customization.
</p>
</div>
<!-- SECTION "Apache configuration" [179-756] -->
<h2><a name="lemonldapng_configuration_files" id="lemonldapng_configuration_files">LemonLDAP::NG configuration files</a></h2>
<div class="level2">
<p>
LemonLDAP::NG 0.9.4 used local files for some settings:
</p>
<ul>
<li class="level1"><div class="li"> <strong>apply.conf</strong>: <acronym title="Uniform Resource Identifier">URI</acronym> used by Manager to apply changes</div>
</li>
<li class="level1"><div class="li"> <strong>storage.conf</strong>: Configuration location and Cache settings</div>
</li>
<li class="level1"><div class="li"> <strong>apps-list.xml</strong>: Application menu</div>
</li>
</ul>
<p>
Those file are not used anymore, and merged into <code>lemonldap-ng.ini</code>.
</p>
<p>
There is a script in the bin/ directory called <code>lmMigrateConfFiles2ini</code> designed to parse old configuration files and copy parameters in the new file.
</p>
<p>
Script options:
</p>
<ul>
<li class="level1"><div class="li"> <strong>--dir,-d</strong>: path to main configuration directory (default: /etc/lemonldap-ng)</div>
</li>
<li class="level1"><div class="li"> <strong>--storage,-s</strong>: path to storage.conf (if not stored in conf dir)</div>
</li>
<li class="level1"><div class="li"> <strong>--apply,-a</strong>: path to apply.conf (if not stored in conf dir)</div>
</li>
<li class="level1"><div class="li"> <strong>--menuxml,-m</strong>: path to apps-list.xml (if not stored in conf dir)</div>
</li>
<li class="level1"><div class="li"> <strong>--ini,-i</strong>: path to lemonldap-ng.ini (if not stored in conf dir)</div>
</li>
<li class="level1"><div class="li"> <strong>--preserve,-p</strong>: do not erase old files after import</div>
</li>
<li class="level1"><div class="li"> <strong>--help,-h</strong>: show this message</div>
</li>
<li class="level1"><div class="li"> <strong>--verbose,-v</strong>: let me tell you my life</div>
</li>
</ul>
<p>
Here is how you can use it, if you installed LemonLDAP::NG from the tarball in the /usr/local/lemonldap-ng directory:
</p>
<pre class="code">
$ sudo /usr/local/lemonldap-ng/bin/lmMigrateConfFiles2ini -d /usr/local/lemonldap-ng/etc -v -p
</pre>
<p>
Remove the <code>-p</code> options if you want to delete old files.
</p>
<p>
<p><div class="noteimportant">The migration of application list in ini file will work, but it will then be hard to update. You should use the Manager and reconfigure all categories and applications trough it, and then comment application list in ini file.
</div></p>
</p>
</div>
<!-- SECTION "LemonLDAP::NG configuration files" [757-2342] -->
<h2><a name="customized_scripts_parameters" id="customized_scripts_parameters">Customized scripts parameters</a></h2>
<div class="level2">
<p>
Before 1.0, we used to override some configuration parameters by editing perl scripts (like <code>portal/index.pl</code>) and setting values like this :
</p>
<pre class="code file perl"><span class="kw1">my</span> <span class="re0">$portal</span> <span class="sy0">=</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">SharedConf</span><span class="sy0">-&gt;</span><span class="me1">new</span><span class="br0">&#40;</span> <span class="br0">&#123;</span>
portal <span class="sy0">=&gt;</span> <span class="st_h">'auth.example.com'</span><span class="sy0">,</span>
cookieName <span class="sy0">=&gt;</span> <span class="st_h">'lemonldap'</span><span class="sy0">,</span>
ldapPort <span class="sy0">=&gt;</span> <span class="st_h">'390'</span><span class="sy0">,</span>
<span class="br0">&#125;</span> <span class="br0">&#41;</span><span class="sy0">;</span></pre>
<p>
The new <code>lemonldap-ng.ini</code> file should be now used to do this, as perl scripts are program files that are erased on software updates. You have to know too that all configuration parameters are now available in Manager interface.
</p>
<p>
If you still need to customize those program files, please prefer to copy them:
</p>
<pre class="code">
# cp portal/index.pl portal/indexcustom.pl
</pre>
<p>
And declare your custom file in Apache configuration
</p>
<pre class="code file apache"><span class="kw1">DirectoryIndex</span> indexcustom.pl</pre>
<p>
This will prevent your local modifications to be dropped when you will update your LemonLDAP::NG version.
</p>
</div>
<!-- SECTION "Customized scripts parameters" [2343-3283] -->
<h2><a name="liberty_alliance_portal" id="liberty_alliance_portal">Liberty Alliance portal</a></h2>
<div class="level2">
<p>
Liberty Alliance portal was removed. So ID-FF authentication is no more supported.
</p>
<p>
To replace it, LemonLDAP::NG has now SAML2 authentication backend.
</p>
</div>
<!-- SECTION "Liberty Alliance portal" [3284-3473] -->
<h2><a name="dbi_configuration_backend" id="dbi_configuration_backend">DBI configuration backend</a></h2>
<div class="level2">
<p>
<acronym title="Database Interface">DBI</acronym> configuration has been removed. You now have two choices to store configuration in a database:
</p>
<ul>
<li class="level1"><div class="li"> RDBI</div>
</li>
<li class="level1"><div class="li"> CDBI</div>
</li>
</ul>
<p>
<img src="/lib/images/smileys/fixme.gif" class="middle" alt="FIXME" /> add links to RDBI and CDBI conf
</p>
</div>
<!-- SECTION "DBI configuration backend" [3474-] --></div><!-- closes <div class="dokuwiki export">-->

38
build/lemonldap-ng/doc/pages/documentation/presentation.html
View File

@ -31,7 +31,7 @@ LemonLDAP::NG is a modular WebSSO (Single Sign On) based on Apache::Session modu
</p>
<p>
It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space as described below.
It manages both authentication and authorization and provides headers for accounting. So you can have a full <acronym title="Authentication Authorization Accounting">AAA</acronym> protection for your web space as described below.
</p>
</div>
@ -124,7 +124,7 @@ Main internal databases are:
<ol>
<li class="level1"><div class="li"> User tries to access protected application, his request is catched by Handler</div>
</li>
<li class="level1"><div class="li"> SSO cookie is not detected, so Handler redirects user to Portal</div>
<li class="level1"><div class="li"> <acronym title="Single Sign On">SSO</acronym> cookie is not detected, so Handler redirects user to Portal</div>
</li>
<li class="level1"><div class="li"> User authenticates on Portal</div>
</li>
@ -136,7 +136,7 @@ Main internal databases are:
</li>
<li class="level1"><div class="li"> Portal gets the session key</div>
</li>
<li class="level1"><div class="li"> Portal creates SSO cookie with session key as value</div>
<li class="level1"><div class="li"> Portal creates <acronym title="Single Sign On">SSO</acronym> cookie with session key as value</div>
</li>
<li class="level1"><div class="li"> User is redirected on protected application, with his new cookie</div>
</li>
@ -154,7 +154,7 @@ Main internal databases are:
<p>
Handler will then check SSO cookie for each <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> request.
Handler will then check <acronym title="Single Sign On">SSO</acronym> cookie for each <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> request.
</p>
</div>
@ -169,9 +169,9 @@ Default use case:
<ol>
<li class="level1"><div class="li"> User clicks on the logout link in Portal</div>
</li>
<li class="level1"><div class="li"> Portal destroys session and redirects user on itself with an empty SSO cookie</div>
<li class="level1"><div class="li"> Portal destroys session and redirects user on itself with an empty <acronym title="Single Sign On">SSO</acronym> cookie</div>
</li>
<li class="level1"><div class="li"> User is redirected on portal and his SSO cookie is empty</div>
<li class="level1"><div class="li"> User is redirected on portal and his <acronym title="Single Sign On">SSO</acronym> cookie is empty</div>
</li>
</ol>
@ -180,11 +180,11 @@ Default use case:
LemonLDAP::NG is also able to catch logout request on protected applications, with different behavior:
</p>
<ul>
<li class="level1"><div class="li"> <strong>SSO logout</strong>: the request is not forwarded to application, only the SSO session is closed</div>
<li class="level1"><div class="li"> <strong><acronym title="Single Sign On">SSO</acronym> logout</strong>: the request is not forwarded to application, only the <acronym title="Single Sign On">SSO</acronym> session is closed</div>
</li>
<li class="level1"><div class="li"> <strong>Application logout</strong>: the request is forwarded to application but SSO session is not closed</div>
<li class="level1"><div class="li"> <strong>Application logout</strong>: the request is forwarded to application but <acronym title="Single Sign On">SSO</acronym> session is not closed</div>
</li>
<li class="level1"><div class="li"> <strong>SSO and Application logout</strong>: the request is forwarded to application and SSO session is closed</div>
<li class="level1"><div class="li"> <strong><acronym title="Single Sign On">SSO</acronym> and Application logout</strong>: the request is forwarded to application and <acronym title="Single Sign On">SSO</acronym> session is closed</div>
</li>
</ul>
@ -205,22 +205,22 @@ After logout process, the user is redirected on portal, or on a configured <acro
<p>
<p><div class="noteclassic">For security reason, a cookie provided for a domain cannot be sent to another domain. To extend SSO on several domains, a cross-domain mechanism is implemented in LemonLDAP::NG.
<p><div class="noteclassic">For security reason, a cookie provided for a domain cannot be sent to another domain. To extend <acronym title="Single Sign On">SSO</acronym> on several domains, a cross-domain mechanism is implemented in LemonLDAP::NG.
</div></p>
</p>
<ol>
<li class="level1"><div class="li"> User owns SSO cookie on the main domain (see <span class="curid"><a href="../documentation/presentation.html#login" class="wikilink1" title="documentation:presentation">Login kinematics</a></span>)</div>
<li class="level1"><div class="li"> User owns <acronym title="Single Sign On">SSO</acronym> cookie on the main domain (see <span class="curid"><a href="../documentation/presentation.html#login" class="wikilink1" title="documentation:presentation">Login kinematics</a></span>)</div>
</li>
<li class="level1"><div class="li"> User tries to access a protected application in a different domain</div>
</li>
<li class="level1"><div class="li"> Handler does not see SSO cookie (because it is not in main domain) and redirects user on Portal</div>
<li class="level1"><div class="li"> Handler does not see <acronym title="Single Sign On">SSO</acronym> cookie (because it is not in main domain) and redirects user on Portal</div>
</li>
<li class="level1"><div class="li"> Portal recognizes the user with its SSO cookie, and see he is coming from a different domain</div>
<li class="level1"><div class="li"> Portal recognizes the user with its <acronym title="Single Sign On">SSO</acronym> cookie, and see he is coming from a different domain</div>
</li>
<li class="level1"><div class="li"> Portal redirects user on protected application with his session ID as <acronym title="Uniform Resource Locator">URL</acronym> parameter</div>
</li>
<li class="level1"><div class="li"> Handler detects <acronym title="Uniform Resource Locator">URL</acronym> parameter and create a SSO cookie on its domain, with session ID as value</div>
<li class="level1"><div class="li"> Handler detects <acronym title="Uniform Resource Locator">URL</acronym> parameter and create a <acronym title="Single Sign On">SSO</acronym> cookie on its domain, with session ID as value</div>
</li>
</ol>
@ -243,9 +243,9 @@ If a user is not authenticated and attempts to connect to an area protected by a
Authentication process main steps are:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Control <acronym title="Uniform Resource Locator">URL</acronym> origin</strong>: prevent XSS attacks and bad redirections</div>
<li class="level1"><div class="li"> <strong>Control <acronym title="Uniform Resource Locator">URL</acronym> origin</strong>: prevent <acronym title="Cross Site Scripting">XSS</acronym> attacks and bad redirections</div>
</li>
<li class="level1"><div class="li"> <strong>Control existing session</strong>: detect SSO session, apply configured constraints (1 session per user, 1 session per IP, …)</div>
<li class="level1"><div class="li"> <strong>Control existing session</strong>: detect <acronym title="Single Sign On">SSO</acronym> session, apply configured constraints (1 session per user, 1 session per <acronym title="Internet Protocol">IP</acronym>, …)</div>
</li>
<li class="level1"><div class="li"> <strong>Extract form info</strong>: get login/password, certificate, environment varibale (depending on authentication module)</div>
</li>
@ -259,11 +259,11 @@ Authentication process main steps are:
</li>
<li class="level1"><div class="li"> <strong>Authenticate</strong>: contact authentication database to check credentials</div>
</li>
<li class="level1"><div class="li"> <strong>Grant session</strong>: check rights to open SSO session</div>
<li class="level1"><div class="li"> <strong>Grant session</strong>: check rights to open <acronym title="Single Sign On">SSO</acronym> session</div>
</li>
<li class="level1"><div class="li"> <strong>Store</strong>: store user info in session database</div>
</li>
<li class="level1"><div class="li"> <strong>Build cookie</strong>: build SSO cookie with session ID</div>
<li class="level1"><div class="li"> <strong>Build cookie</strong>: build <acronym title="Single Sign On">SSO</acronym> cookie with session ID</div>
</li>
<li class="level1"><div class="li"> <strong>Redirect</strong>: redirect user on protected application or on Portal</div>
</li>
@ -271,7 +271,7 @@ Authentication process main steps are:
<p>
LemonLDAP::NG SSO cookies are generated by Apache::Session, they are as secure as a 128-bit random cookie. You may use the securedCookie options to avoid session hijacking.
LemonLDAP::NG <acronym title="Single Sign On">SSO</acronym> cookies are generated by Apache::Session, they are as secure as a 128-bit random cookie. You may use the securedCookie options to avoid session hijacking.
</p>
</div>

32
build/lemonldap-ng/doc/pages/documentation/quickstart.html
View File

@ -35,7 +35,7 @@ This tutorial will guide you into a minimal installation and configuration proce
</li>
<li class="level1"><div class="li"> A web browser launched from the computer (to access localhost)</div>
</li>
<li class="level1"><div class="li"> An <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> directory with a user account (suffix: dc=example,dc=com)</div>
<li class="level1"><div class="li"> An <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> directory with a user account (default suffix: dc=example,dc=com)</div>
</li>
<li class="level1"><div class="li"> A cup of coffee (or tea, we are open minded)</div>
</li>
@ -47,7 +47,7 @@ This tutorial will guide you into a minimal installation and configuration proce
</p>
</div>
<!-- SECTION "Quick start tutorial" [1-417] -->
<!-- SECTION "Quick start tutorial" [1-425] -->
<h2><a name="installation" id="installation">Installation</a></h2>
<div class="level2">
@ -57,11 +57,11 @@ LemonLDAP::NG is written in <acronym title="Practical Extraction and Report Lang
</p>
<p>
Get the tarball on <a href="../download.html" class="wikilink1" title="download">Download page</a> and follow next steps:
Get the tarball on <a href="../download.html" class="wikilink1" title="download">Download page</a> and follow next steps (or install using packages):
</p>
</div>
<!-- SECTION "Installation" [418-652] -->
<!-- SECTION "Installation" [426-688] -->
<h3><a name="extract" id="extract">Extract</a></h3>
<div class="level3">
<pre class="code">
@ -70,7 +70,7 @@ $ cd lemonldap-ng-*
</pre>
</div>
<!-- SECTION "Extract" [653-740] -->
<!-- SECTION "Extract" [689-776] -->
<h3><a name="build" id="build">Build</a></h3>
<div class="level3">
<pre class="code">
@ -79,7 +79,7 @@ $ make test
</pre>
</div>
<!-- SECTION "Build" [741-792] -->
<!-- SECTION "Build" [777-828] -->
<h3><a name="install" id="install">Install</a></h3>
<div class="level3">
<pre class="code">
@ -103,18 +103,18 @@ You can also change the host and port with options LDAPHOST and LDAPPORT.
</p>
</div>
<!-- SECTION "Install" [793-1047] -->
<!-- SECTION "Install" [829-1083] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
</div>
<!-- SECTION "Configuration" [1048-1074] -->
<!-- SECTION "Configuration" [1084-1110] -->
<h3><a name="system" id="system">System</a></h3>
<div class="level3">
<p>
Update your /etc/hosts to map SSO URLs to localhost:
Update your /etc/hosts to map <acronym title="Single Sign On">SSO</acronym> URLs to localhost:
</p>
<pre class="code">
@ -122,7 +122,7 @@ $ sudo make postconf
</pre>
</div>
<!-- SECTION "System" [1075-1182] -->
<!-- SECTION "System" [1111-1218] -->
<h3><a name="apache" id="apache">Apache</a></h3>
<div class="level3">
@ -144,12 +144,12 @@ $ sudo apachectl restart
</pre>
</div>
<!-- SECTION "Apache" [1183-1550] -->
<!-- SECTION "Apache" [1219-1586] -->
<h2><a name="run" id="run">Run</a></h2>
<div class="level2">
</div>
<!-- SECTION "Run" [1551-1567] -->
<!-- SECTION "Run" [1587-1603] -->
<h3><a name="open_sso_session" id="open_sso_session">Open SSO session</a></h3>
<div class="level3">
@ -159,17 +159,17 @@ Go on <a href="http://auth.example.com" class="urlextern" title="http://auth.exa
</p>
</div>
<!-- SECTION "Open SSO session" [1568-1658] -->
<!-- SECTION "Open SSO session" [1604-1694] -->
<h3><a name="access_protected_application" id="access_protected_application">Access protected application</a></h3>
<div class="level3">
<p>
Try <a href="http://test1.example.com" class="urlextern" title="http://test1.example.com" rel="nofollow">http://test1.example.com</a> and <a href="http://test2.example.com" class="urlextern" title="http://test2.example.com" rel="nofollow">http://test2.example.com</a>
Try <a href="http://test1.example.com" class="urlextern" title="http://test1.example.com" rel="nofollow">http://test1.example.com</a> or <a href="http://test2.example.com" class="urlextern" title="http://test2.example.com" rel="nofollow">http://test2.example.com</a>
</p>
</div>
<!-- SECTION "Access protected application" [1659-1757] -->
<!-- SECTION "Access protected application" [1695-1792] -->
<h3><a name="edit_configuration" id="edit_configuration">Edit configuration</a></h3>
<div class="level3">
@ -179,4 +179,4 @@ Go on <a href="http://manager.example.com" class="urlextern" title="http://manag
</p>
</div>
<!-- SECTION "Edit configuration" [1758-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "Edit configuration" [1793-] --></div><!-- closes <div class="dokuwiki export">-->

9
build/lemonldap-ng/doc/pages/screenshots.html
View File

@ -29,13 +29,18 @@
</div>
<!-- SECTION "Screenshots" [12-38] -->
<h2><a name="section100" id="section100">1.00</a></h2>
<div class="level2">
<div class="gallery gallery_center" align="center"><table><tr><td><a href="../media/screenshots/1.00/status_standard.png" title="status_standard.png" class="lightbox JSnocheck" rel="lightbox" ><img src="../media/screenshots/1.00/status_standard.png?w=200&amp;h=182" width="200" height="182" border="0" alt="status_standard.png" class="tn" /></a><br /><a href="/_detail/screenshots/1.00/status_standard.png?id=screenshots">status_standard.png</a></td><td></td><td></td></tr></table><div class="clearer"></div></div>
</div>
<!-- SECTION "1.00" [39-118] -->
<h2><a name="section094" id="section094">0.9.4</a></h2>
<div class="level2">
<div class="gallery gallery_center" align="center"><table><tr><td><a href="../media/screenshots/0.9.4/0.9.4_application_menu.png?w=800&amp;h=534" title="0.9.4_application_menu.png" class="lightbox JSnocheck" rel="lightbox" ><img src="../media/screenshots/0.9.4/0.9.4_application_menu.png?w=200&amp;h=133" width="200" height="133" border="0" alt="0.9.4_application_menu.png" class="tn" /></a><br /><a href="/_detail/screenshots/0.9.4/0.9.4_application_menu.png?id=screenshots">0.9.4_application_menu.png</a></td><td><a href="../media/screenshots/0.9.4/0.9.4_authentication_portal.png?w=800&amp;h=534" title="0.9.4_authentication_portal.png" class="lightbox JSnocheck" rel="lightbox" ><img src="../media/screenshots/0.9.4/0.9.4_authentication_portal.png?w=200&amp;h=133" width="200" height="133" border="0" alt="0.9.4_authentication_portal.png" class="tn" /></a><br /><a href="/_detail/screenshots/0.9.4/0.9.4_authentication_portal.png?id=screenshots">0.9.4_authentication_portal.png</a></td><td><a href="../media/screenshots/0.9.4/0.9.4_logout_menu.png?w=800&amp;h=534" title="0.9.4_logout_menu.png" class="lightbox JSnocheck" rel="lightbox" ><img src="../media/screenshots/0.9.4/0.9.4_logout_menu.png?w=200&amp;h=133" width="200" height="133" border="0" alt="0.9.4_logout_menu.png" class="tn" /></a><br /><a href="/_detail/screenshots/0.9.4/0.9.4_logout_menu.png?id=screenshots">0.9.4_logout_menu.png</a></td></tr><tr><td><a href="../media/screenshots/0.9.4/0.9.4_password_menu.png?w=800&amp;h=534" title="0.9.4_password_menu.png" class="lightbox JSnocheck" rel="lightbox" ><img src="../media/screenshots/0.9.4/0.9.4_password_menu.png?w=200&amp;h=133" width="200" height="133" border="0" alt="0.9.4_password_menu.png" class="tn" /></a><br /><a href="/_detail/screenshots/0.9.4/0.9.4_password_menu.png?id=screenshots">0.9.4_password_menu.png</a></td><td><a href="../media/screenshots/0.9.4/0.9.4_password_reset.png?w=800&amp;h=534" title="0.9.4_password_reset.png" class="lightbox JSnocheck" rel="lightbox" ><img src="../media/screenshots/0.9.4/0.9.4_password_reset.png?w=200&amp;h=133" width="200" height="133" border="0" alt="0.9.4_password_reset.png" class="tn" /></a><br /><a href="/_detail/screenshots/0.9.4/0.9.4_password_reset.png?id=screenshots">0.9.4_password_reset.png</a></td><td></td></tr></table><div class="clearer"></div></div>
</div>
<!-- SECTION "0.9.4" [39-120] -->
<!-- SECTION "0.9.4" [119-200] -->
<h2><a name="section093" id="section093">0.9.3</a></h2>
<div class="level2">
<div class="gallery gallery_center" align="center"><table><tr><td><a href="../media/screenshots/0.9.3/lemonldap-ng-portal-appslist.png?w=800&amp;h=622" title="lemonldap-ng-portal-appslist.png" class="lightbox JSnocheck" rel="lightbox" ><img src="../media/screenshots/0.9.3/lemonldap-ng-portal-appslist.png?w=200&amp;h=155" width="200" height="155" border="0" alt="lemonldap-ng-portal-appslist.png" class="tn" /></a><br /><a href="/_detail/screenshots/0.9.3/lemonldap-ng-portal-appslist.png?id=screenshots">lemonldap-ng-portal-appslist.png</a></td><td><a href="../media/screenshots/0.9.3/lemonldap-ng-portal-auth.png?w=800&amp;h=622" title="lemonldap-ng-portal-auth.png" class="lightbox JSnocheck" rel="lightbox" ><img src="../media/screenshots/0.9.3/lemonldap-ng-portal-auth.png?w=200&amp;h=155" width="200" height="155" border="0" alt="lemonldap-ng-portal-auth.png" class="tn" /></a><br /><a href="/_detail/screenshots/0.9.3/lemonldap-ng-portal-auth.png?id=screenshots">lemonldap-ng-portal-auth.png</a></td><td><a href="../media/screenshots/0.9.3/lemonldap-ng-portal-password.png?w=800&amp;h=622" title="lemonldap-ng-portal-password.png" class="lightbox JSnocheck" rel="lightbox" ><img src="../media/screenshots/0.9.3/lemonldap-ng-portal-password.png?w=200&amp;h=155" width="200" height="155" border="0" alt="lemonldap-ng-portal-password.png" class="tn" /></a><br /><a href="/_detail/screenshots/0.9.3/lemonldap-ng-portal-password.png?id=screenshots">lemonldap-ng-portal-password.png</a></td></tr><tr><td><a href="../media/screenshots/0.9.3/lemonldap-ng-testpage.png?w=800&amp;h=622" title="lemonldap-ng-testpage.png" class="lightbox JSnocheck" rel="lightbox" ><img src="../media/screenshots/0.9.3/lemonldap-ng-testpage.png?w=200&amp;h=155" width="200" height="155" border="0" alt="lemonldap-ng-testpage.png" class="tn" /></a><br /><a href="/_detail/screenshots/0.9.3/lemonldap-ng-testpage.png?id=screenshots">lemonldap-ng-testpage.png</a></td><td></td><td></td></tr></table><div class="clearer"></div></div>
</div>
<!-- SECTION "0.9.3" [121-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "0.9.3" [201-] --></div><!-- closes <div class="dokuwiki export">-->

137
build/lemonldap-ng/doc/pages/start.html
View File

@ -46,7 +46,7 @@ LemonLDAP::NG is a free software, released under <acronym title="GNU General Pub
</p>
<p>
LemonLDAP::NG is the first SSO software deployed in French administrations. It can handle more than 200 000 users. Many private firms use it too. <a href="references.html" class="wikilink1" title="references">Check our references</a>!
LemonLDAP::NG is the first <acronym title="Single Sign On">SSO</acronym> software deployed in French administrations. It can handle more than 200 000 users. Many private firms use it too. <a href="references.html" class="wikilink1" title="references">Check our references</a>!
</p>
<p>
@ -63,23 +63,35 @@ LemonLDAP::NG is the first SSO software deployed in French administrations. It c
<!-- SECTION "Main Features" [464-490] -->
<h3><a name="single_sign_on_for_web_applications" id="single_sign_on_for_web_applications">Single Sign On for Web Applications</a></h3>
<div class="level3">
<p>
<a href="/_detail/icons/agt_web.png?id=start" class="media" title="icons:agt_web.png"><img src="../media/icons/agt_web.png" class="medialeft" align="left" alt="" /></a>
</p>
<ul>
<li class="level1"><div class="li"> Many SSO-ready applications (<a href="http://www.obm.org" class="urlextern" title="http://www.obm.org" rel="nofollow">OBM</a>, Bugzilla, Dokuwiki, etc.)</div>
<li class="level1"><div class="li"> Many <acronym title="Single Sign On">SSO</acronym>-ready applications (<a href="http://www.obm.org" class="urlextern" title="http://www.obm.org" rel="nofollow">OBM</a>, Bugzilla, Dokuwiki, etc.)</div>
</li>
<li class="level1"><div class="li"> Special Handlers for Zimbra, Sympa</div>
</li>
<li class="level1"><div class="li"> Tomcat SSO Valve</div>
<li class="level1"><div class="li"> Tomcat <acronym title="Single Sign On">SSO</acronym> Valve</div>
</li>
<li class="level1"><div class="li"> Replace all .htaccess based security</div>
</li>
<li class="level1"><div class="li"> Forward SSO trough <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> Auth-Basic or form replay</div>
<li class="level1"><div class="li"> Forward <acronym title="Single Sign On">SSO</acronym> trough <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> Auth-Basic or form replay</div>
</li>
<li class="level1"><div class="li"> One line code to integrate in Java, <acronym title="Hypertext Preprocessor">PHP</acronym>, .Net, <acronym title="Practical Extraction and Report Language">Perl</acronym>, Ruby, Python, …</div>
</li>
</ul>
<p>
<br/>
</p>
</div>
<!-- SECTION "Single Sign On for Web Applications" [491-855] -->
<!-- SECTION "Single Sign On for Web Applications" [491-885] -->
<h3><a name="strong_authorization_system" id="strong_authorization_system">Strong authorization system</a></h3>
<div class="level3">
@ -102,9 +114,15 @@ LemonLDAP::NG is the first SSO software deployed in French administrations. It c
</p>
</div>
<!-- SECTION "Strong authorization system" [856-1063] -->
<!-- SECTION "Strong authorization system" [886-1093] -->
<h3><a name="authentication_modules" id="authentication_modules">Authentication modules</a></h3>
<div class="level3">
<p>
<a href="/_detail/icons/gpg.png?id=start" class="media" title="icons:gpg.png"><img src="../media/icons/gpg.png" class="medialeft" align="left" alt="" /></a>
</p>
<ul>
<li class="level1"><div class="li"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym></div>
</li>
@ -112,28 +130,40 @@ LemonLDAP::NG is the first SSO software deployed in French administrations. It c
</li>
<li class="level1"><div class="li"> <acronym title="Secure Sockets Layer">SSL</acronym> X509</div>
</li>
<li class="level1"><div class="li"> Apache built-in modules (Kerberos, OTP, …)</div>
<li class="level1"><div class="li"> Apache built-in modules (Kerberos, NTLM , OTP, …)</div>
</li>
<li class="level1"><div class="li"> SAML 2.0</div>
<li class="level1"><div class="li"> <acronym title="Security Assertion Markup Language">SAML</acronym> 2.0 / Shibboleth</div>
</li>
<li class="level1"><div class="li"> OpenID</div>
</li>
<li class="level1"><div class="li"> Twitter</div>
</li>
<li class="level1"><div class="li"> CAS</div>
<li class="level1"><div class="li"> <acronym title="Central Authentication Service">CAS</acronym></div>
</li>
<li class="level1"><div class="li"> Multiple and Choice (modules stacking)</div>
</li>
</ul>
<p>
<br/>
</p>
</div>
<!-- SECTION "Authentication modules" [1064-1269] -->
<!-- SECTION "Authentication modules" [1094-1345] -->
<h3><a name="ldap_integration" id="ldap_integration">LDAP integration</a></h3>
<div class="level3">
<p>
<a href="/_detail/icons/database.png?id=start" class="media" title="icons:database.png"><img src="../media/icons/database.png" class="medialeft" align="left" alt="" /></a>
</p>
<ul>
<li class="level1"><div class="li"> LDAPv2/LDAPv3</div>
<li class="level1"><div class="li"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> v2 and v3 protocol support</div>
</li>
<li class="level1"><div class="li"> <acronym title="Secure Sockets Layer">SSL</acronym>/TLS</div>
<li class="level1"><div class="li"> <acronym title="Secure Sockets Layer">SSL</acronym> / TLS</div>
</li>
<li class="level1"><div class="li"> Active Directory compliance</div>
</li>
@ -143,23 +173,47 @@ LemonLDAP::NG is the first SSO software deployed in French administrations. It c
</li>
</ul>
<p>
<br/>
</p>
</div>
<!-- SECTION "LDAP integration" [1270-1401] -->
<!-- SECTION "LDAP integration" [1346-1528] -->
<h3><a name="identity_provider" id="identity_provider">Identity provider</a></h3>
<div class="level3">
<p>
<a href="/_detail/icons/personal.png?id=start" class="media" title="icons:personal.png"><img src="../media/icons/personal.png" class="medialeft" align="left" alt="" /></a>
</p>
<ul>
<li class="level1"><div class="li"> SAML 2.0</div>
<li class="level1"><div class="li"> <acronym title="Security Assertion Markup Language">SAML</acronym> 2.0 / Shibboleth</div>
</li>
<li class="level1"><div class="li"> OpenID</div>
</li>
<li class="level1"><div class="li"> CAS</div>
<li class="level1"><div class="li"> <acronym title="Central Authentication Service">CAS</acronym></div>
</li>
</ul>
<p>
<br/>
</p>
</div>
<!-- SECTION "Identity provider" [1402-1462] -->
<!-- SECTION "Identity provider" [1529-1634] -->
<h3><a name="user_interfaces" id="user_interfaces">User interfaces</a></h3>
<div class="level3">
<p>
<a href="/_detail/icons/kmenuedit.png?id=start" class="media" title="icons:kmenuedit.png"><img src="../media/icons/kmenuedit.png" class="medialeft" align="left" alt="" /></a>
</p>
<ul>
<li class="level1"><div class="li"> Dynamic application menu</div>
</li>
@ -169,10 +223,22 @@ LemonLDAP::NG is the first SSO software deployed in French administrations. It c
</li>
</ul>
<p>
<br/>
</p>
</div>
<!-- SECTION "User interfaces" [1463-1571] -->
<!-- SECTION "User interfaces" [1635-1775] -->
<h3><a name="administration" id="administration">Administration</a></h3>
<div class="level3">
<p>
<a href="/_detail/icons/utilities.png?id=start" class="media" title="icons:utilities.png"><img src="../media/icons/utilities.png" class="medialeft" align="left" alt="" /></a>
</p>
<ul>
<li class="level1"><div class="li"> Graphical Manager</div>
</li>
@ -186,8 +252,14 @@ LemonLDAP::NG is the first SSO software deployed in French administrations. It c
</li>
</ul>
<p>
<br/>
</p>
</div>
<!-- SECTION "Administration" [1572-1701] -->
<!-- SECTION "Administration" [1776-1937] -->
<h3><a name="security" id="security">Security</a></h3>
<div class="level3">
@ -199,7 +271,7 @@ LemonLDAP::NG is the first SSO software deployed in French administrations. It c
<ul>
<li class="level1"><div class="li"> Protected cookies</div>
</li>
<li class="level1"><div class="li"> XSS and <acronym title="Structured Query Language">SQL</acronym>/<acronym title="Lightweight Directory Access Protocol">LDAP</acronym> injection protection</div>
<li class="level1"><div class="li"> <acronym title="Cross Site Scripting">XSS</acronym> and <acronym title="Structured Query Language">SQL</acronym>/<acronym title="Lightweight Directory Access Protocol">LDAP</acronym> injection protection</div>
</li>
<li class="level1"><div class="li"> Compatibility with Apache mod_security</div>
</li>
@ -214,13 +286,34 @@ LemonLDAP::NG is the first SSO software deployed in French administrations. It c
</p>
</div>
<!-- SECTION "Security" [1702-1891] -->
<h2><a name="statistics" id="statistics">Statistics</a></h2>
<!-- SECTION "Security" [1938-2127] -->
<h2><a name="project_activity" id="project_activity">Project activity</a></h2>
<div class="level2">
</div>
<!-- SECTION "Project activity" [2128-2157] -->
<h3><a name="ohloh_statistics" id="ohloh_statistics">Ohloh statistics</a></h3>
<div class="level3">
<script type="text/javascript" src="http://www.ohloh.net/p/12421/widgets/project_basic_stats.js"></script>
<script type="text/javascript" src="http://www.ohloh.net/p/12421/widgets/project_languages.js"></script>
</div>
<!-- SECTION "Statistics" [1892-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "Ohloh statistics" [2158-2414] -->
<h3><a name="svn_activity" id="svn_activity">SVN activity</a></h3>
<div class="level3">
<p>
<a href="/_detail/icons/clock.png?id=start" class="media" title="icons:clock.png"><img src="../media/icons/clock.png" class="medialeft" align="left" alt="" /></a>
</p>
<ul class="rss"><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1729" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1729" rel="nofollow">Add an anti frame protection (#LEMONLDAP-195)</a> by clement_oudot (2010/10/22 11:03)</div></li><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1728" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1728" rel="nofollow">Manage OpenID errors in Display (#LEMONLDAP-190)</a> by clement_oudot (2010/10/22 10:03)</div></li><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1727" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1727" rel="nofollow">Document RDBi/CDBI in lemonldap-ng.ini (#LEMONLDAP-196)</a> by clement_oudot (2010/10/22 08:48)</div></li><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1726" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1726" rel="nofollow">Install new SQL files in Makefile (#LEMONLDAP-196)</a> by clement_oudot (2010/10/22 08:43)</div></li><li><div class="li"><a href="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1725" class="urlextern" title="http://websvn.ow2.org/revision.php?repname=lemonldap&amp;path=%2F&amp;rev=1725" rel="nofollow">Change sql files (Closes: #196)</a> by guimard (2010/10/21 20:23)</div></li></ul>
<p>
<br/>
</p>
</div>
<!-- SECTION "SVN activity" [2415-] --></div><!-- closes <div class="dokuwiki export">-->

2
build/lemonldap-ng/doc/pages/wiki/syntax.html
View File

@ -859,7 +859,7 @@ The refresh period defaults to 4 hours. Any value below 10 minutes will be treat
</p>
<pre class="code">{{rss&gt;http://slashdot.org/index.rss 5 author date 1h }}</pre>
<ul class="rss"><li><div class="li"><a href="http://rss.slashdot.org/~r/Slashdot/slashdot/~3/MsBylEmE4cc/story01.htm" class="urlextern" title="http://rss.slashdot.org/~r/Slashdot/slashdot/~3/MsBylEmE4cc/story01.htm" rel="nofollow">Baumgartner&#039;s Daredevil Parachute Jump From Space Put On Hold</a> by timothy (2010/10/13 11:04)</div></li><li><div class="li"><a href="http://rss.slashdot.org/~r/Slashdot/slashdot/~3/4RaAZpzakUU/story01.htm" class="urlextern" title="http://rss.slashdot.org/~r/Slashdot/slashdot/~3/4RaAZpzakUU/story01.htm" rel="nofollow">Pirate Electrician Supplied Power To 1,500 Homes</a> by samzenpus (2010/10/13 08:18)</div></li><li><div class="li"><a href="http://rss.slashdot.org/~r/Slashdot/slashdot/~3/JoPmM3c9TkY/story01.htm" class="urlextern" title="http://rss.slashdot.org/~r/Slashdot/slashdot/~3/JoPmM3c9TkY/story01.htm" rel="nofollow">Dutch Hotels Must Register As ISPs</a> by timothy (2010/10/13 05:02)</div></li><li><div class="li"><a href="http://rss.slashdot.org/~r/Slashdot/slashdot/~3/OSp5ZqWt1mI/story01.htm" class="urlextern" title="http://rss.slashdot.org/~r/Slashdot/slashdot/~3/OSp5ZqWt1mI/story01.htm" rel="nofollow">When You Really, Really Want to Upgrade a Tiny Notebook</a> by timothy (2010/10/13 04:05)</div></li><li><div class="li"><a href="http://rss.slashdot.org/~r/Slashdot/slashdot/~3/zyHmFpLU1JY/story01.htm" class="urlextern" title="http://rss.slashdot.org/~r/Slashdot/slashdot/~3/zyHmFpLU1JY/story01.htm" rel="nofollow">Canon Blocks Copy Jobs Using Banned Keywords</a> by CmdrTaco (2010/10/13 02:27)</div></li></ul>
<ul class="rss"><li><div class="li"><a href="http://rss.slashdot.org/~r/Slashdot/slashdot/~3/c4iJ2P4AY30/story01.htm" class="urlextern" title="http://rss.slashdot.org/~r/Slashdot/slashdot/~3/c4iJ2P4AY30/story01.htm" rel="nofollow">Recommendations For Home Virtualization?</a> by kdawson (2010/10/22 17:37)</div></li><li><div class="li"><a href="http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Umc5VT37Dnc/story01.htm" class="urlextern" title="http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Umc5VT37Dnc/story01.htm" rel="nofollow">Heroic Engineer Crashes Own Vehicle To Save a Life</a> by kdawson (2010/10/22 17:19)</div></li><li><div class="li"><a href="http://rss.slashdot.org/~r/Slashdot/slashdot/~3/5Du7qxEqEf4/story01.htm" class="urlextern" title="http://rss.slashdot.org/~r/Slashdot/slashdot/~3/5Du7qxEqEf4/story01.htm" rel="nofollow">Where Are the Original PC Programmers Now?</a> by kdawson (2010/10/22 16:52)</div></li><li><div class="li"><a href="http://rss.slashdot.org/~r/Slashdot/slashdot/~3/PlD5Y-GQ4gQ/story01.htm" class="urlextern" title="http://rss.slashdot.org/~r/Slashdot/slashdot/~3/PlD5Y-GQ4gQ/story01.htm" rel="nofollow">Jeep Wrangler Call of Duty Black Ops Edition</a> by samzenpus (2010/10/22 16:25)</div></li><li><div class="li"><a href="http://rss.slashdot.org/~r/Slashdot/slashdot/~3/LBbGs1BXUYI/story01.htm" class="urlextern" title="http://rss.slashdot.org/~r/Slashdot/slashdot/~3/LBbGs1BXUYI/story01.htm" rel="nofollow">Astonishing Speedup In Solving Linear SDD Systems</a> by kdawson (2010/10/22 16:07)</div></li></ul>
</div>
<!-- SECTION "RSS/ATOM Feed Aggregation" [18144-19423] -->
<h2><a name="control_macros" id="control_macros">Control Macros</a></h2>