diff --git a/debian/lemonldap-ng.README.Debian b/debian/lemonldap-ng.README.Debian index 141a39ae3..1a82e0e60 100644 --- a/debian/lemonldap-ng.README.Debian +++ b/debian/lemonldap-ng.README.Debian @@ -14,7 +14,7 @@ with a quick sed command. For example, we change it to ow2.org: 2.1 - Apache -Enable the components you've installed: +Enable installed components: # Portal a2ensite portal-apache2.conf @@ -37,7 +37,7 @@ Then restart Apache: 2.2 - Nginx -Enable the components you've installed: +Enable installed components: cd /etc/nginx/sites-enabled @@ -57,16 +57,16 @@ Enable the components you've installed: # Test site ln -s ../site-available/test-nginx.conf -Customize then, then reload nginx +Customize them, then reload nginx - service nginx reload + nginx -s reload 3 - Check your DNS ------------------ -Be sure that your browser can join (adapt it with your domain): -- auth.example.com : the authentication portal -- manager.example.com: the configuration interface +Be sure that your browser can reach (adapt it with your domain): +- auth.example.com : Authentication portal +- manager.example.com : Configuration interface 4 - Connect to the manager -------------------------- @@ -88,9 +88,9 @@ following accounts: 6 - Base configuration file --------------------------- -The configuration is managed by the manager with the exception of some basic -parameters such as the storage type configuration. These parameters are defined -in the file /etc/lemonldap-ng/lemonldap-ng.ini. +Configuration is managed by the Manager except some basic parameters +such as storage type configuration. These parameters are defined +in /etc/lemonldap-ng/lemonldap-ng.ini file. This file can also be used to override the global configuration locally diff --git a/doc/sources/admin/applications/awx.rst b/doc/sources/admin/applications/awx.rst index 806a872d6..926bc8cf5 100644 --- a/doc/sources/admin/applications/awx.rst +++ b/doc/sources/admin/applications/awx.rst @@ -14,7 +14,7 @@ using SAML 2.0 protocol. You can find the Official AWX documentation about this topic here : https://docs.ansible.com/ansible-tower/latest/html/administration/ent_auth.html#saml-authentication-settings -Please read it before the LLNG doc. +Please read it before the LL::NG doc. Configuration ------------- @@ -34,8 +34,8 @@ saml in AWX, you can do it with your pki or with openssl on your machine openssl req -x509 -newkey rsa:4096 -keyout saml-awx.key -out saml-awx.crt -days 3650 -nodes -LLNG SAML Certificate -~~~~~~~~~~~~~~~~~~~~~ +LL::NG SAML Certificate +~~~~~~~~~~~~~~~~~~~~~~~ AWX need a certificate for the IDP signature, a public key won't work. You can either just generate a certificate from the private key and put @@ -55,7 +55,7 @@ certificate with this command : openssl req -new -x509 -days 3650 -key lemonldap.key > lemonldap.crt After that, if you want, you can replace your SAML public key with this -certificate in LLNG configuration, this is not mandatory. +certificate in LL::NG configuration, this is not mandatory. AWX ~~~ @@ -153,7 +153,7 @@ This is the configuration of the IdP : - "attr_last_name": "sn" SAML Attribute for the user last name - "x509cert": "SOXGp....." the content of ``lemonldap.crt`` generated - in the "LLNG SAML Certificate" section + in the "LL::NG SAML Certificate" section - "attr_username": "uid" SAML Attribute for the user username - "entity_id": "https://auth.example.com/saml/metadata" entityID of the IdP diff --git a/doc/sources/admin/applications/bugzilla.rst b/doc/sources/admin/applications/bugzilla.rst index d12887962..59791a176 100644 --- a/doc/sources/admin/applications/bugzilla.rst +++ b/doc/sources/admin/applications/bugzilla.rst @@ -69,7 +69,7 @@ Configure Bugzilla virtual host like other fastcgi_param CONTENT_LENGTH ""; # Keep original hostname fastcgi_param HOST $http_host; - # Keep original request (LLNG server will received /llauth) + # Keep original request (LL::NG server will receive /lmauth) fastcgi_param X_ORIGINAL_URI $original_uri; } diff --git a/doc/sources/admin/applications/dokuwiki.rst b/doc/sources/admin/applications/dokuwiki.rst index 73ea158dd..8cb424ad6 100644 --- a/doc/sources/admin/applications/dokuwiki.rst +++ b/doc/sources/admin/applications/dokuwiki.rst @@ -74,7 +74,7 @@ Configure Dokuwiki virtual host like other fastcgi_param CONTENT_LENGTH ""; # Keep original hostname fastcgi_param HOST $http_host; - # Keep original request (LLNG server will received /llauth) + # Keep original request (LL::NG server will receive /lmauth) fastcgi_param X_ORIGINAL_URI $original_uri; } diff --git a/doc/sources/admin/applications/drupal.rst b/doc/sources/admin/applications/drupal.rst index 5dbf22cf0..f4dc20206 100644 --- a/doc/sources/admin/applications/drupal.rst +++ b/doc/sources/admin/applications/drupal.rst @@ -71,7 +71,7 @@ Configure Drupal virtual host like other fastcgi_param CONTENT_LENGTH ""; # Keep original hostname fastcgi_param HOST $http_host; - # Keep original request (LLNG server will received /llauth) + # Keep original request (LL::NG server will receive /lmauth) fastcgi_param X_ORIGINAL_URI $original_uri; } diff --git a/doc/sources/admin/applications/jitsimeet.rst b/doc/sources/admin/applications/jitsimeet.rst index 7b24221ca..67ace5c37 100644 --- a/doc/sources/admin/applications/jitsimeet.rst +++ b/doc/sources/admin/applications/jitsimeet.rst @@ -17,8 +17,7 @@ conference rooms. The official documentation provides instructions on `how to configure Jitsi Meet to use Shibboleth `__, -but with a little adaptation, it can work just as fine with -LemonLDAP::NG. +but with a little adaptation, it can work just as fine with LemonLDAP::NG. Configuration ------------- @@ -60,7 +59,7 @@ configuration file: :: - # This block lets Nginx know how to contact the local LLNG handler + # This block lets Nginx know how to contact the local LL::NG handler # for authentication location = /lmauth { internal; @@ -76,7 +75,7 @@ configuration file: # You may want to change this is your goal is to make the whole Jitsi Meet instance private location /login/ { - # Protect the current path with LLNG + # Protect the current path with LL::NG auth_request /lmauth; set $original_uri $uri$is_args$args; auth_request_set $lmremote_user $upstream_http_lm_remote_user; diff --git a/doc/sources/admin/applications/liferay.rst b/doc/sources/admin/applications/liferay.rst index e3c695996..0e98de3f6 100644 --- a/doc/sources/admin/applications/liferay.rst +++ b/doc/sources/admin/applications/liferay.rst @@ -129,7 +129,7 @@ Configure Liferay virtual host like other fastcgi_param CONTENT_LENGTH ""; # Keep original hostname fastcgi_param HOST $http_host; - # Keep original request (LLNG server will received /llauth) + # Keep original request (LL::NG server will receive /lmauth) fastcgi_param X_ORIGINAL_URI $original_uri; } diff --git a/doc/sources/admin/applications/mediawiki.rst b/doc/sources/admin/applications/mediawiki.rst index 2204c15e7..b2460bd98 100644 --- a/doc/sources/admin/applications/mediawiki.rst +++ b/doc/sources/admin/applications/mediawiki.rst @@ -158,7 +158,7 @@ Configure MediaWiki virtual host like other fastcgi_param CONTENT_LENGTH ""; # Keep original hostname fastcgi_param HOST $http_host; - # Keep original request (LLNG server will received /llauth) + # Keep original request (LL::NG server will receive /lmauth) fastcgi_param X_ORIGINAL_URI $original_uri; } diff --git a/doc/sources/admin/applications/obm.rst b/doc/sources/admin/applications/obm.rst index c57c11a91..b67457a88 100644 --- a/doc/sources/admin/applications/obm.rst +++ b/doc/sources/admin/applications/obm.rst @@ -151,7 +151,7 @@ Edit also OBM configuration to enable LL::NG Handler: fastcgi_param CONTENT_LENGTH ""; # Keep original hostname fastcgi_param HOST $http_host; - # Keep original request (LLNG server will received /llauth) + # Keep original request (LL::NG server will receive /lmauth) fastcgi_param X_ORIGINAL_URI $original_uri; } diff --git a/doc/sources/admin/applications/odoo.rst b/doc/sources/admin/applications/odoo.rst index 6d3101028..d62c2f8ce 100644 --- a/doc/sources/admin/applications/odoo.rst +++ b/doc/sources/admin/applications/odoo.rst @@ -21,7 +21,7 @@ Make sure you have :doc:`set up LemonLDAP::NG a SAML IDP <../samlservice>` a certificate`) .. warning:: - Odoo requires LemonLDAP::NG 2.0.14 in order to handle RelayState correctly + Odoo requires LL::NG 2.0.14 in order to handle RelayState correctly Configuring Odoo ---------------- @@ -60,7 +60,7 @@ To generate a key/certificate pair, you can run the following command:: openssl req -x509 -newkey rsa:4096 -keyout odoo-key.pem -out odoo-cert.pem -sha256 -days 3650 -nodes * Select a signature method in the *Signature Algorithm*, such as *SIG_RSA_SHA256* -* If you do not want to use the email address to match between LLNG and Odoo accounts, set the *Identity Provider matching attribute* to a different value +* If you do not want to use the email address to match between LL::NG and Odoo accounts, set the *Identity Provider matching attribute* to a different value * All other fields may be left to default values Configuring users diff --git a/doc/sources/admin/applications/phpldapadmin.rst b/doc/sources/admin/applications/phpldapadmin.rst index 24ba253e6..a4a538294 100644 --- a/doc/sources/admin/applications/phpldapadmin.rst +++ b/doc/sources/admin/applications/phpldapadmin.rst @@ -73,7 +73,7 @@ Configure phpLDAPadmin virtual host like other fastcgi_param CONTENT_LENGTH ""; # Keep original hostname fastcgi_param HOST $http_host; - # Keep original request (LLNG server will received /llauth) + # Keep original request (LL::NG server will receive /lmauth) fastcgi_param X_ORIGINAL_URI $original_uri; } diff --git a/doc/sources/admin/applications/sympa.rst b/doc/sources/admin/applications/sympa.rst index f4c45fe3c..11951ce15 100644 --- a/doc/sources/admin/applications/sympa.rst +++ b/doc/sources/admin/applications/sympa.rst @@ -15,7 +15,7 @@ wants to use this feature. .. tip:: - Since version 1.9 of LLNG, old Auto-Login feature has been + Since LL::NG 1.9, old Auto-Login feature has been removed since it works only with Sympa-5 which has been deprecated @@ -101,7 +101,7 @@ authentication URL. fastcgi_param CONTENT_LENGTH ""; # Keep original hostname fastcgi_param HOST $http_host; - # Keep original request (LLNG server will received /llauth) + # Keep original request (LL::NG server will receive /lmauth) fastcgi_param X_ORIGINAL_URI $original_uri; } diff --git a/doc/sources/admin/fastcgiserver.rst b/doc/sources/admin/fastcgiserver.rst index f9ff37a89..7cb0c20c0 100644 --- a/doc/sources/admin/fastcgiserver.rst +++ b/doc/sources/admin/fastcgiserver.rst @@ -1,19 +1,19 @@ LemonLDAP::NG FastCGI server ============================ -Since 1.9, Lemonldap::NG provides a FastCGI server usable to protect +Since 1.9, LL::NG provides a FastCGI server that can be used for protecting applications with Nginx (See -:doc:`Manage virtual hosts` page to -configure virtual hosts). +:doc:`Manage virtual hosts` page to configure virtual hosts) +or the DevOps Handler (See :doc:`SSO as a Service`). -This FastCGI server can be used for all LLNG components. It compiles -enabled components on-the-fly. +This FastCGI server can be implemented for all LL::NG components. +It compiles enabled components just-in-time. Start ----- -Using packages -~~~~~~~~~~~~~~ +Using package +~~~~~~~~~~~~~ You just have to install lemonldap-ng-fastcgi-server package, it will be started automatically. diff --git a/fastcgi-server/default/llng-fastcgi-server b/fastcgi-server/default/llng-fastcgi-server index cf113630c..d7fd90ca8 100644 --- a/fastcgi-server/default/llng-fastcgi-server +++ b/fastcgi-server/default/llng-fastcgi-server @@ -7,7 +7,7 @@ SOCKET=__FASTCGISOCKDIR__/llng-fastcgi.sock # Pid file PID=__FASTCGISOCKDIR__/llng-fastcgi-server.pid -# User and GROUP +# USER and GROUP USER=__USER__ GROUP=__GROUP__ diff --git a/fastcgi-server/man/llng-fastcgi-server.8p b/fastcgi-server/man/llng-fastcgi-server.8p index a1c867a8a..40a8bd0fe 100644 --- a/fastcgi-server/man/llng-fastcgi-server.8p +++ b/fastcgi-server/man/llng-fastcgi-server.8p @@ -133,29 +133,29 @@ .\" ======================================================================== .\" .IX Title "llng-fastcgi-server 8" -.TH llng-fastcgi-server 8 "2021-08-10" "perl v5.32.1" "User Contributed Perl Documentation" +.TH llng-fastcgi-server 8 "2022-04-01" "perl v5.32.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -llng\-fastcgi\-server \- FastCGI server used to provide Lemonldap::NG services to -Nginx +llng\-fastcgi\-server \- FastCGI server used for providing LemonLDAP::NG services. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 2 -\& # Start server listening to /run/llng.sock with 10 process +\& # Start server listening to /run/llng.sock with 10 workers \& llng\-fastcgi\-server \-u nobody \-g nobody \-s /run/llng.sock \-n 10 .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -llng-fastcgi-server has been designed provides Lemonldap::NG services to Nginx. -Portal, manager and handler will be compiled only is used. So this FastCGI -server can be used on every Lemonldap::NG server even if it needs only some +llng-fastcgi-server has been designed to provide LemonLDAP::NG services to Nginx +or DevOps Handler. +Portal, Manager and Handler will be compiled just-in-time. So this FastCGI +server can be used on every LemonLDAP::NG server even if it needs only some parts (isolated handlers, portal,...). .SH "PARAMETERS" .IX Header "PARAMETERS" -Each parameter can be set by an option or a environment variable. +Each parameter can be set by using options or environment variables. .IP "\-\-pid \-p ($ENV{\s-1PID\s0}):" 4 .IX Item "--pid -p ($ENV{PID}):" pid file @@ -182,14 +182,14 @@ file to load for custom functions Plack::Handler engine, default to \s-1FCGI\s0 (see below) .IP "\-\-plackOptions:" 4 .IX Item "--plackOptions:" -other options to pass to the Plack handler. This multi-valued parameter must +To pass other options to the Plack handler. This multi-valued parameter must have \*(L"key=value\*(R" values. .Sp -See Plack::Handler::FCGI for a list of options for the default \s-1FCGI\s0 engine +See Plack::Handler::FCGI to find out list of available options for default \s-1FCGI\s0 engine .SH "ENGINES" .IX Header "ENGINES" -By default, llng-fastcgi-server uses \s-1FCGI\s0 (= Plack::Handler::FCGI). Some -other engines can be used: +By default, llng-fastcgi-server uses \s-1FCGI\s0 (= Plack::Handler::FCGI). +Some other engines can be used: .SS "\s-1FCGI\s0 (default)" .IX Subsection "FCGI (default)" It uses FCGI::ProcManager as manager. Other managers: @@ -231,7 +231,7 @@ Use \s-1OW2\s0 system to report bug or ask for features: .SH "DOWNLOAD" .IX Header "DOWNLOAD" Lemonldap::NG is available at - + .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" .IP "Copyright (C) 2008\-2016 by Xavier Guimard, " 4 diff --git a/fastcgi-server/sbin/llng-fastcgi-server b/fastcgi-server/sbin/llng-fastcgi-server index bfd16e823..042572ade 100644 --- a/fastcgi-server/sbin/llng-fastcgi-server +++ b/fastcgi-server/sbin/llng-fastcgi-server @@ -7,7 +7,7 @@ use POSIX; use Getopt::Long; use Lemonldap::NG::Handler::Main::Reload; -our $VERSION = '2.0.0'; +our $VERSION = '2.0.15'; our ( $foreground, $engine, $nproc, $pidFile, @@ -168,24 +168,24 @@ __END__ =encoding utf8 -llng-fastcgi-server - FastCGI server used to provide Lemonldap::NG services to -Nginx +llng-fastcgi-server - FastCGI server used for providing LemonLDAP::NG services. =head1 SYNOPSIS - # Start server listening to /run/llng.sock with 10 process + # Start server listening to /run/llng.sock with 10 workers llng-fastcgi-server -u nobody -g nobody -s /run/llng.sock -n 10 =head1 DESCRIPTION -llng-fastcgi-server has been designed provides Lemonldap::NG services to Nginx. -Portal, manager and handler will be compiled only is used. So this FastCGI -server can be used on every Lemonldap::NG server even if it needs only some +llng-fastcgi-server has been designed to provide LemonLDAP::NG services to Nginx +or DevOps Handler. +Portal, Manager and Handler will be compiled just-in-time. So this FastCGI +server can be used on every LemonLDAP::NG server even if it needs only some parts (isolated handlers, portal,...). =head1 PARAMETERS -Each parameter can be set by an option or a environment variable. +Each parameter can be set by using options or environment variables. =over @@ -223,17 +223,17 @@ Plack::Handler engine, default to FCGI (see below) =item --plackOptions: -other options to pass to the Plack handler. This multi-valued parameter must +To pass other options to the Plack handler. This multi-valued parameter must have "key=value" values. -See Plack::Handler::FCGI for a list of options for the default FCGI engine +See Plack::Handler::FCGI to find out list of available options for default FCGI engine =back =head1 ENGINES -By default, llng-fastcgi-server uses FCGI (= L). Some -other engines can be used: +By default, llng-fastcgi-server uses FCGI (= L). +Some other engines can be used: =head2 FCGI (default) diff --git a/lemonldap-ng-common/README b/lemonldap-ng-common/README index e2531e4bf..ded443ec6 100644 --- a/lemonldap-ng-common/README +++ b/lemonldap-ng-common/README @@ -1,5 +1,5 @@ LemonLDAP::NG -==================== +============= LemonLDAP::NG is a modular Web-SSO based on Apache::Session modules. This is the common part of it. You can find documentation here: diff --git a/lemonldap-ng-common/scripts/convertSessions b/lemonldap-ng-common/scripts/convertSessions index 773f24ce7..76c8f7521 100755 --- a/lemonldap-ng-common/scripts/convertSessions +++ b/lemonldap-ng-common/scripts/convertSessions @@ -3,8 +3,8 @@ # LemonLDAP::NG session conversion tool # # This script lets an administrator migrate existing sessions from one backend -# to another. It is mostly useful when run on persistant sessions, but it can be -# useful in some other cases too, such as OIDC Offline sessions +# to another. It is mostly useful when run on persistant sessions, but it can +# be useful in some other cases too, such as OIDC Offline sessions # # This is part of LemonLDAP::NG product, released under GPL #============================================================================= diff --git a/lemonldap-ng-common/scripts/rotateOidcKeys b/lemonldap-ng-common/scripts/rotateOidcKeys index 8f69ea6a8..3a545cf92 100755 --- a/lemonldap-ng-common/scripts/rotateOidcKeys +++ b/lemonldap-ng-common/scripts/rotateOidcKeys @@ -2,7 +2,7 @@ #============================================================================= # Rotation of OpenID Connect keys # -# This module is written to be used by cron to rotate keys. +# This script is written to be used by cron to rotate keys. # # This is part of LemonLDAP::NG product, released under GPL #============================================================================= diff --git a/lemonldap-ng-portal/scripts/llngDeleteSession b/lemonldap-ng-portal/scripts/llngDeleteSession index daa2a07f8..0e0dfafd6 100755 --- a/lemonldap-ng-portal/scripts/llngDeleteSession +++ b/lemonldap-ng-portal/scripts/llngDeleteSession @@ -1,9 +1,10 @@ #!/usr/bin/perl #============================================================================= -# Cleaner for LemonLDAP::NG: removes old sessions from Apache::Session +# Cleaner for LemonLDAP::NG: # -# This module is written to be used by cron to clean old sessions from -# Apache::Session. It does not works with Apache::Session::Memcached +# It removes old sessions from Apache::Session +# This script is written to be used by cron to clean old sessions from +# Apache::Session. It does not work with Apache::Session::Memcached # # This is part of LemonLDAP::NG product, released under GPL #=============================================================================