diff --git a/INSTALL b/INSTALL index 5556dfd53..2a69ceba1 100644 --- a/INSTALL +++ b/INSTALL @@ -29,15 +29,10 @@ package for Debian works fine). 1.1.2 - Perl prereq -Perl modules: - Apache::Session, Net::LDAP, MIME::Base64, CGI, LWP::UserAgent, Cache::Cache, - DBI, XML::Simple, SOAP::Lite, HTML::Template, XML::LibXML, XML::LibXSLT +Perl modules: use `perl scripts/dependencies-list.pl` to see needed list With Debian: - apt-get install libapache-session-perl libnet-ldap-perl libcache-cache-perl \ - libdbi-perl perl-modules libwww-perl libcache-cache-perl \ - libxml-simple-perl libhtml-template-perl libsoap-lite-perl \ - libxml-libxml-perl libxml-libxslt-perl + apt-get build-dep lemonldap-ng 1.2 - BUILDING -------------- @@ -52,6 +47,8 @@ With Debian: By default, all is installed in /usr/local/lemonldap-ng except Perl libraries which are installed in a directory included in @INC. +Documentation is then available in /usr/local/lemonldap-ng/doc + 1.2.2 - Install on Debian $ tar xzf lemonldap-ng-*.tar.gz @@ -62,223 +59,4 @@ which are installed in a directory included in @INC. Here, all is installed in /var/lib/lemonldap-ng, /etc/lemonldap-ng except Perl libraries which are installed in /usr/share/perl5/Lemonldap/NG/ -1.3 - EXAMPLE CONFIGURATION ---------------------------- - -If you have build Debian packages, configuration is done by Debconf. See -/usr/share/doc/liblemonldap-ng-common/README.Debian to use it. - -After build, you have a new file named example/apache.conf. You just have to -include this file in Apache configuration: - - # in httpd.conf (with Apache1) - include /path/to/lemonldap-ng/source/example/apache.conf - # or in apache2.conf (with Apache2) - include /path/to/lemonldap-ng/source/example/apache2.conf - -Modify your /etc/hosts file to include: - - 127.0.0.1 auth.example.com test1.example.com manager.example.com test2.example.com - -Use a browser to connect to http://manager.example.com/ and specify your LDAP -settings. If you don't set managerDn and managerPassword, Lemonldap::NG will -use an anonymous bind to find user dn. - -Next, restart Apache use your prefered browser and try to connect to -http://test1.example.com/. You'll be redirect to auth.example.com. Try -to authenticate yourself with a valid account and the protected page will -appear. You will find other explanations on this page. - -the file /usr/local/lemonldap-ng/etc/storage.conf -(/etc/lemonldap-ng/storage.conf on Debian systems) can be modified to change -configuration database. - -------------------------- -2 - ADVANCED INSTALLATION -------------------------- - -It is recommended to install the example first then to adapt it. - -2.1 - PREREQ - -2.1.1 - Apache - -To use Lemonldap::NG, you have to run a LDAP server and of course an Apache -server compiled with mod-perl (version 1.3 or 2.x). Generaly, the version of -Apache proposed with your Linux distribution match, but some distributions used -an experimental version of mod_perl with Apache2 (mod_perl-1.99) which does -not work with Lemonldap::NG. With such distributions (like Debian-3.1), you -have to use Apache-1.3 or to use a mod_perl backport (www.backports.org -package for Debian works fine). - -For Apache2, you can use both mpm-worker and mpm-prefork. Mpm-worker works -faster and Lemonldap::NG use the thread system for best performance. If you -have to use mpm-prefork (for example if you use PHP), Lemonldap::NG will work -anyway. - -You can use Lemonldap::NG in an heterogene world: the authentication portal and -the manager can work in any version of Apache 1.3 or more even if mod_perl is -not compiled, with ModPerl::Registry or not... Only the handler (site protector) -need mod_perl. The different handlers can run on different servers with -different versions of Apache/mod_perl. - -2.1.2 - Perl prereq - -Warning: Handler and Portal parts both need Lemonldap::NG::Manager components -to access to configuration. - -Manager: --------- -Apache::Session, MIME::Base64, CGI, LWP::UserAgent, DBI, XML::Simple, -SOAP::Lite, XML::LibXML, XML::LibXSLT, Lemonldap::NG::Common - -With Debian: - apt-get install perl-modules libxml-simple-perl libdbi-perl libwww-perl - # If you want to use SOAP - apt-get install libsoap-lite-perl - -Portal: -------- -Apache::Session, Net::LDAP, MIME::Base64, CGI, Cache::Cache, DBI, XML::Simple, -SOAP::Lite, HTML::Template, XML::LibXML, Lemonldap::NG::Common - -With Debian: - apt-get install libapache-session-perl libnet-ldap-perl perl-modules - -Handler: --------- -Apache::Session, MIME::Base64, CGI, LWP::UserAgent, Cache::Cache, DBI, -XML::Simple, SOAP::Lite, Lemonldap::NG::Common - -With Debian: - apt-get install libapache-session-perl libwww-perl libcache-cache-perl - -2.2 - SOFTWARE INSTALLATION ---------------------------- - -If you just want to install a handler or a portal or a manager: - - $ tar xzf lemonldap-ng-*.tar.gz - $ cd lemonldap-ng-*/Lemonldap-NG-(Portal|Handler|Manager) - $ perl Makefile.PL && make && make test - $ sudo make install - -else for a complete install: - - $ tar xzf lemonldap-ng-*.tar.gz - $ cd lemonldap-ng-* - $ make && make test - $ sudo make install - -See prereq in ยง1.1.2 - -2.3 - LEMONLDAP::NG INSTALLATION --------------------------------- - -2.3.1 - Database configuration - -2.3.1.1 - Lemonldap::NG Configuration database - -If you use DBI or another system to share Lemonldap::NG configuration, you have -to initialize the database. An example is given in example/lmConfig.mysql for -MySQL. - -2.3.1.2 - Apache::Session database - -The choice of Apache::Session::* module is free. See Apache::Session::Store::* -or Apache::Session::* to know how to configure the module. For example, if you -want to use Apache::Session::MySQL, you can create the database like this: - - CREATE DATABASE sessions ( - id char(32), - a_session text - ); - -2.3.2 - Manager configuration - -Copy example/manager.cgi and personalize it if you want (see -Lemonldap::NG::Manager). You have to set in particular configStorage. For -example with MySQL: - - $my $manager = Lemonldap::NG::Manager->new ( { - dbiChain => "DBI:mysql:database=mybase;host=1.2.3.4", - dbiUser => "lemonldap-ng", - dbiPassword => "mypass", - } ); - -Securise Manager access with Apache: Lemonldap::NG does not securise the manager -itself yet: - - SSLEngine On - Order Deny, Allow - Deny from all - Allow from admin-network/netmask - AuthType Basic - ... - -After configuration, you can also protect the manager with an Lemonldap::NG -handler. - -2.3.3 - Configuration edition - -Connect to the manager with your browser start configure your Web-SSO. You have -to set at least some parameters: - -a) General parameters : - - * Authentication parameters -> portal : URL to access to the authentication - portal - * Domain : the cookie domain. All protected VirtualHosts have to be under it - - * LDAP parameters -> LDAP Server - - * LDAP parameters -> LDAP Accout and password : required only if anonymous - binds are not accepted - - * Session Storage -> Apache::Session module : how to store user sessions. - You can use all module that - inherit from Apache::Session - like Apache::Session::MySQL - - * Session Storage -> Apache::Session Module parameters : - see Apache::Session:: - -b) User groups : - -Use the "New Group" button to add your first group. On the left, set the -keyword which will be used later and set on the right the corresponding rule: -you can use : - - * an LDAP filter (it will be tested with the user uid) - -or - - * a Perl condition enclosed with {}. All variables declared in "General - parameters -> LDAP attributes" can be used with a "$". For example: - MyGroup / { $uid eq "foo" or $uid eq "bar" } - -c) Virtual hosts - -You have to create a virtual host for each Apache host (virtual or real) -protected by Lemonldap::NG even if just a sub-directory is protected. Else, -user who want to access to the protected area will be rejected with a "500 -Internal Server Error" message and the apache logs will explain the problem. - -Each virtual host has 2 groups of parameters: - - * Headers: the headers added to the apache request. Default : - Auth-User => $uid - * Rules: subdivised in 2 categories: - * default : the default rule - * personalized rules: association of a Perl regular expression and - a condition. For example: - ^/restricted.*$ / $groups =~ /\bMyGroup\b/ - - -------------- -3 - DEBUGGING -------------- - -Lemonldap::NG uses simply the Apache log system. So use LogLevel to choose -information to display. - +Documentation is then available in /usr/share/doc/lemonldap-ng diff --git a/scripts/dependencies-list.pl b/scripts/dependencies-list.pl new file mode 100644 index 000000000..b73cc42b7 --- /dev/null +++ b/scripts/dependencies-list.pl @@ -0,0 +1,36 @@ +#!/usr/bin/perl + +use strict; +use JSON; +use List::MoreUtils qw(uniq); + +my $deps = {}; + +foreach my $module (qw(common handler portal manager)) { + local $/ = undef; + open my $f, '<', "lemonldap-ng-$module/META.json" or die $!; + my $content = JSON::from_json(<$f>)->{prereqs}; + close $f; + foreach my $target (qw(build runtime)) { + foreach (qw(requires recommends)) { + @{ $deps->{$target}->{$_} } = uniq( + @{ $deps->{$target}->{$_} }, + ( grep { $_ !~ /^Lemonldap::NG/ } keys %{ $content->{$target}->{$_} } ) + ) if ( $content->{$target}->{$_} ); + } + } +} + +print "Step: build:\n"; +print ' ' + . join( + ' ', + uniq( + sort ( @{ $deps->{build}->{requires} }, + @{ $deps->{runtime}->{requires} } ) + ) + ) . "\n\n"; + +print "Step: runtime:\n"; +print ' * required : ' . join( ' ', sort @{ $deps->{runtime}->{requires} } ) . "\n"; +print ' * recommended: ' . join( ' ', sort @{ $deps->{runtime}->{recommends} } ) . "\n";