dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

LEMONLDAP::NG : documentation update

Browse Source
This commit is contained in:
Xavier Guimard 2008-12-13 09:52:53 +00:00
parent cc07eae107
commit ebb1d13a2e
44 changed files with 3052 additions and 1403 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
build/lemonldap-ng/doc/overview-fr.html → build/lemonldap-ng/doc/1-Overview-fr.html
View File

@ -7,7 +7,7 @@
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: overview-fr.html</title>
<title>Lemonldap::NG documentation: 1-Overview-fr.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
@ -70,20 +70,20 @@
<p class="paragraph"></p>Lemonldap::NG est un <span class=
"wikilink"><a href=
"faq-fr.html#HQu27estcequ27unWebSSO3F">Web-SSO</a></span> modulaire
"2-FAQ-fr.html#HQu27estcequ27unWebSSO3F">Web-SSO</a></span> modulaire
bas&eacute; sur les modules Apache::Session. Il simplifie la construction
d'une aire prot&eacute;g&eacute;e en minimisant les impacts sur les
applications. Il g&egrave;re &agrave; la fois les authentifications et les
autorisations et fournit des en-t&ecirc;tes HTTP pour la
tra&ccedil;abilit&eacute;. On obtient ainsi une protection AAA complete
<i class="italic">(Authentication, Authorization and Accounting)</i> des
espaces web.
tra&ccedil;abilit&eacute;. On obtient ainsi une protection AAA
compl&egrave;te <i class="italic">(Authentication, Authorization and
Accounting)</i> des espaces web.
<p class="paragraph"></p>Lemonldap::NG est une r&eacute;&eacute;criture
compl&egrave;te de Lemonldap <i class="italic">(<span class=
"wikilink"><a href=
"faq-fr.html#HQu27apporteLemonldap3A3ANGparrapportauxautresSSO3F">voir les
diff&eacute;rences</a></span>)</i>. Tous les &eacute;l&eacute;ments
"2-FAQ-fr.html#HQu27apporteLemonldap3A3ANGparrapportauxautresSSO3F">voir
les diff&eacute;rences</a></span>)</i>. Tous les &eacute;l&eacute;ments
n&eacute;cessaires &agrave; son exploitation et son administration sont
fournis dans le package. En revanche les composants
d&eacute;velopp&eacute;s pour Lemonldap ne sont pas compatibles avec
@ -134,7 +134,7 @@
<li><a href="#HAuteur">Auteur</a></li>
<li><a href="#HCopyrightetlicense">Copyright et license</a></li>
<li><a href="#HCopyrightetlicence">Copyright et licence</a></li>
</ul>
<h3 class="heading-1-1"><span id="HArchitecture">Architecture</span></h3>
@ -170,7 +170,7 @@
<ul class="star">
<li>la base de configuration : par d&eacute;faut, il s'agit d'un simple
r&eacute;pertoire, mais on peut utiliser une base de donn&eacute;e pour
r&eacute;pertoire, mais on peut utiliser une base de donn&eacute;es pour
permettre le fonctionnement si tous les &eacute;l&eacute;ments ne se
trouvent pas sur le m&ecirc;me serveur,</li>
@ -237,7 +237,7 @@
tra&ccedil;abilit&eacute;</span></h3>
<p class="paragraph"></p>Tous les param&egrave;tres abord&eacute;s dans ce
chap&icirc;tre sont accessibles via l'interface d'administration (voir la
chapitre sont accessibles via l'interface d'administration (voir la
<span class="wikiexternallink"><a href=
"http://lemonldap.objectweb.org/NG/ManagerDemo/fr/">d&eacute;monstration</a></span>).
@ -249,13 +249,13 @@
prot&eacute;g&eacute;e par un agent Lemonldap::NG, il est redirig&eacute;
vers le portail. Celui-ci authentifie l'utilisateur par d&eacute;faut par
une connexion LDAP, mais vous pouvez &eacute;galement utiliser un autre
sch&eacute;ma tel les <span class="wikiexternallink"><a href=
sch&eacute;ma tels les <span class="wikiexternallink"><a href=
"http://fr.wikipedia.org/wiki/Certificat_%C3%A9lectronique">certificats
x509</a></span> (voir Lemonldap::NG::Portal::AuthSSL(3)).
<p class="paragraph"></p>Lemonldap::NG utilise les cookies de session
g&eacute;n&eacute;r&eacute;s par le module Apache::Session soit aussi
s&eacute;curis&eacute; que n'importe quelle syst&egrave;me bas&eacute; sur
s&eacute;curis&eacute; que n'importe quel syst&egrave;me bas&eacute; sur
des cookies al&eacute;atoires de 128 bits. Il est recommand&eacute;
d'activer l'option "cookie s&eacute;curis&eacute;" pour &eacute;viter les
vols de session: le cookie n'est plus autoris&eacute; &agrave; circuler en
@ -274,7 +274,7 @@
<p class="paragraph"></p>Les autorisations sont contr&ocirc;l&eacute;es
seulement par les agents prot&eacute;geant les applications. En effet, le
portail ne peut conna&icirc;tre &agrave; l'avance les applications sur
lesquels l'utilisateur se connectera. En configurant votre Web-SSO, vous
lesquelles l'utilisateur se connectera. En configurant votre Web-SSO, vous
devez:
<ul class="star">
@ -355,7 +355,7 @@ group1 =&gt; { $departmentUID eq <span class=
"HPerformances">Performances</span></h5>
<p class="paragraph"></p>Vous pouvez utiliser des expressions Perl aussi
complexe que n&eacute;cessaire et vous pouvez utiliser tous les attibuts
complexes que n&eacute;cessaire et vous pouvez utiliser tous les attributs
LDAP (et cr&eacute;er vos propres attributs additionnels avec le
m&eacute;canisme des macros) dans les d&eacute;finitions de groupes, les
r&egrave;gles d'acc&egrave;s et les en-t&ecirc;tes HTTP
@ -366,7 +366,7 @@ group1 =&gt; { $departmentUID eq <span class=
expressions:
<ul class="star">
<li>les groupes et les macros ne sont &eacute;valu&eacute;es que lorsque
<li>les groupes et les macros ne sont &eacute;valu&eacute;s que lorsque
l'utilisateur est renvoy&eacute; vers le portail,</li>
<li>les r&egrave;gles d'acc&egrave;s et les en-t&ecirc;tes
@ -399,7 +399,7 @@ group1 =&gt; (|(uid=xavier.guimard){$ou eq <span class=
</div>
<p class="paragraph"></p>Pour limiter les requ&ecirc;tes LDAP, il est
conseill&eacute; d'utiliser les expressions Perl. Ainsi seuls 2
conseill&eacute; d'utiliser les expressions Perl. Ainsi seules deux
sollicitations de l'annuaire sont n&eacute;cessaires.
<h4 class="heading-1-1-1"><span id=
@ -417,7 +417,7 @@ group1 =&gt; (|(uid=xavier.guimard){$ou eq <span class=
applications</span></h5>
<p class="paragraph"></p>Comme un Web-SSO ne peut interpr&eacute;ter le
contenu des requ&ecirc;tes HTTP transmise aux applications
contenu des requ&ecirc;tes HTTP transmises aux applications
prot&eacute;g&eacute;es, il ne peut enregistrer au mieux que les URL. Et
comme Apache le fait parfaitement, Lemonldap::NG::Handler(3) lui fournit
le nom &agrave; enregistrer dans les journaux. Le param&egrave;tre
@ -430,10 +430,11 @@ group1 =&gt; (|(uid=xavier.guimard){$ou eq <span class=
<p class="paragraph"></p>Lemonldap::NG peut exporter des en-t&ecirc;tes
HTTP aussi bien en utilisant Apache en reverse-proxy qu'en
prot&eacute;gent directement les applications. Par d&eacute;faut, le champ
Auth-User est utilis&eacute; mais vous pouvez choisir les en-t&ecirc;tes
que vous transmettez &agrave; chaque application s&eacute;paremment. Les
expressions d&eacute;finissant les en-t&ecirc;tes associent :
prot&eacute;geant directement les applications. Par d&eacute;faut, le
champ Auth-User est utilis&eacute; mais vous pouvez choisir les
en-t&ecirc;tes que vous transmettez &agrave; chaque application
s&eacute;par&eacute;ment. Les expressions d&eacute;finissant les
en-t&ecirc;tes associent :
<ul class="star">
<li>le nom d'en-t&ecirc;te,</li>
@ -473,11 +474,11 @@ Remote-IP =&gt; $ip
<ul class="star">
<li>Lemonldap::NG est un projet diff&eacute;rent de Lemonldap et
contient tous les &eacute;l&eacute;ments n&eacute;cessaires &agrave; son
utilisation et son administration. Ainsi les logiciels tel le module
utilisation et son administration. Ainsi les logiciels tels le module
webmin de Lemonldap ne fonctionnent pas avec Lemonldap::NG.</li>
<li>L'agent de protection Apache ("handler") fonctionne &agrave; la fois
avec les versions 1.3 et 2.x d'Apache, c'est &agrave; dire avec les
avec les versions 1.3 et 2.x d'Apache, c'est-&agrave;-dire avec les
versions 1 et 2 de <span class="wikiexternallink"><a href=
"http://perl.apache.org/">mod_perl</a></span> (mais pas avec mod_perl
1.99). Le portail et le l'interface d'administration ("manager") sont de
@ -489,9 +490,9 @@ Remote-IP =&gt; $ip
que vous ne sachiez exactement ce que vous faites. Les param&egrave;tres
pr&eacute;sent&eacute;s dans ce document sont tous accessibles dans
l'arbre de configuration.</li>
</ul>Voir <span class="wikilink"><a href=
"advanced-install.html">installation manuel</a></span> pour la
documentation d'installation.
</ul>Voir <span class="wikilink"><a href="3-Table-of-contents-fr.html">la
page compl&egrave;te de documentation</a></span> pour la proc&eacute;dure
d'installation.
<h3 class="heading-1-1"><span id=
"HSystC3A8medestockagedessessions">Syst&egrave;me de stockage des
@ -520,15 +521,15 @@ Remote-IP =&gt; $ip
limit&eacute; &agrave; 1 par utilisateur actif toutes les 10 minutes.
<p class="paragraph"></p>Lemonldap::NG est tr&egrave;s rapide, mais vous
pouvez encore am&eacute;liorer les performances en utilisnt un module
pouvez encore am&eacute;liorer les performances en utilisant un module
Cache::Cache ne n&eacute;cessitant pas d'acc&egrave;s au disque.
<h3 class="heading-1-1"><span id="HAuteur">Auteur</span></h3>
<p class="paragraph"></p>Xavier Guimard, &lt;x.guimard@free.fr&gt;
<h3 class="heading-1-1"><span id="HCopyrightetlicense">Copyright et
license</span></h3>
<h3 class="heading-1-1"><span id="HCopyrightetlicence">Copyright et
licence</span></h3>
<p class="paragraph"></p>Copyright &copy; 2005-2007 par Xavier Guimard
&lt;x.guimard@free.fr&gt;

193
build/lemonldap-ng/doc/overview.html → build/lemonldap-ng/doc/1-Overview.html
View File

@ -7,7 +7,7 @@
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: overview.html</title>
<title>Lemonldap::NG documentation: 1-Overview.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
@ -63,23 +63,15 @@
<h2 class="heading-1"><span id=
"HLemonLDAP3A3ANG">LemonLDAP::NG</span></h2>
<p class="paragraph"></p>
<div class="c1"><img src="logo_lemonldap-ng_400px.png" alt=
"logo_lemonldap-ng_400px.png" /></div>
<p class="paragraph"></p>Lemonldap::NG is a modular Web-SSO based on
Apache::Session modules. It simplifies the build of a protected area with
a few changes in the application. It manages both authentication and
authorization and provides headers for accounting. So you can have a full
AAA protection for your web space as described below.
<p class="paragraph"></p>Lemonldap::NG is a complete rewrite of Lemonldap.
All components needed to use it and to aminister it are included in the
tarball. Contrary, all modules developed for Lemonldap may not work with
Lemonldap::NG.
<p class="paragraph"></p>
"logo_lemonldap-ng_400px.png" /></div>Lemonldap::NG is a modular Web-SSO
based on Apache::Session modules. It simplifies the build of a protected
area with a few changes in the application. It manages both authentication
and authorization and provides headers for accounting. So you can have a
full AAA protection for your web space as described below. Lemonldap::NG
is a complete rewrite of Lemonldap. All components needed to use it and to
aminister it are included in the tarball. Contrary, all modules developed
for Lemonldap may not work with Lemonldap::NG.
<ul>
<li><a href="#HArchitecture">Architecture</a></li>
@ -125,15 +117,10 @@
<li><a href="#HCopyrightandlicence">Copyright and licence</a></li>
</ul>
<h3 class="heading-1-1"><span id="HArchitecture">Architecture</span></h3>
<p class="paragraph"></p>Lemonldap::NG est composed by 3 elements and 3
databases&nbsp;:
<p class="paragraph"></p><img src="lemonldap-ng-architecture.png" alt=
"lemonldap-ng-architecture.png" />
<p class="paragraph"></p>Lemonldap::NG components :
<h3 class="heading-1-1"><span id=
"HArchitecture">Architecture</span></h3>Lemonldap::NG est composed by 3
elements and 3 databases&nbsp;: <img src="lemonldap-ng-architecture.png"
alt="lemonldap-ng-architecture.png" /> Lemonldap::NG components :
<ul class="star">
<li>the Manager used to manage Lemonldap::NG configuration,</li>
@ -164,12 +151,10 @@
works on several physical servers.</li>
</ul>
<h3 class="heading-1-1"><span id="HKinematics">Kinematics</span></h3>
<p class="paragraph"></p><img src="lemonldap-ng-cinematique.png" alt=
"lemonldap-ng-cinematique.png" />
<p class="paragraph"></p>Detail of operations :
<h3 class="heading-1-1"><span id=
"HKinematics">Kinematics</span></h3><img src=
"lemonldap-ng-cinematique.png" alt="lemonldap-ng-cinematique.png" />
Detail of operations :
<ul class="star">
<li>1 and 2 : non-authenticated users (ie without valid cookie) are
@ -201,41 +186,31 @@
<h3 class="heading-1-1"><span id=
"HAuthentication2CAuthorizationandAccountingmechanisms">Authentication,
Authorization and Accounting mechanisms</span></h3>
<p class="paragraph"></p>All parameters described here can be edited by
the administration interface (See <span class="wikiexternallink"><a href=
Authorization and Accounting mechanisms</span></h3>All parameters
described here can be edited by the administration interface (See
<span class="wikiexternallink"><a href=
"http://lemonldap.objectweb.org/NG/ManagerDemo/en/">Manager
demonstration</a></span>).
<h4 class="heading-1-1-1"><span id=
"HAuthentication">Authentication</span></h4>
<p class="paragraph"></p>If a user isn't authenticated and attemps to
connect to an area protected by a Lemonldap::NG compatible handler, he is
redirected to a portal. The portal authenticates user with a ldap bind by
default, but you can also use another authentication sheme like using x509
user certificates (see Lemonldap::NG::Portal::AuthSSL(3) for more).
<p class="paragraph"></p>Lemonldap use session cookies generated by
Apache::Session so as secure as a 128-bit random cookie. You may use the
securedCookie options to avoid session hijacking.
<p class="paragraph"></p>You have to manage life of sessions by yourself
since Lemonldap::NG knows nothing about the L module you've choosed, but
it's very easy using a simple cron script because Lemonldap::NG::Portal
stores the start time in the _utime field.
<p class="paragraph"></p>By default, a session stay 10 minutes in the
local storage, so in the worth case, a user is authorized 10 minutes after
he lost his rights.
"HAuthentication">Authentication</span></h4>If a user isn't authenticated
and attemps to connect to an area protected by a Lemonldap::NG compatible
handler, he is redirected to a portal. The portal authenticates user with
a ldap bind by default, but you can also use another authentication sheme
like using x509 user certificates (see Lemonldap::NG::Portal::AuthSSL(3)
for more). Lemonldap use session cookies generated by Apache::Session so
as secure as a 128-bit random cookie. You may use the securedCookie
options to avoid session hijacking. You have to manage life of sessions by
yourself since Lemonldap::NG knows nothing about the L module you've
choosed, but it's very easy using a simple cron script because
Lemonldap::NG::Portal stores the start time in the _utime field. By
default, a session stay 10 minutes in the local storage, so in the worth
case, a user is authorized 10 minutes after he lost his rights.
<h4 class="heading-1-1-1"><span id=
"HAuthorization">Authorization</span></h4>
<p class="paragraph"></p>Authorization is controled only by handlers
because the portal knows nothing about the way the user will choose. When
configuring your Web-SSO, you have to:
"HAuthorization">Authorization</span></h4>Authorization is controled only
by handlers because the portal knows nothing about the way the user will
choose. When configuring your Web-SSO, you have to:
<ul class="star">
<li>choose the ldap attributes you want to use to manage accounting and
@ -304,21 +279,15 @@ group1 =&gt; { $departmentUID eq <span class=
^/(js|css) =&gt; accept
<span class="java-keyword">default</span> =&gt; deny
</pre>
</div>
<p class="paragraph"></p>Note: \b means start or end of a word in PCRE
(Perl Compatible Regular Expressions)
</div>Note: \b means start or end of a word in PCRE (Perl Compatible
Regular Expressions)
<h5 class="heading-1-1-1-1"><span id=
"HPerformance">Performance</span></h5>
<p class="paragraph"></p>You can use Perl expressions as complicated as
you want and you can use all the exported LDAP attributes (and create your
own attributes: with 'macros' mechanism) in groups evaluations, area
protections or custom HTTP headers (you just have to call them with a
"$").
<p class="paragraph"></p>ou have to be careful when choosing your
"HPerformance">Performance</span></h5>You can use Perl expressions as
complicated as you want and you can use all the exported LDAP attributes
(and create your own attributes: with 'macros' mechanism) in groups
evaluations, area protections or custom HTTP headers (you just have to
call them with a "$"). ou have to be careful when choosing your
expressions:
<ul class="star">
@ -335,10 +304,9 @@ group1 =&gt; { $departmentUID eq <span class=
^/<span class=
"java-keyword">protected</span>/.*$ =&gt; $groups =~ /\bgroup1\b/
</pre>
</div><br />
<br />
You can also use LDAP filters, or Perl expression or mixed expressions in
groups definitions. Perl expressions has to be enclosed with {} :
</div>You can also use LDAP filters, or Perl expression or mixed
expressions in groups definitions. Perl expressions has to be enclosed
with {} :
<div class="code">
<pre>
@ -349,36 +317,27 @@ group1 =&gt; {$uid eq <span class=
group1 =&gt; (|(uid=xavier.guimard){$ou eq <span class=
"java-quote">"unit1"</span>})
</pre>
</div>
<p class="paragraph"></p>It is also recommanded to use Perl expressions to
avoid requiering the LDAP server more than 2 times per authentication.
</div>It is also recommanded to use Perl expressions to avoid requiering
the LDAP server more than 2 times per authentication.
<h4 class="heading-1-1-1"><span id="HAccounting">Accounting</span></h4>
<h5 class="heading-1-1-1-1"><span id="HLoggingportalaccess">Logging portal
access</span></h5>
<p class="paragraph"></p>Lemonldap::NG::Portal doesn't log anything by
default, but it's easy to overload log method for normal portal access.
access</span></h5>Lemonldap::NG::Portal doesn't log anything by default,
but it's easy to overload log method for normal portal access.
<h5 class="heading-1-1-1-1"><span id="HLoggingapplicationaccess">Logging
application access</span></h5>
<p class="paragraph"></p>Because a Web-SSO knows nothing about the
application access</span></h5>Because a Web-SSO knows nothing about the
protected application, it can't do more than logging URL. As Apache does
this fine, Lemonldap::NG::Handler(3) gives it the name to used in logs.
The whatToTrace parameter indicates which variable Apache has to use ($uid
by default).
<p class="paragraph"></p>The real accounting has to be done by the
application itself which knows the result of SQL transaction for example.
<p class="paragraph"></p>Lemonldap::NG can export HTTP headers either
using a proxy or protecting directly the application. By default, the
Auth-User field is used but you can change it using the exportedHeaders
parameters (in the Manager, each virtual host as custom headers branch).
This parameters contains an associative array per virtual host :
by default). The real accounting has to be done by the application itself
which knows the result of SQL transaction for example. Lemonldap::NG can
export HTTP headers either using a proxy or protecting directly the
application. By default, the Auth-User field is used but you can change it
using the exportedHeaders parameters (in the Manager, each virtual host as
custom headers branch). This parameters contains an associative array per
virtual host :
<ul class="star">
<li>keys are the names of the choosen headers,</li>
@ -411,9 +370,8 @@ Remote-IP =&gt; $ip
</pre>
</div>
<h3 class="heading-1-1"><span id="HInstallation">Installation</span></h3>
<p class="paragraph"></p>Warnings :
<h3 class="heading-1-1"><span id=
"HInstallation">Installation</span></h3>Warnings :
<ul class="star">
<li>Lemonldap::NG is a different project than Lemonldap and contains all
@ -427,15 +385,12 @@ Remote-IP =&gt; $ip
<li>Lemonldap::NG configuration has to be edited using the manager
unless you know exactly what you are doing. The parameters discussed
below are all in the configuration tree.</li>
</ul>See <span class="wikilink"><a href=
"advanced-install.html">installation manuel</a></span> for a complete
installation documentation.
</ul>See <span class="wikilink"><a href="3-Table-of-contents.html">the
full documentation page</a></span> for a complete installation procedure.
<h3 class="heading-1-1"><span id="HSessionstoragesystem">Session storage
system</span></h3>
<p class="paragraph"></p>Lemonldap::NG use 3 levels of cache for
authenticated users :
system</span></h3>Lemonldap::NG use 3 levels of cache for authenticated
users :
<ul class="star">
<li>an Apache::Session::* module used by lemonldap::NG::Portal to store
@ -450,22 +405,16 @@ Remote-IP =&gt; $ip
refuse access. This is very efficient with HTTP/1.1 Keep-Alive
system.</li>
</ul>So the number of request to the central storage is limited to 1 per
active user each 10 minutes.
active user each 10 minutes. Lemonldap::NG is very fast, but you can
increase performance using a Cache::Cache module that does not use disk
access.
<p class="paragraph"></p>Lemonldap::NG is very fast, but you can increase
performance using a Cache::Cache module that does not use disk access.
<h3 class="heading-1-1"><span id="HAuthor">Author</span></h3>
<p class="paragraph"></p>Xavier Guimard, &lt;x.guimard@free.fr&gt;
<h3 class="heading-1-1"><span id="HAuthor">Author</span></h3>Xavier
Guimard, &lt;x.guimard@free.fr&gt;
<h3 class="heading-1-1"><span id="HCopyrightandlicence">Copyright and
licence</span></h3>
<p class="paragraph"></p>Copyright &copy; 2005-2007 by Xavier Guimard
&lt;x.guimard@free.fr&gt;
<p class="paragraph"></p>This library is free software; you can
licence</span></h3>Copyright &copy; 2005-2007 by Xavier Guimard
&lt;x.guimard@free.fr&gt; This library is free software; you can
redistribute it and/or modify it under the same terms as Perl itself,
either Perl version 5.8.4 or, at your option, any later version of Perl 5
you may have available.

16
build/lemonldap-ng/doc/faq-fr.html → build/lemonldap-ng/doc/2-FAQ-fr.html
View File

@ -7,7 +7,7 @@
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: faq-fr.html</title>
<title>Lemonldap::NG documentation: 2-FAQ-fr.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
@ -191,7 +191,7 @@
l'annuaire LDAP. Celle-ci peut alors g&eacute;rer la
tra&ccedil;abilit&eacute; des acc&egrave;s et &eacute;ventuellement des
droits d'acc&egrave;s (voir la <span class="wikiexternallink"><a href=
"http://wiki.lemonldap.objectweb.orgoverview-fr.html#HMC3A9canismesd27authentification2Cd27autorisationetdetraC3A7abilitC3A9">
"http://wiki.lemonldap.objectweb.org1-Overview-fr.html#HMC3A9canismesd27authentification2Cd27autorisationetdetraC3A7abilitC3A9">
documentation AAA</a></span>).</li>
<li>Lemonldap::NG n'impose aucune modification de l'annuaire : les
@ -251,8 +251,9 @@
par une simple connexion HTTP(S). Le serveur SOAP acc&egrave;de lui
&agrave; la configuration par un des syst&egrave;mes
pr&eacute;c&eacute;dents (File ou DBI). Pour plus d'informations, voir
la page <span class="wikilink"><a href="soap-fr.html">Utilisation des
Web Services</a></span>.</li>
la page <span class="wikilink"><a href=
"4.3-Configure-SOAP-fr.html">Utilisation des Web
Services</a></span>.</li>
</ul>
<h4 class="heading-1-1-1"><span id=
@ -518,8 +519,9 @@ my $portal = Lemonldap::NG::Portal::SharedConf-&gt;new(
l'utilisateur d'utiliser la f&eacute;d&eacute;ration d'identit&eacute;s
Liberty Alliance en permettant &agrave; celui-ci de s'authentifier sur
un fournisseur d'identit&eacute;s. Plus d'informations sur la page
<span class="wikilink"><a href="/xwiki/bin/view/NG/DocLA">Utilisation de
Liberty Alliance</a></span>.</li>
<span class="wikilink"><a href=
"4.3-Configure-Liberty-Alliance-fr.html">Utilisation de Liberty
Alliance</a></span>.</li>
</ul>
<h3 class="heading-1-1"><span id=
@ -532,7 +534,7 @@ my $portal = Lemonldap::NG::Portal::SharedConf-&gt;new(
en adaptant le param&egrave;tre LogLevel d'Apache.
<p class="paragraph"></p>La page <span class="wikilink"><a href=
"errors-fr.html">Erreurs</a></span> r&eacute;f&eacute;rence ces messages
"6-Errors-fr.html">Erreurs</a></span> r&eacute;f&eacute;rence ces messages
d'erreur et de d&eacute;bogage.
</div>

6
build/lemonldap-ng/doc/faq.html → build/lemonldap-ng/doc/2-FAQ.html
View File

@ -7,7 +7,7 @@
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: faq.html</title>
<title>Lemonldap::NG documentation: 2-FAQ.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
@ -175,7 +175,7 @@
atributes to the remote application. The remote application can then
manage the traceability of the access and possibly authorization (see to
it <span class="wikiexternallink"><a href=
"http://wiki.lemonldap.objectweb.orgoverview.html#HAuthentication2CAuthorizationandAccountingmechanisms">
"http://wiki.lemonldap.objectweb.org1-Overview.html#HAuthentication2CAuthorizationandAccountingmechanisms">
documentation AAA</a></span>).</li>
<li>Lemonldap::NG can publish every LDAP attributes or calculated
@ -450,7 +450,7 @@ my $portal = Lemonldap::NG::Portal::SharedConf-&gt;new(
setting LogLevel parameter in Apache configuration file.
<p class="paragraph"></p>Those messages are described <span class=
"wikilink"><a href="errors.html">here</a></span>.
"wikilink"><a href="6-Errors.html">here</a></span>.
</div>
<p class="footer"><a href="index.html">Index</a></p>

333
build/lemonldap-ng/doc/3-Table-of-contents-fr.html Normal file
View File

@ -0,0 +1,333 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: 3-Table-of-contents-fr.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id=
"HDocumentationdeLemonLDAP3A3ANG">Documentation de
LemonLDAP::NG</span></h2>
<p class="paragraph"></p>
<ul>
<li><a href="#HInstallation">Installation</a></li>
<li>
<a href="#HConfiguration">Configuration</a>
<ul>
<li><a href="#HGC3A9nC3A9ral">G&eacute;n&eacute;ral</a></li>
<li><a href="#HLDAP">LDAP</a></li>
<li><a href="#HFonctionnalitC3A9sC3A9tendues">Fonctionnalit&eacute;s
&eacute;tendues</a></li>
</ul>
</li>
<li>
<a href="#HProtectiondesapplications">Protection des applications</a>
<ul>
<li><a href="#HApplicationsexistantes">Applications
existantes</a></li>
<li><a href="#HConnecteurs">Connecteurs</a></li>
<li><a href="#HApplications22maison22">Applications
"maison"</a></li>
</ul>
</li>
<li>
<a href="#HAutres">Autres</a>
<ul>
<li><a href="#HFAQ">FAQ</a></li>
<li><a href="#HErreurs">Erreurs</a></li>
<li><a href="#HFormations">Formations</a></li>
</ul>
</li>
</ul><strong class="strong">Documentation applicable pour LemonLDAP::NG
&gt;= 0.9</strong>
<p class="paragraph"></p><strong class="strong">Merci de lire <span class=
"wikilink"><a href="2-FAQ-fr.html">FAQ</a></span> en premier</strong>
<h3 class="heading-1-1"><span id=
"HInstallation">Installation</span></h3><img src=
"out_of_the_box_nicu_bucu_01.png" alt="out_of_the_box_nicu_bucu_01.png" />
<ul class="star">
<li><span class="wikilink"><a href=
"3.1-Install-prerequesites.html">Pr&eacute;requis et
d&eacute;pendances</a></span> (en)</li>
<li><span class="wikilink"><a href=
"3.2-Install-from-tarball.html">Installation depuis l'archive</a></span>
(en)</li>
<li><span class="wikilink"><a href=
"3.3-Install-from-debian-packages.html">Installation sous Debian/Ubuntu
&agrave; partir des paquets</a></span> (en)</li>
<li><span class="wikilink"><a href=
"3.4-Install-of-MySQL-storage.html">Utilisation de MySQL pour le
stockage des sessions et/ou de la configuration</a></span> (en)</li>
<li><span class="wikilink"><a href=
"3.5-Install-of-example-fr.html">Installation l'exemple
fourni</a></span></li>
</ul>
<h3 class="heading-1-1"><span id=
"HConfiguration">Configuration</span></h3><img src=
"tools_nicu_buculei_01.png" alt="tools_nicu_buculei_01.png" />
<h4 class="heading-1-1-1"><span id=
"HGC3A9nC3A9ral">G&eacute;n&eacute;ral</span></h4>
<ul class="star">
<li><span class="wikilink"><a href=
"4.1-Configuration-overview.html">Vision globale de la
configuration</a></span> (en)</li>
<li><span class="wikilink"><a href=
"4.1-Configuration-parameter-list.html">Liste des param&egrave;tres de
configuration</a></span> (en)</li>
<li><span class="wikilink"><a href="4.1-Configure-portal-menu.html">Menu
du portail</a></span> (en)</li>
<li><span class="wikilink"><a href=
"4.1-HTML-templates-customization.html">Personnalisation des canevas
HTML pour le portail</a></span> (en)</li>
<li><span class="wikilink"><a href="4.1-RBAC-model.html">Mod&egrave;le
RBAC</a></span> (en)</li>
</ul>
<h4 class="heading-1-1-1"><span id="HLDAP">LDAP</span></h4>
<ul class="star">
<li><span class="wikilink"><a href=
"4.2-Configure-password-policy.html">Utilisation de la politique des
mots de passe</a></span> (en)</li>
<li><span class="wikilink"><a href=
"/xwiki/bin/view/NG/SpecLDAPSchema">Extension du sch&eacute;ma
LDAP</a></span> (en)</li>
</ul>
<h4 class="heading-1-1-1"><span id=
"HFonctionnalitC3A9sC3A9tendues">Fonctionnalit&eacute;s
&eacute;tendues</span></h4>
<ul class="star">
<li><span class="wikilink"><a href=
"4.3-Configure-SOAP-fr.html">Utilisation des Web Services (modules
SOAP)</a></span> (fr)</li>
<li><span class="wikilink"><a href=
"4.3-Configure-Liberty-Alliance-fr.html">Utilisation de Liberty Alliance
pour la f&eacute;d&eacute;ration d'identit&eacute;s (projet
FederID)</a></span> (fr)</li>
</ul>
<h3 class="heading-1-1"><span id="HProtectiondesapplications">Protection
des applications</span></h3><img src="padlock_aj_ashton_01.png" alt=
"padlock_aj_ashton_01.png" />
<h4 class="heading-1-1-1"><span id="HApplicationsexistantes">Applications
existantes</span></h4>
<p class="paragraph"></p>
<table class="wiki-table" cellpadding="0" cellspacing="0" border="0">
<tr>
<th>Application</th>
<th>Description</th>
</tr>
<tr class="table-odd">
<td><strong class="strong">Dokuwiki</strong><br />
<img src="dokuwiki_logo.png" alt="dokuwiki_logo.png" /></td>
<td>Dokuwiki est un moteur de wiki en PHP<br />
<br />
<span class="wikilink"><a href=
"5-Appli-Dokuwiki.html">Proc&eacute;dure SSO</a></span> (en)<br />
<span class="wikiexternallink"><a href="http://www.dokuwiki.org">Site
web officiel</a></span></td>
</tr>
<tr class="table-even">
<td><strong class="strong">Gestion et de R&eacute;servations de
Ressources</strong><br />
<img src="NG/Documentation/grr_logo.png" alt="grr_logo.png" /></td>
<td>GRR permet de g&eacute;rer la r&eacute;servation de
ressources<br />
<br />
<span class="wikilink"><a href=
"/xwiki/bin/view/NG/DocAppGRR">Proc&eacute;dure SSO</a></span>
(fr)<br />
<span class="wikiexternallink"><a href=
"http://grr.mutualibre.org/">Site web officiel</a></span></td>
</tr>
<tr class="table-odd">
<td><strong class="strong">GLPI</strong><br />
<img src="/xwiki/bin/download/NG/Documentation/glpi_logo.png" alt=
"glpi_logo.png" /></td>
<td>GLPI est outil de gestion de parc<br />
<br />
<span class="wikilink"><a href=
"/xwiki/bin/view/NG/DocAppGLPI">Proc&eacute;dure SSO</a></span>
(en)<br />
<span class="wikiexternallink"><a href="http://glpi-project.org">Site
web officiel</a></span></td>
</tr>
<tr class="table-even">
<td><strong class="strong">phpLDAPadmin</strong><br />
<img src="/xwiki/bin/download/NG/Documentation/phpldapadmin_logo.png"
alt="phpldapadmin_logo.png" /></td>
<td>Interface web de gestion d'annuaire LDAP<br />
<br />
<span class="wikilink"><a href=
"5-Appli-phpLDAPadmin.html">Proc&eacute;dure SSO</a></span> (en)<br />
<span class="wikiexternallink"><a href=
"http://phpldapadmin.sourceforge.net">Site web
officiel</a></span></td>
</tr>
<tr class="table-odd">
<td><strong class="strong">Sympa</strong><br />
<img src="/xwiki/bin/download/NG/Documentation/sympa_logo.png" alt=
"sympa_logo.png" /></td>
<td>Gestionnaire de listes de diffusion<br />
<br />
<span class="wikilink"><a href="5-Appli-Sympa.html">Proc&eacute;dure
SSO</a></span> (en)<br />
<span class="wikiexternallink"><a href="http://www.sympa.org/">Site
web officiel</a></span></td>
</tr>
</table>
<h4 class="heading-1-1-1"><span id="HConnecteurs">Connecteurs</span></h4>
<p class="paragraph"></p>
<table class="wiki-table" cellpadding="0" cellspacing="0" border="0">
<tr>
<th>Application</th>
<th>Description</th>
</tr>
<tr class="table-odd">
<td><strong class="strong">Tomcat</strong><br />
<img src="tomcat_logo.png" alt="tomcat_logo.png" /></td>
<td>Tomcat est un conteneur de servlets J2EE. Il utilise des valves
pour certaines fonctionnalit&eacute;s, comme l'int&eacute;gration au
SSO.<br />
<br />
<span class="wikilink"><a href=
"5-Appli-Tomcat-Valve.html">Proc&eacute;dure SSO</a></span> (en)<br />
<span class="wikiexternallink"><a href=
"http://tomcat.apache.org/">Site web officiel</a></span></td>
</tr>
</table>
<h4 class="heading-1-1-1"><span id="HApplications22maison22">Applications
"maison"</span></h4>
<ul class="star">
<li>Comment modifier mon application?</li>
</ul>
<h3 class="heading-1-1"><span id="HAutres">Autres</span></h3><img src=
"tux_clemente_01.png" alt="tux_clemente_01.png" />
<h4 class="heading-1-1-1"><span id="HFAQ">FAQ</span></h4>
<p class="paragraph"></p>Voir la page <span class="wikilink"><a href=
"2-FAQ-fr.html">FAQ</a></span>.
<h4 class="heading-1-1-1"><span id="HErreurs">Erreurs</span></h4>
<p class="paragraph"></p>Voir la page <span class="wikilink"><a href=
"6-Errors-fr.html">erreurs</a></span>.
<h4 class="heading-1-1-1"><span id="HFormations">Formations</span></h4>
<ul class="star">
<li><span class="wikiexternallink"><a href=
"http://www.linagora.org/article166.html">Le WebSSO LemonLDAP::NG
(LINAGORA)</a></span> (fr)</li>
</ul>
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>

318
build/lemonldap-ng/doc/3-Table-of-contents.html Normal file
View File

@ -0,0 +1,318 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: 3-Table-of-contents.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id=
"HLemonldap3A3ANGDocumentation">Lemonldap::NG Documentation</span></h2>
<p class="paragraph"></p>
<ul>
<li><a href="#HInstallation">Installation</a></li>
<li>
<a href="#HConfiguration">Configuration</a>
<ul>
<li><a href="#HGeneral">General</a></li>
<li><a href="#HLDAP">LDAP</a></li>
<li><a href="#HExtendedfeatures">Extended features</a></li>
</ul>
</li>
<li>
<a href="#HApplicationprotection">Application protection</a>
<ul>
<li><a href="#HExistingapplications">Existing applications</a></li>
<li><a href="#HConnectors">Connectors</a></li>
<li><a href="#HSelfmade">Self-made</a></li>
</ul>
</li>
<li>
<a href="#HOthers">Others</a>
<ul>
<li><a href="#HFAQ">FAQ</a></li>
<li><a href="#HErrors">Errors</a></li>
<li><a href="#HTraining">Training</a></li>
</ul>
</li>
</ul><strong class="strong">Documentation applicable for LemonLDAP::NG
&gt;= 0.9</strong>
<p class="paragraph"></p><strong class="strong">Please read the
<span class="wikilink"><a href="2-FAQ.html">FAQ</a></span> first</strong>
<h3 class="heading-1-1"><span id=
"HInstallation">Installation</span></h3><img src=
"out_of_the_box_nicu_bucu_01.png" alt="out_of_the_box_nicu_bucu_01.png" />
<ul class="star">
<li><span class="wikilink"><a href=
"3.1-Install-prerequesites.html">Prerequisites and
dependencies</a></span> (en)</li>
<li><span class="wikilink"><a href=
"3.2-Install-from-tarball.html">Installation from the tarball</a></span>
(en)</li>
<li><span class="wikilink"><a href=
"3.3-Install-from-debian-packages.html">Installation on Debian/Ubuntu
with packages</a></span> (en)</li>
<li><span class="wikilink"><a href=
"3.4-Install-of-MySQL-storage.html">Use of MySQL for sessions and/or
configuration storage</a></span> (en)</li>
<li><span class="wikilink"><a href=
"3.5-Install-of-example.html">Provided example
installation</a></span></li>
</ul>
<h3 class="heading-1-1"><span id=
"HConfiguration">Configuration</span></h3><img src=
"tools_nicu_buculei_01.png" alt="tools_nicu_buculei_01.png" />
<h4 class="heading-1-1-1"><span id="HGeneral">General</span></h4>
<ul class="star">
<li><span class="wikilink"><a href=
"4.1-Configuration-overview.html">Configuration overview</a></span>
(en)</li>
<li><span class="wikilink"><a href=
"4.1-Configuration-parameter-list.html">Configuration parameters
list</a></span> (en)</li>
<li><span class="wikilink"><a href=
"4.1-Configure-portal-menu.html">Portal menu</a></span> (en)</li>
<li><span class="wikilink"><a href=
"4.1-HTML-templates-customization.html">HTML templates
customization</a></span> (en)</li>
<li><span class="wikilink"><a href="4.1-RBAC-model.html">RBAC
model</a></span> (en)</li>
</ul>
<h4 class="heading-1-1-1"><span id="HLDAP">LDAP</span></h4>
<ul class="star">
<li><span class="wikilink"><a href=
"4.2-Configure-password-policy.html">Password Policy</a></span>
(en)</li>
<li><span class="wikilink"><a href="4.2-Configure-LDAP-schema.html">LDAP
schema extension</a></span> (en)</li>
</ul>
<h4 class="heading-1-1-1"><span id="HExtendedfeatures">Extended
features</span></h4>
<ul class="star">
<li><span class="wikilink"><a href="4.3-Configure-SOAP-fr.html">Web
Services (SOAP)</a></span> (fr)</li>
<li><span class="wikilink"><a href=
"4.3-Configure-Liberty-Alliance-fr.html">Liberty Alliance (FederID
project)</a></span> (fr)</li>
</ul>
<h3 class="heading-1-1"><span id="HApplicationprotection">Application
protection</span></h3><img src="padlock_aj_ashton_01.png" alt=
"padlock_aj_ashton_01.png" />
<h4 class="heading-1-1-1"><span id="HExistingapplications">Existing
applications</span></h4>
<p class="paragraph"></p>
<table class="wiki-table" cellpadding="0" cellspacing="0" border="0">
<tr>
<th>Application</th>
<th>Description</th>
</tr>
<tr class="table-odd">
<td><strong class="strong">Dokuwiki</strong><br />
<img src="dokuwiki_logo.png" alt="dokuwiki_logo.png" /></td>
<td>Dokuwiki is a popular PHP wiki Engine<br />
<br />
<span class="wikilink"><a href="5-Appli-Dokuwiki.html">SSO
procedure</a></span> (en)<br />
<span class="wikiexternallink"><a href=
"http://www.dokuwiki.org">Official website</a></span></td>
</tr>
<tr class="table-even">
<td><strong class="strong">Gestion et de R&eacute;servations de
Ressources</strong><br />
<img src="NG/Documentation/grr_logo.png" alt="grr_logo.png" /></td>
<td>GRR is a system to manage ressources booking<br />
<br />
<span class="wikilink"><a href="/xwiki/bin/view/NG/DocAppGRR">SSO
procedure</a></span> (fr)<br />
<span class="wikiexternallink"><a href=
"http://grr.mutualibre.org/">Official website</a></span></td>
</tr>
<tr class="table-odd">
<td><strong class="strong">GLPI</strong><br />
<img src="/xwiki/bin/download/NG/Documentation/glpi_logo.png" alt=
"glpi_logo.png" /></td>
<td>GLPI is an IT and asset management software<br />
<br />
<span class="wikilink"><a href="/xwiki/bin/view/NG/DocAppGLPI">SSO
procedure</a></span> (en)<br />
<span class="wikiexternallink"><a href=
"http://glpi-project.org">Official website</a></span></td>
</tr>
<tr class="table-even">
<td><strong class="strong">phpLDAPadmin</strong><br />
<img src="/xwiki/bin/download/NG/Documentation/phpldapadmin_logo.png"
alt="phpldapadmin_logo.png" /></td>
<td>Web interface to manage LDAP directory<br />
<br />
<span class="wikilink"><a href="5-Appli-phpLDAPadmin.html">SSO
procedure</a></span> (en)<br />
<span class="wikiexternallink"><a href=
"http://phpldapadmin.sourceforge.net">Official website</a></span></td>
</tr>
<tr class="table-odd">
<td><strong class="strong">Sympa</strong><br />
<img src="/xwiki/bin/download/NG/Documentation/sympa_logo.png" alt=
"sympa_logo.png" /></td>
<td>Mailing lists manager<br />
<br />
<span class="wikilink"><a href="5-Appli-Sympa.html">SSO
procedure</a></span> (en)<br />
<span class="wikiexternallink"><a href=
"http://www.sympa.org/">Official website</a></span></td>
</tr>
</table>
<h4 class="heading-1-1-1"><span id="HConnectors">Connectors</span></h4>
<p class="paragraph"></p>
<table class="wiki-table" cellpadding="0" cellspacing="0" border="0">
<tr>
<th>Application</th>
<th>Description</th>
</tr>
<tr class="table-odd">
<td><strong class="strong">Tomcat</strong><br />
<img src="tomcat_logo.png" alt="tomcat_logo.png" /></td>
<td>Tomcat is a J2EE servlet container. It uses Valve to use extra
functionnalities, like SSO integration.<br />
<br />
<span class="wikilink"><a href="5-Appli-Tomcat-Valve.html">SSO
procedure</a></span> (en)<br />
<span class="wikiexternallink"><a href=
"http://tomcat.apache.org/">Official website</a></span></td>
</tr>
</table>
<h4 class="heading-1-1-1"><span id="HSelfmade">Self-made</span></h4>
<ul class="star">
<li>How to modify my application?</li>
</ul>
<h3 class="heading-1-1"><span id="HOthers">Others</span></h3><img src=
"tux_clemente_01.png" alt="tux_clemente_01.png" />
<h4 class="heading-1-1-1"><span id="HFAQ">FAQ</span></h4>
<p class="paragraph"></p>See <span class="wikilink"><a href=
"2-FAQ.html">FAQ</a></span> page.
<h4 class="heading-1-1-1"><span id="HErrors">Errors</span></h4>
<p class="paragraph"></p>See <span class="wikilink"><a href=
"6-Errors.html">errors</a></span> page.
<h4 class="heading-1-1-1"><span id="HTraining">Training</span></h4>
<ul class="star">
<li><span class="wikiexternallink"><a href=
"http://www.linagora.org/article166.html">The WebSSO LemonLDAP::NG
(LINAGORA)</a></span> (fr)</li>
</ul>
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>

132
build/lemonldap-ng/doc/3.1-Install-prerequesites.html Normal file
View File

@ -0,0 +1,132 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: 3.1-Install-prerequesites.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id=
"HPrerequisitesanddependencies">Prerequisites and dependencies</span></h2>
<p class="paragraph"></p>
<ul>
<li><a href="#HApache">Apache</a></li>
<li>
<a href="#HPerl">Perl</a>
<ul>
<li><a href="#HNeededforallmodules">Needed for all modules</a></li>
<li><a href="#HNeededforPortal">Needed for Portal</a></li>
<li><a href="#HNeededforHandler">Needed for Handler</a></li>
<li><a href="#HNeededforManager">Needed for Manager</a></li>
</ul>
</li>
</ul>
<h3 class="heading-1-1"><span id="HApache">Apache</span></h3>
<p class="paragraph"></p>To use Lemonldap::NG, you have to run a LDAP
server and of course an Apache server compiled with mod-perl (version 1.3
or 2.x). Generaly, the version of Apache proposed with your Linux
distribution match, but some distributions used an experimental version of
mod_perl with Apache2 (mod_perl-1.99) which does not work with
Lemonldap::NG. With such distributions (like Debian-3.1), you have to use
Apache-1.3 or to use a mod_perl backport (www.backports.org package for
Debian works fine).
<p class="paragraph"></p>For Apache2, you can use both mpm-worker and
mpm-prefork. Mpm-worker works faster and Lemonldap::NG use the thread
system for best performance. If you have to use mpm-prefork (for example
if you use PHP), Lemonldap::NG will work anyway.
<p class="paragraph"></p>You can use Lemonldap::NG in an heterogene world:
the authentication portal and the manager can work in any version of
Apache 1.3 or more even if mod_perl is not compiled, with
ModPerl::Registry or not&hellip; Only the handler (site protector) need
mod_perl. The different handlers can run on different servers with
different versions of Apache/mod_perl.
<h3 class="heading-1-1"><span id="HPerl">Perl</span></h3>
<h4 class="heading-1-1-1"><span id="HNeededforallmodules">Needed for all
modules</span></h4>
<p class="paragraph"></p>Apache::Session, Net::LDAP, MIME::Base64, CGI,
LWP::UserAgent, Cache::Cache, DBI, XML::Simple
<h4 class="heading-1-1-1"><span id="HNeededforPortal">Needed for
Portal</span></h4>
<p class="paragraph"></p>Apache::Session, Net::LDAP, MIME::Base64, CGI,
DBI
<h4 class="heading-1-1-1"><span id="HNeededforHandler">Needed for
Handler</span></h4>
<p class="paragraph"></p>Apache::Session, LWP::UserAgent, Cache::Cache,
DBI
<h4 class="heading-1-1-1"><span id="HNeededforManager">Needed for
Manager</span></h4>
<p class="paragraph"></p>CGI, XML::Simple, DBI
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>

161
build/lemonldap-ng/doc/3.2-Install-from-tarball.html Normal file
View File

@ -0,0 +1,161 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: 3.2-Install-from-tarball.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HInstallationfromthetarball">Installation
from the tarball</span></h2>
<p class="paragraph"></p>
<ul>
<li><a href="#HGetthetarball">Get the tarball</a></li>
<li><a href="#HBuildthetarballfromSVN">Build the tarball from
SVN</a></li>
<li><a href="#HExtraction">Extraction</a></li>
<li><a href="#HInstallation">Installation</a></li>
</ul>
<h3 class="heading-1-1"><span id="HGetthetarball">Get the
tarball</span></h3>
<p class="paragraph"></p>All tarballs can be downloaded from the OW2
forge: <span class="nobr"><a href=
"http://forge.objectweb.org/project/showfiles.php?group_id=274">http://forge.objectweb.org/project/showfiles.php?group_id=274</a></span>
<p class="paragraph"></p>If you want the last SVN snapshot, please choose:
<span class="nobr"><a href=
"http://forge.objectweb.org/svnsnapshots/lemonldap-svn-latest.tar.gz">http://forge.objectweb.org/svnsnapshots/lemonldap-svn-latest.tar.gz</a></span>
<p class="paragraph"></p><strong class="strong">Warning</strong>: the
contents of the SVN tarball are not the same as the official tarballs.
Please see the next chapter to learn how build an official tarball from
SVN files.
<h3 class="heading-1-1"><span id="HBuildthetarballfromSVN">Build the
tarball from SVN</span></h3>
<p class="paragraph"></p>Either <span class="wikiexternallink"><a href=
"http://forge.objectweb.org/plugins/scmsvn/index.php?group_id=274">checkout
or export the SVN repository</a></span>, or <span class=
"wikiexternallink"><a href=
"http://forge.objectweb.org/svnsnapshots/lemonldap-svn-latest.tar.gz">extract
the SVN tarball</a></span> to get the SVN files on your disk.
<p class="paragraph"></p>Then go to build directory:
<div class="code">
<pre>
$ cd trunk/build/lemonldap-ng
</pre>
</div><br />
<br />
And run the "dist" target:
<div class="code">
<pre>
$ make dist
</pre>
</div><br />
<br />
The generated tarball is in the current directory.
<h3 class="heading-1-1"><span id=
"HExtraction">Extraction</span></h3><br />
<br />
Just run the tar command:
<div class="code">
<pre>
$ tar zxvf lemonldap-ng-*.tar.gz
</pre>
</div>
<h3 class="heading-1-1"><span id=
"HInstallation">Installation</span></h3><br />
<br />
First check and install the <span class="wikilink"><a href=
"3.1-Install-prerequesites.html">prerequisites</a></span>.<br />
<br />
If you just want to install a handler or a portal or a manager:<br />
<br />
<div class="code">
<pre>
$ cd lemonldap-ng-*/Lemonldap-NG-(Portal|Handler|Manager|Common)
$ perl Makefile.PL &amp;&amp; make &amp;&amp; make test
$ sudo make install
</pre>
</div>
<p class="paragraph"></p>Else for full modules install:
<p class="paragraph"></p>
<div class="code">
<pre>
$ cd lemonldap-ng-*
$ make &amp;&amp; make test
$ sudo make install
</pre>
</div>
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>

55
build/lemonldap-ng/doc/debian-packages-install.html → build/lemonldap-ng/doc/3.3-Install-from-debian-packages.html
View File

@ -7,7 +7,8 @@
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: debian-packages-install.html</title>
<title>Lemonldap::NG documentation:
3.3-Install-from-debian-packages.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
@ -64,11 +65,13 @@
<ul>
<li><a href="#HGetthepackages">Get the packages</a></li>
<li><a href="#HInstallpackages28Debiantesting2Funstable29">Install
packages (Debian testing/unstable)</a></li>
<li><a href="#HBuildyourpackage">Build your package</a></li>
<li><a href="#HInstallpackages28Other29">Install packages
(Other)</a></li>
<li><a href="#HInstallpackageswithaptget">Install packages with
apt-get</a></li>
<li><a href="#HInstallpackageswithdpkg">Install packages with
dpkg</a></li>
<li><a href="#HFilelocation">File location</a></li>
</ul>
@ -107,9 +110,36 @@
</pre>
</div>
<h3 class="heading-1-1"><span id=
"HInstallpackages28Debiantesting2Funstable29">Install packages (Debian
testing/unstable)</span></h3><br />
<p class="paragraph"></p>Older versions are available on our OW2 Debian
repository:
<div class="code">
<pre>
deb <span class="nobr"><a href=
"http://lemonldap.objectweb.org/NG/debian">http://lemonldap.objectweb.org/NG/debian</a></span> testing/
deb-src <span class="nobr"><a href=
"http://lemonldap.objectweb.org/NG/debian">http://lemonldap.objectweb.org/NG/debian</a></span> testing/
</pre>
</div>
<h3 class="heading-1-1"><span id="HBuildyourpackage">Build your
package</span></h3>
<p class="paragraph"></p>You can also get the LemonLDAP::NG archive
(<span class="wikiexternallink"><a href=
"http://forge.objectweb.org/project/showfiles.php?group_id=274">see
dowload section</a></span>) and make the package yourself:
<div class="code">
<pre>
$ tar xzf lemonldap-ng-*.tar.gz
$ cd lemonldap-ng-*
$ debuild
</pre>
</div>
<h3 class="heading-1-1"><span id="HInstallpackageswithaptget">Install
packages with apt-get</span></h3><br />
<br />
<div class="code">
@ -118,14 +148,15 @@
</pre>
</div>
<h3 class="heading-1-1"><span id="HInstallpackages28Other29">Install
packages (Other)</span></h3><br />
<h3 class="heading-1-1"><span id="HInstallpackageswithdpkg">Install
packages with dpkg</span></h3><br />
<br />
Before installing the packages, install dependencies:
Before installing the packages, install <span class="wikilink"><a href=
"3.1-Install-prerequesites.html">dependencies</a></span> with apt-get:
<div class="code">
<pre>
# apt-get install apache2 libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl libsoap-lite-perl libhtml-template-perl
# apt-get install apache2 libapache2-mod-perl2 libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl libsoap-lite-perl libhtml-template-perl
</pre>
</div><br />
<br />

246
build/lemonldap-ng/doc/3.4-Install-of-MySQL-storage.html Normal file
View File

@ -0,0 +1,246 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation:
3.4-Install-of-MySQL-storage.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id=
"HUseofMySQLforsessionsand2Forconfigurationstorage">Use of MySQL for
sessions and/or configuration storage</span></h2>
<p class="paragraph"></p>
<ul>
<li>
<a href="#HMySQLconfiguration">MySQL configuration</a>
<ul>
<li><a href="#HDatabasecreation">Database creation</a></li>
<li><a href="#HConfigurationtable">Configuration table</a></li>
<li><a href="#HSessiontable">Session table</a></li>
</ul>
</li>
<li>
<a href="#HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG
configuration</a>
<ul>
<li><a href="#HSetconfigStorageforLemonLDAP3A3ANGmodules">Set
configStorage for LemonLDAP::NG modules</a></li>
<li><a href="#HSetApache3A3ASessionbackend">Set Apache::Session
backend</a></li>
</ul>
</li>
</ul>
<h3 class="heading-1-1"><span id="HMySQLconfiguration">MySQL
configuration</span></h3>
<p class="paragraph"></p><strong class="strong">Remark</strong>: we advice
to create a specific user/password in MySQL for LemonLDAP::NG, with rights
on ist database.
<h4 class="heading-1-1-1"><span id="HDatabasecreation">Database
creation</span></h4><br />
<br />
For example, create the database "lemonldapng" :<br />
<br />
<div class="code">
<pre>
# mysqladmin create lemonldapng
</pre>
</div>
<h4 class="heading-1-1-1"><span id="HConfigurationtable">Configuration
table</span></h4><br />
<br />
To store configuration, use this table creation instruction:<br />
<br />
<div class="code">
<pre>
CREATE TABLE lmConfig (
cfgNum <span class="java-object">int</span> not <span class=
"java-keyword">null</span> primary key,
locationRules text,
exportedHeaders text,
globalStorage text,
globalStorageOptions text,
macros text,
groups text,
portal text,
domain text,
ldapServer text,
ldapPort <span class="java-object">int</span>,
ldapBase text,
securedCookie <span class="java-object">int</span>,
cookieName text,
authentication text,
exportedVars text,
managerDn text,
managerPassword text,
whatToTrace text,
timeout <span class="java-object">int</span>
);
</pre>
</div>
<h4 class="heading-1-1-1"><span id="HSessiontable">Session
table</span></h4>
<p class="paragraph"></p>The choice of Apache::Session::* module is free.
See Apache::Session::Store::* or Apache::Session::* to know how to
configure the module.
<p class="paragraph"></p>If you want to use Apache::Session::MySQL, you
can create the database like this:
<p class="paragraph"></p>
<div class="code">
<pre>
CREATE TABLE sessions (
id <span class="java-object">char</span>(32),
a_session text
);
</pre>
</div>
<h3 class="heading-1-1"><span id=
"HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG configuration</span></h3>
<h4 class="heading-1-1-1"><span id=
"HSetconfigStorageforLemonLDAP3A3ANGmodules">Set configStorage for
LemonLDAP::NG modules</span></h4>
<p class="paragraph"></p>By default, configStorage use the "File" backend,
like:
<div class="code">
<pre>
configStorage =&gt; {
type =&gt; <span class="java-quote">"File"</span>,
dirName =&gt; <span class="java-quote">"/etc/lemonldap-ng/conf/"</span>,
},
</pre>
</div>
<p class="paragraph"></p>You have to replace it with MySQL parameters, for
example:
<div class="code">
<pre>
configStorage =&gt; {
type =&gt; <span class="java-quote">"DBI"</span>,
dbiChain =&gt; <span class="java-quote">"dbi:mysql:..."</span>,
dbiUser =&gt; <span class="java-quote">"lemonldap"</span>,
dbiPassword =&gt; <span class="java-quote">"password"</span>,
dbiTable =&gt; <span class="java-quote">"lmConfig"</span>,
},
</pre>
</div>
<h4 class="heading-1-1-1"><span id="HSetApache3A3ASessionbackend">Set
Apache::Session backend</span></h4>
<p class="paragraph"></p>Go to the Manager and go in <strong class=
"strong">General Parameters &gt; Session Storage</strong>. Then change
<strong class="strong">Apache::Session module</strong> to
"Apache::Session::MySQL" and in <strong class="strong">Apache::Session
parameters</strong> configure the following options:
<ul class="star">
<li>DataSource (for example:
DBI:mysql:database=lemonldapng;host=127.0.0.1)</li>
<li>UserName</li>
<li>Password</li>
<li>TableName</li>
<li>LockDataSource</li>
<li>LockUserName</li>
<li>LockPassword</li>
</ul>You can also set the session module in perl scripts:
<div class="code">
<pre>
globalStorage =&gt; <span class="java-quote">"Apache::Session::MySQL"</span>,
globalStorageOptions =&gt; {
DataSource =&gt; <span class=
"java-quote">"dbi:mysql:database=lemonldapng;host=127.0.0.1"</span>,
UserName =&gt; <span class="java-quote">"db_user"</span>,
Password =&gt; <span class="java-quote">"db_password"</span>,
TableName =&gt; <span class="java-quote">"sessions"</span>,
LockDataSource =&gt; <span class=
"java-quote">"dbi:mysql:database=lemonldapng;host=127.0.0.1"</span>,
LockUserName =&gt; <span class="java-quote">"db_user"</span>,
LockPassword =&gt; <span class="java-quote">"db_password"</span>,
},
</pre>
</div>
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>

133
build/lemonldap-ng/doc/install-fr.html → build/lemonldap-ng/doc/3.5-Install-of-example-fr.html
View File

@ -7,7 +7,7 @@
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: install-fr.html</title>
<title>Lemonldap::NG documentation: 3.5-Install-of-example-fr.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
@ -55,133 +55,50 @@
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HINSTALLATIONDEL27EXEMPLE">INSTALLATION DE
L'EXEMPLE</span></h2>
<h2 class="heading-1"><span id="HInstallationdel27exemple">Installation de
l'exemple</span></h2>
<p class="paragraph"></p>
<ul>
<li>
<a href="#HPREREQUIS">PRE REQUIS</a>
<li><a href="#HDepuisl27archive">Depuis l'archive</a></li>
<ul>
<li><a href="#HLogiciels">Logiciels</a></li>
<li><a href="#HDepuislespaquetsDebian">Depuis les paquets
Debian</a></li>
<li><a href="#HModulesPerlrequis">Modules Perl requis</a></li>
</ul>
</li>
<li>
<a href="#HCOMPILATION">COMPILATION</a>
<ul>
<li><a href="#HInstallationcomplC3A8te">Installation
compl&egrave;te</a></li>
<li><a href="#HInstallationsurDebian">Installation sur
Debian</a></li>
</ul>
</li>
<li><a href="#HCONFIGURATIONDEL27EXEMPLE">CONFIGURATION DE
L'EXEMPLE</a></li>
<li><a href="#HConfiguration">Configuration</a></li>
</ul>L'exemple propos&eacute; utilise un site prot&eacute;g&eacute;
nomm&eacute; test.example.com. Les utilisateurs non-authentifi&eacute;s
sont redirig&eacute;s vers auth.example.com.
<h3 class="heading-1-1"><span id="HPREREQUIS">PRE REQUIS</span></h3>
<h3 class="heading-1-1"><span id="HDepuisl27archive">Depuis
l'archive</span></h3>
<h4 class="heading-1-1-1"><span id="HLogiciels">Logiciels</span></h4>
<p class="paragraph"></p>Pour utiliser Lemonldap::NG, vous devez disposer
d'un server LDAP et d'un server Apache compil&eacute; avec le module
mod-perl (version 1.3 ou 2.x). G&eacute;n&eacute;ralement, la version
d'Apache propos&eacute;e par votre distribution Linux est suffisante, mais
certaines distributions utilisent une version exp&eacute;rimentale de
mod_perl2 avec Apache2 (mod_perl-1.99) qui ne fonctionne pas avec
Lemonldap::NG. Avec de telles distributions (Debian-3.1 par exemple), vous
devez utiliser Apache-1.3 ou utiliser des backports mod_perl, CGI.pm et
CGI/Cookie.pm (les paquets Debian du site www.backports.org fonctionnent
tr&egrave;s bien).
<h4 class="heading-1-1-1"><span id="HModulesPerlrequis">Modules Perl
requis</span></h4>
<p class="paragraph"></p>Apache::Session, Net::LDAP, MIME::Base64, CGI,
LWP::UserAgent, Cache::Cache, DBI, XML::Simple, SOAP::Lite (pour les
fonctionnalit&eacute;s SOAP du Manager).
<p class="paragraph"></p>Sur Debian, lancez:
<p class="paragraph"></p>Suivre d'abord <span class="wikilink"><a href=
"3.2-Install-from-tarball.html">les instructions d'installation par
l'archive</a></span>. Ensuite taper:
<div class="code">
<pre>
#apt-get install libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl
</pre>
</div>Et si vous souhaitez utiliser les fonctionnalit&eacute;s SOAP du
manager (cf. <span class="wikilink"><a href="soap-fr.html">Utilisation des
modules SOAP</a></span>) :
<div class="code">
<pre>
# apt-get install libsoap-lite-perl
</pre>
</div>
<h3 class="heading-1-1"><span id="HCOMPILATION">COMPILATION</span></h3>
<h4 class="heading-1-1-1"><span id="HInstallationcomplC3A8te">Installation
compl&egrave;te</span></h4><br />
<br />
<div class="code">
<pre>
$ tar xzf lemonldap-ng-*.tar.gz
$ cd lemonldap-ng-*
$ make &amp;&amp; make test
$ sudo make install
$ make example
</pre>
</div>
<h4 class="heading-1-1-1"><span id="HInstallationsurDebian">Installation
sur Debian</span></h4>
<p class="paragraph"></p>
<div class="code">
<pre>
$ tar xzf lemonldap-ng-*.tar.gz
$ cd lemonldap-ng-*
$ debuild
$ sudo dpkg -i ../lemonldap-ng*.deb
</pre>
</div>
<p class="paragraph"></p>Vous pouvez &eacute;galement utiliser le
repository Debian:
<p class="paragraph"></p>
<div class="code">
<pre>
deb <span class="nobr"><a href=
"http://lemonldap.objectweb.org/NG/debian">http://lemonldap.objectweb.org/NG/debian</a></span> testing/
deb-src <span class="nobr"><a href=
"http://lemonldap.objectweb.org/NG/debian">http://lemonldap.objectweb.org/NG/debian</a></span> testing/
</pre>
</div>
<p class="paragraph"></p>ou encore utiliser les packages de la
distribution Debian (disponibles sur testing et unstable).
<h3 class="heading-1-1"><span id="HDepuislespaquetsDebian">Depuis les
paquets Debian</span></h3><br />
<br />
D'abord suivre <span class="wikilink"><a href=
"3.3-Install-from-debian-packages.html">les instructions d'installation
par Debian</a></span>. L'exemple est fourni dans le paquet, il n'y a plus
rien &agrave; faire.
<h3 class="heading-1-1"><span id=
"HCONFIGURATIONDEL27EXEMPLE">CONFIGURATION DE L'EXEMPLE</span></h3>
<p class="paragraph"></p>Apr&egrave;s compilation, vous disposez d'un
fichier example/apache.conf. Vous avez simplement &agrave; l'inclure dans
le fichier de configuration d'Apache:
<p class="paragraph"></p>
"HConfiguration">Configuration</span></h3><br />
<br />
Apr&egrave;s compilation, vous disposez d'un fichier example/apache.conf.
Vous avez simplement &agrave; l'inclure dans le fichier de configuration
d'Apache:<br />
<br />
<div class="code">
<pre>

127
build/lemonldap-ng/doc/install.html → build/lemonldap-ng/doc/3.5-Install-of-example.html
View File

@ -7,7 +7,7 @@
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: install.html</title>
<title>Lemonldap::NG documentation: 3.5-Install-of-example.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
@ -55,121 +55,48 @@
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HEXAMPLEINSTALLATION">EXAMPLE
INSTALLATION</span></h2>
<h2 class="heading-1"><span id=
"HInstallationoftheprovidedexample">Installation of the provided
example</span></h2>
<p class="paragraph"></p>
<ul>
<li>
<a href="#HPREREQ">PREREQ</a>
<li><a href="#HFormthetarball">Form the tarball</a></li>
<ul>
<li><a href="#HSoftware">Software</a></li>
<li><a href="#HFromDebianpackages">From Debian packages</a></li>
<li><a href="#HNeededPerlmodules">Needed Perl modules</a></li>
</ul>
</li>
<li>
<a href="#HBUILDING">BUILDING</a>
<ul>
<li><a href="#HCompleteinstall">Complete install</a></li>
<li><a href="#HDebianinstall">Debian install</a></li>
</ul>
</li>
<li><a href="#HEXAMPLECONFIGURATION">EXAMPLE CONFIGURATION</a></li>
<li><a href="#HConfiguration">Configuration</a></li>
</ul>The proposed example use a protected site named test.example.com. Non
authenticated users are redirected to auth.example.com.
<h3 class="heading-1-1"><span id="HPREREQ">PREREQ</span></h3>
<h3 class="heading-1-1"><span id="HFormthetarball">Form the
tarball</span></h3>
<h4 class="heading-1-1-1"><span id="HSoftware">Software</span></h4>
<p class="paragraph"></p>To use Lemonldap::NG, you have to run a LDAP
server and of course an Apache server compiled with mod-perl (version 1.3
or 2.x). Generaly, the version of Apache proposed with your Linux
distribution match, but some distributions used an experimental version of
mod_perl with Apache2 (mod_perl-1.99) which does not work with
Lemonldap::NG. With such distributions (like Debian-3.1), you have to use
Apache-1.3 or to use a mod_perl, CGI.pm and CGI/Cookie.pm backports
(www.backports.org package for Debian works fine).
<h4 class="heading-1-1-1"><span id="HNeededPerlmodules">Needed Perl
modules</span></h4>
<p class="paragraph"></p>Apache::Session, Net::LDAP, MIME::Base64, CGI,
LWP::UserAgent, Cache::Cache, DBI, XML::Simple, SOAP::Lite (only if you
want to use SOAP with the manager).
<p class="paragraph"></p>With Debian, use:
<p class="paragraph"></p>First follow the <span class="wikilink"><a href=
"3.2-Install-from-tarball.html">tarball installation
instruction</a></span>. Then run:
<div class="code">
<pre>
apt-get install libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl
# If you want to use SOAP with the manager:
apt-get install libsoap-lite-perl
</pre>
</div>
<h3 class="heading-1-1"><span id="HBUILDING">BUILDING</span></h3>
<h4 class="heading-1-1-1"><span id="HCompleteinstall">Complete
install</span></h4>
<p class="paragraph"></p>
<div class="code">
<pre>
$ tar xzf lemonldap-ng-*.tar.gz
$ cd lemonldap-ng-*
$ make &amp;&amp; make test
$ sudo make install
$ make example
</pre>
</div>
<h4 class="heading-1-1-1"><span id="HDebianinstall">Debian
install</span></h4>
<h3 class="heading-1-1"><span id="HFromDebianpackages">From Debian
packages</span></h3><br />
<br />
First follow the <span class="wikilink"><a href=
"3.3-Install-from-debian-packages.html">debian installation
procedure</a></span>. The example is provided with the package, nothing
left to do.
<p class="paragraph"></p>
<div class="code">
<pre>
$ tar xzf lemonldap-ng-*.tar.gz
$ cd lemonldap-ng-*
$ debuild
$ sudo dpkg -i ../lemonldap-ng*.deb
</pre>
</div>
<p class="paragraph"></p>You can also use the Debian repository :
<p class="paragraph"></p>
<div class="code">
<pre>
deb <span class="nobr"><a href=
"http://lemonldap.objectweb.org/NG/debian">http://lemonldap.objectweb.org/NG/debian</a></span> testing/
deb-src <span class="nobr"><a href=
"http://lemonldap.objectweb.org/NG/debian">http://lemonldap.objectweb.org/NG/debian</a></span> testing/
</pre>
</div>
<p class="paragraph"></p>or use official Debian packages (available in
testing and unstable).
<h3 class="heading-1-1"><span id="HEXAMPLECONFIGURATION">EXAMPLE
CONFIGURATION</span></h3>
<p class="paragraph"></p>After build, you have a new file named
example/apache.conf. You just have to include this file in Apache
configuration:
<p class="paragraph"></p>
<h3 class="heading-1-1"><span id=
"HConfiguration">Configuration</span></h3><br />
<br />
After build, you have a new file named example/apache.conf. You just have
to include this file in Apache configuration:<br />
<br />
<div class="code">
<pre>
@ -186,8 +113,6 @@ ln -s /usr/share/doc/lemonldap-ng/example/apache2.conf /etc/apache2/sites-enable
<p class="paragraph"></p>Modify your /etc/hosts file to include:
<p class="paragraph"></p>
<div class="code">
<pre>
127.0.0.2 auth.example.com
@ -210,7 +135,7 @@ ln -s /usr/share/doc/lemonldap-ng/example/apache2.conf /etc/apache2/sites-enable
</ul>If you don't set managerDn and managerPassword, Lemonldap::NG will
use an anonymous bind to find user dn.
<p class="paragraph"></p>WARNINGS:
<p class="paragraph"></p><strong class="strong">Warnings</strong>:
<ul class="star">
<li>only few parameters can be set by hand in the configuration file.

144
build/lemonldap-ng/doc/4.1-Configuration-overview.html Normal file
View File

@ -0,0 +1,144 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: 4.1-Configuration-overview.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HConfigurationoverview">Configuration
overview</span></h2>
<p class="paragraph"></p>
<ul>
<li><a href="#HGeneralparameters">General parameters</a></li>
<li><a href="#HUsergroups">User groups</a></li>
<li><a href="#HVirtualhosts">Virtual hosts</a></li>
</ul>Connect to the manager with your browser (for example <span class=
"nobr"><a href=
"http://manager.example.com">http://manager.example.com</a></span>) to
start configure your WebSSO.
<p class="paragraph"></p>You have to set at least some parameters:
<h3 class="heading-1-1"><span id="HGeneralparameters">General
parameters</span></h3>
<ul class="star">
<li>Authentication parameters -&gt; portal URL to access to the
authentication portal.</li>
<li>Domain: the cookie domain. All protected VirtualHosts have to be
under it.</li>
<li>LDAP parameters -&gt; LDAP Server.</li>
<li>LDAP parameters -&gt; LDAP Accout and password: required only if
anonymous binds are not accepted.</li>
<li>Session Storage -&gt; Apache::Session module: how to store user
sessions. You can use all module that inherit from Apache::Session like
Apache::Session::MySQL.</li>
<li>Session Storage -&gt; Apache::Session Module parameters: see
Apache::Session::&lt;Choosen module&gt;.</li>
</ul>
<h3 class="heading-1-1"><span id="HUsergroups">User groups</span></h3>
<p class="paragraph"></p>Use the "New Group" button to add your first
group. On the left, set the keyword which will be used later and set on
the right the corresponding rule. You can use :
<ul class="star">
<li>an LDAP filter (it will be tested with the user uid)</li>
</ul>or
<ul class="star">
<li>a Perl condition enclosed with {}. All variables declared in
"General parameters -&gt; LDAP attributes" can be used with a "$". For
example: MyGroup / { $uid eq "foo" or $uid eq "bar" }</li>
</ul>
<h3 class="heading-1-1"><span id="HVirtualhosts">Virtual hosts</span></h3>
<p class="paragraph"></p>You have to create a virtual host for each Apache
host (virtual or real) protected by Lemonldap::NG even if just a
sub-directory is protected. Else, user who want to access to the protected
area will be rejected with a "500 Internal Server Error" message and the
apache logs will explain the problem.
<p class="paragraph"></p>Each virtual host has 2 groups of parameters:
<ul class="star">
<li>Headers: the headers added to the apache request. Default: Auth-User
=&gt; $uid.</li>
<li>Rules: subdivised in 2 categories:
<ul class="star">
<li>default: the default rule</li>
<li>personalized rules: association of a Perl regular expression and
a condition. For example: ^/restricted.*$ / $groups =~
/bMyGroupb/</li>
</ul>
</li>
</ul>
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>

243
build/lemonldap-ng/doc/4.1-Configuration-parameter-list.html Normal file
View File

@ -0,0 +1,243 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation:
4.1-Configuration-parameter-list.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HParameterlist">Parameter list</span></h2>
<p class="paragraph"></p>
<ul>
<li><a href="#HConfiguration">Configuration</a></li>
<li><a href="#HGeneralParameters">General Parameters</a></li>
<li><a href="#HVirtualhosts">Virtual hosts</a></li>
<li><a href="#HApplications">Applications</a></li>
</ul><strong class="strong">Documentation applicable for LemonLDAP::NG
&gt;= 1.0</strong>
<h3 class="heading-1-1"><span id=
"HConfiguration">Configuration</span></h3>
<ul class="star">
<li>Order: configuration number/order (the highest number is the one
applied)</li>
<li>Name: friendly name of the configuration</li>
<li>Createtimestamp: date of creation</li>
<li>Modifytimestamp: date of last modification</li>
<li>Applytimestamp: date of last application</li>
</ul>
<h3 class="heading-1-1"><span id="HGeneralParameters">General
Parameters</span></h3>
<ul class="star">
<li>Authentication Parameters
<ul class="star">
<li>Authentication Type (ldap|ssl|cas|apache|saml2): how users are
authenticated</li>
</ul>
</li>
<li>User base Parameters
<ul class="star">
<li>User base Type (ldap|dbi|saml2): how access to stored user's
information</li>
</ul>
</li>
<li>Portal parameters
<ul class="star">
<li>Portal URL: URL of the authentication portal</li>
<li>Portal Theme: name or path to the theme/skin</li>
<li>keepExistingSession(0|1): do not force users to relogin on
portal page</li>
</ul>
</li>
<li>Cookie parameters:
<ul class="star">
<li>Secured cookie (0|1): use secures cookie (only sent over SSL
connections)</li>
<li>Cookie name</li>
<li>Domain</li>
</ul>
</li>
<li>Exported variables
<ul class="star">
<li>Variable 1</li>
<li>Variable 2</li>
<li>...</li>
</ul>
</li>
<li>LDAP parameters
<ul class="star">
<li>LDAP host</li>
<li>LDAP port</li>
<li>LDAP version</li>
<li>LDAP useTLS (0|1)</li>
<li>LDAP search base</li>
<li>LDAP search filter</li>
<li>LDAP account</li>
<li>LDAP password</li>
<li>LDAP use password policy</li>
<li>LDAP groups branch DN</li>
</ul>
</li>
<li>Session parameters
<ul class="star">
<li>Session storage (file|dbi|memcached|soap)</li>
<li>Session storage parameters</li>
<li>Session lifetime</li>
</ul>
</li>
<li>Apache parameters
<ul class="star">
<li>Logged attribute</li>
</ul>
</li>
<li>Macros
<ul class="star">
<li>Macro 1</li>
<li>Macro 2</li>
<li>...</li>
</ul>
</li>
<li>Groups
<ul class="star">
<li>Group 1</li>
<li>Group 2</li>
<li>...</li>
</ul>
</li>
</ul>
<h3 class="heading-1-1"><span id="HVirtualhosts">Virtual hosts</span></h3>
<ul class="star">
<li>Virtualhost 1
<ul class="star">
<li>SSL (0|1): this is an SSL virtualhost</li>
<li>Access rules</li>
<li>HTTP headers</li>
</ul>
</li>
<li>Virtualhost 2</li>
<li>...</li>
</ul>
<h3 class="heading-1-1"><span id="HApplications">Applications</span></h3>
<ul class="star">
<li>Application 1</li>
<li>Application 2</li>
<li>...</li>
</ul>
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>

283
build/lemonldap-ng/doc/4.1-Configure-portal-menu.html Normal file
View File

@ -0,0 +1,283 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: 4.1-Configure-portal-menu.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HEnhancedmenu">Enhanced menu</span></h2>
<p class="paragraph"></p>
<ul>
<li><a href="#HPresentation">Presentation</a></li>
<li><a href="#HActivatethemenuintheportal">Activate the menu in the
portal</a></li>
<li>
<a href="#HXMLapplicationslist">XML applications list</a>
<ul>
<li><a href="#HDTD">DTD</a></li>
<li><a href="#HParametersdefinition">Parameters definition</a></li>
<li><a href="#HSampleXMLfile">Sample XML file</a></li>
</ul>
</li>
</ul><strong class="strong">Documentation applicable for LemonLDAP::NG
&gt;= 0.9.3</strong>
<h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3>
<p class="paragraph"></p>Menu is a new Portal module providing these
functionalities:
<ul class="star">
<li>Display an application list to the connected user, with possibility
to hide applications he did not have access to.</li>
<li>Provide a simple "change password" form that respect Password Policy
LDAP draft.</li>
<li>Logout with confirmation.</li>
</ul>
<h3 class="heading-1-1"><span id="HActivatethemenuintheportal">Activate
the menu in the portal</span></h3>
<p class="paragraph"></p>With a 0.9.3 fresh installation, the default
portal/index.pl enables the menu. For the others, add this to the perl
code:
<p class="paragraph"></p>
<div class="code">
<pre>
<span class=
"java-keyword">if</span> ( $portal-&gt;process() ) {<br /><br /> # HTML::Template object creation
my $template = HTML::Template-&gt;<span class="java-keyword">new</span>(
filename =&gt; <span class=
"java-quote">"$skin_dir/$skin/menu.tpl"</span>,
die_on_bad_params =&gt; 0,
cache =&gt; 0,
filter =&gt; sub { $portal-&gt;translate_template(@_) }
);<br /><br /> # Menu creation
use Lemonldap::NG::Portal::Menu;
my $menu = Lemonldap::NG::Portal::Menu-&gt;<span class=
"java-keyword">new</span>(
{
portalObject =&gt; $portal,
apps =&gt; {
xmlfile =&gt; <span class="java-quote">"$appsxmlfile"</span>,
imgpath =&gt; <span class="java-quote">"$appsimgpath"</span>,
},
modules =&gt; {
appslist =&gt; 1,
password =&gt; 1,
logout =&gt; 1,
},
# CUSTOM FUNCTION : <span class=
"java-keyword">if</span> you want to create customFunctions in rules, declare them here
#customFunctions =&gt; 'function1 function2',
}
);<br /><br /> $template-&gt;param( AUTH_ERROR =&gt; $menu-&gt;error );
$template-&gt;param( AUTH_ERROR_TYPE =&gt; $menu-&gt;error_type );
$template-&gt;param( DISPLAY_APPSLIST =&gt; $menu-&gt;displayModule(<span class="java-quote">"appslist"</span>) );
$template-&gt;param( DISPLAY_PASSWORD =&gt; $menu-&gt;displayModule(<span class="java-quote">"password"</span>) );
$template-&gt;param( DISPLAY_LOGOUT =&gt; $menu-&gt;displayModule(<span class="java-quote">"logout"</span>) );
$template-&gt;param( DISPLAY_TAB =&gt; $menu-&gt;displayTab );
$template-&gt;param( LOGOUT_URL =&gt; <span class=
"java-quote">"$ENV{SCRIPT_NAME}?logout=1"</span> );
<span class=
"java-keyword">if</span> ( $menu-&gt;displayModule(<span class="java-quote">"appslist"</span>) ) {
$template-&gt;param( APPSLIST_MENU =&gt; $menu-&gt;appslistMenu );
$template-&gt;param( APPSLIST_DESC =&gt; $menu-&gt;appslistDescription );
}<br /><br /> print $portal-&gt;header('text/html; charset=utf8');
print $template-&gt;output;
}
</pre>
</div>
<h3 class="heading-1-1"><span id="HXMLapplicationslist">XML applications
list</span></h3>
<h4 class="heading-1-1-1"><span id="HDTD">DTD</span></h4>
<p class="paragraph"></p>The XML applications list must respect this DTD:
<p class="paragraph"></p>
<div class="code">
<pre>
&lt;!ELEMENT menu (category*) &gt;<br /><br />&lt;!ELEMENT category (application*, category*) &gt;
&lt;!ATTLIST category name CDATA #REQUIRED &gt;<br /><br />&lt;!ELEMENT application (name, uri?, description?, logo?, screenshot?, display?) &gt;
&lt;!ATTLIST application id ID #REQUIRED &gt;<br /><br />&lt;!ELEMENT name ( #PCDATA ) &gt;
&lt;!ELEMENT uri ( #PCDATA ) &gt;
&lt;!ELEMENT description ( #PCDATA ) &gt;
&lt;!ELEMENT logo ( #PCDATA ) &gt;
&lt;!ELEMENT screenshot ( #PCDATA ) &gt;
&lt;!ELEMENT display ( #PCDATA ) &gt;
</pre>
</div>
<h4 class="heading-1-1-1"><span id="HParametersdefinition">Parameters
definition</span></h4>
<ul class="star">
<li>Category:
<ul class="star">
<li>Name of the category (required)</li>
</ul>
</li>
<li>Application:
<ul class="star">
<li>ID: unique id of the application inside XML file
(required).</li>
<li>Name: friendly name of the applications (required).</li>
<li>URI: full URI of the application, with http(s)://, and path,
page, etc.</li>
<li>Description: description of the application.</li>
<li>Logo: file name of the logo.</li>
<li>Screenshot: file name of the screenshot.</li>
<li>Display:
<ul class="star">
<li>"auto": display application only if the user has access to
it.</li>
<li>"on": always display.</li>
<li>"off": never display.</li>
</ul>
</li>
</ul>
</li>
</ul>The menu must contains at least one category. Each category can
contain applications and categories. An application cannot contain a
category. An application must be inside a category.
<h4 class="heading-1-1-1"><span id="HSampleXMLfile">Sample XML
file</span></h4>
<p class="paragraph"></p>Now you can configure your applications list, in
/etc/lemonldap-ng/apps-list.xml. For example:
<p class="paragraph"></p>
<div class="code">
<pre>
&lt;?xml version=<span class="java-quote">"1.0"</span> encoding=<span class=
"java-quote">"utf-8"</span> standalone=<span class=
"java-quote">"no"</span>?&gt;
&lt;!DOCTYPE menu SYSTEM <span class="java-quote">"apps-list.dtd"</span>&gt;
&lt;menu&gt;
&lt;category name=<span class="java-quote">"Business"</span>&gt;
&lt;application id=<span class="java-quote">"aaa"</span>&gt;
&lt;name&gt;AAA&lt;/name&gt;
&lt;uri&gt;<span class="nobr"><a href=
"http://test.ow2.org/aaa&amp;#60;/uri&amp;#62;">http://test.ow2.org/aaa&lt;/uri&gt;</a></span>
&lt;description&gt;AAA description&lt;/description&gt;
&lt;logo&gt;aaa-logo.gif&lt;/logo&gt;
&lt;display&gt;auto&lt;/display&gt;
&lt;/application&gt;
&lt;application id=<span class="java-quote">"bbb"</span>&gt;
&lt;name&gt;BBB&lt;/name&gt;
&lt;uri&gt;<span class="nobr"><a href=
"http://test.ow2.org/bbb/login.">http://test.ow2.org/bbb/login.</a></span><span class="java-keyword">do</span>&lt;/uri&gt;
&lt;description&gt;BBB description&lt;/description&gt;
&lt;logo&gt;bbb-logo.gif&lt;/logo&gt;
&lt;display&gt;on&lt;/display&gt;
&lt;/application&gt;
&lt;/category&gt;
&lt;category name=<span class="java-quote">"Technical"</span>&gt;
&lt;category name=<span class="java-quote">"Directories"</span>&gt;
&lt;application id=<span class="java-quote">"pla"</span>&gt;
&lt;name&gt;phpLDAPAdmin&lt;/name&gt;
&lt;uri&gt;<span class="nobr"><a href=
"http://phpldapadmin.ow2.org&amp;#60;/uri&amp;#62;">http://phpldapadmin.ow2.org&lt;/uri&gt;</a></span>
&lt;description&gt;LDAP directory administration&lt;/description&gt;
&lt;logo&gt;pla-logo.gif&lt;/logo&gt;
&lt;display&gt;auto&lt;/display&gt;
&lt;/application&gt;
&lt;/category&gt;
&lt;category name=<span class=
"java-quote">"Application servers"</span>&gt;
&lt;application id=<span class="java-quote">"probe"</span>&gt;
&lt;name&gt;Probe&lt;/name&gt;
&lt;uri&gt;<span class="nobr"><a href=
"http://probe.ow2.org&amp;#60;/uri&amp;#62;">http://probe.ow2.org&lt;/uri&gt;</a></span>
&lt;description&gt;Tomcat stats&lt;/description&gt;
&lt;logo&gt;probe-logo.gif&lt;/logo&gt;
&lt;display&gt;auto&lt;/display&gt;
&lt;/application&gt;
&lt;/category&gt;
&lt;/category&gt;
&lt;/menu&gt;
</pre>
</div>
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>

275
build/lemonldap-ng/doc/4.1-HTML-templates-customization.html Normal file
View File

@ -0,0 +1,275 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation:
4.1-HTML-templates-customization.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HPortalHTMLtemplatesdesign">Portal HTML
templates design</span></h2>
<p class="paragraph"></p>
<ul>
<li><a href=
"#HLemonLDAP3A3ANGskinsandHTML3A3ATemplatePerlmodule">LemonLDAP::NG
skins and HTML::Template Perl module</a></li>
<li>
<a href="#HTemplatesvariablesprovidedbyportal2Findexpl">Templates
variables provided by portal/index.pl</a>
<ul>
<li><a href="#HCommonvariables">Common variables</a></li>
<li><a href="#Hlogintplspecificvariables">login.tpl specific
variables</a></li>
<li><a href="#Hmenutplspecificvariables">menu.tpl specific
variables</a></li>
</ul>
</li>
<li><a href="#HTemplatestructure">Template structure</a></li>
<li>
<a href="#HInternationalization28i18n29">Internationalization
(i18n)</a>
<ul>
<li><a href="#HExampleofmonolingualtemplate">Example of mono-lingual
template</a></li>
<li><a href="#HExampleofmultilingualtemplate">Example of
multi-lingual template</a></li>
</ul>
</li>
</ul><strong class="strong">Documentation applicable for LemonLDAP::NG
&gt;= 0.9.3</strong>
<h3 class="heading-1-1"><span id=
"HLemonLDAP3A3ANGskinsandHTML3A3ATemplatePerlmodule">LemonLDAP::NG skins
and HTML::Template Perl module</span></h3>
<p class="paragraph"></p>LemonLDAP::NG templates are designed for
<span class="wikiexternallink"><a href=
"http://search.cpan.org/~samtregar/HTML-Template-2.9/">HTML::Templates
Perl module</a></span>.
<p class="paragraph"></p>LemonLDAP::NG portal use "skins", located in the
skins/ directory of the portal. Each skin is a particular directory, for
example skins/default/ for the default skin.
<p class="paragraph"></p>Here is the list of required template files:
<ul class="star">
<li>login.tpl: template for the login page.</li>
<li>menu.tpl: template for the menu page.</li>
<li>error.tpl: tempalte for the error page.</li>
<li>header.tpl: common header (included in above templates).</li>
<li>footer.tpl: common footer (included in above templates).</li>
<li>notification.tpl: template to display notifications.</li>
</ul>Each template include a CSS file, named "styles.css".
<p class="paragraph"></p>To create your own skin, just copy the default
skin to another directory (eg.: skins/myskin/) and edit templates and CSS
files. Advanced customization can be done by editing the portal/index.pl.
<h3 class="heading-1-1"><span id=
"HTemplatesvariablesprovidedbyportal2Findexpl">Templates variables
provided by portal/index.pl</span></h3>
<p class="paragraph"></p>When you edit/create a template file, you can use
some variables provided by the portal script. Of course, you can add
variables by editing the portal/index.pl.
<h4 class="heading-1-1-1"><span id="HCommonvariables">Common
variables</span></h4>
<ul class="star">
<li>AUTH_ERROR: error text returned by the portal.</li>
<li>AUTH_ERROR_TYPE: type of the error:
<ul class="star">
<li>positive: the action was successful;</li>
<li>negative: a problem occured;</li>
<li>warning: not a fatal error, need user action.</li>
</ul>
</li>
</ul>
<h4 class="heading-1-1-1"><span id="Hlogintplspecificvariables">login.tpl
specific variables</span></h4>
<ul class="star">
<li>AUTH_URL: URL submitted for redirection.</li>
<li>DISPLAY_FORM: set to 1 if a form can be displayed.</li>
</ul>
<h4 class="heading-1-1-1"><span id="Hmenutplspecificvariables">menu.tpl
specific variables</span></h4>
<ul class="star">
<li>LOGOUT_URL: URL for logout.</li>
<li>DISPLAY_APPSLIST: boolean to display the appslist tab</li>
<li>DISPLAY_PASSWORD: boolean to display the password tab</li>
<li>DISPLAY_LOGOUT: boolean to display the logout tab</li>
<li>DISPLAY_TAB: name of the pre-selected tab</li>
<li>APPSLIST_MENU: html code of appslist menu div</li>
<li>APPSLIST_DESC: html code of appslist description divs</li>
</ul>
<h3 class="heading-1-1"><span id="HTemplatestructure">Template
structure</span></h3>
<p class="paragraph"></p>The default LemonLDAP::NG template follow this
structure:
<ul class="star">
<li>html
<ul class="star">
<li>body
<ul class="star">
<li>div id=page
<ul class="star">
<li>div id=header</li>
<li>div class=message</li>
<li>(html content)</li>
<li>div id=footer</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
<h3 class="heading-1-1"><span id=
"HInternationalization28i18n29">Internationalization (i18n)</span></h3>
<p class="paragraph"></p>LemonLDAP::NG portal is able to display an HTML
template according to the user's browser language.
<p class="paragraph"></p>In order to work, you have to set inside the
template the translations of all displayed text. Error message translation
is already done inside LemonLDAP::NG Portal module.
<h4 class="heading-1-1-1"><span id="HExampleofmonolingualtemplate">Example
of mono-lingual template</span></h4>
<p class="paragraph"></p>
<div class="code">
<pre>
&lt;p&gt;&lt;label&gt;Login&lt;/label&gt;
&lt;input name=<span class="java-quote">"user"</span> type=<span class=
"java-quote">"text"</span> size=<span class="java-quote">"30"</span> /&gt;
&lt;/p&gt;
</pre>
</div>
<p class="paragraph"></p>The string "Login" is set in the template and
will not be translated.
<h4 class="heading-1-1-1"><span id=
"HExampleofmultilingualtemplate">Example of multi-lingual
template</span></h4>
<p class="paragraph"></p>
<div class="code">
<pre>
&lt;p&gt;&lt;label&gt;&lt;lang en=<span class=
"java-quote">"Login"</span> fr=<span class=
"java-quote">"Identifiant"</span> /&gt;&lt;/label&gt;
&lt;input name=<span class="java-quote">"user"</span> type=<span class=
"java-quote">"text"</span> size=<span class="java-quote">"30"</span> /&gt;
&lt;/p&gt;
</pre>
</div>
<p class="paragraph"></p>The markup &lt;lang&gt; will be catched by
LemonLDAP::NG and only the wanted translation will be displayed. If the
user's language has no corresponding translation, the first translation is
selected. So you can set your default language by choosing the first
translation ("en" in the above example).
<p class="paragraph"></p><strong class="strong">Warning:</strong> don't
forget the quotes and the trailing slash of the markup!
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>

226
build/lemonldap-ng/doc/4.1-RBAC-model.html Normal file
View File

@ -0,0 +1,226 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: 4.1-RBAC-model.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HRBACmodel">RBAC model</span></h2>
<p class="paragraph"></p>
<ul>
<li><a href="#HPresentation">Presentation</a></li>
<li><a href="#HRolesassimplevaluesofauserattribute">Roles as simple
values of a user attribute</a></li>
<li><a href="#HRolesasentriesinthedirectory">Roles as entries in the
directory</a></li>
</ul>
<h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3>
<p class="paragraph"></p>RBAC stands for Role Based Access Control. It
means that you manage authorizations to access applications by checking
the role(s) of the user, and provide this role to the application.
<p class="paragraph"></p>More informations on <span class="nobr"><a href=
"http://en.wikipedia.org/wiki/Role-based_access_control">http://en.wikipedia.org/wiki/Role-based_access_control</a></span>
<p class="paragraph"></p>LemonLDAP::NG allows to use this model.
<h3 class="heading-1-1"><span id=
"HRolesassimplevaluesofauserattribute">Roles as simple values of a user
attribute</span></h3><br />
<br />
Imagine you've set your directory schema to store roles as values of
ssoRoles, an attribute of the user. This is simple because you can send
the role to the application by creating a HTTP header (for example
Auth-Role) with the concatened values (';' is the concatenation
string):<br />
<br />
<div class="code">
<pre>
Auth-Roles =&gt; $ssoRoles
</pre>
</div><br />
<br />
If the user has these values inside its entry:<br />
<br />
<div class="code">
<pre>
ssoRoles: user
ssoRoles: admin
</pre>
</div><br />
<br />
Then you got this value inside the Auth-Roles header:<br />
<br />
<div class="code">
<pre>
user; admin
</pre>
</div>
<h3 class="heading-1-1"><span id="HRolesasentriesinthedirectory">Roles as
entries in the directory</span></h3><br />
<br />
Now imagine the following DIT:<br />
<br />
<img src="DIA_DIT_Roles.png" alt="DIA_DIT_Roles.png" /><br />
<br />
Roles are entries, below branchs representing applications. Each user has
a ssoRoles attributes, which values are the DN of the corresponding roles.
With this oragnization, you can set roles to user within specific
application.<br />
<br />
In the schema above, the user has the following values:<br />
<br />
<div class="code">
<pre>
ssoRoles: ou=admin,ou=aaa,ou=roles,dc=acme,dc=com
ssoRoles: ou=user,ou=bbb,ou=roles,dc=acme,dc=com
</pre>
</div>
<p class="paragraph"></p>So he is "user" on application "BBB" and "admin"
on application "AAA".
<p class="paragraph"></p>Now we have to send to right role to the right
application trough LemonLDAP::NG.
<p class="paragraph"></p>First step: create a rule to grant access only if
the user has a role in the application:
<ul class="star">
<li>For application AAA:</li>
</ul>
<div class="code">
<pre>
<span class="java-keyword">default</span> =&gt; $ssoRoles =~ /ou=aaa,ou=roles/
</pre>
</div>
<ul class="star">
<li>For application BBB:</li>
</ul>
<div class="code">
<pre>
<span class="java-keyword">default</span> =&gt; $ssoRoles =~ /ou=bbb,ou=roles/
</pre>
</div><br />
<br />
Second step: get the role name for the application. We will use the macros
to do that. Create two macros (inside General Parameters &gt; Macros):
<ul class="star">
<li>For application AAA:</li>
</ul>
<div class="code">
<pre>
aaaRole =&gt; ((grep{/ou=aaa/} split(';',$ssoRoles))[0] =~ /ou=(.*),ou=aaa/)[0]
</pre>
</div>
<ul class="star">
<li>For application BBB:</li>
</ul>
<div class="code">
<pre>
bbbRole =&gt; ((grep{/ou=bbb/} split(';',$ssoRoles))[0] =~ /ou=(.*),ou=bbb/)[0]
</pre>
</div><br />
<br />
These regular expressions read the 'ou' value of the DN of the role of the
concerned application. This work if the user has only one role per
application.<br />
<br />
Third step: provide the role to the application. It is done by creating
the correct HTTP header:
<ul class="star">
<li>For application AAA:</li>
</ul>
<div class="code">
<pre>
Auth-Roles =&gt; $aaaRoles
</pre>
</div>
<ul class="star">
<li>For application BBB:</li>
</ul>
<div class="code">
<pre>
Auth-Roles =&gt; $bbbRoles
</pre>
</div><br />
<br />
Now the protected application can read in the header HTTP_AUTH_ROLES the
role of the user.
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>

206
build/lemonldap-ng/doc/4.2-Configure-LDAP-schema.html Normal file
View File

@ -0,0 +1,206 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: 4.2-Configure-LDAP-schema.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HLDAPSchemaforadvancedaccessrules">LDAP
Schema for advanced access rules</span></h2>
<p class="paragraph"></p>
<ul>
<li><a href="#HTopic">Topic</a></li>
<li>
<a href="#HLDAPSchema">LDAP Schema</a>
<ul>
<li><a href="#HOIDprefix">OID prefix</a></li>
<li><a href="#HOpenLDAPschema">OpenLDAP schema</a></li>
</ul>
</li>
<li><a href="#HHowtouseitinLemonLDAP3A3ANG">How to use it in
LemonLDAP::NG</a></li>
</ul>
<h3 class="heading-1-1"><span id="HTopic">Topic</span></h3>
<p class="paragraph"></p>LemonLDAP::NG is powerfull WebSSO engine who
manage access trough user's attributes stored in an LDAP directory.
<p class="paragraph"></p>We can use standards attributes like uid, cn or
mail to describe access rules to protected web applications.
<p class="paragraph"></p>But sometimes we need more information! For
example:
<ul class="star">
<li>An application name (to allow access by applications and not by
group of users)</li>
<li>A start date and an end date (to open or close the service even the
entry already exists)</li>
<li>Logon hours (allowed hours and day of the week)</li>
<li>One or more roles (to send to the protected applications)</li>
</ul>
<h3 class="heading-1-1"><span id="HLDAPSchema">LDAP Schema</span></h3>
<h4 class="heading-1-1-1"><span id="HOIDprefix">OID prefix</span></h4>
<p class="paragraph"></p>We plan to use this prefix:
1.3.6.1.4.1.10943.10.2.
<p class="paragraph"></p>The prefix 1.3.6.1.4.1.10943 is owned by LINAGORA
(See <span class="wikiexternallink"><a href=
"http://www.iana.org/assignments/enterprise-numbers">http://www.iana.org/assignments/enterprise-numbers</a></span>).
<h4 class="heading-1-1-1"><span id="HOpenLDAPschema">OpenLDAP
schema</span></h4>
<p class="paragraph"></p>Just add this file to OpenLDAP schemas:
<p class="paragraph"></p>
<div class="code">
<pre>
#=======================================
# Schema <span class="java-keyword">for</span> advanced SSO access rules
#
# Designed <span class="java-keyword">for</span> OpenLDAP software
# <span class="nobr"><a href=
"http://www.openldap.org">http://www.openldap.org</a></span>
#
# Part of LemonLDAP::NG project
# <span class="nobr"><a href=
"http://lemonldap.ow2.org">http://lemonldap.ow2.org</a></span>
#
# Author: Clement OUDOT
#=======================================<br /><br />#=======================================
# OID Prefix
# Registered in IANA database
#=======================================
objectIdentifier SSOOID 1.3.6.1.4.1.10943.10.2<br /><br />#=======================================
# Attributes
#=======================================<br /><br /># Application Name
attributetype ( SSOOID:1:1
NAME 'ssoName'
DESC 'An application name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br /># Roles
attributetype ( SSOOID:1:2
NAME 'ssoRoles'
DESC 'One or more roles'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br /># Time profile
attributetype ( SSOOID:1:3
NAME 'ssoLogonsHours'
DESC 'Logons hours'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br /># Start date
attributetype ( SSOOID:1:4
NAME 'ssoStartDate'
DESC 'Start date'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br /># End date
attributetype ( SSOOID:1:5
NAME 'ssoEndDate'
DESC 'End date'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br />#=======================================
# ObjectClasses
#=======================================<br /><br /># SSO user
objectClass ( SSOOID:2:1
NAME 'ssoUser'
DESC 'SSO extended informations <span class=
"java-keyword">for</span> a user'
SUP top
AUXILIARY
MAY ( ssoName $ ssoRoles $ ssoLogonHours $
ssoStartDate $ ssoEndDate ) )
</pre>
</div>
<h3 class="heading-1-1"><span id="HHowtouseitinLemonLDAP3A3ANG">How to use
it in LemonLDAP::NG</span></h3>
<p class="paragraph"></p>In LemonLDAP::NG Manager, go to General
Parameters &gt; Exported Variables and add new variables:
<ul class="star">
<li>ssoName =&gt; $ssoName</li>
<li>ssoRoles =&gt; $ssoRoles</li>
<li>ssoLogonHours =&gt; $ssoLogonHours</li>
<li>ssoStartDate =&gt; $ssoStartDate</li>
<li>ssoEndDate =&gt; $ssoEndDate</li>
</ul>Save and reload Apache and Handler to get the configuration updated.
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>

32
build/lemonldap-ng/doc/password-policy.html → build/lemonldap-ng/doc/4.2-Configure-password-policy.html
View File

@ -7,7 +7,8 @@
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: password-policy.html</title>
<title>Lemonldap::NG documentation:
4.2-Configure-password-policy.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
@ -76,7 +77,8 @@
<li><a href="#HPasswordPolicyinLemonLDAP3A3ANG">Password Policy in
LemonLDAP::NG</a></li>
</ul>
</ul><strong class="strong">Documentation applicable for LemonLDAP::NG
&gt;= 0.9.1</strong>
<h3 class="heading-1-1"><span id="HThePasswordPolicyStandard">The Password
Policy Standard</span></h3>
@ -106,9 +108,10 @@
module</span></h4>
<p class="paragraph"></p>The Net::LDAP::Control::PasswordPolicy is
available since Perl-LDAP 0.36. Please update your Perl installation if
you want to deal with Password Policy in LemonLDAP::NG: <span class=
"wikiexternallink"><a href=
available since Perl-LDAP 0.36. But some bugs relative to this modules wer
found, so we advice to take at leaste 0.39. Please update your Perl
installation if you want to deal with Password Policy in LemonLDAP::NG:
<span class="wikiexternallink"><a href=
"http://ldap.perl.org/">http://ldap.perl.org/</a></span> (en).
<h3 class="heading-1-1"><span id=
@ -123,10 +126,23 @@
<li>Your account is locked</li>
<li>Your password has expired</li>
</ul>Other use case are a work in progress.
</ul>Since LemonLDAP:NG 0.9.3, password policy is also used in menu, with
the password changement form. It handles the following errors:
<p class="paragraph"></p>To activate Password Policy, you have to set a
new parameter inside you portal perl script (e.g. portal/index.pl), like:
<ul class="star">
<li>Password too short</li>
<li>Password in history</li>
<li>Password too young</li>
</ul>LemonLDAP::NG also notify the user for:
<ul class="star">
<li>Password expiration time</li>
<li>Password graces used</li>
</ul>To activate Password Policy, you have to set a new parameter inside
you portal perl script (e.g. portal/index.pl), like:
<p class="paragraph"></p>

5
build/lemonldap-ng/doc/liberty-alliance-fr.html → build/lemonldap-ng/doc/4.3-Configure-Liberty-Alliance-fr.html
View File

@ -7,7 +7,8 @@
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: liberty-alliance-fr.html</title>
<title>Lemonldap::NG documentation:
4.3-Configure-Liberty-Alliance-fr.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
@ -219,7 +220,7 @@
(LAAP).</li>
<li><span class="wikiexternallink"><a href=
"http://wiki.lemonldap.objectweb.orgoverview-fr.html">LemonLDAP::NG</a></span>
"http://wiki.lemonldap.objectweb.org1-Overview-fr.html">LemonLDAP::NG</a></span>
: WebSSO et gestion centralis&eacute;e des autorisations.</li>
</ul>

80
build/lemonldap-ng/doc/soap-fr.html → build/lemonldap-ng/doc/4.3-Configure-SOAP-fr.html
View File

@ -7,7 +7,7 @@
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: soap-fr.html</title>
<title>Lemonldap::NG documentation: 4.3-Configure-SOAP-fr.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
@ -64,6 +64,9 @@
<ul>
<li><a href="#HPrC3A9requis">Pr&eacute;-requis</a></li>
<li><a href="#HWebServicepourl27authentification">Web Service pour
l'authentification</a></li>
<li>
<a href="#HWebServicepourl27accC3A8sauxsessions">Web Service pour
l'acc&egrave;s aux sessions</a>
@ -143,33 +146,80 @@
</pre>
</div>
<h3 class="heading-1-1"><span id="HWebServicepourl27authentification">Web
Service pour l'authentification</span></h3><br />
<br />
&Agrave; partie de la version 0.9.3, les fonctionnalit&eacute;s SOAP sont
incluse dans le portail. Il suffit de les activer avec l'option
<strong class="strong">"<tt>Soap =&gt; 1</tt>"</strong>.<br />
<br />
Le portail est alors capable de r&eacute;pondre aux sollicitations web
classiques et aux requ&ecirc;tes SOAP. Il propose 2 fonctions SOAP:
<ul class="star">
<li>getCookies(user,password) : retourne le ou les cookies
g&eacute;n&eacute;r&eacute;s par le portail et un code d'erreur (0 si
tout va bien)</li>
<li>error(language,code) : retourne le texte correspondant &agrave;
l'erreur</li>
</ul>Exemple de script client :<br />
<br />
<div class="code">
<pre>
#!/usr/bin/perl -l
use SOAP::Lite;
use Data::Dumper;<br /><br />my $soap = SOAP::Lite-&gt;proxy('http://auth.example.com/')
-&gt;uri('urn:/Lemonldap/NG/Portal/SharedConf');<br /><br />my $r = $soap-&gt;getCookies( 'user', 'password' );<br /><br /># Catch SOAP errors
<span class="java-keyword">if</span> ( $r-&gt;fault ) {
print STDERR <span class=
"java-quote">"SOAP Error: "</span> . $r-&gt;fault-&gt;{faultstring};
}
<span class="java-keyword">else</span> {
my $res = $r-&gt;result();<br /><br /> # If authentication failed, display error
<span class="java-keyword">if</span> ( $res-&gt;{error} ) {
print STDERR <span class="java-quote">"Error: "</span>
. $soap-&gt;error( 'fr', $res-&gt;{error} )-&gt;result();
}<br /><br /> # print session-ID
<span class="java-keyword">else</span> {
print <span class=
"java-quote">"Cookie: lemonldap="</span> . $res-&gt;{cookies}-&gt;{lemonldap};
}
}
</pre>
</div>
<h3 class="heading-1-1"><span id=
"HWebServicepourl27accC3A8sauxsessions">Web Service pour l'acc&egrave;s
aux sessions</span></h3>
<h4 class="heading-1-1-1"><span id=
"HPrC3A9sentation">Pr&eacute;sentation</span></h4><br />
<br />
Ce Web Service permet au portail (Lemonldap::NG::Portal) et au handler
(Lemonldap::NG::Handler) d'acc&eacute;der en lecture et en &eacute;criture
aux sessions WebSSO. Cela permet par exemple &agrave; un handler d'aller
"HPrC3A9sentation">Pr&eacute;sentation</span></h4>
<p class="paragraph"></p>Ce Web Service permet au portail
(Lemonldap::NG::Portal) et au handler (Lemonldap::NG::Handler)
d'acc&eacute;der en lecture et en &eacute;criture aux sessions WebSSO.
Cela permet par exemple &agrave; un handler d'aller
r&eacute;cup&eacute;rer les sessions &agrave; distance avec une simple
requ&ecirc;te SOAP (sur HTTP). Pour des architectures plus complexes, cela
permet &eacute;galement de disposer de plusieurs portails qui enregistrent
les sessions &agrave; distance.<br />
<br />
<img src=
les sessions &agrave; distance.
<p class="paragraph"></p><img src=
"/xwiki/bin/download/NG/DocSOAP/DIA-Fonctionnement_LemonLDAP%3A%3ANG_SOAP_Sessions-1.png"
alt="DIA-Fonctionnement_LemonLDAP::NG_SOAP_Sessions-1.png" />
<h4 class="heading-1-1-1"><span id=
"HInstallationduscriptserveurSOAP">Installation du script serveur
SOAP</span></h4><br />
<br />
Au niveau du serveur principal, c'est-&agrave;-dire celui qui stocke les
sessions, le script suivant doit &ecirc;tre install&eacute;, par exemple
dans /var/www/lemonldapng/soap/sessions.pl :<br />
<br />
SOAP</span></h4>
<p class="paragraph"></p>Au niveau du serveur principal,
c'est-&agrave;-dire celui qui stocke les sessions, le script suivant doit
&ecirc;tre install&eacute;, par exemple dans
/var/www/lemonldapng/soap/sessions.pl :
<p class="paragraph"></p>
<div class="code">
<pre>

2
build/lemonldap-ng/doc/dokuwiki.html → build/lemonldap-ng/doc/5-Appli-Dokuwiki.html
View File

@ -7,7 +7,7 @@
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: dokuwiki.html</title>
<title>Lemonldap::NG documentation: 5-Appli-Dokuwiki.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/

2
build/lemonldap-ng/doc/sympa.html → build/lemonldap-ng/doc/5-Appli-Sympa.html
View File

@ -7,7 +7,7 @@
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: sympa.html</title>
<title>Lemonldap::NG documentation: 5-Appli-Sympa.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/

2
build/lemonldap-ng/doc/tomcat-valve.html → build/lemonldap-ng/doc/5-Appli-Tomcat-Valve.html
View File

@ -7,7 +7,7 @@
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: tomcat-valve.html</title>
<title>Lemonldap::NG documentation: 5-Appli-Tomcat-Valve.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/

2
build/lemonldap-ng/doc/phpldapadmin.html → build/lemonldap-ng/doc/5-Appli-phpLDAPadmin.html
View File

@ -7,7 +7,7 @@
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: phpldapadmin.html</title>
<title>Lemonldap::NG documentation: 5-Appli-phpLDAPadmin.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/

6
build/lemonldap-ng/doc/contacts.html → build/lemonldap-ng/doc/6-Contacts.html
View File

@ -7,7 +7,7 @@
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: contacts.html</title>
<title>Lemonldap::NG documentation: 6-Contacts.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
@ -132,10 +132,10 @@
<ul class="star">
<li>Erwan Legall: <span class="wikilink"><a href=
"/xwiki/bin/view/NG/DocAppDokuwiki">Dokuwiki pugin</a></span></li>
"5-Appli-Dokuwiki.html">Dokuwiki pugin</a></span></li>
<li>Pascal Pejac: <span class="wikilink"><a href=
"/xwiki/bin/view/NG/DocAppTomcatValve">Tomcat valve</a></span></li>
"5-Appli-Tomcat-Valve.html">Tomcat valve</a></span></li>
</ul>
</div>

2
build/lemonldap-ng/doc/errors-fr.html → build/lemonldap-ng/doc/6-Errors-fr.html
View File

@ -7,7 +7,7 @@
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: errors-fr.html</title>
<title>Lemonldap::NG documentation: 6-Errors-fr.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/

2
build/lemonldap-ng/doc/errors.html → build/lemonldap-ng/doc/6-Errors.html
View File

@ -7,7 +7,7 @@
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: errors.html</title>
<title>Lemonldap::NG documentation: 6-Errors.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/

6
build/lemonldap-ng/doc/references.html → build/lemonldap-ng/doc/6-References.html
View File

@ -7,7 +7,7 @@
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: references.html</title>
<title>Lemonldap::NG documentation: 6-References.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
@ -74,9 +74,9 @@
"logo_gendarmerie_nationale.png" />
<ul class="star">
<li>Nb users:</li>
<li>Nb users: 105.000</li>
<li>Nb protected applications:</li>
<li>Nb protected applications: ~100</li>
</ul>
<h3 class="heading-1-1"><span id=

144
build/lemonldap-ng/doc/6-Roadmap.html Normal file
View File

@ -0,0 +1,144 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: 6-Roadmap.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HRoadmapforLemonLDAP3A3ANG">Roadmap for
LemonLDAP::NG</span></h2>
<p class="paragraph"></p>
<ul>
<li><a href="#HVersion0928200829">Version 0.9 (2008)</a></li>
<li><a href="#HVersion09328end20082Fbegin200929">Version 0.9.3 (end
2008/begin 2009)</a></li>
<li><a href="#HVersion1028200929">Version 1.0 (2009)</a></li>
<li><a href="#HVersion2028201029">Version 2.0 (2010)</a></li>
</ul><strong class="strong">Icons legend:</strong><br />
<img src="ok.png" alt="ok.png" /> Task finished<br />
<img src="warning_triangle.png" alt="warning_triangle.png" /> Work in
progress<br />
<img src="error.png" alt="error.png" /> To be done<br />
<h3 class="heading-1-1"><span id="HVersion0928200829">Version 0.9
(2008)</span></h3><img src="ok.png" alt="ok.png" /> Liberty Alliance
authentication module (<span class="wikilink"><a href=
"4.3-Configure-Liberty-Alliance-fr.html">learn more</a></span>)<br />
<img src="ok.png" alt="ok.png" /> Skins for Manager and Portal<br />
<img src="ok.png" alt="ok.png" /> SOAP access to configuration and
sessions (<span class="wikilink"><a href=
"4.3-Configure-SOAP-fr.html">learn more</a></span>)<br />
<h3 class="heading-1-1"><span id=
"HVersion09328end20082Fbegin200929">Version 0.9.3 (end 2008/begin
2009)</span></h3><img src="ok.png" alt="ok.png" /> Dissociate
authentication and user backend capabilities (for example, to choose LDAP
for authentication, and MySQL for reading user's information)<br />
<img src="ok.png" alt="ok.png" /> Add a Menu.pm to portal modules, to
provide an enhanced application menu and password modification form
(<span class="wikilink"><a href="4.1-Configure-portal-menu.html">learn
more</a></span>)<br />
<img src="ok.png" alt="ok.png" /> i18n (internationalization) for modules,
scripts and HTML templates (<span class="wikilink"><a href=
"4.1-HTML-templates-customization.html">learn more</a></span>)<br />
<img src="ok.png" alt="ok.png" /> Sessions explorer<br />
<img src="ok.png" alt="ok.png" /> Accounting and authentication in
manager<br />
<img src="ok.png" alt="ok.png" /> Shared functions for macros, groups,
access rules and headers.<br />
<img src="warning_triangle.png" alt="warning_triangle.png" /> Production
installation script<br />
<h3 class="heading-1-1"><span id="HVersion1028200929">Version 1.0
(2009)</span></h3><img src="warning_triangle.png" alt=
"warning_triangle.png" /> Packages for Debian/Ubuntu, RedHat/CentOS<br />
<img src="warning_triangle.png" alt="warning_triangle.png" /> Date and
time parameters in access rules<br />
<img src="warning_triangle.png" alt="warning_triangle.png" /> Monitoring
scripts (MRTG, Cacti, Nagios)<br />
<img src="error.png" alt="error.png" /> Handler POST functionnalities, to
fill authentication forms with login/password<br />
<img src="error.png" alt="error.png" /> Portal and Manager trigger system,
to execute code on specified action (apply, save, etc.)<br />
<img src="error.png" alt="error.png" /> Configuration update, to manage
all new parameters (<span class="wikilink"><a href=
"4.1-Configuration-parameter-list.html">learn more</a></span>)<br />
<img src="error.png" alt="error.png" /> Configuration migration
scripts<br />
<img src="error.png" alt="error.png" /> Change configuration storage to
XML<br />
<h3 class="heading-1-1"><span id="HVersion2028201029">Version 2.0
(2010)</span></h3><img src="error.png" alt="error.png" /> Rewrite Manager
with JQuery and Ajax<br />
<img src="error.png" alt="error.png" /> Manage Apache virtualhost
configuration through LDAP backend<br />
<img src="error.png" alt="error.png" /> SAML2 authentication and user
backend<br />
<img src="error.png" alt="error.png" /> SNMP extensions for
monitoring<br />
<img src="error.png" alt="error.png" /> Local password policy<br />
<img src="error.png" alt="error.png" /> Notification system<br />
<img src="error.png" alt="error.png" /> LQL parser (LDAP Query
Language)<br />
<img src="error.png" alt="error.png" /> Shared "grant" function<br />
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>

420
build/lemonldap-ng/doc/advanced-access-rules.html
View File

@ -1,420 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: advanced-access-rules.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HLDAPSchemaforadvancedaccessrules">LDAP
Schema for advanced access rules</span></h2>
<p class="paragraph"></p>
<ul>
<li><a href="#HTopic">Topic</a></li>
<li>
<a href="#HLDAPSchema">LDAP Schema</a>
<ul>
<li><a href="#HOIDprefix">OID prefix</a></li>
<li><a href="#HOpenLDAPschema">OpenLDAP schema</a></li>
</ul>
</li>
<li>
<a href="#HHowtouseitinLemonLDAP3A3ANG">How to use it in
LemonLDAP::NG</a>
<ul>
<li><a href="#HSpecifynewattributesinexportedvariables">Specify new
attributes in exported variables</a></li>
<li><a href="#HHabilitationbasedonanapplicationname">Habilitation
based on an application name</a></li>
<li><a href="#HHabilitationbasedonadate">Habilitation based on a
date</a></li>
<li><a href="#HHabilitationbasedonaperiod">Habilitation based on a
period</a></li>
<li>
<a href="#HSendaroletoaprotectedapplication">Send a role to a
protected application</a>
<ul>
<li><a href="#HRolesassimplevaluesofauserattribute">Roles as
simple values of a user attribute</a></li>
<li><a href="#HRolesasentriesinthedirectory">Roles as entries in
the directory</a></li>
</ul>
</li>
</ul>
</li>
</ul>
<h3 class="heading-1-1"><span id="HTopic">Topic</span></h3>
<p class="paragraph"></p>LemonLDAP::NG is powerfull WebSSO engine who
manage access trough user's attributes stored in an LDAP directory.
<p class="paragraph"></p>We can use standards attributes like uid, cn or
mail to describe access rules to protected web applications.
<p class="paragraph"></p>But sometimes we need more information! For
example:
<ul class="star">
<li>An application name (to allow access by applications and not by
group of users)</li>
<li>A start date and an end date (to open or close the service even the
entry already exists)</li>
<li>A time profile (allowed hours and day of the week)</li>
<li>One or more roles (to send to the protected applications)</li>
</ul>
<h3 class="heading-1-1"><span id="HLDAPSchema">LDAP Schema</span></h3>
<h4 class="heading-1-1-1"><span id="HOIDprefix">OID prefix</span></h4>
<p class="paragraph"></p>We plan to use this prefix:
1.3.6.1.4.1.10943.10.2.
<p class="paragraph"></p>The prefix 1.3.6.1.4.1.10943 is owned by LINAGORA
(See <span class="wikiexternallink"><a href=
"http://www.iana.org/assignments/enterprise-numbers">http://www.iana.org/assignments/enterprise-numbers</a></span>).
<h4 class="heading-1-1-1"><span id="HOpenLDAPschema">OpenLDAP
schema</span></h4>
<p class="paragraph"></p>Just add this file to OpenLDAP schemas:
<p class="paragraph"></p>
<div class="code">
<pre>
#=======================================
# Schema <span class="java-keyword">for</span> advanced SSO access rules
#
# Designed <span class="java-keyword">for</span> OpenLDAP software
# <span class="nobr"><a href=
"http://www.openldap.org">http://www.openldap.org</a></span>
#
# Part of LemonLDAP::NG project
# <span class="nobr"><a href=
"http://lemonldap.ow2.org">http://lemonldap.ow2.org</a></span>
#
# Author: Clement OUDOT
#=======================================<br /><br />#=======================================
# OID Prefix
# Registered in IANA database
#=======================================
objectIdentifier SSOOID 1.3.6.1.4.1.10943.10.2<br /><br />#=======================================
# Attributes
#=======================================<br /><br /># Application Name
attributetype ( SSOOID:1:1
NAME 'ssoName'
DESC 'An application name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br /># Roles
attributetype ( SSOOID:1:2
NAME 'ssoRoles'
DESC 'One or more roles'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br /># Time profile
attributetype ( SSOOID:1:3
NAME 'ssoTimeProfile'
DESC 'A time profile'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br /># Start date
attributetype ( SSOOID:1:4
NAME 'ssoStartDate'
DESC 'Start date'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br /># End date
attributetype ( SSOOID:1:5
NAME 'ssoEndDate'
DESC 'End date'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br />#=======================================
# ObjectClasses
#=======================================<br /><br /># SSO user
objectClass ( SSOOID:2:1
NAME 'ssoUser'
DESC 'SSO extended informations <span class=
"java-keyword">for</span> a user'
SUP top
AUXILIARY
MAY ( ssoName $ ssoRoles $ ssoTimeProfile $
ssoStartDate $ ssoEndDate ) )
</pre>
</div>
<h3 class="heading-1-1"><span id="HHowtouseitinLemonLDAP3A3ANG">How to use
it in LemonLDAP::NG</span></h3>
<h4 class="heading-1-1-1"><span id=
"HSpecifynewattributesinexportedvariables">Specify new attributes in
exported variables</span></h4>
<p class="paragraph"></p>In LemonLDAP::NG Manager, go to General
Parameters &gt; Exported Variables and add new variables:
<ul class="star">
<li>ssoName =&gt; $ssoName</li>
<li>ssoRoles =&gt; $ssoRoles</li>
<li>ssoTimeProfile =&gt; $ssoTimeProfile</li>
<li>ssoStartDate =&gt; $ssoStartDate</li>
<li>ssoEndDate =&gt; $ssoEndDate</li>
</ul>Save and reload Apache and Handler to get the configuration updated.
<h4 class="heading-1-1-1"><span id=
"HHabilitationbasedonanapplicationname">Habilitation based on an
application name</span></h4><br />
<br />
If a user has got the ssoName attribute, with each value being the name of
a protected application, you can configure the rules of virtualhosts by
checking the application name.<br />
<br />
Go in LemonLDAP::NG Manager, choose your virtualhost (for example
test.acme.com), and set the default rule to accept users if they have
"acme" has one of the value of their attribute "ssoName":<br />
<br />
<div class="code">
<pre>
<span class="java-keyword">default</span> =&gt; $ssoName =~ /\bacme\b/
</pre>
</div><br />
<br />
Save and reload.<br />
<br />
Now you can decide who access this application just by adding or removing
a value inside the entry of the users.
<h4 class="heading-1-1-1"><span id=
"HHabilitationbasedonadate">Habilitation based on a date</span></h4><br />
<br />
If the user has got ssoStartDate and/or ssoEndDate, you can configure
rules to compare the current date to the start/end dates.
<h4 class="heading-1-1-1"><span id=
"HHabilitationbasedonaperiod">Habilitation based on a
period</span></h4><br />
<br />
If the user has got ssoTimeProfile, you can configure rules to compare the
current time and compare it to the time profile.
<h4 class="heading-1-1-1"><span id=
"HSendaroletoaprotectedapplication">Send a role to a protected
application</span></h4>
<h5 class="heading-1-1-1-1"><span id=
"HRolesassimplevaluesofauserattribute">Roles as simple values of a user
attribute</span></h5><br />
<br />
Imagine you've set your directory schema to store roles as values of
ssoRoles, an attribute of the user. This is simple because you can send
the role to the application by creating a HTTP header (for example
Auth-Role) with the concatened values (';' is the concatenation
string):<br />
<br />
<div class="code">
<pre>
Auth-Roles =&gt; $ssoRoles
</pre>
</div><br />
<br />
If the user has these values inside its entry:<br />
<br />
<div class="code">
<pre>
ssoRoles: user
ssoRoles: admin
</pre>
</div><br />
<br />
Then you got this value inside the Auth-Roles header:<br />
<br />
<div class="code">
<pre>
user;admin
</pre>
</div>
<h5 class="heading-1-1-1-1"><span id="HRolesasentriesinthedirectory">Roles
as entries in the directory</span></h5><br />
<br />
Now imagine the following DIT:<br />
<br />
<img src="DIA_DIT_Roles.png" alt="DIA_DIT_Roles.png" /><br />
<br />
Roles are entries, below branchs representing applications. Each user has
a ssoRoles attributes, which values are the DN of the corresponding roles.
With this oragnization, you can set roles to user within specific
application.<br />
<br />
In the schema above, the user has the following values:<br />
<br />
<div class="code">
<pre>
ssoRoles: ou=admin,ou=aaa,ou=roles,dc=acme,dc=com
ssoRoles: ou=user,ou=bbb,ou=roles,dc=acme,dc=com
</pre>
</div>
<p class="paragraph"></p>So he is "user" on application "BBB" and "admin"
on application "AAA".
<p class="paragraph"></p>Now we have to send to right role to the right
application trough LemonLDAP::NG.
<p class="paragraph"></p>First step: create a rule to grant access only if
the user has a role in the application:
<ul class="star">
<li>For application AAA:</li>
</ul>
<div class="code">
<pre>
<span class="java-keyword">default</span> =&gt; $ssoRoles =~ /ou=aaa,ou=roles/
</pre>
</div>
<ul class="star">
<li>For application BBB:</li>
</ul>
<div class="code">
<pre>
<span class="java-keyword">default</span> =&gt; $ssoRoles =~ /ou=bbb,ou=roles/
</pre>
</div><br />
<br />
Second step: get the role name for the application. We will use the macros
to do that. Create two macros (inside General Parameters &gt; Macros):
<ul class="star">
<li>For application AAA:</li>
</ul>
<div class="code">
<pre>
aaaRole =&gt; ((grep{/ou=aaa/} split(';',$ssoRoles))[0] =~ /ou=(.*),ou=aaa/)[0]
</pre>
</div>
<ul class="star">
<li>For application BBB:</li>
</ul>
<div class="code">
<pre>
bbbRole =&gt; ((grep{/ou=bbb/} split(';',$ssoRoles))[0] =~ /ou=(.*),ou=bbb/)[0]
</pre>
</div><br />
<br />
These regular expressions read the 'ou' value of the DN of the role of the
concerned application. This work if the user has only one role per
application.<br />
<br />
Third step: provide the role to the application. It is done by creating
the correct HTTP header:
<ul class="star">
<li>For application AAA:</li>
</ul>
<div class="code">
<pre>
Auth-Roles =&gt; $aaaRoles
</pre>
</div>
<ul class="star">
<li>For application BBB:</li>
</ul>
<div class="code">
<pre>
Auth-Roles =&gt; $bbbRoles
</pre>
</div><br />
<br />
Now the protected application can read in the header HTTP_AUTH_ROLES the
role of the user.
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>

417
build/lemonldap-ng/doc/advanced-install.html
View File

@ -1,417 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: advanced-install.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HADVANCEDINSTALLATION">ADVANCED
INSTALLATION</span></h2>
<p class="paragraph"></p><strong class="strong">Warning:</strong> This
document is written for people who know Lemonldap::NG. For other people,
it is recommended to build the <span class="wikilink"><a href=
"install.html">example</a></span> provided in the source and next to adapt
it to local installation.
<p class="paragraph"></p>
<ul>
<li>
<a href="#HPREREQ">PREREQ</a>
<ul>
<li><a href="#HApache">Apache</a></li>
<li><a href="#HPerlprereq">Perl prereq</a></li>
</ul>
</li>
<li><a href="#HSOFTWAREINSTALLATION">SOFTWARE INSTALLATION</a></li>
<li>
<a href="#HLEMONLDAPINSTALLATION">LEMONLDAP INSTALLATION</a>
<ul>
<li>
<a href="#HDatabaseconfiguration">Database configuration</a>
<ul>
<li><a href=
"#HLemonldap3A3ANGConfigurationdatabase">Lemonldap::NG
Configuration database</a></li>
<li><a href="#HApache3A3ASessiondatabase">Apache::Session
database</a></li>
</ul>
</li>
<li><a href="#HManagerconfiguration">Manager configuration</a></li>
<li>
<a href="#HConfigurationedition">Configuration edition</a>
<ul>
<li><a href="#HGeneralparameters">General parameters</a></li>
<li><a href="#HUsergroups">User groups</a></li>
<li><a href="#HVirtualhosts">Virtual hosts</a></li>
</ul>
</li>
</ul>
</li>
</ul>
<h3 class="heading-1-1"><span id="HPREREQ">PREREQ</span></h3>
<h4 class="heading-1-1-1"><span id="HApache">Apache</span></h4>
<p class="paragraph"></p>To use Lemonldap::NG, you have to run a LDAP
server and of course an Apache server compiled with mod-perl (version 1.3
or 2.x). Generaly, the version of Apache proposed with your Linux
distribution match, but some distributions used an experimental version of
mod_perl with Apache2 (mod_perl-1.99) which does not work with
Lemonldap::NG. With such distributions (like Debian-3.1), you have to use
Apache-1.3 or to use a mod_perl backport (www.backports.org package for
Debian works fine).
<p class="paragraph"></p>For Apache2, you can use both mpm-worker and
mpm-prefork. Mpm-worker works faster and Lemonldap::NG use the thread
system for best performance. If you have to use mpm-prefork (for example
if you use PHP), Lemonldap::NG will work anyway.
<p class="paragraph"></p>You can use Lemonldap::NG in an heterogene world:
the authentication portal and the manager can work in any version of
Apache 1.3 or more even if mod_perl is not compiled, with
ModPerl::Registry or not&hellip; Only the handler (site protector) need
mod_perl. The different handlers can run on different servers with
different versions of Apache/mod_perl.
<h4 class="heading-1-1-1"><span id="HPerlprereq">Perl prereq</span></h4>
<p class="paragraph"></p>Perl modules: Apache::Session, Net::LDAP,
MIME::Base64, CGI, LWP::UserAgent, Cache::Cache, DBI, XML::Simple
<p class="paragraph"></p>With Debian:
<p class="paragraph"></p>
<div class="code">
<pre>
apt-get install libapache-session-perl libnet-ldap-perl libcache-cache-perl \
libdbi-perl perl-modules libwww-perl libcache-cache-perl \
libxml-simple-perl
</pre>
</div>
<p class="paragraph"></p>Portal:
<p class="paragraph"></p>Apache::Session, Net::LDAP, MIME::Base64, CGI,
DBI
<p class="paragraph"></p>With Debian:
<p class="paragraph"></p>
<div class="code">
<pre>
apt-get install libapache-session-perl libnet-ldap-perl libdbi-perl \
perl-modules
</pre>
</div>
<p class="paragraph"></p>Handler:
<p class="paragraph"></p>Apache::Session, LWP::UserAgent, Cache::Cache,
DBI
<p class="paragraph"></p>With Debian:
<p class="paragraph"></p>
<div class="code">
<pre>
apt-get install libapache-session-perl libdbi-perl libwww-perl \
libcache-cache-perl
</pre>
</div><br />
<br />
Manager:<br />
<br />
CGI, XML::Simple, DBI<br />
<br />
With Debian:<br />
<br />
<div class="code">
<pre>
apt-get install perl-modules libxml-simple-perl
</pre>
</div>
<h3 class="heading-1-1"><span id="HSOFTWAREINSTALLATION">SOFTWARE
INSTALLATION</span></h3><br />
<br />
If you just want to install a handler or a portal or a manager:<br />
<br />
<div class="code">
<pre>
$ tar xzf lemonldap-ng-*.tar.gz
$ cd lemonldap-ng-*/Lemonldap-NG-(Portal|Handler|Manager)
$ perl Makefile.PL &amp;&amp; make &amp;&amp; make test
$ sudo make install
</pre>
</div>
<p class="paragraph"></p>else for a complete install:
<p class="paragraph"></p>
<div class="code">
<pre>
$ tar xzf lemonldap-ng-*.tar.gz
$ cd lemonldap-ng-*
$ make &amp;&amp; make test
$ sudo make install
</pre>
</div>
<p class="paragraph"></p>See prereq in
<h3 class="heading-1-1"><span id="HLEMONLDAPINSTALLATION">LEMONLDAP
INSTALLATION</span></h3>
<h4 class="heading-1-1-1"><span id="HDatabaseconfiguration">Database
configuration</span></h4>If you use DBI or another system to share
Lemonldap::NG configuration, you have to initialize the database.<br />
<br />
For example, create the database "lemonldapng" :<br />
<br />
<div class="code">
<pre>
# mysqladmin create lemonldapng
</pre>
</div>
<h5 class="heading-1-1-1-1"><span id=
"HLemonldap3A3ANGConfigurationdatabase">Lemonldap::NG Configuration
database</span></h5><br />
<br />
To store configuration, use this table :<br />
<br />
<div class="code">
<pre>
CREATE TABLE lmConfig (
cfgNum <span class="java-object">int</span> not <span class=
"java-keyword">null</span> primary key,
locationRules text,
exportedHeaders text,
globalStorage text,
globalStorageOptions text,
macros text,
groups text,
portal text,
domain text,
ldapServer text,
ldapPort <span class="java-object">int</span>,
ldapBase text,
securedCookie <span class="java-object">int</span>,
cookieName text,
authentication text,
exportedVars text,
managerDn text,
managerPassword text,
whatToTrace text,
timeout <span class="java-object">int</span>
);
</pre>
</div>
<h5 class="heading-1-1-1-1"><span id=
"HApache3A3ASessiondatabase">Apache::Session database</span></h5>
<p class="paragraph"></p>The choice of Apache::Session::* module is free.
See Apache::Session::Store::* or Apache::Session::* to know how to
configure the module. For example, if you want to use
Apache::Session::MySQL, you can create the database like this:
<p class="paragraph"></p>
<div class="code">
<pre>
CREATE TABLE sessions (
id <span class="java-object">char</span>(32),
a_session text
);
</pre>
</div>
<h4 class="heading-1-1-1"><span id="HManagerconfiguration">Manager
configuration</span></h4>
<p class="paragraph"></p>Copy example/manager.cgi and personalize it if
you want (see Lemonldap::NG::Manager). You have to set in particular
configStorage. For example with MySQL:
<p class="paragraph"></p>
<div class="code">
<pre>
$my $manager = Lemonldap::NG::Manager-&gt;<span class=
"java-keyword">new</span> ( {
dbiChain =&gt; <span class=
"java-quote">"DBI:mysql:database=mybase;host=1.2.3.4"</span>,
dbiUser =&gt; <span class=
"java-quote">"lemonldap-ng"</span>,
dbiPasword =&gt; <span class=
"java-quote">"mypass"</span>,
} );
</pre>
</div>
<p class="paragraph"></p>Securise Manager access with Apache: Lemonldap
does not securise the manager itself yet:
<p class="paragraph"></p>
<div class="code">
<pre>
SSLEngine On
Order Deny, Allow
Deny from all
Allow from admin/network
AuthType Basic
...
</pre>
</div>
<h4 class="heading-1-1-1"><span id="HConfigurationedition">Configuration
edition</span></h4>
<p class="paragraph"></p>Connect to the manager with your browser start
configure your Web-SSO. You have to set at least some parameters:
<h5 class="heading-1-1-1-1"><span id="HGeneralparameters">General
parameters</span></h5>
<ul class="star">
<li>Authentication parameters -&gt; portal URL to access to the
authentication portal.</li>
<li>Domain: the cookie domain. All protected VirtualHosts have to be
under it.</li>
<li>LDAP parameters -&gt; LDAP Server.</li>
<li>LDAP parameters -&gt; LDAP Accout and password: required only if
anonymous binds are not accepted.</li>
<li>Session Storage -&gt; Apache::Session module: how to store user
sessions. You can use all module that inherit from Apache::Session like
Apache::Session::MySQL.</li>
<li>Session Storage -&gt; Apache::Session Module parameters: see
Apache::Session::&lt;Choosen module&gt;.</li>
</ul>
<h5 class="heading-1-1-1-1"><span id="HUsergroups">User groups</span></h5>
<p class="paragraph"></p>Use the "New Group" button to add your first
group. On the left, set the keyword which will be used later and set on
the right the corresponding rule. You can use :
<ul class="star">
<li>an LDAP filter (it will be tested with the user uid)</li>
</ul>or
<ul class="star">
<li>a Perl condition enclosed with {}. All variables declared in
"General parameters -&gt; LDAP attributes" can be used with a "$". For
example: MyGroup / { $uid eq "foo" or $uid eq "bar" }</li>
</ul>
<h5 class="heading-1-1-1-1"><span id="HVirtualhosts">Virtual
hosts</span></h5>
<p class="paragraph"></p>You have to create a virtual host for each Apache
host (virtual or real) protected by Lemonldap::NG even if just a
sub-directory is protected. Else, user who want to access to the protected
area will be rejected with a "500 Internal Server Error" message and the
apache logs will explain the problem.
<p class="paragraph"></p>Each virtual host has 2 groups of parameters:
<ul class="star">
<li>Headers: the headers added to the apache request. Default: Auth-User
=&gt; $uid.</li>
<li>Rules: subdivised in 2 categories:
<ul class="star">
<li>default: the default rule</li>
<li>personalized rules: association of a Perl regular expression and
a condition. For example: ^/restricted.*$ / $groups =~
/bMyGroupb/</li>
</ul>
</li>
</ul>
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>

BIN
build/lemonldap-ng/doc/dokuwiki_logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

BIN
build/lemonldap-ng/doc/error.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB

BIN
build/lemonldap-ng/doc/grr_logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.9 KiB

51
build/lemonldap-ng/doc/index.html
View File

@ -49,27 +49,36 @@
<div class="main-content">
<h2 class="heading-1">LemonLDAP::NG documentation</h2>
<ul class="star">
<li><a href="advanced-access-rules.html">Advanced access rules</a></li>
<li><a href="advanced-install.html">Advanced install</a></li>
<li><a href="contacts.html">Contacts</a></li>
<li><a href="debian-packages-install.html">Debian packages install</a></li>
<li><a href="dokuwiki.html">Dokuwiki</a></li>
<li><a href="errors.html">Errors</a></li>
<li><a href="errors-fr.html">Errors (FR)</a></li>
<li><a href="faq.html">Faq</a></li>
<li><a href="faq-fr.html">Faq (FR)</a></li>
<li><a href="install.html">Install</a></li>
<li><a href="install-fr.html">Install (FR)</a></li>
<li><a href="liberty-alliance-fr.html">Liberty alliance (FR)</a></li>
<li><a href="overview.html">Overview</a></li>
<li><a href="overview-fr.html">Overview (FR)</a></li>
<li><a href="password-policy.html">Password policy</a></li>
<li><a href="phpldapadmin.html">Phpldapadmin</a></li>
<li><a href="references.html">References</a></li>
<li><a href="roadmap.html">Roadmap</a></li>
<li><a href="soap-fr.html">Soap (FR)</a></li>
<li><a href="sympa.html">Sympa</a></li>
<li><a href="tomcat-valve.html">Tomcat valve</a></li>
<li><a href="1-Overview.html">1 Overview</a></li>
<li><a href="1-Overview-fr.html">1 Overview (FR)</a></li>
<li><a href="2-FAQ.html">2 FAQ</a></li>
<li><a href="2-FAQ-fr.html">2 FAQ (FR)</a></li>
<li><a href="3-Table-of-contents.html">3 Table of contents</a></li>
<li><a href="3-Table-of-contents-fr.html">3 Table of contents (FR)</a></li>
<li><a href="3.1-Install-prerequesites.html">3.1 Install prerequesites</a></li>
<li><a href="3.2-Install-from-tarball.html">3.2 Install from tarball</a></li>
<li><a href="3.3-Install-from-debian-packages.html">3.3 Install from debian packages</a></li>
<li><a href="3.4-Install-of-MySQL-storage.html">3.4 Install of MySQL storage</a></li>
<li><a href="3.5-Install-of-example.html">3.5 Install of example</a></li>
<li><a href="3.5-Install-of-example-fr.html">3.5 Install of example (FR)</a></li>
<li><a href="4.1-Configuration-overview.html">4.1 Configuration overview</a></li>
<li><a href="4.1-Configuration-parameter-list.html">4.1 Configuration parameter list</a></li>
<li><a href="4.1-Configure-portal-menu.html">4.1 Configure portal menu</a></li>
<li><a href="4.1-HTML-templates-customization.html">4.1 HTML templates customization</a></li>
<li><a href="4.1-RBAC-model.html">4.1 RBAC model</a></li>
<li><a href="4.2-Configure-LDAP-schema.html">4.2 Configure LDAP schema</a></li>
<li><a href="4.2-Configure-password-policy.html">4.2 Configure password policy</a></li>
<li><a href="4.3-Configure-Liberty-Alliance-fr.html">4.3 Configure Liberty Alliance (FR)</a></li>
<li><a href="4.3-Configure-SOAP-fr.html">4.3 Configure SOAP (FR)</a></li>
<li><a href="5-Appli-Dokuwiki.html">5 Appli Dokuwiki</a></li>
<li><a href="5-Appli-Sympa.html">5 Appli Sympa</a></li>
<li><a href="5-Appli-Tomcat-Valve.html">5 Appli Tomcat Valve</a></li>
<li><a href="5-Appli-phpLDAPadmin.html">5 Appli phpLDAPadmin</a></li>
<li><a href="6-Contacts.html">6 Contacts</a></li>
<li><a href="6-Errors.html">6 Errors</a></li>
<li><a href="6-Errors-fr.html">6 Errors (FR)</a></li>
<li><a href="6-References.html">6 References</a></li>
<li><a href="6-Roadmap.html">6 Roadmap</a></li>
</ul>
</div>
<p class="footer">Find the latest version of the documentation on <a href="http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation">LemonLDAP::NG Wiki</a> !</p>

BIN
build/lemonldap-ng/doc/ok.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB

BIN
build/lemonldap-ng/doc/out_of_the_box_nicu_bucu_01.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.7 KiB

BIN
build/lemonldap-ng/doc/padlock_aj_ashton_01.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.4 KiB

126
build/lemonldap-ng/doc/roadmap.html
View File

@ -1,126 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
<title>Lemonldap::NG documentation: roadmap.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HRoadmapforLemonLDAP3A3ANG">Roadmap for
LemonLDAP::NG</span></h2>
<p class="paragraph"></p>
<ul>
<li><a href="#HVersion0928200829">Version 0.9 (2008)</a></li>
<li><a href="#HVersion1028end200829">Version 1.0 (end 2008)</a></li>
<li><a href="#HVersion2028201029">Version 2.0 (2010)</a></li>
</ul>
<h3 class="heading-1-1"><span id="HVersion0928200829">Version 0.9
(2008)</span></h3>
<ul class="star">
<li>Liberty Alliance authentication module</li>
<li>Skins for Manager and Portal</li>
<li>SOAP access to configuration and sessions</li>
</ul>
<h3 class="heading-1-1"><span id="HVersion1028end200829">Version 1.0 (end
2008)</span></h3>
<ul class="star">
<li>Dissociate authentication and user backend capabilities (for
example, to choose LDAP for authentication, and MySQL for reading user's
information).</li>
<li>Add a Menu.pm to portal modules, to provide an enhanced application
menu and password modification form</li>
<li>i18n (internationalization) for modules, scripts and HTML
templates</li>
<li>Production installation script</li>
<li>Packages for Debian/Ubuntu, RedHat/CentOS</li>
<li>Date and time parameters in access rules</li>
<li>Monitoring scripts (MRTG, Cacti, Nagios)</li>
<li>Sessions explorer</li>
<li>Handler POST functionnalities, to fill authentication forms with
login/password</li>
</ul>
<h3 class="heading-1-1"><span id="HVersion2028201029">Version 2.0
(2010)</span></h3>
<ul class="star">
<li>Manage Apache virtualhost configuration through LDAP backend</li>
<li>SAML2 authentication and user backend</li>
<li>SNMP extensions for monitoring</li>
<li>Local password policy</li>
</ul>
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>

BIN
build/lemonldap-ng/doc/tomcat_logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.4 KiB

BIN
build/lemonldap-ng/doc/tools_nicu_buculei_01.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.3 KiB

BIN
build/lemonldap-ng/doc/tux_clemente_01.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.6 KiB

BIN
build/lemonldap-ng/doc/warning_triangle.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 797 B