LEMONLDAP::NG : documentation update
|
@ -7,7 +7,7 @@
|
|||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: overview-fr.html</title>
|
||||
<title>Lemonldap::NG documentation: 1-Overview-fr.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
|
@ -70,20 +70,20 @@
|
|||
|
||||
<p class="paragraph"></p>Lemonldap::NG est un <span class=
|
||||
"wikilink"><a href=
|
||||
"faq-fr.html#HQu27estcequ27unWebSSO3F">Web-SSO</a></span> modulaire
|
||||
"2-FAQ-fr.html#HQu27estcequ27unWebSSO3F">Web-SSO</a></span> modulaire
|
||||
basé sur les modules Apache::Session. Il simplifie la construction
|
||||
d'une aire protégée en minimisant les impacts sur les
|
||||
applications. Il gère à la fois les authentifications et les
|
||||
autorisations et fournit des en-têtes HTTP pour la
|
||||
traçabilité. On obtient ainsi une protection AAA complete
|
||||
<i class="italic">(Authentication, Authorization and Accounting)</i> des
|
||||
espaces web.
|
||||
traçabilité. On obtient ainsi une protection AAA
|
||||
complète <i class="italic">(Authentication, Authorization and
|
||||
Accounting)</i> des espaces web.
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG est une réécriture
|
||||
complète de Lemonldap <i class="italic">(<span class=
|
||||
"wikilink"><a href=
|
||||
"faq-fr.html#HQu27apporteLemonldap3A3ANGparrapportauxautresSSO3F">voir les
|
||||
différences</a></span>)</i>. Tous les éléments
|
||||
"2-FAQ-fr.html#HQu27apporteLemonldap3A3ANGparrapportauxautresSSO3F">voir
|
||||
les différences</a></span>)</i>. Tous les éléments
|
||||
nécessaires à son exploitation et son administration sont
|
||||
fournis dans le package. En revanche les composants
|
||||
développés pour Lemonldap ne sont pas compatibles avec
|
||||
|
@ -134,7 +134,7 @@
|
|||
|
||||
<li><a href="#HAuteur">Auteur</a></li>
|
||||
|
||||
<li><a href="#HCopyrightetlicense">Copyright et license</a></li>
|
||||
<li><a href="#HCopyrightetlicence">Copyright et licence</a></li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HArchitecture">Architecture</span></h3>
|
||||
|
@ -170,7 +170,7 @@
|
|||
|
||||
<ul class="star">
|
||||
<li>la base de configuration : par défaut, il s'agit d'un simple
|
||||
répertoire, mais on peut utiliser une base de donnée pour
|
||||
répertoire, mais on peut utiliser une base de données pour
|
||||
permettre le fonctionnement si tous les éléments ne se
|
||||
trouvent pas sur le même serveur,</li>
|
||||
|
||||
|
@ -237,7 +237,7 @@
|
|||
traçabilité</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Tous les paramètres abordés dans ce
|
||||
chapître sont accessibles via l'interface d'administration (voir la
|
||||
chapitre sont accessibles via l'interface d'administration (voir la
|
||||
<span class="wikiexternallink"><a href=
|
||||
"http://lemonldap.objectweb.org/NG/ManagerDemo/fr/">démonstration</a></span>).
|
||||
|
||||
|
@ -249,13 +249,13 @@
|
|||
protégée par un agent Lemonldap::NG, il est redirigé
|
||||
vers le portail. Celui-ci authentifie l'utilisateur par défaut par
|
||||
une connexion LDAP, mais vous pouvez également utiliser un autre
|
||||
schéma tel les <span class="wikiexternallink"><a href=
|
||||
schéma tels les <span class="wikiexternallink"><a href=
|
||||
"http://fr.wikipedia.org/wiki/Certificat_%C3%A9lectronique">certificats
|
||||
x509</a></span> (voir Lemonldap::NG::Portal::AuthSSL(3)).
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG utilise les cookies de session
|
||||
générés par le module Apache::Session soit aussi
|
||||
sécurisé que n'importe quelle système basé sur
|
||||
sécurisé que n'importe quel système basé sur
|
||||
des cookies aléatoires de 128 bits. Il est recommandé
|
||||
d'activer l'option "cookie sécurisé" pour éviter les
|
||||
vols de session: le cookie n'est plus autorisé à circuler en
|
||||
|
@ -274,7 +274,7 @@
|
|||
<p class="paragraph"></p>Les autorisations sont contrôlées
|
||||
seulement par les agents protégeant les applications. En effet, le
|
||||
portail ne peut connaître à l'avance les applications sur
|
||||
lesquels l'utilisateur se connectera. En configurant votre Web-SSO, vous
|
||||
lesquelles l'utilisateur se connectera. En configurant votre Web-SSO, vous
|
||||
devez:
|
||||
|
||||
<ul class="star">
|
||||
|
@ -355,7 +355,7 @@ group1 => { $departmentUID eq <span class=
|
|||
"HPerformances">Performances</span></h5>
|
||||
|
||||
<p class="paragraph"></p>Vous pouvez utiliser des expressions Perl aussi
|
||||
complexe que nécessaire et vous pouvez utiliser tous les attibuts
|
||||
complexes que nécessaire et vous pouvez utiliser tous les attributs
|
||||
LDAP (et créer vos propres attributs additionnels avec le
|
||||
mécanisme des macros) dans les définitions de groupes, les
|
||||
règles d'accès et les en-têtes HTTP
|
||||
|
@ -366,7 +366,7 @@ group1 => { $departmentUID eq <span class=
|
|||
expressions:
|
||||
|
||||
<ul class="star">
|
||||
<li>les groupes et les macros ne sont évaluées que lorsque
|
||||
<li>les groupes et les macros ne sont évalués que lorsque
|
||||
l'utilisateur est renvoyé vers le portail,</li>
|
||||
|
||||
<li>les règles d'accès et les en-têtes
|
||||
|
@ -399,7 +399,7 @@ group1 => (|(uid=xavier.guimard){$ou eq <span class=
|
|||
</div>
|
||||
|
||||
<p class="paragraph"></p>Pour limiter les requêtes LDAP, il est
|
||||
conseillé d'utiliser les expressions Perl. Ainsi seuls 2
|
||||
conseillé d'utiliser les expressions Perl. Ainsi seules deux
|
||||
sollicitations de l'annuaire sont nécessaires.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
|
@ -417,7 +417,7 @@ group1 => (|(uid=xavier.guimard){$ou eq <span class=
|
|||
applications</span></h5>
|
||||
|
||||
<p class="paragraph"></p>Comme un Web-SSO ne peut interpréter le
|
||||
contenu des requêtes HTTP transmise aux applications
|
||||
contenu des requêtes HTTP transmises aux applications
|
||||
protégées, il ne peut enregistrer au mieux que les URL. Et
|
||||
comme Apache le fait parfaitement, Lemonldap::NG::Handler(3) lui fournit
|
||||
le nom à enregistrer dans les journaux. Le paramètre
|
||||
|
@ -430,10 +430,11 @@ group1 => (|(uid=xavier.guimard){$ou eq <span class=
|
|||
|
||||
<p class="paragraph"></p>Lemonldap::NG peut exporter des en-têtes
|
||||
HTTP aussi bien en utilisant Apache en reverse-proxy qu'en
|
||||
protégent directement les applications. Par défaut, le champ
|
||||
Auth-User est utilisé mais vous pouvez choisir les en-têtes
|
||||
que vous transmettez à chaque application séparemment. Les
|
||||
expressions définissant les en-têtes associent :
|
||||
protégeant directement les applications. Par défaut, le
|
||||
champ Auth-User est utilisé mais vous pouvez choisir les
|
||||
en-têtes que vous transmettez à chaque application
|
||||
séparément. Les expressions définissant les
|
||||
en-têtes associent :
|
||||
|
||||
<ul class="star">
|
||||
<li>le nom d'en-tête,</li>
|
||||
|
@ -473,11 +474,11 @@ Remote-IP => $ip
|
|||
<ul class="star">
|
||||
<li>Lemonldap::NG est un projet différent de Lemonldap et
|
||||
contient tous les éléments nécessaires à son
|
||||
utilisation et son administration. Ainsi les logiciels tel le module
|
||||
utilisation et son administration. Ainsi les logiciels tels le module
|
||||
webmin de Lemonldap ne fonctionnent pas avec Lemonldap::NG.</li>
|
||||
|
||||
<li>L'agent de protection Apache ("handler") fonctionne à la fois
|
||||
avec les versions 1.3 et 2.x d'Apache, c'est à dire avec les
|
||||
avec les versions 1.3 et 2.x d'Apache, c'est-à-dire avec les
|
||||
versions 1 et 2 de <span class="wikiexternallink"><a href=
|
||||
"http://perl.apache.org/">mod_perl</a></span> (mais pas avec mod_perl
|
||||
1.99). Le portail et le l'interface d'administration ("manager") sont de
|
||||
|
@ -489,9 +490,9 @@ Remote-IP => $ip
|
|||
que vous ne sachiez exactement ce que vous faites. Les paramètres
|
||||
présentés dans ce document sont tous accessibles dans
|
||||
l'arbre de configuration.</li>
|
||||
</ul>Voir <span class="wikilink"><a href=
|
||||
"advanced-install.html">installation manuel</a></span> pour la
|
||||
documentation d'installation.
|
||||
</ul>Voir <span class="wikilink"><a href="3-Table-of-contents-fr.html">la
|
||||
page complète de documentation</a></span> pour la procédure
|
||||
d'installation.
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HSystC3A8medestockagedessessions">Système de stockage des
|
||||
|
@ -520,15 +521,15 @@ Remote-IP => $ip
|
|||
limité à 1 par utilisateur actif toutes les 10 minutes.
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG est très rapide, mais vous
|
||||
pouvez encore améliorer les performances en utilisnt un module
|
||||
pouvez encore améliorer les performances en utilisant un module
|
||||
Cache::Cache ne nécessitant pas d'accès au disque.
|
||||
|
||||
<h3 class="heading-1-1"><span id="HAuteur">Auteur</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Xavier Guimard, <x.guimard@free.fr>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HCopyrightetlicense">Copyright et
|
||||
license</span></h3>
|
||||
<h3 class="heading-1-1"><span id="HCopyrightetlicence">Copyright et
|
||||
licence</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Copyright © 2005-2007 par Xavier Guimard
|
||||
<x.guimard@free.fr>
|
|
@ -7,7 +7,7 @@
|
|||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: overview.html</title>
|
||||
<title>Lemonldap::NG documentation: 1-Overview.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
|
@ -63,23 +63,15 @@
|
|||
<h2 class="heading-1"><span id=
|
||||
"HLemonLDAP3A3ANG">LemonLDAP::NG</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="c1"><img src="logo_lemonldap-ng_400px.png" alt=
|
||||
"logo_lemonldap-ng_400px.png" /></div>
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG is a modular Web-SSO based on
|
||||
Apache::Session modules. It simplifies the build of a protected area with
|
||||
a few changes in the application. It manages both authentication and
|
||||
authorization and provides headers for accounting. So you can have a full
|
||||
AAA protection for your web space as described below.
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG is a complete rewrite of Lemonldap.
|
||||
All components needed to use it and to aminister it are included in the
|
||||
tarball. Contrary, all modules developed for Lemonldap may not work with
|
||||
Lemonldap::NG.
|
||||
|
||||
<p class="paragraph"></p>
|
||||
"logo_lemonldap-ng_400px.png" /></div>Lemonldap::NG is a modular Web-SSO
|
||||
based on Apache::Session modules. It simplifies the build of a protected
|
||||
area with a few changes in the application. It manages both authentication
|
||||
and authorization and provides headers for accounting. So you can have a
|
||||
full AAA protection for your web space as described below. Lemonldap::NG
|
||||
is a complete rewrite of Lemonldap. All components needed to use it and to
|
||||
aminister it are included in the tarball. Contrary, all modules developed
|
||||
for Lemonldap may not work with Lemonldap::NG.
|
||||
|
||||
<ul>
|
||||
<li><a href="#HArchitecture">Architecture</a></li>
|
||||
|
@ -125,15 +117,10 @@
|
|||
<li><a href="#HCopyrightandlicence">Copyright and licence</a></li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HArchitecture">Architecture</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG est composed by 3 elements and 3
|
||||
databases :
|
||||
|
||||
<p class="paragraph"></p><img src="lemonldap-ng-architecture.png" alt=
|
||||
"lemonldap-ng-architecture.png" />
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG components :
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HArchitecture">Architecture</span></h3>Lemonldap::NG est composed by 3
|
||||
elements and 3 databases : <img src="lemonldap-ng-architecture.png"
|
||||
alt="lemonldap-ng-architecture.png" /> Lemonldap::NG components :
|
||||
|
||||
<ul class="star">
|
||||
<li>the Manager used to manage Lemonldap::NG configuration,</li>
|
||||
|
@ -164,12 +151,10 @@
|
|||
works on several physical servers.</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HKinematics">Kinematics</span></h3>
|
||||
|
||||
<p class="paragraph"></p><img src="lemonldap-ng-cinematique.png" alt=
|
||||
"lemonldap-ng-cinematique.png" />
|
||||
|
||||
<p class="paragraph"></p>Detail of operations :
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HKinematics">Kinematics</span></h3><img src=
|
||||
"lemonldap-ng-cinematique.png" alt="lemonldap-ng-cinematique.png" />
|
||||
Detail of operations :
|
||||
|
||||
<ul class="star">
|
||||
<li>1 and 2 : non-authenticated users (ie without valid cookie) are
|
||||
|
@ -201,41 +186,31 @@
|
|||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HAuthentication2CAuthorizationandAccountingmechanisms">Authentication,
|
||||
Authorization and Accounting mechanisms</span></h3>
|
||||
|
||||
<p class="paragraph"></p>All parameters described here can be edited by
|
||||
the administration interface (See <span class="wikiexternallink"><a href=
|
||||
Authorization and Accounting mechanisms</span></h3>All parameters
|
||||
described here can be edited by the administration interface (See
|
||||
<span class="wikiexternallink"><a href=
|
||||
"http://lemonldap.objectweb.org/NG/ManagerDemo/en/">Manager
|
||||
demonstration</a></span>).
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HAuthentication">Authentication</span></h4>
|
||||
|
||||
<p class="paragraph"></p>If a user isn't authenticated and attemps to
|
||||
connect to an area protected by a Lemonldap::NG compatible handler, he is
|
||||
redirected to a portal. The portal authenticates user with a ldap bind by
|
||||
default, but you can also use another authentication sheme like using x509
|
||||
user certificates (see Lemonldap::NG::Portal::AuthSSL(3) for more).
|
||||
|
||||
<p class="paragraph"></p>Lemonldap use session cookies generated by
|
||||
Apache::Session so as secure as a 128-bit random cookie. You may use the
|
||||
securedCookie options to avoid session hijacking.
|
||||
|
||||
<p class="paragraph"></p>You have to manage life of sessions by yourself
|
||||
since Lemonldap::NG knows nothing about the L module you've choosed, but
|
||||
it's very easy using a simple cron script because Lemonldap::NG::Portal
|
||||
stores the start time in the _utime field.
|
||||
|
||||
<p class="paragraph"></p>By default, a session stay 10 minutes in the
|
||||
local storage, so in the worth case, a user is authorized 10 minutes after
|
||||
he lost his rights.
|
||||
"HAuthentication">Authentication</span></h4>If a user isn't authenticated
|
||||
and attemps to connect to an area protected by a Lemonldap::NG compatible
|
||||
handler, he is redirected to a portal. The portal authenticates user with
|
||||
a ldap bind by default, but you can also use another authentication sheme
|
||||
like using x509 user certificates (see Lemonldap::NG::Portal::AuthSSL(3)
|
||||
for more). Lemonldap use session cookies generated by Apache::Session so
|
||||
as secure as a 128-bit random cookie. You may use the securedCookie
|
||||
options to avoid session hijacking. You have to manage life of sessions by
|
||||
yourself since Lemonldap::NG knows nothing about the L module you've
|
||||
choosed, but it's very easy using a simple cron script because
|
||||
Lemonldap::NG::Portal stores the start time in the _utime field. By
|
||||
default, a session stay 10 minutes in the local storage, so in the worth
|
||||
case, a user is authorized 10 minutes after he lost his rights.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HAuthorization">Authorization</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Authorization is controled only by handlers
|
||||
because the portal knows nothing about the way the user will choose. When
|
||||
configuring your Web-SSO, you have to:
|
||||
"HAuthorization">Authorization</span></h4>Authorization is controled only
|
||||
by handlers because the portal knows nothing about the way the user will
|
||||
choose. When configuring your Web-SSO, you have to:
|
||||
|
||||
<ul class="star">
|
||||
<li>choose the ldap attributes you want to use to manage accounting and
|
||||
|
@ -304,21 +279,15 @@ group1 => { $departmentUID eq <span class=
|
|||
^/(js|css) => accept
|
||||
<span class="java-keyword">default</span> => deny
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Note: \b means start or end of a word in PCRE
|
||||
(Perl Compatible Regular Expressions)
|
||||
</div>Note: \b means start or end of a word in PCRE (Perl Compatible
|
||||
Regular Expressions)
|
||||
|
||||
<h5 class="heading-1-1-1-1"><span id=
|
||||
"HPerformance">Performance</span></h5>
|
||||
|
||||
<p class="paragraph"></p>You can use Perl expressions as complicated as
|
||||
you want and you can use all the exported LDAP attributes (and create your
|
||||
own attributes: with 'macros' mechanism) in groups evaluations, area
|
||||
protections or custom HTTP headers (you just have to call them with a
|
||||
"$").
|
||||
|
||||
<p class="paragraph"></p>ou have to be careful when choosing your
|
||||
"HPerformance">Performance</span></h5>You can use Perl expressions as
|
||||
complicated as you want and you can use all the exported LDAP attributes
|
||||
(and create your own attributes: with 'macros' mechanism) in groups
|
||||
evaluations, area protections or custom HTTP headers (you just have to
|
||||
call them with a "$"). ou have to be careful when choosing your
|
||||
expressions:
|
||||
|
||||
<ul class="star">
|
||||
|
@ -335,10 +304,9 @@ group1 => { $departmentUID eq <span class=
|
|||
^/<span class=
|
||||
"java-keyword">protected</span>/.*$ => $groups =~ /\bgroup1\b/
|
||||
</pre>
|
||||
</div><br />
|
||||
<br />
|
||||
You can also use LDAP filters, or Perl expression or mixed expressions in
|
||||
groups definitions. Perl expressions has to be enclosed with {} :
|
||||
</div>You can also use LDAP filters, or Perl expression or mixed
|
||||
expressions in groups definitions. Perl expressions has to be enclosed
|
||||
with {} :
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -349,36 +317,27 @@ group1 => {$uid eq <span class=
|
|||
group1 => (|(uid=xavier.guimard){$ou eq <span class=
|
||||
"java-quote">"unit1"</span>})
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>It is also recommanded to use Perl expressions to
|
||||
avoid requiering the LDAP server more than 2 times per authentication.
|
||||
</div>It is also recommanded to use Perl expressions to avoid requiering
|
||||
the LDAP server more than 2 times per authentication.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HAccounting">Accounting</span></h4>
|
||||
|
||||
<h5 class="heading-1-1-1-1"><span id="HLoggingportalaccess">Logging portal
|
||||
access</span></h5>
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG::Portal doesn't log anything by
|
||||
default, but it's easy to overload log method for normal portal access.
|
||||
access</span></h5>Lemonldap::NG::Portal doesn't log anything by default,
|
||||
but it's easy to overload log method for normal portal access.
|
||||
|
||||
<h5 class="heading-1-1-1-1"><span id="HLoggingapplicationaccess">Logging
|
||||
application access</span></h5>
|
||||
|
||||
<p class="paragraph"></p>Because a Web-SSO knows nothing about the
|
||||
application access</span></h5>Because a Web-SSO knows nothing about the
|
||||
protected application, it can't do more than logging URL. As Apache does
|
||||
this fine, Lemonldap::NG::Handler(3) gives it the name to used in logs.
|
||||
The whatToTrace parameter indicates which variable Apache has to use ($uid
|
||||
by default).
|
||||
|
||||
<p class="paragraph"></p>The real accounting has to be done by the
|
||||
application itself which knows the result of SQL transaction for example.
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG can export HTTP headers either
|
||||
using a proxy or protecting directly the application. By default, the
|
||||
Auth-User field is used but you can change it using the exportedHeaders
|
||||
parameters (in the Manager, each virtual host as custom headers branch).
|
||||
This parameters contains an associative array per virtual host :
|
||||
by default). The real accounting has to be done by the application itself
|
||||
which knows the result of SQL transaction for example. Lemonldap::NG can
|
||||
export HTTP headers either using a proxy or protecting directly the
|
||||
application. By default, the Auth-User field is used but you can change it
|
||||
using the exportedHeaders parameters (in the Manager, each virtual host as
|
||||
custom headers branch). This parameters contains an associative array per
|
||||
virtual host :
|
||||
|
||||
<ul class="star">
|
||||
<li>keys are the names of the choosen headers,</li>
|
||||
|
@ -411,9 +370,8 @@ Remote-IP => $ip
|
|||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HInstallation">Installation</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Warnings :
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HInstallation">Installation</span></h3>Warnings :
|
||||
|
||||
<ul class="star">
|
||||
<li>Lemonldap::NG is a different project than Lemonldap and contains all
|
||||
|
@ -427,15 +385,12 @@ Remote-IP => $ip
|
|||
<li>Lemonldap::NG configuration has to be edited using the manager
|
||||
unless you know exactly what you are doing. The parameters discussed
|
||||
below are all in the configuration tree.</li>
|
||||
</ul>See <span class="wikilink"><a href=
|
||||
"advanced-install.html">installation manuel</a></span> for a complete
|
||||
installation documentation.
|
||||
</ul>See <span class="wikilink"><a href="3-Table-of-contents.html">the
|
||||
full documentation page</a></span> for a complete installation procedure.
|
||||
|
||||
<h3 class="heading-1-1"><span id="HSessionstoragesystem">Session storage
|
||||
system</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG use 3 levels of cache for
|
||||
authenticated users :
|
||||
system</span></h3>Lemonldap::NG use 3 levels of cache for authenticated
|
||||
users :
|
||||
|
||||
<ul class="star">
|
||||
<li>an Apache::Session::* module used by lemonldap::NG::Portal to store
|
||||
|
@ -450,22 +405,16 @@ Remote-IP => $ip
|
|||
refuse access. This is very efficient with HTTP/1.1 Keep-Alive
|
||||
system.</li>
|
||||
</ul>So the number of request to the central storage is limited to 1 per
|
||||
active user each 10 minutes.
|
||||
active user each 10 minutes. Lemonldap::NG is very fast, but you can
|
||||
increase performance using a Cache::Cache module that does not use disk
|
||||
access.
|
||||
|
||||
<p class="paragraph"></p>Lemonldap::NG is very fast, but you can increase
|
||||
performance using a Cache::Cache module that does not use disk access.
|
||||
|
||||
<h3 class="heading-1-1"><span id="HAuthor">Author</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Xavier Guimard, <x.guimard@free.fr>
|
||||
<h3 class="heading-1-1"><span id="HAuthor">Author</span></h3>Xavier
|
||||
Guimard, <x.guimard@free.fr>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HCopyrightandlicence">Copyright and
|
||||
licence</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Copyright © 2005-2007 by Xavier Guimard
|
||||
<x.guimard@free.fr>
|
||||
|
||||
<p class="paragraph"></p>This library is free software; you can
|
||||
licence</span></h3>Copyright © 2005-2007 by Xavier Guimard
|
||||
<x.guimard@free.fr> This library is free software; you can
|
||||
redistribute it and/or modify it under the same terms as Perl itself,
|
||||
either Perl version 5.8.4 or, at your option, any later version of Perl 5
|
||||
you may have available.
|
|
@ -7,7 +7,7 @@
|
|||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: faq-fr.html</title>
|
||||
<title>Lemonldap::NG documentation: 2-FAQ-fr.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
|
@ -191,7 +191,7 @@
|
|||
l'annuaire LDAP. Celle-ci peut alors gérer la
|
||||
traçabilité des accès et éventuellement des
|
||||
droits d'accès (voir la <span class="wikiexternallink"><a href=
|
||||
"http://wiki.lemonldap.objectweb.orgoverview-fr.html#HMC3A9canismesd27authentification2Cd27autorisationetdetraC3A7abilitC3A9">
|
||||
"http://wiki.lemonldap.objectweb.org1-Overview-fr.html#HMC3A9canismesd27authentification2Cd27autorisationetdetraC3A7abilitC3A9">
|
||||
documentation AAA</a></span>).</li>
|
||||
|
||||
<li>Lemonldap::NG n'impose aucune modification de l'annuaire : les
|
||||
|
@ -251,8 +251,9 @@
|
|||
par une simple connexion HTTP(S). Le serveur SOAP accède lui
|
||||
à la configuration par un des systèmes
|
||||
précédents (File ou DBI). Pour plus d'informations, voir
|
||||
la page <span class="wikilink"><a href="soap-fr.html">Utilisation des
|
||||
Web Services</a></span>.</li>
|
||||
la page <span class="wikilink"><a href=
|
||||
"4.3-Configure-SOAP-fr.html">Utilisation des Web
|
||||
Services</a></span>.</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
|
@ -518,8 +519,9 @@ my $portal = Lemonldap::NG::Portal::SharedConf->new(
|
|||
l'utilisateur d'utiliser la fédération d'identités
|
||||
Liberty Alliance en permettant à celui-ci de s'authentifier sur
|
||||
un fournisseur d'identités. Plus d'informations sur la page
|
||||
<span class="wikilink"><a href="/xwiki/bin/view/NG/DocLA">Utilisation de
|
||||
Liberty Alliance</a></span>.</li>
|
||||
<span class="wikilink"><a href=
|
||||
"4.3-Configure-Liberty-Alliance-fr.html">Utilisation de Liberty
|
||||
Alliance</a></span>.</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
|
@ -532,7 +534,7 @@ my $portal = Lemonldap::NG::Portal::SharedConf->new(
|
|||
en adaptant le paramètre LogLevel d'Apache.
|
||||
|
||||
<p class="paragraph"></p>La page <span class="wikilink"><a href=
|
||||
"errors-fr.html">Erreurs</a></span> référence ces messages
|
||||
"6-Errors-fr.html">Erreurs</a></span> référence ces messages
|
||||
d'erreur et de débogage.
|
||||
</div>
|
||||
|
|
@ -7,7 +7,7 @@
|
|||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: faq.html</title>
|
||||
<title>Lemonldap::NG documentation: 2-FAQ.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
|
@ -175,7 +175,7 @@
|
|||
atributes to the remote application. The remote application can then
|
||||
manage the traceability of the access and possibly authorization (see to
|
||||
it <span class="wikiexternallink"><a href=
|
||||
"http://wiki.lemonldap.objectweb.orgoverview.html#HAuthentication2CAuthorizationandAccountingmechanisms">
|
||||
"http://wiki.lemonldap.objectweb.org1-Overview.html#HAuthentication2CAuthorizationandAccountingmechanisms">
|
||||
documentation AAA</a></span>).</li>
|
||||
|
||||
<li>Lemonldap::NG can publish every LDAP attributes or calculated
|
||||
|
@ -450,7 +450,7 @@ my $portal = Lemonldap::NG::Portal::SharedConf->new(
|
|||
setting LogLevel parameter in Apache configuration file.
|
||||
|
||||
<p class="paragraph"></p>Those messages are described <span class=
|
||||
"wikilink"><a href="errors.html">here</a></span>.
|
||||
"wikilink"><a href="6-Errors.html">here</a></span>.
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
333
build/lemonldap-ng/doc/3-Table-of-contents-fr.html
Normal file
|
@ -0,0 +1,333 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: 3-Table-of-contents-fr.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
body{
|
||||
background: #ddd;
|
||||
font-family: sans-serif;
|
||||
font-size: 11pt;
|
||||
padding: 0 50px;
|
||||
}
|
||||
div.main-content{
|
||||
padding: 10px;
|
||||
background: #fff;
|
||||
border: 2px #ccc solid;
|
||||
}
|
||||
a{
|
||||
text-decoration: none;
|
||||
}
|
||||
p.footer{
|
||||
text-align: center;
|
||||
margin: 5px 0 0 0;
|
||||
}
|
||||
.heading-1{
|
||||
text-align: center;
|
||||
color: orange;
|
||||
font-variant: small-caps;
|
||||
font-size: 20pt;
|
||||
}
|
||||
.heading-1-1{
|
||||
color: orange;
|
||||
font-size: 14pt;
|
||||
border-bottom: 2px #ccc solid;
|
||||
}
|
||||
pre{
|
||||
background: #eee;
|
||||
border: 2px #ccc solid;
|
||||
padding: 5px;
|
||||
border-left: 10px #ccc solid;
|
||||
}
|
||||
ul.star li{
|
||||
list-style-type: square;
|
||||
}
|
||||
/*]]>*/
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id=
|
||||
"HDocumentationdeLemonLDAP3A3ANG">Documentation de
|
||||
LemonLDAP::NG</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HInstallation">Installation</a></li>
|
||||
|
||||
<li>
|
||||
<a href="#HConfiguration">Configuration</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HGC3A9nC3A9ral">Général</a></li>
|
||||
|
||||
<li><a href="#HLDAP">LDAP</a></li>
|
||||
|
||||
<li><a href="#HFonctionnalitC3A9sC3A9tendues">Fonctionnalités
|
||||
étendues</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<a href="#HProtectiondesapplications">Protection des applications</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HApplicationsexistantes">Applications
|
||||
existantes</a></li>
|
||||
|
||||
<li><a href="#HConnecteurs">Connecteurs</a></li>
|
||||
|
||||
<li><a href="#HApplications22maison22">Applications
|
||||
"maison"</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<a href="#HAutres">Autres</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HFAQ">FAQ</a></li>
|
||||
|
||||
<li><a href="#HErreurs">Erreurs</a></li>
|
||||
|
||||
<li><a href="#HFormations">Formations</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul><strong class="strong">Documentation applicable pour LemonLDAP::NG
|
||||
>= 0.9</strong>
|
||||
|
||||
<p class="paragraph"></p><strong class="strong">Merci de lire <span class=
|
||||
"wikilink"><a href="2-FAQ-fr.html">FAQ</a></span> en premier</strong>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HInstallation">Installation</span></h3><img src=
|
||||
"out_of_the_box_nicu_bucu_01.png" alt="out_of_the_box_nicu_bucu_01.png" />
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href=
|
||||
"3.1-Install-prerequesites.html">Prérequis et
|
||||
dépendances</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"3.2-Install-from-tarball.html">Installation depuis l'archive</a></span>
|
||||
(en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"3.3-Install-from-debian-packages.html">Installation sous Debian/Ubuntu
|
||||
à partir des paquets</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"3.4-Install-of-MySQL-storage.html">Utilisation de MySQL pour le
|
||||
stockage des sessions et/ou de la configuration</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"3.5-Install-of-example-fr.html">Installation l'exemple
|
||||
fourni</a></span></li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HConfiguration">Configuration</span></h3><img src=
|
||||
"tools_nicu_buculei_01.png" alt="tools_nicu_buculei_01.png" />
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HGC3A9nC3A9ral">Général</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.1-Configuration-overview.html">Vision globale de la
|
||||
configuration</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.1-Configuration-parameter-list.html">Liste des paramètres de
|
||||
configuration</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href="4.1-Configure-portal-menu.html">Menu
|
||||
du portail</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.1-HTML-templates-customization.html">Personnalisation des canevas
|
||||
HTML pour le portail</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href="4.1-RBAC-model.html">Modèle
|
||||
RBAC</a></span> (en)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HLDAP">LDAP</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.2-Configure-password-policy.html">Utilisation de la politique des
|
||||
mots de passe</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/SpecLDAPSchema">Extension du schéma
|
||||
LDAP</a></span> (en)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HFonctionnalitC3A9sC3A9tendues">Fonctionnalités
|
||||
étendues</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.3-Configure-SOAP-fr.html">Utilisation des Web Services (modules
|
||||
SOAP)</a></span> (fr)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.3-Configure-Liberty-Alliance-fr.html">Utilisation de Liberty Alliance
|
||||
pour la fédération d'identités (projet
|
||||
FederID)</a></span> (fr)</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HProtectiondesapplications">Protection
|
||||
des applications</span></h3><img src="padlock_aj_ashton_01.png" alt=
|
||||
"padlock_aj_ashton_01.png" />
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HApplicationsexistantes">Applications
|
||||
existantes</span></h4>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<table class="wiki-table" cellpadding="0" cellspacing="0" border="0">
|
||||
<tr>
|
||||
<th>Application</th>
|
||||
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
|
||||
<tr class="table-odd">
|
||||
<td><strong class="strong">Dokuwiki</strong><br />
|
||||
<img src="dokuwiki_logo.png" alt="dokuwiki_logo.png" /></td>
|
||||
|
||||
<td>Dokuwiki est un moteur de wiki en PHP<br />
|
||||
<br />
|
||||
<span class="wikilink"><a href=
|
||||
"5-Appli-Dokuwiki.html">Procédure SSO</a></span> (en)<br />
|
||||
<span class="wikiexternallink"><a href="http://www.dokuwiki.org">Site
|
||||
web officiel</a></span></td>
|
||||
</tr>
|
||||
|
||||
<tr class="table-even">
|
||||
<td><strong class="strong">Gestion et de Réservations de
|
||||
Ressources</strong><br />
|
||||
<img src="NG/Documentation/grr_logo.png" alt="grr_logo.png" /></td>
|
||||
|
||||
<td>GRR permet de gérer la réservation de
|
||||
ressources<br />
|
||||
<br />
|
||||
<span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocAppGRR">Procédure SSO</a></span>
|
||||
(fr)<br />
|
||||
<span class="wikiexternallink"><a href=
|
||||
"http://grr.mutualibre.org/">Site web officiel</a></span></td>
|
||||
</tr>
|
||||
|
||||
<tr class="table-odd">
|
||||
<td><strong class="strong">GLPI</strong><br />
|
||||
<img src="/xwiki/bin/download/NG/Documentation/glpi_logo.png" alt=
|
||||
"glpi_logo.png" /></td>
|
||||
|
||||
<td>GLPI est outil de gestion de parc<br />
|
||||
<br />
|
||||
<span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocAppGLPI">Procédure SSO</a></span>
|
||||
(en)<br />
|
||||
<span class="wikiexternallink"><a href="http://glpi-project.org">Site
|
||||
web officiel</a></span></td>
|
||||
</tr>
|
||||
|
||||
<tr class="table-even">
|
||||
<td><strong class="strong">phpLDAPadmin</strong><br />
|
||||
<img src="/xwiki/bin/download/NG/Documentation/phpldapadmin_logo.png"
|
||||
alt="phpldapadmin_logo.png" /></td>
|
||||
|
||||
<td>Interface web de gestion d'annuaire LDAP<br />
|
||||
<br />
|
||||
<span class="wikilink"><a href=
|
||||
"5-Appli-phpLDAPadmin.html">Procédure SSO</a></span> (en)<br />
|
||||
<span class="wikiexternallink"><a href=
|
||||
"http://phpldapadmin.sourceforge.net">Site web
|
||||
officiel</a></span></td>
|
||||
</tr>
|
||||
|
||||
<tr class="table-odd">
|
||||
<td><strong class="strong">Sympa</strong><br />
|
||||
<img src="/xwiki/bin/download/NG/Documentation/sympa_logo.png" alt=
|
||||
"sympa_logo.png" /></td>
|
||||
|
||||
<td>Gestionnaire de listes de diffusion<br />
|
||||
<br />
|
||||
<span class="wikilink"><a href="5-Appli-Sympa.html">Procédure
|
||||
SSO</a></span> (en)<br />
|
||||
<span class="wikiexternallink"><a href="http://www.sympa.org/">Site
|
||||
web officiel</a></span></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HConnecteurs">Connecteurs</span></h4>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<table class="wiki-table" cellpadding="0" cellspacing="0" border="0">
|
||||
<tr>
|
||||
<th>Application</th>
|
||||
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
|
||||
<tr class="table-odd">
|
||||
<td><strong class="strong">Tomcat</strong><br />
|
||||
<img src="tomcat_logo.png" alt="tomcat_logo.png" /></td>
|
||||
|
||||
<td>Tomcat est un conteneur de servlets J2EE. Il utilise des valves
|
||||
pour certaines fonctionnalités, comme l'intégration au
|
||||
SSO.<br />
|
||||
<br />
|
||||
<span class="wikilink"><a href=
|
||||
"5-Appli-Tomcat-Valve.html">Procédure SSO</a></span> (en)<br />
|
||||
<span class="wikiexternallink"><a href=
|
||||
"http://tomcat.apache.org/">Site web officiel</a></span></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HApplications22maison22">Applications
|
||||
"maison"</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li>Comment modifier mon application?</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HAutres">Autres</span></h3><img src=
|
||||
"tux_clemente_01.png" alt="tux_clemente_01.png" />
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HFAQ">FAQ</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Voir la page <span class="wikilink"><a href=
|
||||
"2-FAQ-fr.html">FAQ</a></span>.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HErreurs">Erreurs</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Voir la page <span class="wikilink"><a href=
|
||||
"6-Errors-fr.html">erreurs</a></span>.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HFormations">Formations</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikiexternallink"><a href=
|
||||
"http://www.linagora.org/article166.html">Le WebSSO LemonLDAP::NG
|
||||
(LINAGORA)</a></span> (fr)</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
</body>
|
||||
</html>
|
318
build/lemonldap-ng/doc/3-Table-of-contents.html
Normal file
|
@ -0,0 +1,318 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: 3-Table-of-contents.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
body{
|
||||
background: #ddd;
|
||||
font-family: sans-serif;
|
||||
font-size: 11pt;
|
||||
padding: 0 50px;
|
||||
}
|
||||
div.main-content{
|
||||
padding: 10px;
|
||||
background: #fff;
|
||||
border: 2px #ccc solid;
|
||||
}
|
||||
a{
|
||||
text-decoration: none;
|
||||
}
|
||||
p.footer{
|
||||
text-align: center;
|
||||
margin: 5px 0 0 0;
|
||||
}
|
||||
.heading-1{
|
||||
text-align: center;
|
||||
color: orange;
|
||||
font-variant: small-caps;
|
||||
font-size: 20pt;
|
||||
}
|
||||
.heading-1-1{
|
||||
color: orange;
|
||||
font-size: 14pt;
|
||||
border-bottom: 2px #ccc solid;
|
||||
}
|
||||
pre{
|
||||
background: #eee;
|
||||
border: 2px #ccc solid;
|
||||
padding: 5px;
|
||||
border-left: 10px #ccc solid;
|
||||
}
|
||||
ul.star li{
|
||||
list-style-type: square;
|
||||
}
|
||||
/*]]>*/
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id=
|
||||
"HLemonldap3A3ANGDocumentation">Lemonldap::NG Documentation</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HInstallation">Installation</a></li>
|
||||
|
||||
<li>
|
||||
<a href="#HConfiguration">Configuration</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HGeneral">General</a></li>
|
||||
|
||||
<li><a href="#HLDAP">LDAP</a></li>
|
||||
|
||||
<li><a href="#HExtendedfeatures">Extended features</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<a href="#HApplicationprotection">Application protection</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HExistingapplications">Existing applications</a></li>
|
||||
|
||||
<li><a href="#HConnectors">Connectors</a></li>
|
||||
|
||||
<li><a href="#HSelfmade">Self-made</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<a href="#HOthers">Others</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HFAQ">FAQ</a></li>
|
||||
|
||||
<li><a href="#HErrors">Errors</a></li>
|
||||
|
||||
<li><a href="#HTraining">Training</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul><strong class="strong">Documentation applicable for LemonLDAP::NG
|
||||
>= 0.9</strong>
|
||||
|
||||
<p class="paragraph"></p><strong class="strong">Please read the
|
||||
<span class="wikilink"><a href="2-FAQ.html">FAQ</a></span> first</strong>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HInstallation">Installation</span></h3><img src=
|
||||
"out_of_the_box_nicu_bucu_01.png" alt="out_of_the_box_nicu_bucu_01.png" />
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href=
|
||||
"3.1-Install-prerequesites.html">Prerequisites and
|
||||
dependencies</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"3.2-Install-from-tarball.html">Installation from the tarball</a></span>
|
||||
(en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"3.3-Install-from-debian-packages.html">Installation on Debian/Ubuntu
|
||||
with packages</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"3.4-Install-of-MySQL-storage.html">Use of MySQL for sessions and/or
|
||||
configuration storage</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"3.5-Install-of-example.html">Provided example
|
||||
installation</a></span></li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HConfiguration">Configuration</span></h3><img src=
|
||||
"tools_nicu_buculei_01.png" alt="tools_nicu_buculei_01.png" />
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HGeneral">General</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.1-Configuration-overview.html">Configuration overview</a></span>
|
||||
(en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.1-Configuration-parameter-list.html">Configuration parameters
|
||||
list</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.1-Configure-portal-menu.html">Portal menu</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.1-HTML-templates-customization.html">HTML templates
|
||||
customization</a></span> (en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href="4.1-RBAC-model.html">RBAC
|
||||
model</a></span> (en)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HLDAP">LDAP</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.2-Configure-password-policy.html">Password Policy</a></span>
|
||||
(en)</li>
|
||||
|
||||
<li><span class="wikilink"><a href="4.2-Configure-LDAP-schema.html">LDAP
|
||||
schema extension</a></span> (en)</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HExtendedfeatures">Extended
|
||||
features</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikilink"><a href="4.3-Configure-SOAP-fr.html">Web
|
||||
Services (SOAP)</a></span> (fr)</li>
|
||||
|
||||
<li><span class="wikilink"><a href=
|
||||
"4.3-Configure-Liberty-Alliance-fr.html">Liberty Alliance (FederID
|
||||
project)</a></span> (fr)</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HApplicationprotection">Application
|
||||
protection</span></h3><img src="padlock_aj_ashton_01.png" alt=
|
||||
"padlock_aj_ashton_01.png" />
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HExistingapplications">Existing
|
||||
applications</span></h4>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<table class="wiki-table" cellpadding="0" cellspacing="0" border="0">
|
||||
<tr>
|
||||
<th>Application</th>
|
||||
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
|
||||
<tr class="table-odd">
|
||||
<td><strong class="strong">Dokuwiki</strong><br />
|
||||
<img src="dokuwiki_logo.png" alt="dokuwiki_logo.png" /></td>
|
||||
|
||||
<td>Dokuwiki is a popular PHP wiki Engine<br />
|
||||
<br />
|
||||
<span class="wikilink"><a href="5-Appli-Dokuwiki.html">SSO
|
||||
procedure</a></span> (en)<br />
|
||||
<span class="wikiexternallink"><a href=
|
||||
"http://www.dokuwiki.org">Official website</a></span></td>
|
||||
</tr>
|
||||
|
||||
<tr class="table-even">
|
||||
<td><strong class="strong">Gestion et de Réservations de
|
||||
Ressources</strong><br />
|
||||
<img src="NG/Documentation/grr_logo.png" alt="grr_logo.png" /></td>
|
||||
|
||||
<td>GRR is a system to manage ressources booking<br />
|
||||
<br />
|
||||
<span class="wikilink"><a href="/xwiki/bin/view/NG/DocAppGRR">SSO
|
||||
procedure</a></span> (fr)<br />
|
||||
<span class="wikiexternallink"><a href=
|
||||
"http://grr.mutualibre.org/">Official website</a></span></td>
|
||||
</tr>
|
||||
|
||||
<tr class="table-odd">
|
||||
<td><strong class="strong">GLPI</strong><br />
|
||||
<img src="/xwiki/bin/download/NG/Documentation/glpi_logo.png" alt=
|
||||
"glpi_logo.png" /></td>
|
||||
|
||||
<td>GLPI is an IT and asset management software<br />
|
||||
<br />
|
||||
<span class="wikilink"><a href="/xwiki/bin/view/NG/DocAppGLPI">SSO
|
||||
procedure</a></span> (en)<br />
|
||||
<span class="wikiexternallink"><a href=
|
||||
"http://glpi-project.org">Official website</a></span></td>
|
||||
</tr>
|
||||
|
||||
<tr class="table-even">
|
||||
<td><strong class="strong">phpLDAPadmin</strong><br />
|
||||
<img src="/xwiki/bin/download/NG/Documentation/phpldapadmin_logo.png"
|
||||
alt="phpldapadmin_logo.png" /></td>
|
||||
|
||||
<td>Web interface to manage LDAP directory<br />
|
||||
<br />
|
||||
<span class="wikilink"><a href="5-Appli-phpLDAPadmin.html">SSO
|
||||
procedure</a></span> (en)<br />
|
||||
<span class="wikiexternallink"><a href=
|
||||
"http://phpldapadmin.sourceforge.net">Official website</a></span></td>
|
||||
</tr>
|
||||
|
||||
<tr class="table-odd">
|
||||
<td><strong class="strong">Sympa</strong><br />
|
||||
<img src="/xwiki/bin/download/NG/Documentation/sympa_logo.png" alt=
|
||||
"sympa_logo.png" /></td>
|
||||
|
||||
<td>Mailing lists manager<br />
|
||||
<br />
|
||||
<span class="wikilink"><a href="5-Appli-Sympa.html">SSO
|
||||
procedure</a></span> (en)<br />
|
||||
<span class="wikiexternallink"><a href=
|
||||
"http://www.sympa.org/">Official website</a></span></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HConnectors">Connectors</span></h4>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<table class="wiki-table" cellpadding="0" cellspacing="0" border="0">
|
||||
<tr>
|
||||
<th>Application</th>
|
||||
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
|
||||
<tr class="table-odd">
|
||||
<td><strong class="strong">Tomcat</strong><br />
|
||||
<img src="tomcat_logo.png" alt="tomcat_logo.png" /></td>
|
||||
|
||||
<td>Tomcat is a J2EE servlet container. It uses Valve to use extra
|
||||
functionnalities, like SSO integration.<br />
|
||||
<br />
|
||||
<span class="wikilink"><a href="5-Appli-Tomcat-Valve.html">SSO
|
||||
procedure</a></span> (en)<br />
|
||||
<span class="wikiexternallink"><a href=
|
||||
"http://tomcat.apache.org/">Official website</a></span></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HSelfmade">Self-made</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li>How to modify my application?</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HOthers">Others</span></h3><img src=
|
||||
"tux_clemente_01.png" alt="tux_clemente_01.png" />
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HFAQ">FAQ</span></h4>
|
||||
|
||||
<p class="paragraph"></p>See <span class="wikilink"><a href=
|
||||
"2-FAQ.html">FAQ</a></span> page.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HErrors">Errors</span></h4>
|
||||
|
||||
<p class="paragraph"></p>See <span class="wikilink"><a href=
|
||||
"6-Errors.html">errors</a></span> page.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HTraining">Training</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li><span class="wikiexternallink"><a href=
|
||||
"http://www.linagora.org/article166.html">The WebSSO LemonLDAP::NG
|
||||
(LINAGORA)</a></span> (fr)</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
</body>
|
||||
</html>
|
132
build/lemonldap-ng/doc/3.1-Install-prerequesites.html
Normal file
|
@ -0,0 +1,132 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: 3.1-Install-prerequesites.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
body{
|
||||
background: #ddd;
|
||||
font-family: sans-serif;
|
||||
font-size: 11pt;
|
||||
padding: 0 50px;
|
||||
}
|
||||
div.main-content{
|
||||
padding: 10px;
|
||||
background: #fff;
|
||||
border: 2px #ccc solid;
|
||||
}
|
||||
a{
|
||||
text-decoration: none;
|
||||
}
|
||||
p.footer{
|
||||
text-align: center;
|
||||
margin: 5px 0 0 0;
|
||||
}
|
||||
.heading-1{
|
||||
text-align: center;
|
||||
color: orange;
|
||||
font-variant: small-caps;
|
||||
font-size: 20pt;
|
||||
}
|
||||
.heading-1-1{
|
||||
color: orange;
|
||||
font-size: 14pt;
|
||||
border-bottom: 2px #ccc solid;
|
||||
}
|
||||
pre{
|
||||
background: #eee;
|
||||
border: 2px #ccc solid;
|
||||
padding: 5px;
|
||||
border-left: 10px #ccc solid;
|
||||
}
|
||||
ul.star li{
|
||||
list-style-type: square;
|
||||
}
|
||||
/*]]>*/
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id=
|
||||
"HPrerequisitesanddependencies">Prerequisites and dependencies</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HApache">Apache</a></li>
|
||||
|
||||
<li>
|
||||
<a href="#HPerl">Perl</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HNeededforallmodules">Needed for all modules</a></li>
|
||||
|
||||
<li><a href="#HNeededforPortal">Needed for Portal</a></li>
|
||||
|
||||
<li><a href="#HNeededforHandler">Needed for Handler</a></li>
|
||||
|
||||
<li><a href="#HNeededforManager">Needed for Manager</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HApache">Apache</span></h3>
|
||||
|
||||
<p class="paragraph"></p>To use Lemonldap::NG, you have to run a LDAP
|
||||
server and of course an Apache server compiled with mod-perl (version 1.3
|
||||
or 2.x). Generaly, the version of Apache proposed with your Linux
|
||||
distribution match, but some distributions used an experimental version of
|
||||
mod_perl with Apache2 (mod_perl-1.99) which does not work with
|
||||
Lemonldap::NG. With such distributions (like Debian-3.1), you have to use
|
||||
Apache-1.3 or to use a mod_perl backport (www.backports.org package for
|
||||
Debian works fine).
|
||||
|
||||
<p class="paragraph"></p>For Apache2, you can use both mpm-worker and
|
||||
mpm-prefork. Mpm-worker works faster and Lemonldap::NG use the thread
|
||||
system for best performance. If you have to use mpm-prefork (for example
|
||||
if you use PHP), Lemonldap::NG will work anyway.
|
||||
|
||||
<p class="paragraph"></p>You can use Lemonldap::NG in an heterogene world:
|
||||
the authentication portal and the manager can work in any version of
|
||||
Apache 1.3 or more even if mod_perl is not compiled, with
|
||||
ModPerl::Registry or not… Only the handler (site protector) need
|
||||
mod_perl. The different handlers can run on different servers with
|
||||
different versions of Apache/mod_perl.
|
||||
|
||||
<h3 class="heading-1-1"><span id="HPerl">Perl</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HNeededforallmodules">Needed for all
|
||||
modules</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Apache::Session, Net::LDAP, MIME::Base64, CGI,
|
||||
LWP::UserAgent, Cache::Cache, DBI, XML::Simple
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HNeededforPortal">Needed for
|
||||
Portal</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Apache::Session, Net::LDAP, MIME::Base64, CGI,
|
||||
DBI
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HNeededforHandler">Needed for
|
||||
Handler</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Apache::Session, LWP::UserAgent, Cache::Cache,
|
||||
DBI
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HNeededforManager">Needed for
|
||||
Manager</span></h4>
|
||||
|
||||
<p class="paragraph"></p>CGI, XML::Simple, DBI
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
</body>
|
||||
</html>
|
161
build/lemonldap-ng/doc/3.2-Install-from-tarball.html
Normal file
|
@ -0,0 +1,161 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: 3.2-Install-from-tarball.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
body{
|
||||
background: #ddd;
|
||||
font-family: sans-serif;
|
||||
font-size: 11pt;
|
||||
padding: 0 50px;
|
||||
}
|
||||
div.main-content{
|
||||
padding: 10px;
|
||||
background: #fff;
|
||||
border: 2px #ccc solid;
|
||||
}
|
||||
a{
|
||||
text-decoration: none;
|
||||
}
|
||||
p.footer{
|
||||
text-align: center;
|
||||
margin: 5px 0 0 0;
|
||||
}
|
||||
.heading-1{
|
||||
text-align: center;
|
||||
color: orange;
|
||||
font-variant: small-caps;
|
||||
font-size: 20pt;
|
||||
}
|
||||
.heading-1-1{
|
||||
color: orange;
|
||||
font-size: 14pt;
|
||||
border-bottom: 2px #ccc solid;
|
||||
}
|
||||
pre{
|
||||
background: #eee;
|
||||
border: 2px #ccc solid;
|
||||
padding: 5px;
|
||||
border-left: 10px #ccc solid;
|
||||
}
|
||||
ul.star li{
|
||||
list-style-type: square;
|
||||
}
|
||||
/*]]>*/
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id="HInstallationfromthetarball">Installation
|
||||
from the tarball</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HGetthetarball">Get the tarball</a></li>
|
||||
|
||||
<li><a href="#HBuildthetarballfromSVN">Build the tarball from
|
||||
SVN</a></li>
|
||||
|
||||
<li><a href="#HExtraction">Extraction</a></li>
|
||||
|
||||
<li><a href="#HInstallation">Installation</a></li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HGetthetarball">Get the
|
||||
tarball</span></h3>
|
||||
|
||||
<p class="paragraph"></p>All tarballs can be downloaded from the OW2
|
||||
forge: <span class="nobr"><a href=
|
||||
"http://forge.objectweb.org/project/showfiles.php?group_id=274">http://forge.objectweb.org/project/showfiles.php?group_id=274</a></span>
|
||||
|
||||
<p class="paragraph"></p>If you want the last SVN snapshot, please choose:
|
||||
<span class="nobr"><a href=
|
||||
"http://forge.objectweb.org/svnsnapshots/lemonldap-svn-latest.tar.gz">http://forge.objectweb.org/svnsnapshots/lemonldap-svn-latest.tar.gz</a></span>
|
||||
|
||||
<p class="paragraph"></p><strong class="strong">Warning</strong>: the
|
||||
contents of the SVN tarball are not the same as the official tarballs.
|
||||
Please see the next chapter to learn how build an official tarball from
|
||||
SVN files.
|
||||
|
||||
<h3 class="heading-1-1"><span id="HBuildthetarballfromSVN">Build the
|
||||
tarball from SVN</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Either <span class="wikiexternallink"><a href=
|
||||
"http://forge.objectweb.org/plugins/scmsvn/index.php?group_id=274">checkout
|
||||
or export the SVN repository</a></span>, or <span class=
|
||||
"wikiexternallink"><a href=
|
||||
"http://forge.objectweb.org/svnsnapshots/lemonldap-svn-latest.tar.gz">extract
|
||||
the SVN tarball</a></span> to get the SVN files on your disk.
|
||||
|
||||
<p class="paragraph"></p>Then go to build directory:
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
$ cd trunk/build/lemonldap-ng
|
||||
</pre>
|
||||
</div><br />
|
||||
<br />
|
||||
And run the "dist" target:
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
$ make dist
|
||||
</pre>
|
||||
</div><br />
|
||||
<br />
|
||||
The generated tarball is in the current directory.
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HExtraction">Extraction</span></h3><br />
|
||||
<br />
|
||||
Just run the tar command:
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
$ tar zxvf lemonldap-ng-*.tar.gz
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HInstallation">Installation</span></h3><br />
|
||||
<br />
|
||||
First check and install the <span class="wikilink"><a href=
|
||||
"3.1-Install-prerequesites.html">prerequisites</a></span>.<br />
|
||||
<br />
|
||||
If you just want to install a handler or a portal or a manager:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
$ cd lemonldap-ng-*/Lemonldap-NG-(Portal|Handler|Manager|Common)
|
||||
$ perl Makefile.PL && make && make test
|
||||
$ sudo make install
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Else for full modules install:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
$ cd lemonldap-ng-*
|
||||
$ make && make test
|
||||
$ sudo make install
|
||||
</pre>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
</body>
|
||||
</html>
|
|
@ -7,7 +7,8 @@
|
|||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: debian-packages-install.html</title>
|
||||
<title>Lemonldap::NG documentation:
|
||||
3.3-Install-from-debian-packages.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
|
@ -64,11 +65,13 @@
|
|||
<ul>
|
||||
<li><a href="#HGetthepackages">Get the packages</a></li>
|
||||
|
||||
<li><a href="#HInstallpackages28Debiantesting2Funstable29">Install
|
||||
packages (Debian testing/unstable)</a></li>
|
||||
<li><a href="#HBuildyourpackage">Build your package</a></li>
|
||||
|
||||
<li><a href="#HInstallpackages28Other29">Install packages
|
||||
(Other)</a></li>
|
||||
<li><a href="#HInstallpackageswithaptget">Install packages with
|
||||
apt-get</a></li>
|
||||
|
||||
<li><a href="#HInstallpackageswithdpkg">Install packages with
|
||||
dpkg</a></li>
|
||||
|
||||
<li><a href="#HFilelocation">File location</a></li>
|
||||
</ul>
|
||||
|
@ -107,9 +110,36 @@
|
|||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HInstallpackages28Debiantesting2Funstable29">Install packages (Debian
|
||||
testing/unstable)</span></h3><br />
|
||||
<p class="paragraph"></p>Older versions are available on our OW2 Debian
|
||||
repository:
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
deb <span class="nobr"><a href=
|
||||
"http://lemonldap.objectweb.org/NG/debian">http://lemonldap.objectweb.org/NG/debian</a></span> testing/
|
||||
deb-src <span class="nobr"><a href=
|
||||
"http://lemonldap.objectweb.org/NG/debian">http://lemonldap.objectweb.org/NG/debian</a></span> testing/
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HBuildyourpackage">Build your
|
||||
package</span></h3>
|
||||
|
||||
<p class="paragraph"></p>You can also get the LemonLDAP::NG archive
|
||||
(<span class="wikiexternallink"><a href=
|
||||
"http://forge.objectweb.org/project/showfiles.php?group_id=274">see
|
||||
dowload section</a></span>) and make the package yourself:
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
$ tar xzf lemonldap-ng-*.tar.gz
|
||||
$ cd lemonldap-ng-*
|
||||
$ debuild
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HInstallpackageswithaptget">Install
|
||||
packages with apt-get</span></h3><br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
|
@ -118,14 +148,15 @@
|
|||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HInstallpackages28Other29">Install
|
||||
packages (Other)</span></h3><br />
|
||||
<h3 class="heading-1-1"><span id="HInstallpackageswithdpkg">Install
|
||||
packages with dpkg</span></h3><br />
|
||||
<br />
|
||||
Before installing the packages, install dependencies:
|
||||
Before installing the packages, install <span class="wikilink"><a href=
|
||||
"3.1-Install-prerequesites.html">dependencies</a></span> with apt-get:
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
# apt-get install apache2 libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl libsoap-lite-perl libhtml-template-perl
|
||||
# apt-get install apache2 libapache2-mod-perl2 libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl libsoap-lite-perl libhtml-template-perl
|
||||
</pre>
|
||||
</div><br />
|
||||
<br />
|
246
build/lemonldap-ng/doc/3.4-Install-of-MySQL-storage.html
Normal file
|
@ -0,0 +1,246 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation:
|
||||
3.4-Install-of-MySQL-storage.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
body{
|
||||
background: #ddd;
|
||||
font-family: sans-serif;
|
||||
font-size: 11pt;
|
||||
padding: 0 50px;
|
||||
}
|
||||
div.main-content{
|
||||
padding: 10px;
|
||||
background: #fff;
|
||||
border: 2px #ccc solid;
|
||||
}
|
||||
a{
|
||||
text-decoration: none;
|
||||
}
|
||||
p.footer{
|
||||
text-align: center;
|
||||
margin: 5px 0 0 0;
|
||||
}
|
||||
.heading-1{
|
||||
text-align: center;
|
||||
color: orange;
|
||||
font-variant: small-caps;
|
||||
font-size: 20pt;
|
||||
}
|
||||
.heading-1-1{
|
||||
color: orange;
|
||||
font-size: 14pt;
|
||||
border-bottom: 2px #ccc solid;
|
||||
}
|
||||
pre{
|
||||
background: #eee;
|
||||
border: 2px #ccc solid;
|
||||
padding: 5px;
|
||||
border-left: 10px #ccc solid;
|
||||
}
|
||||
ul.star li{
|
||||
list-style-type: square;
|
||||
}
|
||||
/*]]>*/
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id=
|
||||
"HUseofMySQLforsessionsand2Forconfigurationstorage">Use of MySQL for
|
||||
sessions and/or configuration storage</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
<a href="#HMySQLconfiguration">MySQL configuration</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HDatabasecreation">Database creation</a></li>
|
||||
|
||||
<li><a href="#HConfigurationtable">Configuration table</a></li>
|
||||
|
||||
<li><a href="#HSessiontable">Session table</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<a href="#HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG
|
||||
configuration</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HSetconfigStorageforLemonLDAP3A3ANGmodules">Set
|
||||
configStorage for LemonLDAP::NG modules</a></li>
|
||||
|
||||
<li><a href="#HSetApache3A3ASessionbackend">Set Apache::Session
|
||||
backend</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HMySQLconfiguration">MySQL
|
||||
configuration</span></h3>
|
||||
|
||||
<p class="paragraph"></p><strong class="strong">Remark</strong>: we advice
|
||||
to create a specific user/password in MySQL for LemonLDAP::NG, with rights
|
||||
on ist database.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HDatabasecreation">Database
|
||||
creation</span></h4><br />
|
||||
<br />
|
||||
For example, create the database "lemonldapng" :<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
# mysqladmin create lemonldapng
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HConfigurationtable">Configuration
|
||||
table</span></h4><br />
|
||||
<br />
|
||||
To store configuration, use this table creation instruction:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
CREATE TABLE lmConfig (
|
||||
cfgNum <span class="java-object">int</span> not <span class=
|
||||
"java-keyword">null</span> primary key,
|
||||
locationRules text,
|
||||
exportedHeaders text,
|
||||
globalStorage text,
|
||||
globalStorageOptions text,
|
||||
macros text,
|
||||
groups text,
|
||||
portal text,
|
||||
domain text,
|
||||
ldapServer text,
|
||||
ldapPort <span class="java-object">int</span>,
|
||||
ldapBase text,
|
||||
securedCookie <span class="java-object">int</span>,
|
||||
cookieName text,
|
||||
authentication text,
|
||||
exportedVars text,
|
||||
managerDn text,
|
||||
managerPassword text,
|
||||
whatToTrace text,
|
||||
timeout <span class="java-object">int</span>
|
||||
);
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HSessiontable">Session
|
||||
table</span></h4>
|
||||
|
||||
<p class="paragraph"></p>The choice of Apache::Session::* module is free.
|
||||
See Apache::Session::Store::* or Apache::Session::* to know how to
|
||||
configure the module.
|
||||
|
||||
<p class="paragraph"></p>If you want to use Apache::Session::MySQL, you
|
||||
can create the database like this:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
CREATE TABLE sessions (
|
||||
id <span class="java-object">char</span>(32),
|
||||
a_session text
|
||||
);
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG configuration</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HSetconfigStorageforLemonLDAP3A3ANGmodules">Set configStorage for
|
||||
LemonLDAP::NG modules</span></h4>
|
||||
|
||||
<p class="paragraph"></p>By default, configStorage use the "File" backend,
|
||||
like:
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
configStorage => {
|
||||
type => <span class="java-quote">"File"</span>,
|
||||
dirName => <span class="java-quote">"/etc/lemonldap-ng/conf/"</span>,
|
||||
},
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>You have to replace it with MySQL parameters, for
|
||||
example:
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
configStorage => {
|
||||
type => <span class="java-quote">"DBI"</span>,
|
||||
dbiChain => <span class="java-quote">"dbi:mysql:..."</span>,
|
||||
dbiUser => <span class="java-quote">"lemonldap"</span>,
|
||||
dbiPassword => <span class="java-quote">"password"</span>,
|
||||
dbiTable => <span class="java-quote">"lmConfig"</span>,
|
||||
},
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HSetApache3A3ASessionbackend">Set
|
||||
Apache::Session backend</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Go to the Manager and go in <strong class=
|
||||
"strong">General Parameters > Session Storage</strong>. Then change
|
||||
<strong class="strong">Apache::Session module</strong> to
|
||||
"Apache::Session::MySQL" and in <strong class="strong">Apache::Session
|
||||
parameters</strong> configure the following options:
|
||||
|
||||
<ul class="star">
|
||||
<li>DataSource (for example:
|
||||
DBI:mysql:database=lemonldapng;host=127.0.0.1)</li>
|
||||
|
||||
<li>UserName</li>
|
||||
|
||||
<li>Password</li>
|
||||
|
||||
<li>TableName</li>
|
||||
|
||||
<li>LockDataSource</li>
|
||||
|
||||
<li>LockUserName</li>
|
||||
|
||||
<li>LockPassword</li>
|
||||
</ul>You can also set the session module in perl scripts:
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
globalStorage => <span class="java-quote">"Apache::Session::MySQL"</span>,
|
||||
globalStorageOptions => {
|
||||
DataSource => <span class=
|
||||
"java-quote">"dbi:mysql:database=lemonldapng;host=127.0.0.1"</span>,
|
||||
UserName => <span class="java-quote">"db_user"</span>,
|
||||
Password => <span class="java-quote">"db_password"</span>,
|
||||
TableName => <span class="java-quote">"sessions"</span>,
|
||||
LockDataSource => <span class=
|
||||
"java-quote">"dbi:mysql:database=lemonldapng;host=127.0.0.1"</span>,
|
||||
LockUserName => <span class="java-quote">"db_user"</span>,
|
||||
LockPassword => <span class="java-quote">"db_password"</span>,
|
||||
},
|
||||
</pre>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
</body>
|
||||
</html>
|
|
@ -7,7 +7,7 @@
|
|||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: install-fr.html</title>
|
||||
<title>Lemonldap::NG documentation: 3.5-Install-of-example-fr.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
|
@ -55,133 +55,50 @@
|
|||
|
||||
<body>
|
||||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id="HINSTALLATIONDEL27EXEMPLE">INSTALLATION DE
|
||||
L'EXEMPLE</span></h2>
|
||||
<h2 class="heading-1"><span id="HInstallationdel27exemple">Installation de
|
||||
l'exemple</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
<a href="#HPREREQUIS">PRE REQUIS</a>
|
||||
<li><a href="#HDepuisl27archive">Depuis l'archive</a></li>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HLogiciels">Logiciels</a></li>
|
||||
<li><a href="#HDepuislespaquetsDebian">Depuis les paquets
|
||||
Debian</a></li>
|
||||
|
||||
<li><a href="#HModulesPerlrequis">Modules Perl requis</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<a href="#HCOMPILATION">COMPILATION</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HInstallationcomplC3A8te">Installation
|
||||
complète</a></li>
|
||||
|
||||
<li><a href="#HInstallationsurDebian">Installation sur
|
||||
Debian</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li><a href="#HCONFIGURATIONDEL27EXEMPLE">CONFIGURATION DE
|
||||
L'EXEMPLE</a></li>
|
||||
<li><a href="#HConfiguration">Configuration</a></li>
|
||||
</ul>L'exemple proposé utilise un site protégé
|
||||
nommé test.example.com. Les utilisateurs non-authentifiés
|
||||
sont redirigés vers auth.example.com.
|
||||
|
||||
<h3 class="heading-1-1"><span id="HPREREQUIS">PRE REQUIS</span></h3>
|
||||
<h3 class="heading-1-1"><span id="HDepuisl27archive">Depuis
|
||||
l'archive</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HLogiciels">Logiciels</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Pour utiliser Lemonldap::NG, vous devez disposer
|
||||
d'un server LDAP et d'un server Apache compilé avec le module
|
||||
mod-perl (version 1.3 ou 2.x). Généralement, la version
|
||||
d'Apache proposée par votre distribution Linux est suffisante, mais
|
||||
certaines distributions utilisent une version expérimentale de
|
||||
mod_perl2 avec Apache2 (mod_perl-1.99) qui ne fonctionne pas avec
|
||||
Lemonldap::NG. Avec de telles distributions (Debian-3.1 par exemple), vous
|
||||
devez utiliser Apache-1.3 ou utiliser des backports mod_perl, CGI.pm et
|
||||
CGI/Cookie.pm (les paquets Debian du site www.backports.org fonctionnent
|
||||
très bien).
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HModulesPerlrequis">Modules Perl
|
||||
requis</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Apache::Session, Net::LDAP, MIME::Base64, CGI,
|
||||
LWP::UserAgent, Cache::Cache, DBI, XML::Simple, SOAP::Lite (pour les
|
||||
fonctionnalités SOAP du Manager).
|
||||
|
||||
<p class="paragraph"></p>Sur Debian, lancez:
|
||||
<p class="paragraph"></p>Suivre d'abord <span class="wikilink"><a href=
|
||||
"3.2-Install-from-tarball.html">les instructions d'installation par
|
||||
l'archive</a></span>. Ensuite taper:
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
#apt-get install libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl
|
||||
</pre>
|
||||
</div>Et si vous souhaitez utiliser les fonctionnalités SOAP du
|
||||
manager (cf. <span class="wikilink"><a href="soap-fr.html">Utilisation des
|
||||
modules SOAP</a></span>) :
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
# apt-get install libsoap-lite-perl
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HCOMPILATION">COMPILATION</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HInstallationcomplC3A8te">Installation
|
||||
complète</span></h4><br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
$ tar xzf lemonldap-ng-*.tar.gz
|
||||
$ cd lemonldap-ng-*
|
||||
$ make && make test
|
||||
$ sudo make install
|
||||
$ make example
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HInstallationsurDebian">Installation
|
||||
sur Debian</span></h4>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
$ tar xzf lemonldap-ng-*.tar.gz
|
||||
$ cd lemonldap-ng-*
|
||||
$ debuild
|
||||
$ sudo dpkg -i ../lemonldap-ng*.deb
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Vous pouvez également utiliser le
|
||||
repository Debian:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
deb <span class="nobr"><a href=
|
||||
"http://lemonldap.objectweb.org/NG/debian">http://lemonldap.objectweb.org/NG/debian</a></span> testing/
|
||||
deb-src <span class="nobr"><a href=
|
||||
"http://lemonldap.objectweb.org/NG/debian">http://lemonldap.objectweb.org/NG/debian</a></span> testing/
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>ou encore utiliser les packages de la
|
||||
distribution Debian (disponibles sur testing et unstable).
|
||||
<h3 class="heading-1-1"><span id="HDepuislespaquetsDebian">Depuis les
|
||||
paquets Debian</span></h3><br />
|
||||
<br />
|
||||
D'abord suivre <span class="wikilink"><a href=
|
||||
"3.3-Install-from-debian-packages.html">les instructions d'installation
|
||||
par Debian</a></span>. L'exemple est fourni dans le paquet, il n'y a plus
|
||||
rien à faire.
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HCONFIGURATIONDEL27EXEMPLE">CONFIGURATION DE L'EXEMPLE</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Après compilation, vous disposez d'un
|
||||
fichier example/apache.conf. Vous avez simplement à l'inclure dans
|
||||
le fichier de configuration d'Apache:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
"HConfiguration">Configuration</span></h3><br />
|
||||
<br />
|
||||
Après compilation, vous disposez d'un fichier example/apache.conf.
|
||||
Vous avez simplement à l'inclure dans le fichier de configuration
|
||||
d'Apache:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
|
@ -7,7 +7,7 @@
|
|||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: install.html</title>
|
||||
<title>Lemonldap::NG documentation: 3.5-Install-of-example.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
|
@ -55,121 +55,48 @@
|
|||
|
||||
<body>
|
||||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id="HEXAMPLEINSTALLATION">EXAMPLE
|
||||
INSTALLATION</span></h2>
|
||||
<h2 class="heading-1"><span id=
|
||||
"HInstallationoftheprovidedexample">Installation of the provided
|
||||
example</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
<a href="#HPREREQ">PREREQ</a>
|
||||
<li><a href="#HFormthetarball">Form the tarball</a></li>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HSoftware">Software</a></li>
|
||||
<li><a href="#HFromDebianpackages">From Debian packages</a></li>
|
||||
|
||||
<li><a href="#HNeededPerlmodules">Needed Perl modules</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<a href="#HBUILDING">BUILDING</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HCompleteinstall">Complete install</a></li>
|
||||
|
||||
<li><a href="#HDebianinstall">Debian install</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li><a href="#HEXAMPLECONFIGURATION">EXAMPLE CONFIGURATION</a></li>
|
||||
<li><a href="#HConfiguration">Configuration</a></li>
|
||||
</ul>The proposed example use a protected site named test.example.com. Non
|
||||
authenticated users are redirected to auth.example.com.
|
||||
|
||||
<h3 class="heading-1-1"><span id="HPREREQ">PREREQ</span></h3>
|
||||
<h3 class="heading-1-1"><span id="HFormthetarball">Form the
|
||||
tarball</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HSoftware">Software</span></h4>
|
||||
|
||||
<p class="paragraph"></p>To use Lemonldap::NG, you have to run a LDAP
|
||||
server and of course an Apache server compiled with mod-perl (version 1.3
|
||||
or 2.x). Generaly, the version of Apache proposed with your Linux
|
||||
distribution match, but some distributions used an experimental version of
|
||||
mod_perl with Apache2 (mod_perl-1.99) which does not work with
|
||||
Lemonldap::NG. With such distributions (like Debian-3.1), you have to use
|
||||
Apache-1.3 or to use a mod_perl, CGI.pm and CGI/Cookie.pm backports
|
||||
(www.backports.org package for Debian works fine).
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HNeededPerlmodules">Needed Perl
|
||||
modules</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Apache::Session, Net::LDAP, MIME::Base64, CGI,
|
||||
LWP::UserAgent, Cache::Cache, DBI, XML::Simple, SOAP::Lite (only if you
|
||||
want to use SOAP with the manager).
|
||||
|
||||
<p class="paragraph"></p>With Debian, use:
|
||||
<p class="paragraph"></p>First follow the <span class="wikilink"><a href=
|
||||
"3.2-Install-from-tarball.html">tarball installation
|
||||
instruction</a></span>. Then run:
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
apt-get install libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl
|
||||
# If you want to use SOAP with the manager:
|
||||
apt-get install libsoap-lite-perl
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HBUILDING">BUILDING</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HCompleteinstall">Complete
|
||||
install</span></h4>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
$ tar xzf lemonldap-ng-*.tar.gz
|
||||
$ cd lemonldap-ng-*
|
||||
$ make && make test
|
||||
$ sudo make install
|
||||
$ make example
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HDebianinstall">Debian
|
||||
install</span></h4>
|
||||
<h3 class="heading-1-1"><span id="HFromDebianpackages">From Debian
|
||||
packages</span></h3><br />
|
||||
<br />
|
||||
First follow the <span class="wikilink"><a href=
|
||||
"3.3-Install-from-debian-packages.html">debian installation
|
||||
procedure</a></span>. The example is provided with the package, nothing
|
||||
left to do.
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
$ tar xzf lemonldap-ng-*.tar.gz
|
||||
$ cd lemonldap-ng-*
|
||||
$ debuild
|
||||
$ sudo dpkg -i ../lemonldap-ng*.deb
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>You can also use the Debian repository :
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
deb <span class="nobr"><a href=
|
||||
"http://lemonldap.objectweb.org/NG/debian">http://lemonldap.objectweb.org/NG/debian</a></span> testing/
|
||||
deb-src <span class="nobr"><a href=
|
||||
"http://lemonldap.objectweb.org/NG/debian">http://lemonldap.objectweb.org/NG/debian</a></span> testing/
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>or use official Debian packages (available in
|
||||
testing and unstable).
|
||||
|
||||
<h3 class="heading-1-1"><span id="HEXAMPLECONFIGURATION">EXAMPLE
|
||||
CONFIGURATION</span></h3>
|
||||
|
||||
<p class="paragraph"></p>After build, you have a new file named
|
||||
example/apache.conf. You just have to include this file in Apache
|
||||
configuration:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HConfiguration">Configuration</span></h3><br />
|
||||
<br />
|
||||
After build, you have a new file named example/apache.conf. You just have
|
||||
to include this file in Apache configuration:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
|
@ -186,8 +113,6 @@ ln -s /usr/share/doc/lemonldap-ng/example/apache2.conf /etc/apache2/sites-enable
|
|||
|
||||
<p class="paragraph"></p>Modify your /etc/hosts file to include:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
127.0.0.2 auth.example.com
|
||||
|
@ -210,7 +135,7 @@ ln -s /usr/share/doc/lemonldap-ng/example/apache2.conf /etc/apache2/sites-enable
|
|||
</ul>If you don't set managerDn and managerPassword, Lemonldap::NG will
|
||||
use an anonymous bind to find user dn.
|
||||
|
||||
<p class="paragraph"></p>WARNINGS:
|
||||
<p class="paragraph"></p><strong class="strong">Warnings</strong>:
|
||||
|
||||
<ul class="star">
|
||||
<li>only few parameters can be set by hand in the configuration file.
|
144
build/lemonldap-ng/doc/4.1-Configuration-overview.html
Normal file
|
@ -0,0 +1,144 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: 4.1-Configuration-overview.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
body{
|
||||
background: #ddd;
|
||||
font-family: sans-serif;
|
||||
font-size: 11pt;
|
||||
padding: 0 50px;
|
||||
}
|
||||
div.main-content{
|
||||
padding: 10px;
|
||||
background: #fff;
|
||||
border: 2px #ccc solid;
|
||||
}
|
||||
a{
|
||||
text-decoration: none;
|
||||
}
|
||||
p.footer{
|
||||
text-align: center;
|
||||
margin: 5px 0 0 0;
|
||||
}
|
||||
.heading-1{
|
||||
text-align: center;
|
||||
color: orange;
|
||||
font-variant: small-caps;
|
||||
font-size: 20pt;
|
||||
}
|
||||
.heading-1-1{
|
||||
color: orange;
|
||||
font-size: 14pt;
|
||||
border-bottom: 2px #ccc solid;
|
||||
}
|
||||
pre{
|
||||
background: #eee;
|
||||
border: 2px #ccc solid;
|
||||
padding: 5px;
|
||||
border-left: 10px #ccc solid;
|
||||
}
|
||||
ul.star li{
|
||||
list-style-type: square;
|
||||
}
|
||||
/*]]>*/
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id="HConfigurationoverview">Configuration
|
||||
overview</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HGeneralparameters">General parameters</a></li>
|
||||
|
||||
<li><a href="#HUsergroups">User groups</a></li>
|
||||
|
||||
<li><a href="#HVirtualhosts">Virtual hosts</a></li>
|
||||
</ul>Connect to the manager with your browser (for example <span class=
|
||||
"nobr"><a href=
|
||||
"http://manager.example.com">http://manager.example.com</a></span>) to
|
||||
start configure your WebSSO.
|
||||
|
||||
<p class="paragraph"></p>You have to set at least some parameters:
|
||||
|
||||
<h3 class="heading-1-1"><span id="HGeneralparameters">General
|
||||
parameters</span></h3>
|
||||
|
||||
<ul class="star">
|
||||
<li>Authentication parameters -> portal URL to access to the
|
||||
authentication portal.</li>
|
||||
|
||||
<li>Domain: the cookie domain. All protected VirtualHosts have to be
|
||||
under it.</li>
|
||||
|
||||
<li>LDAP parameters -> LDAP Server.</li>
|
||||
|
||||
<li>LDAP parameters -> LDAP Accout and password: required only if
|
||||
anonymous binds are not accepted.</li>
|
||||
|
||||
<li>Session Storage -> Apache::Session module: how to store user
|
||||
sessions. You can use all module that inherit from Apache::Session like
|
||||
Apache::Session::MySQL.</li>
|
||||
|
||||
<li>Session Storage -> Apache::Session Module parameters: see
|
||||
Apache::Session::<Choosen module>.</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HUsergroups">User groups</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Use the "New Group" button to add your first
|
||||
group. On the left, set the keyword which will be used later and set on
|
||||
the right the corresponding rule. You can use :
|
||||
|
||||
<ul class="star">
|
||||
<li>an LDAP filter (it will be tested with the user uid)</li>
|
||||
</ul>or
|
||||
|
||||
<ul class="star">
|
||||
<li>a Perl condition enclosed with {}. All variables declared in
|
||||
"General parameters -> LDAP attributes" can be used with a "$". For
|
||||
example: MyGroup / { $uid eq "foo" or $uid eq "bar" }</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HVirtualhosts">Virtual hosts</span></h3>
|
||||
|
||||
<p class="paragraph"></p>You have to create a virtual host for each Apache
|
||||
host (virtual or real) protected by Lemonldap::NG even if just a
|
||||
sub-directory is protected. Else, user who want to access to the protected
|
||||
area will be rejected with a "500 Internal Server Error" message and the
|
||||
apache logs will explain the problem.
|
||||
|
||||
<p class="paragraph"></p>Each virtual host has 2 groups of parameters:
|
||||
|
||||
<ul class="star">
|
||||
<li>Headers: the headers added to the apache request. Default: Auth-User
|
||||
=> $uid.</li>
|
||||
|
||||
<li>Rules: subdivised in 2 categories:
|
||||
|
||||
<ul class="star">
|
||||
<li>default: the default rule</li>
|
||||
|
||||
<li>personalized rules: association of a Perl regular expression and
|
||||
a condition. For example: ^/restricted.*$ / $groups =~
|
||||
/bMyGroupb/</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
</body>
|
||||
</html>
|
243
build/lemonldap-ng/doc/4.1-Configuration-parameter-list.html
Normal file
|
@ -0,0 +1,243 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation:
|
||||
4.1-Configuration-parameter-list.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
body{
|
||||
background: #ddd;
|
||||
font-family: sans-serif;
|
||||
font-size: 11pt;
|
||||
padding: 0 50px;
|
||||
}
|
||||
div.main-content{
|
||||
padding: 10px;
|
||||
background: #fff;
|
||||
border: 2px #ccc solid;
|
||||
}
|
||||
a{
|
||||
text-decoration: none;
|
||||
}
|
||||
p.footer{
|
||||
text-align: center;
|
||||
margin: 5px 0 0 0;
|
||||
}
|
||||
.heading-1{
|
||||
text-align: center;
|
||||
color: orange;
|
||||
font-variant: small-caps;
|
||||
font-size: 20pt;
|
||||
}
|
||||
.heading-1-1{
|
||||
color: orange;
|
||||
font-size: 14pt;
|
||||
border-bottom: 2px #ccc solid;
|
||||
}
|
||||
pre{
|
||||
background: #eee;
|
||||
border: 2px #ccc solid;
|
||||
padding: 5px;
|
||||
border-left: 10px #ccc solid;
|
||||
}
|
||||
ul.star li{
|
||||
list-style-type: square;
|
||||
}
|
||||
/*]]>*/
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id="HParameterlist">Parameter list</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HConfiguration">Configuration</a></li>
|
||||
|
||||
<li><a href="#HGeneralParameters">General Parameters</a></li>
|
||||
|
||||
<li><a href="#HVirtualhosts">Virtual hosts</a></li>
|
||||
|
||||
<li><a href="#HApplications">Applications</a></li>
|
||||
</ul><strong class="strong">Documentation applicable for LemonLDAP::NG
|
||||
>= 1.0</strong>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HConfiguration">Configuration</span></h3>
|
||||
|
||||
<ul class="star">
|
||||
<li>Order: configuration number/order (the highest number is the one
|
||||
applied)</li>
|
||||
|
||||
<li>Name: friendly name of the configuration</li>
|
||||
|
||||
<li>Createtimestamp: date of creation</li>
|
||||
|
||||
<li>Modifytimestamp: date of last modification</li>
|
||||
|
||||
<li>Applytimestamp: date of last application</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HGeneralParameters">General
|
||||
Parameters</span></h3>
|
||||
|
||||
<ul class="star">
|
||||
<li>Authentication Parameters
|
||||
|
||||
<ul class="star">
|
||||
<li>Authentication Type (ldap|ssl|cas|apache|saml2): how users are
|
||||
authenticated</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>User base Parameters
|
||||
|
||||
<ul class="star">
|
||||
<li>User base Type (ldap|dbi|saml2): how access to stored user's
|
||||
information</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>Portal parameters
|
||||
|
||||
<ul class="star">
|
||||
<li>Portal URL: URL of the authentication portal</li>
|
||||
|
||||
<li>Portal Theme: name or path to the theme/skin</li>
|
||||
|
||||
<li>keepExistingSession(0|1): do not force users to relogin on
|
||||
portal page</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>Cookie parameters:
|
||||
|
||||
<ul class="star">
|
||||
<li>Secured cookie (0|1): use secures cookie (only sent over SSL
|
||||
connections)</li>
|
||||
|
||||
<li>Cookie name</li>
|
||||
|
||||
<li>Domain</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>Exported variables
|
||||
|
||||
<ul class="star">
|
||||
<li>Variable 1</li>
|
||||
|
||||
<li>Variable 2</li>
|
||||
|
||||
<li>...</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>LDAP parameters
|
||||
|
||||
<ul class="star">
|
||||
<li>LDAP host</li>
|
||||
|
||||
<li>LDAP port</li>
|
||||
|
||||
<li>LDAP version</li>
|
||||
|
||||
<li>LDAP useTLS (0|1)</li>
|
||||
|
||||
<li>LDAP search base</li>
|
||||
|
||||
<li>LDAP search filter</li>
|
||||
|
||||
<li>LDAP account</li>
|
||||
|
||||
<li>LDAP password</li>
|
||||
|
||||
<li>LDAP use password policy</li>
|
||||
|
||||
<li>LDAP groups branch DN</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>Session parameters
|
||||
|
||||
<ul class="star">
|
||||
<li>Session storage (file|dbi|memcached|soap)</li>
|
||||
|
||||
<li>Session storage parameters</li>
|
||||
|
||||
<li>Session lifetime</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>Apache parameters
|
||||
|
||||
<ul class="star">
|
||||
<li>Logged attribute</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>Macros
|
||||
|
||||
<ul class="star">
|
||||
<li>Macro 1</li>
|
||||
|
||||
<li>Macro 2</li>
|
||||
|
||||
<li>...</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>Groups
|
||||
|
||||
<ul class="star">
|
||||
<li>Group 1</li>
|
||||
|
||||
<li>Group 2</li>
|
||||
|
||||
<li>...</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HVirtualhosts">Virtual hosts</span></h3>
|
||||
|
||||
<ul class="star">
|
||||
<li>Virtualhost 1
|
||||
|
||||
<ul class="star">
|
||||
<li>SSL (0|1): this is an SSL virtualhost</li>
|
||||
|
||||
<li>Access rules</li>
|
||||
|
||||
<li>HTTP headers</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>Virtualhost 2</li>
|
||||
|
||||
<li>...</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HApplications">Applications</span></h3>
|
||||
|
||||
<ul class="star">
|
||||
<li>Application 1</li>
|
||||
|
||||
<li>Application 2</li>
|
||||
|
||||
<li>...</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
</body>
|
||||
</html>
|
283
build/lemonldap-ng/doc/4.1-Configure-portal-menu.html
Normal file
|
@ -0,0 +1,283 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: 4.1-Configure-portal-menu.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
body{
|
||||
background: #ddd;
|
||||
font-family: sans-serif;
|
||||
font-size: 11pt;
|
||||
padding: 0 50px;
|
||||
}
|
||||
div.main-content{
|
||||
padding: 10px;
|
||||
background: #fff;
|
||||
border: 2px #ccc solid;
|
||||
}
|
||||
a{
|
||||
text-decoration: none;
|
||||
}
|
||||
p.footer{
|
||||
text-align: center;
|
||||
margin: 5px 0 0 0;
|
||||
}
|
||||
.heading-1{
|
||||
text-align: center;
|
||||
color: orange;
|
||||
font-variant: small-caps;
|
||||
font-size: 20pt;
|
||||
}
|
||||
.heading-1-1{
|
||||
color: orange;
|
||||
font-size: 14pt;
|
||||
border-bottom: 2px #ccc solid;
|
||||
}
|
||||
pre{
|
||||
background: #eee;
|
||||
border: 2px #ccc solid;
|
||||
padding: 5px;
|
||||
border-left: 10px #ccc solid;
|
||||
}
|
||||
ul.star li{
|
||||
list-style-type: square;
|
||||
}
|
||||
/*]]>*/
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id="HEnhancedmenu">Enhanced menu</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HPresentation">Presentation</a></li>
|
||||
|
||||
<li><a href="#HActivatethemenuintheportal">Activate the menu in the
|
||||
portal</a></li>
|
||||
|
||||
<li>
|
||||
<a href="#HXMLapplicationslist">XML applications list</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HDTD">DTD</a></li>
|
||||
|
||||
<li><a href="#HParametersdefinition">Parameters definition</a></li>
|
||||
|
||||
<li><a href="#HSampleXMLfile">Sample XML file</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul><strong class="strong">Documentation applicable for LemonLDAP::NG
|
||||
>= 0.9.3</strong>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3>
|
||||
|
||||
<p class="paragraph"></p>Menu is a new Portal module providing these
|
||||
functionalities:
|
||||
|
||||
<ul class="star">
|
||||
<li>Display an application list to the connected user, with possibility
|
||||
to hide applications he did not have access to.</li>
|
||||
|
||||
<li>Provide a simple "change password" form that respect Password Policy
|
||||
LDAP draft.</li>
|
||||
|
||||
<li>Logout with confirmation.</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HActivatethemenuintheportal">Activate
|
||||
the menu in the portal</span></h3>
|
||||
|
||||
<p class="paragraph"></p>With a 0.9.3 fresh installation, the default
|
||||
portal/index.pl enables the menu. For the others, add this to the perl
|
||||
code:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
<span class=
|
||||
"java-keyword">if</span> ( $portal->process() ) {<br /><br /> # HTML::Template object creation
|
||||
my $template = HTML::Template-><span class="java-keyword">new</span>(
|
||||
filename => <span class=
|
||||
"java-quote">"$skin_dir/$skin/menu.tpl"</span>,
|
||||
die_on_bad_params => 0,
|
||||
cache => 0,
|
||||
filter => sub { $portal->translate_template(@_) }
|
||||
);<br /><br /> # Menu creation
|
||||
use Lemonldap::NG::Portal::Menu;
|
||||
my $menu = Lemonldap::NG::Portal::Menu-><span class=
|
||||
"java-keyword">new</span>(
|
||||
{
|
||||
portalObject => $portal,
|
||||
apps => {
|
||||
xmlfile => <span class="java-quote">"$appsxmlfile"</span>,
|
||||
imgpath => <span class="java-quote">"$appsimgpath"</span>,
|
||||
},
|
||||
modules => {
|
||||
appslist => 1,
|
||||
password => 1,
|
||||
logout => 1,
|
||||
},
|
||||
# CUSTOM FUNCTION : <span class=
|
||||
"java-keyword">if</span> you want to create customFunctions in rules, declare them here
|
||||
#customFunctions => 'function1 function2',
|
||||
}
|
||||
);<br /><br /> $template->param( AUTH_ERROR => $menu->error );
|
||||
$template->param( AUTH_ERROR_TYPE => $menu->error_type );
|
||||
$template->param( DISPLAY_APPSLIST => $menu->displayModule(<span class="java-quote">"appslist"</span>) );
|
||||
$template->param( DISPLAY_PASSWORD => $menu->displayModule(<span class="java-quote">"password"</span>) );
|
||||
$template->param( DISPLAY_LOGOUT => $menu->displayModule(<span class="java-quote">"logout"</span>) );
|
||||
$template->param( DISPLAY_TAB => $menu->displayTab );
|
||||
$template->param( LOGOUT_URL => <span class=
|
||||
"java-quote">"$ENV{SCRIPT_NAME}?logout=1"</span> );
|
||||
<span class=
|
||||
"java-keyword">if</span> ( $menu->displayModule(<span class="java-quote">"appslist"</span>) ) {
|
||||
$template->param( APPSLIST_MENU => $menu->appslistMenu );
|
||||
$template->param( APPSLIST_DESC => $menu->appslistDescription );
|
||||
}<br /><br /> print $portal->header('text/html; charset=utf8');
|
||||
print $template->output;
|
||||
}
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HXMLapplicationslist">XML applications
|
||||
list</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HDTD">DTD</span></h4>
|
||||
|
||||
<p class="paragraph"></p>The XML applications list must respect this DTD:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
<!ELEMENT menu (category*) ><br /><br /><!ELEMENT category (application*, category*) >
|
||||
<!ATTLIST category name CDATA #REQUIRED ><br /><br /><!ELEMENT application (name, uri?, description?, logo?, screenshot?, display?) >
|
||||
<!ATTLIST application id ID #REQUIRED ><br /><br /><!ELEMENT name ( #PCDATA ) >
|
||||
<!ELEMENT uri ( #PCDATA ) >
|
||||
<!ELEMENT description ( #PCDATA ) >
|
||||
<!ELEMENT logo ( #PCDATA ) >
|
||||
<!ELEMENT screenshot ( #PCDATA ) >
|
||||
<!ELEMENT display ( #PCDATA ) >
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HParametersdefinition">Parameters
|
||||
definition</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li>Category:
|
||||
|
||||
<ul class="star">
|
||||
<li>Name of the category (required)</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>Application:
|
||||
|
||||
<ul class="star">
|
||||
<li>ID: unique id of the application inside XML file
|
||||
(required).</li>
|
||||
|
||||
<li>Name: friendly name of the applications (required).</li>
|
||||
|
||||
<li>URI: full URI of the application, with http(s)://, and path,
|
||||
page, etc.</li>
|
||||
|
||||
<li>Description: description of the application.</li>
|
||||
|
||||
<li>Logo: file name of the logo.</li>
|
||||
|
||||
<li>Screenshot: file name of the screenshot.</li>
|
||||
|
||||
<li>Display:
|
||||
|
||||
<ul class="star">
|
||||
<li>"auto": display application only if the user has access to
|
||||
it.</li>
|
||||
|
||||
<li>"on": always display.</li>
|
||||
|
||||
<li>"off": never display.</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>The menu must contains at least one category. Each category can
|
||||
contain applications and categories. An application cannot contain a
|
||||
category. An application must be inside a category.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HSampleXMLfile">Sample XML
|
||||
file</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Now you can configure your applications list, in
|
||||
/etc/lemonldap-ng/apps-list.xml. For example:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
<?xml version=<span class="java-quote">"1.0"</span> encoding=<span class=
|
||||
"java-quote">"utf-8"</span> standalone=<span class=
|
||||
"java-quote">"no"</span>?>
|
||||
<!DOCTYPE menu SYSTEM <span class="java-quote">"apps-list.dtd"</span>>
|
||||
<menu>
|
||||
<category name=<span class="java-quote">"Business"</span>>
|
||||
<application id=<span class="java-quote">"aaa"</span>>
|
||||
<name>AAA</name>
|
||||
<uri><span class="nobr"><a href=
|
||||
"http://test.ow2.org/aaa&#60;/uri&#62;">http://test.ow2.org/aaa</uri></a></span>
|
||||
<description>AAA description</description>
|
||||
<logo>aaa-logo.gif</logo>
|
||||
<display>auto</display>
|
||||
</application>
|
||||
<application id=<span class="java-quote">"bbb"</span>>
|
||||
<name>BBB</name>
|
||||
<uri><span class="nobr"><a href=
|
||||
"http://test.ow2.org/bbb/login.">http://test.ow2.org/bbb/login.</a></span><span class="java-keyword">do</span></uri>
|
||||
<description>BBB description</description>
|
||||
<logo>bbb-logo.gif</logo>
|
||||
<display>on</display>
|
||||
</application>
|
||||
</category>
|
||||
<category name=<span class="java-quote">"Technical"</span>>
|
||||
<category name=<span class="java-quote">"Directories"</span>>
|
||||
<application id=<span class="java-quote">"pla"</span>>
|
||||
<name>phpLDAPAdmin</name>
|
||||
<uri><span class="nobr"><a href=
|
||||
"http://phpldapadmin.ow2.org&#60;/uri&#62;">http://phpldapadmin.ow2.org</uri></a></span>
|
||||
<description>LDAP directory administration</description>
|
||||
<logo>pla-logo.gif</logo>
|
||||
<display>auto</display>
|
||||
</application>
|
||||
</category>
|
||||
<category name=<span class=
|
||||
"java-quote">"Application servers"</span>>
|
||||
<application id=<span class="java-quote">"probe"</span>>
|
||||
<name>Probe</name>
|
||||
<uri><span class="nobr"><a href=
|
||||
"http://probe.ow2.org&#60;/uri&#62;">http://probe.ow2.org</uri></a></span>
|
||||
<description>Tomcat stats</description>
|
||||
<logo>probe-logo.gif</logo>
|
||||
<display>auto</display>
|
||||
</application>
|
||||
</category>
|
||||
</category>
|
||||
</menu>
|
||||
</pre>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
</body>
|
||||
</html>
|
275
build/lemonldap-ng/doc/4.1-HTML-templates-customization.html
Normal file
|
@ -0,0 +1,275 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation:
|
||||
4.1-HTML-templates-customization.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
body{
|
||||
background: #ddd;
|
||||
font-family: sans-serif;
|
||||
font-size: 11pt;
|
||||
padding: 0 50px;
|
||||
}
|
||||
div.main-content{
|
||||
padding: 10px;
|
||||
background: #fff;
|
||||
border: 2px #ccc solid;
|
||||
}
|
||||
a{
|
||||
text-decoration: none;
|
||||
}
|
||||
p.footer{
|
||||
text-align: center;
|
||||
margin: 5px 0 0 0;
|
||||
}
|
||||
.heading-1{
|
||||
text-align: center;
|
||||
color: orange;
|
||||
font-variant: small-caps;
|
||||
font-size: 20pt;
|
||||
}
|
||||
.heading-1-1{
|
||||
color: orange;
|
||||
font-size: 14pt;
|
||||
border-bottom: 2px #ccc solid;
|
||||
}
|
||||
pre{
|
||||
background: #eee;
|
||||
border: 2px #ccc solid;
|
||||
padding: 5px;
|
||||
border-left: 10px #ccc solid;
|
||||
}
|
||||
ul.star li{
|
||||
list-style-type: square;
|
||||
}
|
||||
/*]]>*/
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id="HPortalHTMLtemplatesdesign">Portal HTML
|
||||
templates design</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<ul>
|
||||
<li><a href=
|
||||
"#HLemonLDAP3A3ANGskinsandHTML3A3ATemplatePerlmodule">LemonLDAP::NG
|
||||
skins and HTML::Template Perl module</a></li>
|
||||
|
||||
<li>
|
||||
<a href="#HTemplatesvariablesprovidedbyportal2Findexpl">Templates
|
||||
variables provided by portal/index.pl</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HCommonvariables">Common variables</a></li>
|
||||
|
||||
<li><a href="#Hlogintplspecificvariables">login.tpl specific
|
||||
variables</a></li>
|
||||
|
||||
<li><a href="#Hmenutplspecificvariables">menu.tpl specific
|
||||
variables</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li><a href="#HTemplatestructure">Template structure</a></li>
|
||||
|
||||
<li>
|
||||
<a href="#HInternationalization28i18n29">Internationalization
|
||||
(i18n)</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HExampleofmonolingualtemplate">Example of mono-lingual
|
||||
template</a></li>
|
||||
|
||||
<li><a href="#HExampleofmultilingualtemplate">Example of
|
||||
multi-lingual template</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul><strong class="strong">Documentation applicable for LemonLDAP::NG
|
||||
>= 0.9.3</strong>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HLemonLDAP3A3ANGskinsandHTML3A3ATemplatePerlmodule">LemonLDAP::NG skins
|
||||
and HTML::Template Perl module</span></h3>
|
||||
|
||||
<p class="paragraph"></p>LemonLDAP::NG templates are designed for
|
||||
<span class="wikiexternallink"><a href=
|
||||
"http://search.cpan.org/~samtregar/HTML-Template-2.9/">HTML::Templates
|
||||
Perl module</a></span>.
|
||||
|
||||
<p class="paragraph"></p>LemonLDAP::NG portal use "skins", located in the
|
||||
skins/ directory of the portal. Each skin is a particular directory, for
|
||||
example skins/default/ for the default skin.
|
||||
|
||||
<p class="paragraph"></p>Here is the list of required template files:
|
||||
|
||||
<ul class="star">
|
||||
<li>login.tpl: template for the login page.</li>
|
||||
|
||||
<li>menu.tpl: template for the menu page.</li>
|
||||
|
||||
<li>error.tpl: tempalte for the error page.</li>
|
||||
|
||||
<li>header.tpl: common header (included in above templates).</li>
|
||||
|
||||
<li>footer.tpl: common footer (included in above templates).</li>
|
||||
|
||||
<li>notification.tpl: template to display notifications.</li>
|
||||
</ul>Each template include a CSS file, named "styles.css".
|
||||
|
||||
<p class="paragraph"></p>To create your own skin, just copy the default
|
||||
skin to another directory (eg.: skins/myskin/) and edit templates and CSS
|
||||
files. Advanced customization can be done by editing the portal/index.pl.
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HTemplatesvariablesprovidedbyportal2Findexpl">Templates variables
|
||||
provided by portal/index.pl</span></h3>
|
||||
|
||||
<p class="paragraph"></p>When you edit/create a template file, you can use
|
||||
some variables provided by the portal script. Of course, you can add
|
||||
variables by editing the portal/index.pl.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HCommonvariables">Common
|
||||
variables</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li>AUTH_ERROR: error text returned by the portal.</li>
|
||||
|
||||
<li>AUTH_ERROR_TYPE: type of the error:
|
||||
|
||||
<ul class="star">
|
||||
<li>positive: the action was successful;</li>
|
||||
|
||||
<li>negative: a problem occured;</li>
|
||||
|
||||
<li>warning: not a fatal error, need user action.</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="Hlogintplspecificvariables">login.tpl
|
||||
specific variables</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li>AUTH_URL: URL submitted for redirection.</li>
|
||||
|
||||
<li>DISPLAY_FORM: set to 1 if a form can be displayed.</li>
|
||||
</ul>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="Hmenutplspecificvariables">menu.tpl
|
||||
specific variables</span></h4>
|
||||
|
||||
<ul class="star">
|
||||
<li>LOGOUT_URL: URL for logout.</li>
|
||||
|
||||
<li>DISPLAY_APPSLIST: boolean to display the appslist tab</li>
|
||||
|
||||
<li>DISPLAY_PASSWORD: boolean to display the password tab</li>
|
||||
|
||||
<li>DISPLAY_LOGOUT: boolean to display the logout tab</li>
|
||||
|
||||
<li>DISPLAY_TAB: name of the pre-selected tab</li>
|
||||
|
||||
<li>APPSLIST_MENU: html code of appslist menu div</li>
|
||||
|
||||
<li>APPSLIST_DESC: html code of appslist description divs</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HTemplatestructure">Template
|
||||
structure</span></h3>
|
||||
|
||||
<p class="paragraph"></p>The default LemonLDAP::NG template follow this
|
||||
structure:
|
||||
|
||||
<ul class="star">
|
||||
<li>html
|
||||
|
||||
<ul class="star">
|
||||
<li>body
|
||||
|
||||
<ul class="star">
|
||||
<li>div id=page
|
||||
|
||||
<ul class="star">
|
||||
<li>div id=header</li>
|
||||
|
||||
<li>div class=message</li>
|
||||
|
||||
<li>(html content)</li>
|
||||
|
||||
<li>div id=footer</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HInternationalization28i18n29">Internationalization (i18n)</span></h3>
|
||||
|
||||
<p class="paragraph"></p>LemonLDAP::NG portal is able to display an HTML
|
||||
template according to the user's browser language.
|
||||
|
||||
<p class="paragraph"></p>In order to work, you have to set inside the
|
||||
template the translations of all displayed text. Error message translation
|
||||
is already done inside LemonLDAP::NG Portal module.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HExampleofmonolingualtemplate">Example
|
||||
of mono-lingual template</span></h4>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
<p><label>Login</label>
|
||||
<input name=<span class="java-quote">"user"</span> type=<span class=
|
||||
"java-quote">"text"</span> size=<span class="java-quote">"30"</span> />
|
||||
</p>
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>The string "Login" is set in the template and
|
||||
will not be translated.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HExampleofmultilingualtemplate">Example of multi-lingual
|
||||
template</span></h4>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
<p><label><lang en=<span class=
|
||||
"java-quote">"Login"</span> fr=<span class=
|
||||
"java-quote">"Identifiant"</span> /></label>
|
||||
<input name=<span class="java-quote">"user"</span> type=<span class=
|
||||
"java-quote">"text"</span> size=<span class="java-quote">"30"</span> />
|
||||
</p>
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>The markup <lang> will be catched by
|
||||
LemonLDAP::NG and only the wanted translation will be displayed. If the
|
||||
user's language has no corresponding translation, the first translation is
|
||||
selected. So you can set your default language by choosing the first
|
||||
translation ("en" in the above example).
|
||||
|
||||
<p class="paragraph"></p><strong class="strong">Warning:</strong> don't
|
||||
forget the quotes and the trailing slash of the markup!
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
</body>
|
||||
</html>
|
226
build/lemonldap-ng/doc/4.1-RBAC-model.html
Normal file
|
@ -0,0 +1,226 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: 4.1-RBAC-model.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
body{
|
||||
background: #ddd;
|
||||
font-family: sans-serif;
|
||||
font-size: 11pt;
|
||||
padding: 0 50px;
|
||||
}
|
||||
div.main-content{
|
||||
padding: 10px;
|
||||
background: #fff;
|
||||
border: 2px #ccc solid;
|
||||
}
|
||||
a{
|
||||
text-decoration: none;
|
||||
}
|
||||
p.footer{
|
||||
text-align: center;
|
||||
margin: 5px 0 0 0;
|
||||
}
|
||||
.heading-1{
|
||||
text-align: center;
|
||||
color: orange;
|
||||
font-variant: small-caps;
|
||||
font-size: 20pt;
|
||||
}
|
||||
.heading-1-1{
|
||||
color: orange;
|
||||
font-size: 14pt;
|
||||
border-bottom: 2px #ccc solid;
|
||||
}
|
||||
pre{
|
||||
background: #eee;
|
||||
border: 2px #ccc solid;
|
||||
padding: 5px;
|
||||
border-left: 10px #ccc solid;
|
||||
}
|
||||
ul.star li{
|
||||
list-style-type: square;
|
||||
}
|
||||
/*]]>*/
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id="HRBACmodel">RBAC model</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HPresentation">Presentation</a></li>
|
||||
|
||||
<li><a href="#HRolesassimplevaluesofauserattribute">Roles as simple
|
||||
values of a user attribute</a></li>
|
||||
|
||||
<li><a href="#HRolesasentriesinthedirectory">Roles as entries in the
|
||||
directory</a></li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3>
|
||||
|
||||
<p class="paragraph"></p>RBAC stands for Role Based Access Control. It
|
||||
means that you manage authorizations to access applications by checking
|
||||
the role(s) of the user, and provide this role to the application.
|
||||
|
||||
<p class="paragraph"></p>More informations on <span class="nobr"><a href=
|
||||
"http://en.wikipedia.org/wiki/Role-based_access_control">http://en.wikipedia.org/wiki/Role-based_access_control</a></span>
|
||||
|
||||
<p class="paragraph"></p>LemonLDAP::NG allows to use this model.
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HRolesassimplevaluesofauserattribute">Roles as simple values of a user
|
||||
attribute</span></h3><br />
|
||||
<br />
|
||||
Imagine you've set your directory schema to store roles as values of
|
||||
ssoRoles, an attribute of the user. This is simple because you can send
|
||||
the role to the application by creating a HTTP header (for example
|
||||
Auth-Role) with the concatened values (';' is the concatenation
|
||||
string):<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
Auth-Roles => $ssoRoles
|
||||
</pre>
|
||||
</div><br />
|
||||
<br />
|
||||
If the user has these values inside its entry:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
ssoRoles: user
|
||||
ssoRoles: admin
|
||||
</pre>
|
||||
</div><br />
|
||||
<br />
|
||||
Then you got this value inside the Auth-Roles header:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
user; admin
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HRolesasentriesinthedirectory">Roles as
|
||||
entries in the directory</span></h3><br />
|
||||
<br />
|
||||
Now imagine the following DIT:<br />
|
||||
<br />
|
||||
<img src="DIA_DIT_Roles.png" alt="DIA_DIT_Roles.png" /><br />
|
||||
<br />
|
||||
Roles are entries, below branchs representing applications. Each user has
|
||||
a ssoRoles attributes, which values are the DN of the corresponding roles.
|
||||
With this oragnization, you can set roles to user within specific
|
||||
application.<br />
|
||||
<br />
|
||||
In the schema above, the user has the following values:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
ssoRoles: ou=admin,ou=aaa,ou=roles,dc=acme,dc=com
|
||||
ssoRoles: ou=user,ou=bbb,ou=roles,dc=acme,dc=com
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>So he is "user" on application "BBB" and "admin"
|
||||
on application "AAA".
|
||||
|
||||
<p class="paragraph"></p>Now we have to send to right role to the right
|
||||
application trough LemonLDAP::NG.
|
||||
|
||||
<p class="paragraph"></p>First step: create a rule to grant access only if
|
||||
the user has a role in the application:
|
||||
|
||||
<ul class="star">
|
||||
<li>For application AAA:</li>
|
||||
</ul>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
<span class="java-keyword">default</span> => $ssoRoles =~ /ou=aaa,ou=roles/
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<ul class="star">
|
||||
<li>For application BBB:</li>
|
||||
</ul>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
<span class="java-keyword">default</span> => $ssoRoles =~ /ou=bbb,ou=roles/
|
||||
</pre>
|
||||
</div><br />
|
||||
<br />
|
||||
Second step: get the role name for the application. We will use the macros
|
||||
to do that. Create two macros (inside General Parameters > Macros):
|
||||
|
||||
<ul class="star">
|
||||
<li>For application AAA:</li>
|
||||
</ul>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
aaaRole => ((grep{/ou=aaa/} split(';',$ssoRoles))[0] =~ /ou=(.*),ou=aaa/)[0]
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<ul class="star">
|
||||
<li>For application BBB:</li>
|
||||
</ul>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
bbbRole => ((grep{/ou=bbb/} split(';',$ssoRoles))[0] =~ /ou=(.*),ou=bbb/)[0]
|
||||
</pre>
|
||||
</div><br />
|
||||
<br />
|
||||
These regular expressions read the 'ou' value of the DN of the role of the
|
||||
concerned application. This work if the user has only one role per
|
||||
application.<br />
|
||||
<br />
|
||||
Third step: provide the role to the application. It is done by creating
|
||||
the correct HTTP header:
|
||||
|
||||
<ul class="star">
|
||||
<li>For application AAA:</li>
|
||||
</ul>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
Auth-Roles => $aaaRoles
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<ul class="star">
|
||||
<li>For application BBB:</li>
|
||||
</ul>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
Auth-Roles => $bbbRoles
|
||||
</pre>
|
||||
</div><br />
|
||||
<br />
|
||||
Now the protected application can read in the header HTTP_AUTH_ROLES the
|
||||
role of the user.
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
</body>
|
||||
</html>
|
206
build/lemonldap-ng/doc/4.2-Configure-LDAP-schema.html
Normal file
|
@ -0,0 +1,206 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: 4.2-Configure-LDAP-schema.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
body{
|
||||
background: #ddd;
|
||||
font-family: sans-serif;
|
||||
font-size: 11pt;
|
||||
padding: 0 50px;
|
||||
}
|
||||
div.main-content{
|
||||
padding: 10px;
|
||||
background: #fff;
|
||||
border: 2px #ccc solid;
|
||||
}
|
||||
a{
|
||||
text-decoration: none;
|
||||
}
|
||||
p.footer{
|
||||
text-align: center;
|
||||
margin: 5px 0 0 0;
|
||||
}
|
||||
.heading-1{
|
||||
text-align: center;
|
||||
color: orange;
|
||||
font-variant: small-caps;
|
||||
font-size: 20pt;
|
||||
}
|
||||
.heading-1-1{
|
||||
color: orange;
|
||||
font-size: 14pt;
|
||||
border-bottom: 2px #ccc solid;
|
||||
}
|
||||
pre{
|
||||
background: #eee;
|
||||
border: 2px #ccc solid;
|
||||
padding: 5px;
|
||||
border-left: 10px #ccc solid;
|
||||
}
|
||||
ul.star li{
|
||||
list-style-type: square;
|
||||
}
|
||||
/*]]>*/
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id="HLDAPSchemaforadvancedaccessrules">LDAP
|
||||
Schema for advanced access rules</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HTopic">Topic</a></li>
|
||||
|
||||
<li>
|
||||
<a href="#HLDAPSchema">LDAP Schema</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HOIDprefix">OID prefix</a></li>
|
||||
|
||||
<li><a href="#HOpenLDAPschema">OpenLDAP schema</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li><a href="#HHowtouseitinLemonLDAP3A3ANG">How to use it in
|
||||
LemonLDAP::NG</a></li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HTopic">Topic</span></h3>
|
||||
|
||||
<p class="paragraph"></p>LemonLDAP::NG is powerfull WebSSO engine who
|
||||
manage access trough user's attributes stored in an LDAP directory.
|
||||
|
||||
<p class="paragraph"></p>We can use standards attributes like uid, cn or
|
||||
mail to describe access rules to protected web applications.
|
||||
|
||||
<p class="paragraph"></p>But sometimes we need more information! For
|
||||
example:
|
||||
|
||||
<ul class="star">
|
||||
<li>An application name (to allow access by applications and not by
|
||||
group of users)</li>
|
||||
|
||||
<li>A start date and an end date (to open or close the service even the
|
||||
entry already exists)</li>
|
||||
|
||||
<li>Logon hours (allowed hours and day of the week)</li>
|
||||
|
||||
<li>One or more roles (to send to the protected applications)</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HLDAPSchema">LDAP Schema</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HOIDprefix">OID prefix</span></h4>
|
||||
|
||||
<p class="paragraph"></p>We plan to use this prefix:
|
||||
1.3.6.1.4.1.10943.10.2.
|
||||
|
||||
<p class="paragraph"></p>The prefix 1.3.6.1.4.1.10943 is owned by LINAGORA
|
||||
(See <span class="wikiexternallink"><a href=
|
||||
"http://www.iana.org/assignments/enterprise-numbers">http://www.iana.org/assignments/enterprise-numbers</a></span>).
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HOpenLDAPschema">OpenLDAP
|
||||
schema</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Just add this file to OpenLDAP schemas:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
#=======================================
|
||||
# Schema <span class="java-keyword">for</span> advanced SSO access rules
|
||||
#
|
||||
# Designed <span class="java-keyword">for</span> OpenLDAP software
|
||||
# <span class="nobr"><a href=
|
||||
"http://www.openldap.org">http://www.openldap.org</a></span>
|
||||
#
|
||||
# Part of LemonLDAP::NG project
|
||||
# <span class="nobr"><a href=
|
||||
"http://lemonldap.ow2.org">http://lemonldap.ow2.org</a></span>
|
||||
#
|
||||
# Author: Clement OUDOT
|
||||
#=======================================<br /><br />#=======================================
|
||||
# OID Prefix
|
||||
# Registered in IANA database
|
||||
#=======================================
|
||||
objectIdentifier SSOOID 1.3.6.1.4.1.10943.10.2<br /><br />#=======================================
|
||||
# Attributes
|
||||
#=======================================<br /><br /># Application Name
|
||||
attributetype ( SSOOID:1:1
|
||||
NAME 'ssoName'
|
||||
DESC 'An application name'
|
||||
EQUALITY caseIgnoreMatch
|
||||
SUBSTR caseIgnoreSubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br /># Roles
|
||||
attributetype ( SSOOID:1:2
|
||||
NAME 'ssoRoles'
|
||||
DESC 'One or more roles'
|
||||
EQUALITY caseIgnoreMatch
|
||||
SUBSTR caseIgnoreSubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br /># Time profile
|
||||
attributetype ( SSOOID:1:3
|
||||
NAME 'ssoLogonsHours'
|
||||
DESC 'Logons hours'
|
||||
EQUALITY caseIgnoreMatch
|
||||
SUBSTR caseIgnoreSubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br /># Start date
|
||||
attributetype ( SSOOID:1:4
|
||||
NAME 'ssoStartDate'
|
||||
DESC 'Start date'
|
||||
EQUALITY caseIgnoreMatch
|
||||
SUBSTR caseIgnoreSubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br /># End date
|
||||
attributetype ( SSOOID:1:5
|
||||
NAME 'ssoEndDate'
|
||||
DESC 'End date'
|
||||
EQUALITY caseIgnoreMatch
|
||||
SUBSTR caseIgnoreSubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br />#=======================================
|
||||
# ObjectClasses
|
||||
#=======================================<br /><br /># SSO user
|
||||
objectClass ( SSOOID:2:1
|
||||
NAME 'ssoUser'
|
||||
DESC 'SSO extended informations <span class=
|
||||
"java-keyword">for</span> a user'
|
||||
SUP top
|
||||
AUXILIARY
|
||||
MAY ( ssoName $ ssoRoles $ ssoLogonHours $
|
||||
ssoStartDate $ ssoEndDate ) )
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HHowtouseitinLemonLDAP3A3ANG">How to use
|
||||
it in LemonLDAP::NG</span></h3>
|
||||
|
||||
<p class="paragraph"></p>In LemonLDAP::NG Manager, go to General
|
||||
Parameters > Exported Variables and add new variables:
|
||||
|
||||
<ul class="star">
|
||||
<li>ssoName => $ssoName</li>
|
||||
|
||||
<li>ssoRoles => $ssoRoles</li>
|
||||
|
||||
<li>ssoLogonHours => $ssoLogonHours</li>
|
||||
|
||||
<li>ssoStartDate => $ssoStartDate</li>
|
||||
|
||||
<li>ssoEndDate => $ssoEndDate</li>
|
||||
</ul>Save and reload Apache and Handler to get the configuration updated.
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
</body>
|
||||
</html>
|
|
@ -7,7 +7,8 @@
|
|||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: password-policy.html</title>
|
||||
<title>Lemonldap::NG documentation:
|
||||
4.2-Configure-password-policy.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
|
@ -76,7 +77,8 @@
|
|||
|
||||
<li><a href="#HPasswordPolicyinLemonLDAP3A3ANG">Password Policy in
|
||||
LemonLDAP::NG</a></li>
|
||||
</ul>
|
||||
</ul><strong class="strong">Documentation applicable for LemonLDAP::NG
|
||||
>= 0.9.1</strong>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HThePasswordPolicyStandard">The Password
|
||||
Policy Standard</span></h3>
|
||||
|
@ -106,9 +108,10 @@
|
|||
module</span></h4>
|
||||
|
||||
<p class="paragraph"></p>The Net::LDAP::Control::PasswordPolicy is
|
||||
available since Perl-LDAP 0.36. Please update your Perl installation if
|
||||
you want to deal with Password Policy in LemonLDAP::NG: <span class=
|
||||
"wikiexternallink"><a href=
|
||||
available since Perl-LDAP 0.36. But some bugs relative to this modules wer
|
||||
found, so we advice to take at leaste 0.39. Please update your Perl
|
||||
installation if you want to deal with Password Policy in LemonLDAP::NG:
|
||||
<span class="wikiexternallink"><a href=
|
||||
"http://ldap.perl.org/">http://ldap.perl.org/</a></span> (en).
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
|
@ -123,10 +126,23 @@
|
|||
<li>Your account is locked</li>
|
||||
|
||||
<li>Your password has expired</li>
|
||||
</ul>Other use case are a work in progress.
|
||||
</ul>Since LemonLDAP:NG 0.9.3, password policy is also used in menu, with
|
||||
the password changement form. It handles the following errors:
|
||||
|
||||
<p class="paragraph"></p>To activate Password Policy, you have to set a
|
||||
new parameter inside you portal perl script (e.g. portal/index.pl), like:
|
||||
<ul class="star">
|
||||
<li>Password too short</li>
|
||||
|
||||
<li>Password in history</li>
|
||||
|
||||
<li>Password too young</li>
|
||||
</ul>LemonLDAP::NG also notify the user for:
|
||||
|
||||
<ul class="star">
|
||||
<li>Password expiration time</li>
|
||||
|
||||
<li>Password graces used</li>
|
||||
</ul>To activate Password Policy, you have to set a new parameter inside
|
||||
you portal perl script (e.g. portal/index.pl), like:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
|
@ -7,7 +7,8 @@
|
|||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: liberty-alliance-fr.html</title>
|
||||
<title>Lemonldap::NG documentation:
|
||||
4.3-Configure-Liberty-Alliance-fr.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
|
@ -219,7 +220,7 @@
|
|||
(LAAP).</li>
|
||||
|
||||
<li><span class="wikiexternallink"><a href=
|
||||
"http://wiki.lemonldap.objectweb.orgoverview-fr.html">LemonLDAP::NG</a></span>
|
||||
"http://wiki.lemonldap.objectweb.org1-Overview-fr.html">LemonLDAP::NG</a></span>
|
||||
: WebSSO et gestion centralisée des autorisations.</li>
|
||||
</ul>
|
||||
|
|
@ -7,7 +7,7 @@
|
|||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: soap-fr.html</title>
|
||||
<title>Lemonldap::NG documentation: 4.3-Configure-SOAP-fr.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
|
@ -64,6 +64,9 @@
|
|||
<ul>
|
||||
<li><a href="#HPrC3A9requis">Pré-requis</a></li>
|
||||
|
||||
<li><a href="#HWebServicepourl27authentification">Web Service pour
|
||||
l'authentification</a></li>
|
||||
|
||||
<li>
|
||||
<a href="#HWebServicepourl27accC3A8sauxsessions">Web Service pour
|
||||
l'accès aux sessions</a>
|
||||
|
@ -143,33 +146,80 @@
|
|||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HWebServicepourl27authentification">Web
|
||||
Service pour l'authentification</span></h3><br />
|
||||
<br />
|
||||
À partie de la version 0.9.3, les fonctionnalités SOAP sont
|
||||
incluse dans le portail. Il suffit de les activer avec l'option
|
||||
<strong class="strong">"<tt>Soap => 1</tt>"</strong>.<br />
|
||||
<br />
|
||||
Le portail est alors capable de répondre aux sollicitations web
|
||||
classiques et aux requêtes SOAP. Il propose 2 fonctions SOAP:
|
||||
|
||||
<ul class="star">
|
||||
<li>getCookies(user,password) : retourne le ou les cookies
|
||||
générés par le portail et un code d'erreur (0 si
|
||||
tout va bien)</li>
|
||||
|
||||
<li>error(language,code) : retourne le texte correspondant à
|
||||
l'erreur</li>
|
||||
</ul>Exemple de script client :<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
#!/usr/bin/perl -l
|
||||
use SOAP::Lite;
|
||||
use Data::Dumper;<br /><br />my $soap = SOAP::Lite->proxy('http://auth.example.com/')
|
||||
->uri('urn:/Lemonldap/NG/Portal/SharedConf');<br /><br />my $r = $soap->getCookies( 'user', 'password' );<br /><br /># Catch SOAP errors
|
||||
<span class="java-keyword">if</span> ( $r->fault ) {
|
||||
print STDERR <span class=
|
||||
"java-quote">"SOAP Error: "</span> . $r->fault->{faultstring};
|
||||
}
|
||||
<span class="java-keyword">else</span> {
|
||||
my $res = $r->result();<br /><br /> # If authentication failed, display error
|
||||
<span class="java-keyword">if</span> ( $res->{error} ) {
|
||||
print STDERR <span class="java-quote">"Error: "</span>
|
||||
. $soap->error( 'fr', $res->{error} )->result();
|
||||
}<br /><br /> # print session-ID
|
||||
<span class="java-keyword">else</span> {
|
||||
print <span class=
|
||||
"java-quote">"Cookie: lemonldap="</span> . $res->{cookies}->{lemonldap};
|
||||
}
|
||||
}
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HWebServicepourl27accC3A8sauxsessions">Web Service pour l'accès
|
||||
aux sessions</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HPrC3A9sentation">Présentation</span></h4><br />
|
||||
<br />
|
||||
Ce Web Service permet au portail (Lemonldap::NG::Portal) et au handler
|
||||
(Lemonldap::NG::Handler) d'accéder en lecture et en écriture
|
||||
aux sessions WebSSO. Cela permet par exemple à un handler d'aller
|
||||
"HPrC3A9sentation">Présentation</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Ce Web Service permet au portail
|
||||
(Lemonldap::NG::Portal) et au handler (Lemonldap::NG::Handler)
|
||||
d'accéder en lecture et en écriture aux sessions WebSSO.
|
||||
Cela permet par exemple à un handler d'aller
|
||||
récupérer les sessions à distance avec une simple
|
||||
requête SOAP (sur HTTP). Pour des architectures plus complexes, cela
|
||||
permet également de disposer de plusieurs portails qui enregistrent
|
||||
les sessions à distance.<br />
|
||||
<br />
|
||||
<img src=
|
||||
les sessions à distance.
|
||||
|
||||
<p class="paragraph"></p><img src=
|
||||
"/xwiki/bin/download/NG/DocSOAP/DIA-Fonctionnement_LemonLDAP%3A%3ANG_SOAP_Sessions-1.png"
|
||||
alt="DIA-Fonctionnement_LemonLDAP::NG_SOAP_Sessions-1.png" />
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HInstallationduscriptserveurSOAP">Installation du script serveur
|
||||
SOAP</span></h4><br />
|
||||
<br />
|
||||
Au niveau du serveur principal, c'est-à-dire celui qui stocke les
|
||||
sessions, le script suivant doit être installé, par exemple
|
||||
dans /var/www/lemonldapng/soap/sessions.pl :<br />
|
||||
<br />
|
||||
SOAP</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Au niveau du serveur principal,
|
||||
c'est-à-dire celui qui stocke les sessions, le script suivant doit
|
||||
être installé, par exemple dans
|
||||
/var/www/lemonldapng/soap/sessions.pl :
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
|
@ -7,7 +7,7 @@
|
|||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: dokuwiki.html</title>
|
||||
<title>Lemonldap::NG documentation: 5-Appli-Dokuwiki.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
|
@ -7,7 +7,7 @@
|
|||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: sympa.html</title>
|
||||
<title>Lemonldap::NG documentation: 5-Appli-Sympa.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
|
@ -7,7 +7,7 @@
|
|||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: tomcat-valve.html</title>
|
||||
<title>Lemonldap::NG documentation: 5-Appli-Tomcat-Valve.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
|
@ -7,7 +7,7 @@
|
|||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: phpldapadmin.html</title>
|
||||
<title>Lemonldap::NG documentation: 5-Appli-phpLDAPadmin.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
|
@ -7,7 +7,7 @@
|
|||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: contacts.html</title>
|
||||
<title>Lemonldap::NG documentation: 6-Contacts.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
|
@ -132,10 +132,10 @@
|
|||
|
||||
<ul class="star">
|
||||
<li>Erwan Legall: <span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocAppDokuwiki">Dokuwiki pugin</a></span></li>
|
||||
"5-Appli-Dokuwiki.html">Dokuwiki pugin</a></span></li>
|
||||
|
||||
<li>Pascal Pejac: <span class="wikilink"><a href=
|
||||
"/xwiki/bin/view/NG/DocAppTomcatValve">Tomcat valve</a></span></li>
|
||||
"5-Appli-Tomcat-Valve.html">Tomcat valve</a></span></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
|
@ -7,7 +7,7 @@
|
|||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: errors-fr.html</title>
|
||||
<title>Lemonldap::NG documentation: 6-Errors-fr.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
|
@ -7,7 +7,7 @@
|
|||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: errors.html</title>
|
||||
<title>Lemonldap::NG documentation: 6-Errors.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
|
@ -7,7 +7,7 @@
|
|||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: references.html</title>
|
||||
<title>Lemonldap::NG documentation: 6-References.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
|
@ -74,9 +74,9 @@
|
|||
"logo_gendarmerie_nationale.png" />
|
||||
|
||||
<ul class="star">
|
||||
<li>Nb users:</li>
|
||||
<li>Nb users: 105.000</li>
|
||||
|
||||
<li>Nb protected applications:</li>
|
||||
<li>Nb protected applications: ~100</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
144
build/lemonldap-ng/doc/6-Roadmap.html
Normal file
|
@ -0,0 +1,144 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: 6-Roadmap.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
body{
|
||||
background: #ddd;
|
||||
font-family: sans-serif;
|
||||
font-size: 11pt;
|
||||
padding: 0 50px;
|
||||
}
|
||||
div.main-content{
|
||||
padding: 10px;
|
||||
background: #fff;
|
||||
border: 2px #ccc solid;
|
||||
}
|
||||
a{
|
||||
text-decoration: none;
|
||||
}
|
||||
p.footer{
|
||||
text-align: center;
|
||||
margin: 5px 0 0 0;
|
||||
}
|
||||
.heading-1{
|
||||
text-align: center;
|
||||
color: orange;
|
||||
font-variant: small-caps;
|
||||
font-size: 20pt;
|
||||
}
|
||||
.heading-1-1{
|
||||
color: orange;
|
||||
font-size: 14pt;
|
||||
border-bottom: 2px #ccc solid;
|
||||
}
|
||||
pre{
|
||||
background: #eee;
|
||||
border: 2px #ccc solid;
|
||||
padding: 5px;
|
||||
border-left: 10px #ccc solid;
|
||||
}
|
||||
ul.star li{
|
||||
list-style-type: square;
|
||||
}
|
||||
/*]]>*/
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id="HRoadmapforLemonLDAP3A3ANG">Roadmap for
|
||||
LemonLDAP::NG</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HVersion0928200829">Version 0.9 (2008)</a></li>
|
||||
|
||||
<li><a href="#HVersion09328end20082Fbegin200929">Version 0.9.3 (end
|
||||
2008/begin 2009)</a></li>
|
||||
|
||||
<li><a href="#HVersion1028200929">Version 1.0 (2009)</a></li>
|
||||
|
||||
<li><a href="#HVersion2028201029">Version 2.0 (2010)</a></li>
|
||||
</ul><strong class="strong">Icons legend:</strong><br />
|
||||
<img src="ok.png" alt="ok.png" /> Task finished<br />
|
||||
<img src="warning_triangle.png" alt="warning_triangle.png" /> Work in
|
||||
progress<br />
|
||||
<img src="error.png" alt="error.png" /> To be done<br />
|
||||
|
||||
<h3 class="heading-1-1"><span id="HVersion0928200829">Version 0.9
|
||||
(2008)</span></h3><img src="ok.png" alt="ok.png" /> Liberty Alliance
|
||||
authentication module (<span class="wikilink"><a href=
|
||||
"4.3-Configure-Liberty-Alliance-fr.html">learn more</a></span>)<br />
|
||||
<img src="ok.png" alt="ok.png" /> Skins for Manager and Portal<br />
|
||||
<img src="ok.png" alt="ok.png" /> SOAP access to configuration and
|
||||
sessions (<span class="wikilink"><a href=
|
||||
"4.3-Configure-SOAP-fr.html">learn more</a></span>)<br />
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
"HVersion09328end20082Fbegin200929">Version 0.9.3 (end 2008/begin
|
||||
2009)</span></h3><img src="ok.png" alt="ok.png" /> Dissociate
|
||||
authentication and user backend capabilities (for example, to choose LDAP
|
||||
for authentication, and MySQL for reading user's information)<br />
|
||||
<img src="ok.png" alt="ok.png" /> Add a Menu.pm to portal modules, to
|
||||
provide an enhanced application menu and password modification form
|
||||
(<span class="wikilink"><a href="4.1-Configure-portal-menu.html">learn
|
||||
more</a></span>)<br />
|
||||
<img src="ok.png" alt="ok.png" /> i18n (internationalization) for modules,
|
||||
scripts and HTML templates (<span class="wikilink"><a href=
|
||||
"4.1-HTML-templates-customization.html">learn more</a></span>)<br />
|
||||
<img src="ok.png" alt="ok.png" /> Sessions explorer<br />
|
||||
<img src="ok.png" alt="ok.png" /> Accounting and authentication in
|
||||
manager<br />
|
||||
<img src="ok.png" alt="ok.png" /> Shared functions for macros, groups,
|
||||
access rules and headers.<br />
|
||||
<img src="warning_triangle.png" alt="warning_triangle.png" /> Production
|
||||
installation script<br />
|
||||
|
||||
<h3 class="heading-1-1"><span id="HVersion1028200929">Version 1.0
|
||||
(2009)</span></h3><img src="warning_triangle.png" alt=
|
||||
"warning_triangle.png" /> Packages for Debian/Ubuntu, RedHat/CentOS<br />
|
||||
<img src="warning_triangle.png" alt="warning_triangle.png" /> Date and
|
||||
time parameters in access rules<br />
|
||||
<img src="warning_triangle.png" alt="warning_triangle.png" /> Monitoring
|
||||
scripts (MRTG, Cacti, Nagios)<br />
|
||||
<img src="error.png" alt="error.png" /> Handler POST functionnalities, to
|
||||
fill authentication forms with login/password<br />
|
||||
<img src="error.png" alt="error.png" /> Portal and Manager trigger system,
|
||||
to execute code on specified action (apply, save, etc.)<br />
|
||||
<img src="error.png" alt="error.png" /> Configuration update, to manage
|
||||
all new parameters (<span class="wikilink"><a href=
|
||||
"4.1-Configuration-parameter-list.html">learn more</a></span>)<br />
|
||||
<img src="error.png" alt="error.png" /> Configuration migration
|
||||
scripts<br />
|
||||
<img src="error.png" alt="error.png" /> Change configuration storage to
|
||||
XML<br />
|
||||
|
||||
<h3 class="heading-1-1"><span id="HVersion2028201029">Version 2.0
|
||||
(2010)</span></h3><img src="error.png" alt="error.png" /> Rewrite Manager
|
||||
with JQuery and Ajax<br />
|
||||
<img src="error.png" alt="error.png" /> Manage Apache virtualhost
|
||||
configuration through LDAP backend<br />
|
||||
<img src="error.png" alt="error.png" /> SAML2 authentication and user
|
||||
backend<br />
|
||||
<img src="error.png" alt="error.png" /> SNMP extensions for
|
||||
monitoring<br />
|
||||
<img src="error.png" alt="error.png" /> Local password policy<br />
|
||||
<img src="error.png" alt="error.png" /> Notification system<br />
|
||||
<img src="error.png" alt="error.png" /> LQL parser (LDAP Query
|
||||
Language)<br />
|
||||
<img src="error.png" alt="error.png" /> Shared "grant" function<br />
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
</body>
|
||||
</html>
|
|
@ -1,420 +0,0 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: advanced-access-rules.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
body{
|
||||
background: #ddd;
|
||||
font-family: sans-serif;
|
||||
font-size: 11pt;
|
||||
padding: 0 50px;
|
||||
}
|
||||
div.main-content{
|
||||
padding: 10px;
|
||||
background: #fff;
|
||||
border: 2px #ccc solid;
|
||||
}
|
||||
a{
|
||||
text-decoration: none;
|
||||
}
|
||||
p.footer{
|
||||
text-align: center;
|
||||
margin: 5px 0 0 0;
|
||||
}
|
||||
.heading-1{
|
||||
text-align: center;
|
||||
color: orange;
|
||||
font-variant: small-caps;
|
||||
font-size: 20pt;
|
||||
}
|
||||
.heading-1-1{
|
||||
color: orange;
|
||||
font-size: 14pt;
|
||||
border-bottom: 2px #ccc solid;
|
||||
}
|
||||
pre{
|
||||
background: #eee;
|
||||
border: 2px #ccc solid;
|
||||
padding: 5px;
|
||||
border-left: 10px #ccc solid;
|
||||
}
|
||||
ul.star li{
|
||||
list-style-type: square;
|
||||
}
|
||||
/*]]>*/
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id="HLDAPSchemaforadvancedaccessrules">LDAP
|
||||
Schema for advanced access rules</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HTopic">Topic</a></li>
|
||||
|
||||
<li>
|
||||
<a href="#HLDAPSchema">LDAP Schema</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HOIDprefix">OID prefix</a></li>
|
||||
|
||||
<li><a href="#HOpenLDAPschema">OpenLDAP schema</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<a href="#HHowtouseitinLemonLDAP3A3ANG">How to use it in
|
||||
LemonLDAP::NG</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HSpecifynewattributesinexportedvariables">Specify new
|
||||
attributes in exported variables</a></li>
|
||||
|
||||
<li><a href="#HHabilitationbasedonanapplicationname">Habilitation
|
||||
based on an application name</a></li>
|
||||
|
||||
<li><a href="#HHabilitationbasedonadate">Habilitation based on a
|
||||
date</a></li>
|
||||
|
||||
<li><a href="#HHabilitationbasedonaperiod">Habilitation based on a
|
||||
period</a></li>
|
||||
|
||||
<li>
|
||||
<a href="#HSendaroletoaprotectedapplication">Send a role to a
|
||||
protected application</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HRolesassimplevaluesofauserattribute">Roles as
|
||||
simple values of a user attribute</a></li>
|
||||
|
||||
<li><a href="#HRolesasentriesinthedirectory">Roles as entries in
|
||||
the directory</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HTopic">Topic</span></h3>
|
||||
|
||||
<p class="paragraph"></p>LemonLDAP::NG is powerfull WebSSO engine who
|
||||
manage access trough user's attributes stored in an LDAP directory.
|
||||
|
||||
<p class="paragraph"></p>We can use standards attributes like uid, cn or
|
||||
mail to describe access rules to protected web applications.
|
||||
|
||||
<p class="paragraph"></p>But sometimes we need more information! For
|
||||
example:
|
||||
|
||||
<ul class="star">
|
||||
<li>An application name (to allow access by applications and not by
|
||||
group of users)</li>
|
||||
|
||||
<li>A start date and an end date (to open or close the service even the
|
||||
entry already exists)</li>
|
||||
|
||||
<li>A time profile (allowed hours and day of the week)</li>
|
||||
|
||||
<li>One or more roles (to send to the protected applications)</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HLDAPSchema">LDAP Schema</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HOIDprefix">OID prefix</span></h4>
|
||||
|
||||
<p class="paragraph"></p>We plan to use this prefix:
|
||||
1.3.6.1.4.1.10943.10.2.
|
||||
|
||||
<p class="paragraph"></p>The prefix 1.3.6.1.4.1.10943 is owned by LINAGORA
|
||||
(See <span class="wikiexternallink"><a href=
|
||||
"http://www.iana.org/assignments/enterprise-numbers">http://www.iana.org/assignments/enterprise-numbers</a></span>).
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HOpenLDAPschema">OpenLDAP
|
||||
schema</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Just add this file to OpenLDAP schemas:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
#=======================================
|
||||
# Schema <span class="java-keyword">for</span> advanced SSO access rules
|
||||
#
|
||||
# Designed <span class="java-keyword">for</span> OpenLDAP software
|
||||
# <span class="nobr"><a href=
|
||||
"http://www.openldap.org">http://www.openldap.org</a></span>
|
||||
#
|
||||
# Part of LemonLDAP::NG project
|
||||
# <span class="nobr"><a href=
|
||||
"http://lemonldap.ow2.org">http://lemonldap.ow2.org</a></span>
|
||||
#
|
||||
# Author: Clement OUDOT
|
||||
#=======================================<br /><br />#=======================================
|
||||
# OID Prefix
|
||||
# Registered in IANA database
|
||||
#=======================================
|
||||
objectIdentifier SSOOID 1.3.6.1.4.1.10943.10.2<br /><br />#=======================================
|
||||
# Attributes
|
||||
#=======================================<br /><br /># Application Name
|
||||
attributetype ( SSOOID:1:1
|
||||
NAME 'ssoName'
|
||||
DESC 'An application name'
|
||||
EQUALITY caseIgnoreMatch
|
||||
SUBSTR caseIgnoreSubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br /># Roles
|
||||
attributetype ( SSOOID:1:2
|
||||
NAME 'ssoRoles'
|
||||
DESC 'One or more roles'
|
||||
EQUALITY caseIgnoreMatch
|
||||
SUBSTR caseIgnoreSubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br /># Time profile
|
||||
attributetype ( SSOOID:1:3
|
||||
NAME 'ssoTimeProfile'
|
||||
DESC 'A time profile'
|
||||
EQUALITY caseIgnoreMatch
|
||||
SUBSTR caseIgnoreSubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br /># Start date
|
||||
attributetype ( SSOOID:1:4
|
||||
NAME 'ssoStartDate'
|
||||
DESC 'Start date'
|
||||
EQUALITY caseIgnoreMatch
|
||||
SUBSTR caseIgnoreSubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br /># End date
|
||||
attributetype ( SSOOID:1:5
|
||||
NAME 'ssoEndDate'
|
||||
DESC 'End date'
|
||||
EQUALITY caseIgnoreMatch
|
||||
SUBSTR caseIgnoreSubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )<br /><br />#=======================================
|
||||
# ObjectClasses
|
||||
#=======================================<br /><br /># SSO user
|
||||
objectClass ( SSOOID:2:1
|
||||
NAME 'ssoUser'
|
||||
DESC 'SSO extended informations <span class=
|
||||
"java-keyword">for</span> a user'
|
||||
SUP top
|
||||
AUXILIARY
|
||||
MAY ( ssoName $ ssoRoles $ ssoTimeProfile $
|
||||
ssoStartDate $ ssoEndDate ) )
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HHowtouseitinLemonLDAP3A3ANG">How to use
|
||||
it in LemonLDAP::NG</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HSpecifynewattributesinexportedvariables">Specify new attributes in
|
||||
exported variables</span></h4>
|
||||
|
||||
<p class="paragraph"></p>In LemonLDAP::NG Manager, go to General
|
||||
Parameters > Exported Variables and add new variables:
|
||||
|
||||
<ul class="star">
|
||||
<li>ssoName => $ssoName</li>
|
||||
|
||||
<li>ssoRoles => $ssoRoles</li>
|
||||
|
||||
<li>ssoTimeProfile => $ssoTimeProfile</li>
|
||||
|
||||
<li>ssoStartDate => $ssoStartDate</li>
|
||||
|
||||
<li>ssoEndDate => $ssoEndDate</li>
|
||||
</ul>Save and reload Apache and Handler to get the configuration updated.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HHabilitationbasedonanapplicationname">Habilitation based on an
|
||||
application name</span></h4><br />
|
||||
<br />
|
||||
If a user has got the ssoName attribute, with each value being the name of
|
||||
a protected application, you can configure the rules of virtualhosts by
|
||||
checking the application name.<br />
|
||||
<br />
|
||||
Go in LemonLDAP::NG Manager, choose your virtualhost (for example
|
||||
test.acme.com), and set the default rule to accept users if they have
|
||||
"acme" has one of the value of their attribute "ssoName":<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
<span class="java-keyword">default</span> => $ssoName =~ /\bacme\b/
|
||||
</pre>
|
||||
</div><br />
|
||||
<br />
|
||||
Save and reload.<br />
|
||||
<br />
|
||||
Now you can decide who access this application just by adding or removing
|
||||
a value inside the entry of the users.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HHabilitationbasedonadate">Habilitation based on a date</span></h4><br />
|
||||
<br />
|
||||
If the user has got ssoStartDate and/or ssoEndDate, you can configure
|
||||
rules to compare the current date to the start/end dates.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HHabilitationbasedonaperiod">Habilitation based on a
|
||||
period</span></h4><br />
|
||||
<br />
|
||||
If the user has got ssoTimeProfile, you can configure rules to compare the
|
||||
current time and compare it to the time profile.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id=
|
||||
"HSendaroletoaprotectedapplication">Send a role to a protected
|
||||
application</span></h4>
|
||||
|
||||
<h5 class="heading-1-1-1-1"><span id=
|
||||
"HRolesassimplevaluesofauserattribute">Roles as simple values of a user
|
||||
attribute</span></h5><br />
|
||||
<br />
|
||||
Imagine you've set your directory schema to store roles as values of
|
||||
ssoRoles, an attribute of the user. This is simple because you can send
|
||||
the role to the application by creating a HTTP header (for example
|
||||
Auth-Role) with the concatened values (';' is the concatenation
|
||||
string):<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
Auth-Roles => $ssoRoles
|
||||
</pre>
|
||||
</div><br />
|
||||
<br />
|
||||
If the user has these values inside its entry:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
ssoRoles: user
|
||||
ssoRoles: admin
|
||||
</pre>
|
||||
</div><br />
|
||||
<br />
|
||||
Then you got this value inside the Auth-Roles header:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
user;admin
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h5 class="heading-1-1-1-1"><span id="HRolesasentriesinthedirectory">Roles
|
||||
as entries in the directory</span></h5><br />
|
||||
<br />
|
||||
Now imagine the following DIT:<br />
|
||||
<br />
|
||||
<img src="DIA_DIT_Roles.png" alt="DIA_DIT_Roles.png" /><br />
|
||||
<br />
|
||||
Roles are entries, below branchs representing applications. Each user has
|
||||
a ssoRoles attributes, which values are the DN of the corresponding roles.
|
||||
With this oragnization, you can set roles to user within specific
|
||||
application.<br />
|
||||
<br />
|
||||
In the schema above, the user has the following values:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
ssoRoles: ou=admin,ou=aaa,ou=roles,dc=acme,dc=com
|
||||
ssoRoles: ou=user,ou=bbb,ou=roles,dc=acme,dc=com
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>So he is "user" on application "BBB" and "admin"
|
||||
on application "AAA".
|
||||
|
||||
<p class="paragraph"></p>Now we have to send to right role to the right
|
||||
application trough LemonLDAP::NG.
|
||||
|
||||
<p class="paragraph"></p>First step: create a rule to grant access only if
|
||||
the user has a role in the application:
|
||||
|
||||
<ul class="star">
|
||||
<li>For application AAA:</li>
|
||||
</ul>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
<span class="java-keyword">default</span> => $ssoRoles =~ /ou=aaa,ou=roles/
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<ul class="star">
|
||||
<li>For application BBB:</li>
|
||||
</ul>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
<span class="java-keyword">default</span> => $ssoRoles =~ /ou=bbb,ou=roles/
|
||||
</pre>
|
||||
</div><br />
|
||||
<br />
|
||||
Second step: get the role name for the application. We will use the macros
|
||||
to do that. Create two macros (inside General Parameters > Macros):
|
||||
|
||||
<ul class="star">
|
||||
<li>For application AAA:</li>
|
||||
</ul>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
aaaRole => ((grep{/ou=aaa/} split(';',$ssoRoles))[0] =~ /ou=(.*),ou=aaa/)[0]
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<ul class="star">
|
||||
<li>For application BBB:</li>
|
||||
</ul>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
bbbRole => ((grep{/ou=bbb/} split(';',$ssoRoles))[0] =~ /ou=(.*),ou=bbb/)[0]
|
||||
</pre>
|
||||
</div><br />
|
||||
<br />
|
||||
These regular expressions read the 'ou' value of the DN of the role of the
|
||||
concerned application. This work if the user has only one role per
|
||||
application.<br />
|
||||
<br />
|
||||
Third step: provide the role to the application. It is done by creating
|
||||
the correct HTTP header:
|
||||
|
||||
<ul class="star">
|
||||
<li>For application AAA:</li>
|
||||
</ul>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
Auth-Roles => $aaaRoles
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<ul class="star">
|
||||
<li>For application BBB:</li>
|
||||
</ul>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
Auth-Roles => $bbbRoles
|
||||
</pre>
|
||||
</div><br />
|
||||
<br />
|
||||
Now the protected application can read in the header HTTP_AUTH_ROLES the
|
||||
role of the user.
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
</body>
|
||||
</html>
|
|
@ -1,417 +0,0 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: advanced-install.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
body{
|
||||
background: #ddd;
|
||||
font-family: sans-serif;
|
||||
font-size: 11pt;
|
||||
padding: 0 50px;
|
||||
}
|
||||
div.main-content{
|
||||
padding: 10px;
|
||||
background: #fff;
|
||||
border: 2px #ccc solid;
|
||||
}
|
||||
a{
|
||||
text-decoration: none;
|
||||
}
|
||||
p.footer{
|
||||
text-align: center;
|
||||
margin: 5px 0 0 0;
|
||||
}
|
||||
.heading-1{
|
||||
text-align: center;
|
||||
color: orange;
|
||||
font-variant: small-caps;
|
||||
font-size: 20pt;
|
||||
}
|
||||
.heading-1-1{
|
||||
color: orange;
|
||||
font-size: 14pt;
|
||||
border-bottom: 2px #ccc solid;
|
||||
}
|
||||
pre{
|
||||
background: #eee;
|
||||
border: 2px #ccc solid;
|
||||
padding: 5px;
|
||||
border-left: 10px #ccc solid;
|
||||
}
|
||||
ul.star li{
|
||||
list-style-type: square;
|
||||
}
|
||||
/*]]>*/
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id="HADVANCEDINSTALLATION">ADVANCED
|
||||
INSTALLATION</span></h2>
|
||||
|
||||
<p class="paragraph"></p><strong class="strong">Warning:</strong> This
|
||||
document is written for people who know Lemonldap::NG. For other people,
|
||||
it is recommended to build the <span class="wikilink"><a href=
|
||||
"install.html">example</a></span> provided in the source and next to adapt
|
||||
it to local installation.
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
<a href="#HPREREQ">PREREQ</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HApache">Apache</a></li>
|
||||
|
||||
<li><a href="#HPerlprereq">Perl prereq</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li><a href="#HSOFTWAREINSTALLATION">SOFTWARE INSTALLATION</a></li>
|
||||
|
||||
<li>
|
||||
<a href="#HLEMONLDAPINSTALLATION">LEMONLDAP INSTALLATION</a>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
<a href="#HDatabaseconfiguration">Database configuration</a>
|
||||
|
||||
<ul>
|
||||
<li><a href=
|
||||
"#HLemonldap3A3ANGConfigurationdatabase">Lemonldap::NG
|
||||
Configuration database</a></li>
|
||||
|
||||
<li><a href="#HApache3A3ASessiondatabase">Apache::Session
|
||||
database</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li><a href="#HManagerconfiguration">Manager configuration</a></li>
|
||||
|
||||
<li>
|
||||
<a href="#HConfigurationedition">Configuration edition</a>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HGeneralparameters">General parameters</a></li>
|
||||
|
||||
<li><a href="#HUsergroups">User groups</a></li>
|
||||
|
||||
<li><a href="#HVirtualhosts">Virtual hosts</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HPREREQ">PREREQ</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HApache">Apache</span></h4>
|
||||
|
||||
<p class="paragraph"></p>To use Lemonldap::NG, you have to run a LDAP
|
||||
server and of course an Apache server compiled with mod-perl (version 1.3
|
||||
or 2.x). Generaly, the version of Apache proposed with your Linux
|
||||
distribution match, but some distributions used an experimental version of
|
||||
mod_perl with Apache2 (mod_perl-1.99) which does not work with
|
||||
Lemonldap::NG. With such distributions (like Debian-3.1), you have to use
|
||||
Apache-1.3 or to use a mod_perl backport (www.backports.org package for
|
||||
Debian works fine).
|
||||
|
||||
<p class="paragraph"></p>For Apache2, you can use both mpm-worker and
|
||||
mpm-prefork. Mpm-worker works faster and Lemonldap::NG use the thread
|
||||
system for best performance. If you have to use mpm-prefork (for example
|
||||
if you use PHP), Lemonldap::NG will work anyway.
|
||||
|
||||
<p class="paragraph"></p>You can use Lemonldap::NG in an heterogene world:
|
||||
the authentication portal and the manager can work in any version of
|
||||
Apache 1.3 or more even if mod_perl is not compiled, with
|
||||
ModPerl::Registry or not… Only the handler (site protector) need
|
||||
mod_perl. The different handlers can run on different servers with
|
||||
different versions of Apache/mod_perl.
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HPerlprereq">Perl prereq</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Perl modules: Apache::Session, Net::LDAP,
|
||||
MIME::Base64, CGI, LWP::UserAgent, Cache::Cache, DBI, XML::Simple
|
||||
|
||||
<p class="paragraph"></p>With Debian:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
apt-get install libapache-session-perl libnet-ldap-perl libcache-cache-perl \
|
||||
libdbi-perl perl-modules libwww-perl libcache-cache-perl \
|
||||
libxml-simple-perl
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Portal:
|
||||
|
||||
<p class="paragraph"></p>Apache::Session, Net::LDAP, MIME::Base64, CGI,
|
||||
DBI
|
||||
|
||||
<p class="paragraph"></p>With Debian:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
apt-get install libapache-session-perl libnet-ldap-perl libdbi-perl \
|
||||
perl-modules
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Handler:
|
||||
|
||||
<p class="paragraph"></p>Apache::Session, LWP::UserAgent, Cache::Cache,
|
||||
DBI
|
||||
|
||||
<p class="paragraph"></p>With Debian:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
apt-get install libapache-session-perl libdbi-perl libwww-perl \
|
||||
libcache-cache-perl
|
||||
</pre>
|
||||
</div><br />
|
||||
<br />
|
||||
Manager:<br />
|
||||
<br />
|
||||
CGI, XML::Simple, DBI<br />
|
||||
<br />
|
||||
With Debian:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
apt-get install perl-modules libxml-simple-perl
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HSOFTWAREINSTALLATION">SOFTWARE
|
||||
INSTALLATION</span></h3><br />
|
||||
<br />
|
||||
If you just want to install a handler or a portal or a manager:<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
$ tar xzf lemonldap-ng-*.tar.gz
|
||||
$ cd lemonldap-ng-*/Lemonldap-NG-(Portal|Handler|Manager)
|
||||
$ perl Makefile.PL && make && make test
|
||||
$ sudo make install
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>else for a complete install:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
$ tar xzf lemonldap-ng-*.tar.gz
|
||||
$ cd lemonldap-ng-*
|
||||
$ make && make test
|
||||
$ sudo make install
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>See prereq in
|
||||
|
||||
<h3 class="heading-1-1"><span id="HLEMONLDAPINSTALLATION">LEMONLDAP
|
||||
INSTALLATION</span></h3>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HDatabaseconfiguration">Database
|
||||
configuration</span></h4>If you use DBI or another system to share
|
||||
Lemonldap::NG configuration, you have to initialize the database.<br />
|
||||
<br />
|
||||
For example, create the database "lemonldapng" :<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
# mysqladmin create lemonldapng
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h5 class="heading-1-1-1-1"><span id=
|
||||
"HLemonldap3A3ANGConfigurationdatabase">Lemonldap::NG Configuration
|
||||
database</span></h5><br />
|
||||
<br />
|
||||
To store configuration, use this table :<br />
|
||||
<br />
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
CREATE TABLE lmConfig (
|
||||
cfgNum <span class="java-object">int</span> not <span class=
|
||||
"java-keyword">null</span> primary key,
|
||||
locationRules text,
|
||||
exportedHeaders text,
|
||||
globalStorage text,
|
||||
globalStorageOptions text,
|
||||
macros text,
|
||||
groups text,
|
||||
portal text,
|
||||
domain text,
|
||||
ldapServer text,
|
||||
ldapPort <span class="java-object">int</span>,
|
||||
ldapBase text,
|
||||
securedCookie <span class="java-object">int</span>,
|
||||
cookieName text,
|
||||
authentication text,
|
||||
exportedVars text,
|
||||
managerDn text,
|
||||
managerPassword text,
|
||||
whatToTrace text,
|
||||
timeout <span class="java-object">int</span>
|
||||
);
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h5 class="heading-1-1-1-1"><span id=
|
||||
"HApache3A3ASessiondatabase">Apache::Session database</span></h5>
|
||||
|
||||
<p class="paragraph"></p>The choice of Apache::Session::* module is free.
|
||||
See Apache::Session::Store::* or Apache::Session::* to know how to
|
||||
configure the module. For example, if you want to use
|
||||
Apache::Session::MySQL, you can create the database like this:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
CREATE TABLE sessions (
|
||||
id <span class="java-object">char</span>(32),
|
||||
a_session text
|
||||
);
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HManagerconfiguration">Manager
|
||||
configuration</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Copy example/manager.cgi and personalize it if
|
||||
you want (see Lemonldap::NG::Manager). You have to set in particular
|
||||
configStorage. For example with MySQL:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
$my $manager = Lemonldap::NG::Manager-><span class=
|
||||
"java-keyword">new</span> ( {
|
||||
dbiChain => <span class=
|
||||
"java-quote">"DBI:mysql:database=mybase;host=1.2.3.4"</span>,
|
||||
dbiUser => <span class=
|
||||
"java-quote">"lemonldap-ng"</span>,
|
||||
dbiPasword => <span class=
|
||||
"java-quote">"mypass"</span>,
|
||||
} );
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p class="paragraph"></p>Securise Manager access with Apache: Lemonldap
|
||||
does not securise the manager itself yet:
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<div class="code">
|
||||
<pre>
|
||||
SSLEngine On
|
||||
Order Deny, Allow
|
||||
Deny from all
|
||||
Allow from admin/network
|
||||
AuthType Basic
|
||||
...
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HConfigurationedition">Configuration
|
||||
edition</span></h4>
|
||||
|
||||
<p class="paragraph"></p>Connect to the manager with your browser start
|
||||
configure your Web-SSO. You have to set at least some parameters:
|
||||
|
||||
<h5 class="heading-1-1-1-1"><span id="HGeneralparameters">General
|
||||
parameters</span></h5>
|
||||
|
||||
<ul class="star">
|
||||
<li>Authentication parameters -> portal URL to access to the
|
||||
authentication portal.</li>
|
||||
|
||||
<li>Domain: the cookie domain. All protected VirtualHosts have to be
|
||||
under it.</li>
|
||||
|
||||
<li>LDAP parameters -> LDAP Server.</li>
|
||||
|
||||
<li>LDAP parameters -> LDAP Accout and password: required only if
|
||||
anonymous binds are not accepted.</li>
|
||||
|
||||
<li>Session Storage -> Apache::Session module: how to store user
|
||||
sessions. You can use all module that inherit from Apache::Session like
|
||||
Apache::Session::MySQL.</li>
|
||||
|
||||
<li>Session Storage -> Apache::Session Module parameters: see
|
||||
Apache::Session::<Choosen module>.</li>
|
||||
</ul>
|
||||
|
||||
<h5 class="heading-1-1-1-1"><span id="HUsergroups">User groups</span></h5>
|
||||
|
||||
<p class="paragraph"></p>Use the "New Group" button to add your first
|
||||
group. On the left, set the keyword which will be used later and set on
|
||||
the right the corresponding rule. You can use :
|
||||
|
||||
<ul class="star">
|
||||
<li>an LDAP filter (it will be tested with the user uid)</li>
|
||||
</ul>or
|
||||
|
||||
<ul class="star">
|
||||
<li>a Perl condition enclosed with {}. All variables declared in
|
||||
"General parameters -> LDAP attributes" can be used with a "$". For
|
||||
example: MyGroup / { $uid eq "foo" or $uid eq "bar" }</li>
|
||||
</ul>
|
||||
|
||||
<h5 class="heading-1-1-1-1"><span id="HVirtualhosts">Virtual
|
||||
hosts</span></h5>
|
||||
|
||||
<p class="paragraph"></p>You have to create a virtual host for each Apache
|
||||
host (virtual or real) protected by Lemonldap::NG even if just a
|
||||
sub-directory is protected. Else, user who want to access to the protected
|
||||
area will be rejected with a "500 Internal Server Error" message and the
|
||||
apache logs will explain the problem.
|
||||
|
||||
<p class="paragraph"></p>Each virtual host has 2 groups of parameters:
|
||||
|
||||
<ul class="star">
|
||||
<li>Headers: the headers added to the apache request. Default: Auth-User
|
||||
=> $uid.</li>
|
||||
|
||||
<li>Rules: subdivised in 2 categories:
|
||||
|
||||
<ul class="star">
|
||||
<li>default: the default rule</li>
|
||||
|
||||
<li>personalized rules: association of a Perl regular expression and
|
||||
a condition. For example: ^/restricted.*$ / $groups =~
|
||||
/bMyGroupb/</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
</body>
|
||||
</html>
|
BIN
build/lemonldap-ng/doc/dokuwiki_logo.png
Normal file
After Width: | Height: | Size: 13 KiB |
BIN
build/lemonldap-ng/doc/error.png
Normal file
After Width: | Height: | Size: 1.1 KiB |
BIN
build/lemonldap-ng/doc/grr_logo.png
Normal file
After Width: | Height: | Size: 7.9 KiB |
|
@ -49,27 +49,36 @@
|
|||
<div class="main-content">
|
||||
<h2 class="heading-1">LemonLDAP::NG documentation</h2>
|
||||
<ul class="star">
|
||||
<li><a href="advanced-access-rules.html">Advanced access rules</a></li>
|
||||
<li><a href="advanced-install.html">Advanced install</a></li>
|
||||
<li><a href="contacts.html">Contacts</a></li>
|
||||
<li><a href="debian-packages-install.html">Debian packages install</a></li>
|
||||
<li><a href="dokuwiki.html">Dokuwiki</a></li>
|
||||
<li><a href="errors.html">Errors</a></li>
|
||||
<li><a href="errors-fr.html">Errors (FR)</a></li>
|
||||
<li><a href="faq.html">Faq</a></li>
|
||||
<li><a href="faq-fr.html">Faq (FR)</a></li>
|
||||
<li><a href="install.html">Install</a></li>
|
||||
<li><a href="install-fr.html">Install (FR)</a></li>
|
||||
<li><a href="liberty-alliance-fr.html">Liberty alliance (FR)</a></li>
|
||||
<li><a href="overview.html">Overview</a></li>
|
||||
<li><a href="overview-fr.html">Overview (FR)</a></li>
|
||||
<li><a href="password-policy.html">Password policy</a></li>
|
||||
<li><a href="phpldapadmin.html">Phpldapadmin</a></li>
|
||||
<li><a href="references.html">References</a></li>
|
||||
<li><a href="roadmap.html">Roadmap</a></li>
|
||||
<li><a href="soap-fr.html">Soap (FR)</a></li>
|
||||
<li><a href="sympa.html">Sympa</a></li>
|
||||
<li><a href="tomcat-valve.html">Tomcat valve</a></li>
|
||||
<li><a href="1-Overview.html">1 Overview</a></li>
|
||||
<li><a href="1-Overview-fr.html">1 Overview (FR)</a></li>
|
||||
<li><a href="2-FAQ.html">2 FAQ</a></li>
|
||||
<li><a href="2-FAQ-fr.html">2 FAQ (FR)</a></li>
|
||||
<li><a href="3-Table-of-contents.html">3 Table of contents</a></li>
|
||||
<li><a href="3-Table-of-contents-fr.html">3 Table of contents (FR)</a></li>
|
||||
<li><a href="3.1-Install-prerequesites.html">3.1 Install prerequesites</a></li>
|
||||
<li><a href="3.2-Install-from-tarball.html">3.2 Install from tarball</a></li>
|
||||
<li><a href="3.3-Install-from-debian-packages.html">3.3 Install from debian packages</a></li>
|
||||
<li><a href="3.4-Install-of-MySQL-storage.html">3.4 Install of MySQL storage</a></li>
|
||||
<li><a href="3.5-Install-of-example.html">3.5 Install of example</a></li>
|
||||
<li><a href="3.5-Install-of-example-fr.html">3.5 Install of example (FR)</a></li>
|
||||
<li><a href="4.1-Configuration-overview.html">4.1 Configuration overview</a></li>
|
||||
<li><a href="4.1-Configuration-parameter-list.html">4.1 Configuration parameter list</a></li>
|
||||
<li><a href="4.1-Configure-portal-menu.html">4.1 Configure portal menu</a></li>
|
||||
<li><a href="4.1-HTML-templates-customization.html">4.1 HTML templates customization</a></li>
|
||||
<li><a href="4.1-RBAC-model.html">4.1 RBAC model</a></li>
|
||||
<li><a href="4.2-Configure-LDAP-schema.html">4.2 Configure LDAP schema</a></li>
|
||||
<li><a href="4.2-Configure-password-policy.html">4.2 Configure password policy</a></li>
|
||||
<li><a href="4.3-Configure-Liberty-Alliance-fr.html">4.3 Configure Liberty Alliance (FR)</a></li>
|
||||
<li><a href="4.3-Configure-SOAP-fr.html">4.3 Configure SOAP (FR)</a></li>
|
||||
<li><a href="5-Appli-Dokuwiki.html">5 Appli Dokuwiki</a></li>
|
||||
<li><a href="5-Appli-Sympa.html">5 Appli Sympa</a></li>
|
||||
<li><a href="5-Appli-Tomcat-Valve.html">5 Appli Tomcat Valve</a></li>
|
||||
<li><a href="5-Appli-phpLDAPadmin.html">5 Appli phpLDAPadmin</a></li>
|
||||
<li><a href="6-Contacts.html">6 Contacts</a></li>
|
||||
<li><a href="6-Errors.html">6 Errors</a></li>
|
||||
<li><a href="6-Errors-fr.html">6 Errors (FR)</a></li>
|
||||
<li><a href="6-References.html">6 References</a></li>
|
||||
<li><a href="6-Roadmap.html">6 Roadmap</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<p class="footer">Find the latest version of the documentation on <a href="http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation">LemonLDAP::NG Wiki</a> !</p>
|
||||
|
|
BIN
build/lemonldap-ng/doc/ok.png
Normal file
After Width: | Height: | Size: 1.1 KiB |
BIN
build/lemonldap-ng/doc/out_of_the_box_nicu_bucu_01.png
Normal file
After Width: | Height: | Size: 4.7 KiB |
BIN
build/lemonldap-ng/doc/padlock_aj_ashton_01.png
Normal file
After Width: | Height: | Size: 6.4 KiB |
|
@ -1,126 +0,0 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
||||
<head>
|
||||
<meta name="generator" content=
|
||||
"HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" />
|
||||
|
||||
<title>Lemonldap::NG documentation: roadmap.html</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
body{
|
||||
background: #ddd;
|
||||
font-family: sans-serif;
|
||||
font-size: 11pt;
|
||||
padding: 0 50px;
|
||||
}
|
||||
div.main-content{
|
||||
padding: 10px;
|
||||
background: #fff;
|
||||
border: 2px #ccc solid;
|
||||
}
|
||||
a{
|
||||
text-decoration: none;
|
||||
}
|
||||
p.footer{
|
||||
text-align: center;
|
||||
margin: 5px 0 0 0;
|
||||
}
|
||||
.heading-1{
|
||||
text-align: center;
|
||||
color: orange;
|
||||
font-variant: small-caps;
|
||||
font-size: 20pt;
|
||||
}
|
||||
.heading-1-1{
|
||||
color: orange;
|
||||
font-size: 14pt;
|
||||
border-bottom: 2px #ccc solid;
|
||||
}
|
||||
pre{
|
||||
background: #eee;
|
||||
border: 2px #ccc solid;
|
||||
padding: 5px;
|
||||
border-left: 10px #ccc solid;
|
||||
}
|
||||
ul.star li{
|
||||
list-style-type: square;
|
||||
}
|
||||
/*]]>*/
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="main-content">
|
||||
<h2 class="heading-1"><span id="HRoadmapforLemonLDAP3A3ANG">Roadmap for
|
||||
LemonLDAP::NG</span></h2>
|
||||
|
||||
<p class="paragraph"></p>
|
||||
|
||||
<ul>
|
||||
<li><a href="#HVersion0928200829">Version 0.9 (2008)</a></li>
|
||||
|
||||
<li><a href="#HVersion1028end200829">Version 1.0 (end 2008)</a></li>
|
||||
|
||||
<li><a href="#HVersion2028201029">Version 2.0 (2010)</a></li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HVersion0928200829">Version 0.9
|
||||
(2008)</span></h3>
|
||||
|
||||
<ul class="star">
|
||||
<li>Liberty Alliance authentication module</li>
|
||||
|
||||
<li>Skins for Manager and Portal</li>
|
||||
|
||||
<li>SOAP access to configuration and sessions</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HVersion1028end200829">Version 1.0 (end
|
||||
2008)</span></h3>
|
||||
|
||||
<ul class="star">
|
||||
<li>Dissociate authentication and user backend capabilities (for
|
||||
example, to choose LDAP for authentication, and MySQL for reading user's
|
||||
information).</li>
|
||||
|
||||
<li>Add a Menu.pm to portal modules, to provide an enhanced application
|
||||
menu and password modification form</li>
|
||||
|
||||
<li>i18n (internationalization) for modules, scripts and HTML
|
||||
templates</li>
|
||||
|
||||
<li>Production installation script</li>
|
||||
|
||||
<li>Packages for Debian/Ubuntu, RedHat/CentOS</li>
|
||||
|
||||
<li>Date and time parameters in access rules</li>
|
||||
|
||||
<li>Monitoring scripts (MRTG, Cacti, Nagios)</li>
|
||||
|
||||
<li>Sessions explorer</li>
|
||||
|
||||
<li>Handler POST functionnalities, to fill authentication forms with
|
||||
login/password</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id="HVersion2028201029">Version 2.0
|
||||
(2010)</span></h3>
|
||||
|
||||
<ul class="star">
|
||||
<li>Manage Apache virtualhost configuration through LDAP backend</li>
|
||||
|
||||
<li>SAML2 authentication and user backend</li>
|
||||
|
||||
<li>SNMP extensions for monitoring</li>
|
||||
|
||||
<li>Local password policy</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<p class="footer"><a href="index.html">Index</a></p>
|
||||
</body>
|
||||
</html>
|
BIN
build/lemonldap-ng/doc/tomcat_logo.png
Normal file
After Width: | Height: | Size: 9.4 KiB |
BIN
build/lemonldap-ng/doc/tools_nicu_buculei_01.png
Normal file
After Width: | Height: | Size: 6.3 KiB |
BIN
build/lemonldap-ng/doc/tux_clemente_01.png
Normal file
After Width: | Height: | Size: 3.6 KiB |
BIN
build/lemonldap-ng/doc/warning_triangle.png
Normal file
After Width: | Height: | Size: 797 B |