correct script an documentation

2021-06-29 08:52:36 +00:00 · 2021-06-29 08:52:36 +00:00 · ebc29edcb9
commit ebc29edcb9
parent 17be15e88a
2 changed files with 51 additions and 1 deletions
--- a/doc/sources/admin/renater.rst
+++ b/doc/sources/admin/renater.rst
@ -92,6 +92,57 @@ Then run the script:

   /usr/share/lemonldap-ng/bin/importMetadataRenater -m https://metadata.federation.renater.fr/renater/main/main-idps-renater-metadata.xml -r -i "idp-renater-" -s "sp-renater-"

+The script provide the following options 
+
+ * -c (--certificate) : URL of certificate, to check metadata document signature
+ * -i (--idpconfprefix) : Prefix used to set IDP configuration key
+ * -h (--help) : print this message
+ * -m (--metadata : URL of metadata document
+ * -s (--spconfprefix): Prefix used to set SP configuration key
+ * -w (--warning): print debug messages
+ * -bs (--blocklistsp): list of SP entityID to avoid to modify/import
+ * -bi (--blocklistip): list of IdP entityID to avoid to modify/import
+ * -n (--nagios) : output only metrics nagios compatible
+ * -d (--dryrun): do nothing
+ * -v (--verbose) : display all actions
+ * -r (--remove) : remove entityID inside LemonLDAP if was remove inside remote metadata
+
+
+Example :
+::
+
+    /usr/libexec/lemonldap-ng/bin/importMetadata -m https://pub.federation.renater.fr/metadata/renater/main/main-sps-renater-metadata.xml -s "sp-fed-prd" -c https://pub.federation.renater.fr/metadata/certs/renater-metadata-signing-cert-2016.pem -bs https://test-sp.federation.renater.fr -r -v -d
+    
+This command will 
+  * fetch all SPs metadata from renater
+  * set a prefix to entity stored inside LemonLdap::NG
+  * disable local modification of SP https://test-sp.federation.renater.fr
+  * remove local SPs wich didn't exist anymore in Federation metadata
+  * show only all modifications to apply
+
+The output is the following :
+
+ .. code-block::
+
+  ...
+  Update SP https://www-iuem.univ-brest.fr/sp in configuration
+  Attribute mail (urn:oid:0.9.2342.19200300.100.1.3) requested by SP https://gesper.ad.bnu.fr/shibboleth
+  Attribute eduPersonPrimaryAffiliation (urn:oid:1.3.6.1.4.1.5923.1.1.1.5) requested by SP https://gesper.ad.bnu.fr/shibboleth
+  Attribute eduPersonPrincipalName (urn:oid:1.3.6.1.4.1.5923.1.1.1.6) requested by SP https://gesper.ad.bnu.fr/shibboleth
+  Attribute displayName (urn:oid:2.16.840.1.113730.3.1.241) requested by SP https://gesper.ad.bnu.fr/shibboleth
+  Update SP https://gesper.ad.bnu.fr/shibboleth in configuration
+  [INFO] Dry-run mod no EntityID inserted
+  [IDP]	Found: 0	Updated: 0	Created: 0	Removed: 0	Rejected: 0	Ignored: 0
+  [SP]	Found: 1248	Updated: 1240	Created: 0	Removed: 0	Rejected: 7	Ignored: 1
+
+
+With "-n" options you could get a "nagios like" output with metrics :
+
+ .. code-block::
+ 
+  /usr/libexec/lemonldap-ng/bin/importMetadataFedRenater -m https://pub.federation.renater.fr/metadata/renater/main/main-sps-renater-metadata.xml -s "sp-fed-prd" -c https://pub.federation.renater.fr/metadata/certs/renater-metadata-signing-cert-2016.pem -bs https://test-sp.federation.renater.fr -r -d -n
+  Metadata loaded inside Conf: [DRY-RUN]|idp_found=0, idp_updated=0, idp_created=0, idp_removed=0, idp_rejected=0, idp_ignored=0, sp_found=1248, sp_updated=1240, sp_created=0, sp_removed=0, sp_rejected=7, sp_ignored=1
+

 .. attention::

--- a/lemonldap-ng-common/scripts/importMetadata
+++ b/lemonldap-ng-common/scripts/importMetadata
@ -6,7 +6,6 @@ use Lemonldap::NG::Common::Conf;
 use LWP::UserAgent;
 use MIME::Base64;
 use XML::LibXML;
-use Data::Dumper qw(Dumper);


 sub toEntityIDkey {