dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Replace latest by a link (1/3)

Browse Source
This commit is contained in:
Xavier Guimard 2010-10-28 13:39:23 +00:00
parent 227d3a02c3
commit f2c1530168
16 changed files with 6 additions and 3085 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
build/lemonldap-ng/Makefile
View File

@ -494,6 +494,12 @@ static_example:
documentation:
@cd doc/ && ../scripts/doc.pl
@rm -rf doc/pages/documentation/latest
@ln -s $$(perl -e '$$h{sprintf("%03d\.%03d\.%03d",split/\./,$$_)}=$$_ foreach(@ARGV); \
foreach(sort keys %h){$$last="$$h{$$_}\n"};print $$last;' \
$$(find doc/pages/documentation/ -maxdepth 1 -mindepth 1 -type d ! \
-name .svn ! -name latest -printf "%f\n") \
) doc/pages/documentation/latest
doxygen: clean
$(PERL) -i -pe 's/^(PROJECT_NUMBER\s*=\s*)\d.*$$/$${1}'$(VERSION)'/' Doxyfile

463
build/lemonldap-ng/doc/pages/documentation/latest/configlocation.html
View File

@ -1,463 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="configuration_overview" id="configuration_overview">Configuration overview</a></h1>
<div class="level1">
</div>
<!-- SECTION "Configuration overview" [1-38] -->
<h2><a name="backends" id="backends">Backends</a></h2>
<div class="level2">
<p>
LemonLDAP::NG configuration is stored in a backend (File, database, …), that allows all modules to access it.
</p>
<p>
<p><div class="notetip">Detailled configuration backends documentation is available <a href="../../documentation/latest/start.html#configuration1" class="wikilink1" title="documentation:latest:start">here</a>.
</div></p>
</p>
<p>
By default, configuration is stored in files, so access trough network is not possible. To allow this, use <acronym title="Simple Object Access Protocol">SOAP</acronym> for configuration access, or use a network service like <acronym title="Structured Query Language">SQL</acronym> database or <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> directory.
</p>
<p>
Configuration backend can be set in the <a href="#local_file" title="documentation:latest:configlocation &crarr;" class="wikilink1">local configuration file</a>, in <code>configuration</code> section.
</p>
<p>
For example, to configure the <code>File</code> configuration backend:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>configuration<span class="br0">&#93;</span></span>
<span class="re1">type</span><span class="sy0">=</span><span class="re2">File</span>
<span class="re1">dirName</span> <span class="sy0">=</span><span class="re2"> /usr/local/lemonldap-ng/data/conf</span></pre>
</div>
<!-- SECTION "Backends" [39-749] -->
<h2><a name="manager" id="manager">Manager</a></h2>
<div class="level2">
<p>
Most of configuration can be done trough LemonLDAP::NG Manager (by default <a href="http://manager.example.com" class="urlextern" title="http://manager.example.com" rel="nofollow">http://manager.example.com</a>).
</p>
<p>
By default, Manager is protected to allow only localhost. This can be changed in <code>etc/manager-apache2.conf</code>:
</p>
<pre class="code file apache"> &lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/manager/&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
<span class="kw1">Allow</span> from 127.0.0.0/8
<span class="kw1">Options</span> +ExecCGI
&lt;/<span class="kw3">Directory</span>&gt;</pre>
<p>
<p><div class="notetip">You can change allowed <acronym title="Internet Protocol">IP</acronym>, or add an Apache authentication module. When LemonLDAP::NG will be fully configured, you can also protect Manager with the Handler, as any other web application.
</div></p>
</p>
<p>
The Manager displays main branches:
</p>
<ul>
<li class="level1"><div class="li"> <strong>General Parameters</strong>: authentication modules, portal, etc.</div>
</li>
<li class="level1"><div class="li"> <strong>Variables</strong>: user information, macros and groups used to fill <acronym title="Single Sign On">SSO</acronym> session</div>
</li>
<li class="level1"><div class="li"> <strong>Virtual Hosts</strong>: access rules, headers, etc.</div>
</li>
<li class="level1"><div class="li"> <strong><acronym title="Security Assertion Markup Language">SAML</acronym> 2 Service</strong>: <acronym title="Security Assertion Markup Language">SAML</acronym> metadata administration</div>
</li>
<li class="level1"><div class="li"> <strong><acronym title="Security Assertion Markup Language">SAML</acronym> identity providers</strong>: Registered IDP</div>
</li>
<li class="level1"><div class="li"> <strong><acronym title="Security Assertion Markup Language">SAML</acronym> service providers</strong>: Registered SP</div>
</li>
</ul>
<p>
LemonLDAP::NG configuration is mainly a key/value structure, so Manager will present all keys into a structured tree. A click on a key will display the associated value.
</p>
<p>
When modifying a value, always click on the <code>Apply</code> button if available, to be sure the value is saved. When all modifications are done, click on <code>Save</code> to store configuration.
</p>
<p>
<p><div class="notewarning">LemonLDAP::NG will do some checks on configuration and display errors if any. Configuration <strong>is not saved</strong> if errors occur.
</div></p>
</p>
</div>
<!-- SECTION "Manager" [750-2274] -->
<h2><a name="apache" id="apache">Apache</a></h2>
<div class="level2">
<p>
<p><div class="noteimportant">LemonLDAP::NG does not manage Apache configuration
</div></p>
</p>
<p>
LemonLDAP::NG ships 3 Apache configuration files:
</p>
<ul>
<li class="level1"><div class="li"> <strong>portal-apache2.conf</strong>: Portal virtual host, with <acronym title="Simple Object Access Protocol">SOAP</acronym> and Issuer end points</div>
</li>
<li class="level1"><div class="li"> <strong>manager-apache2.conf</strong>: Manager virtual host</div>
</li>
<li class="level1"><div class="li"> <strong>handler-apache2.conf</strong> : Handler declaration, reload and sample virtual hosts</div>
</li>
</ul>
<p>
These files must be included in Apache configuration, either with <code>Include</code> directives in <code>httpd.conf</code> (see <a href="../../documentation/quickstart.html#apache" class="wikilink1" title="documentation:quickstart">quick start example</a>), or with symbolic links in Apache configuration directory (like <code>/etc/httpd/conf.d</code>).
</p>
<p>
<p><div class="notewarning">Mod <acronym title="Practical Extraction and Report Language">Perl</acronym> must be loaded before LemonLDAP::NG, so include configuration after the mod_perl <code>LoadModule</code> directive.
</div></p>
</p>
</div>
<!-- SECTION "Apache" [2275-3034] -->
<h3><a name="portal" id="portal">Portal</a></h3>
<div class="level3">
<p>
In Portal virtual host, you will find several configuration parts:
</p>
<ul>
<li class="level1"><div class="li"> Standard virtual host directives, to serve portal pages:</div>
</li>
</ul>
<pre class="code file apache"> <span class="kw1">ServerName</span> auth.example.com
&nbsp;
<span class="co1"># DocumentRoot</span>
<span class="kw1">DocumentRoot</span> /usr/local/lemonldap-ng/htdocs/portal/
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/portal/&gt;
<span class="kw1">Order</span> <span class="kw1">allow</span>,<span class="kw1">deny</span>
<span class="kw1">Allow</span> from <span class="kw2">all</span>
<span class="kw1">Options</span> +ExecCGI
&lt;/<span class="kw3">Directory</span>&gt;
&nbsp;
<span class="co1"># Perl script</span>
&lt;<span class="kw3">Files</span> *.pl&gt;
<span class="kw1">SetHandler</span> perl-<span class="kw1">script</span>
PerlResponseHandler ModPerl::Registry
&lt;/<span class="kw3">Files</span>&gt;
&nbsp;
<span class="co1"># Directory index</span>
&lt;<span class="kw3">IfModule</span> mod_dir.c&gt;
<span class="kw1">DirectoryIndex</span> index.pl index.html
&lt;/<span class="kw3">IfModule</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> <acronym title="Simple Object Access Protocol">SOAP</acronym> end points (inactivated by default):</div>
</li>
</ul>
<pre class="code file apache"> <span class="co1"># SOAP functions for sessions management (disabled by default)</span>
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/portal//index.pl/adminSessions&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
&lt;/<span class="kw3">Directory</span>&gt;
&nbsp;
<span class="co1"># SOAP functions for sessions access (disabled by default)</span>
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/portal//index.pl/sessions&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
&lt;/<span class="kw3">Directory</span>&gt;
&nbsp;
<span class="co1"># SOAP functions for configuration access (disabled by default)</span>
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/portal//index.pl/config&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
&lt;/<span class="kw3">Directory</span>&gt;
&nbsp;
<span class="co1"># SOAP functions for notification insertion (disabled by default)</span>
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/portal//index.pl/notification&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
&lt;/<span class="kw3">Directory</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> Issuer rewrite rules (requires <code>mod_rewrite</code>):</div>
</li>
</ul>
<pre class="code file apache"> <span class="co1"># SAML2 Issuer</span>
&lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
<span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
<span class="kw1">RewriteRule</span> ^/saml/metadata /metadata.pl
<span class="kw1">RewriteRule</span> ^/saml/.* /index.pl
&lt;/<span class="kw3">IfModule</span>&gt;
&nbsp;
<span class="co1"># CAS Issuer</span>
&lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
<span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
<span class="kw1">RewriteRule</span> ^/cas/.* /index.pl
&lt;/<span class="kw3">IfModule</span>&gt;
&nbsp;
<span class="co1"># OpenID Issuer</span>
&lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
<span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
<span class="kw1">RewriteRule</span> ^/openidserver/.* /index.pl
&lt;/<span class="kw3">IfModule</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> Some <acronym title="Practical Extraction and Report Language">Perl</acronym> optimizations:</div>
</li>
</ul>
<pre class="code file apache"><span class="co1"># Best performance under ModPerl::Registry</span>
<span class="co1"># Uncomment this to increase performance of Portal</span>
&lt;Perl&gt;
<span class="kw1">require</span> Lemonldap::NG::Portal::SharedConf;
Lemonldap::NG::Portal::SharedConf-&gt;compile(
qw(delete <span class="kw1">header</span> cache read_from_client cookie <span class="kw1">redirect</span> unescapeHTML));
<span class="co1"># Uncomment this line if you use Lemonldap::NG menu</span>
<span class="kw1">require</span> Lemonldap::NG::Portal::Menu;
<span class="co1"># Uncomment this line if you use portal SOAP capabilities</span>
<span class="kw1">require</span> SOAP::Lite;
&lt;/Perl&gt;</pre>
</div>
<!-- SECTION "Portal" [3035-5628] -->
<h3><a name="manager1" id="manager1">Manager</a></h3>
<div class="level3">
<p>
Manager virtual host is used to serve configuration interface and local documentation.
</p>
<ul>
<li class="level1"><div class="li"> Configuration interface access is protected:</div>
</li>
</ul>
<pre class="code file apache"> <span class="kw1">DocumentRoot</span> /usr/local/lemonldap-ng/htdocs/manager/
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/manager/&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
<span class="kw1">Allow</span> from 127.0.0.0/8
<span class="kw1">Options</span> +ExecCGI
&lt;/<span class="kw3">Directory</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> Local documentation is open to all:</div>
</li>
</ul>
<pre class="code file apache"> <span class="kw1">Alias</span> /doc/ /usr/local/lemonldap-ng/htdocs/doc/
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/doc/&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Allow</span> from <span class="kw2">all</span>
&lt;/<span class="kw3">Directory</span>&gt;</pre>
</div>
<!-- SECTION "Manager" [5629-6274] -->
<h3><a name="handler" id="handler">Handler</a></h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> Load Handler in Apache memory:</div>
</li>
</ul>
<pre class="code file apache">PerlOptions +GlobalRequest
PerlRequire /usr/local/lemonldap-ng/handler/MyHandler.pm</pre>
<p>
<p><div class="noteimportant">The Handler must be loaded before any protected virtual host.
</div></p>
</p>
<ul>
<li class="level1"><div class="li"> Catch error pages:</div>
</li>
</ul>
<pre class="code file apache"><span class="kw1">ErrorDocument</span> 403 http://auth.example.com/?lmError=403
<span class="kw1">ErrorDocument</span> <span class="nu0">500</span> http://auth.example.com/?lmError=<span class="nu0">500</span></pre>
<ul>
<li class="level1"><div class="li"> Reload virtual host:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
<span class="kw1">ServerName</span> reload.example.com
&nbsp;
<span class="co1"># Configuration reload mechanism (only 1 per physical server is</span>
<span class="co1"># needed): choose your URL to avoid restarting Apache when</span>
<span class="co1"># configuration change</span>
&lt;<span class="kw3">Location</span> /reload&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
<span class="kw1">Allow</span> from 127.0.0.0/8
PerlHeaderParserHandler My::Package-&gt;refresh
&lt;/<span class="kw3">Location</span>&gt;
&nbsp;
<span class="co1"># Uncomment this to activate status module</span>
<span class="co1">#&lt;Location /status&gt;</span>
<span class="co1"># Order deny,allow</span>
<span class="co1"># Deny from all</span>
<span class="co1"># Allow from 127.0.0.0/8</span>
<span class="co1"># PerlHeaderParserHandler My::Package-&gt;status</span>
<span class="co1">#&lt;/Location&gt;</span>
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
Then, to protect a standard virutal host, the only configuration line to add is:
</p>
<pre class="code file apache">PerlHeaderParserHandler My::Package</pre>
</div>
<!-- SECTION "Handler" [6275-7490] -->
<h2><a name="configuration_reload" id="configuration_reload">Configuration reload</a></h2>
<div class="level2">
<p>
<p><div class="noteclassic">As Handlers keep configuration in cache, when configuration change, it should be updated in Handlers. An Apache restart will work, but LemonLDAP::NG offers the mean to reload them trough an <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> request. Configuration reload will then be effective in less than 10 minutes.
</div></p>
</p>
<p>
After configuration is saved by Manager, LemonLDAP::NG will try to reload configuration on distant Handlers. This can be configured in LemonLDAP::NG ini file, in the section <code>apply</code>:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>apply<span class="br0">&#93;</span></span>
&nbsp;
# URL used to reload configuration
reload.example.com<span class="sy0">=</span><span class="re2">http://reload.example.com/reload</span>
<span class="co0">;reloaddist.example.com=http://reloaddist.example.com/reload</span></pre>
<p>
<p><div class="notetip">You only need a reload <acronym title="Uniform Resource Locator">URL</acronym> per physical servers, as Handlers share the same configuration cache on each physical server.
</div></p>
</p>
<p>
The <code>reload</code> target is managed in Apache configuration, inside a virtual host protected by LemonLDAP::NG Handler, for example:
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
<span class="kw1">ServerName</span> reload.example.com
&nbsp;
&lt;<span class="kw3">Location</span> /reload&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
<span class="kw1">Allow</span> from 127.0.0.0/8
PerlHeaderParserHandler My::Package-&gt;refresh
&lt;/<span class="kw3">Location</span>&gt;
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
<p><div class="noteimportant">You must allow access to Manager <acronym title="Internet Protocol">IP</acronym>.
</div></p>
</p>
</div>
<!-- SECTION "Configuration reload" [7491-8767] -->
<h2><a name="local_file" id="local_file">Local file</a></h2>
<div class="level2">
<p>
LemonLDAP::NG configuration can be managed in a local file with <a href="http://en.wikipedia.org/wiki/INI_file" class="urlextern" title="http://en.wikipedia.org/wiki/INI_file" rel="nofollow">INI format</a>. This file is called <code>lemonldap-ng.ini</code> and has the following sections:
</p>
<ul>
<li class="level1"><div class="li"> <strong>configuration</strong>: where configuration is stored</div>
</li>
<li class="level1"><div class="li"> <strong>apply</strong>: reload <acronym title="Uniform Resource Locator">URL</acronym> for distant Hanlders</div>
</li>
<li class="level1"><div class="li"> <strong>all</strong>: parameters for all modules</div>
</li>
<li class="level1"><div class="li"> <strong>portal</strong>: parameters only for Portal</div>
</li>
<li class="level1"><div class="li"> <strong>manager</strong>: parameters only for Manager</div>
</li>
<li class="level1"><div class="li"> <strong>handler</strong>: parameters only for Handler</div>
</li>
</ul>
<p>
When you set a parameter in <code>lemonldap-ng.ini</code>, it will override the parameter from the global configuration.
</p>
<p>
For example, to override configured skin for portal:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">portalSkin</span> <span class="sy0">=</span><span class="re2"> dark</span></pre>
<p>
<p><div class="notetip">You need to know the technical name of configuration parameter to do this. You can refer to <a href="../../documentation/latest/parameterlist.html" class="wikilink1" title="documentation:latest:parameterlist">parameter list</a> to find it.
</div></p>
</p>
</div>
<!-- SECTION "Local file" [8768-9625] -->
<h2><a name="script_files" id="script_files">Script files</a></h2>
<div class="level2">
<p>
LemonLDAP::NG allows to override any configuration parameter directly in script file. However, it is not advised to edit such files, as they are part of the program, and will be erased at next upgrade.
</p>
<p>
<p><div class="notetip">You also need to know the technical name of configuration parameter to do this. You can refer to <a href="../../documentation/latest/parameterlist.html" class="wikilink1" title="documentation:latest:parameterlist">parameter list</a> to find it.
</div></p>
</p>
</div>
<!-- SECTION "Script files" [9626-10014] -->
<h3><a name="portal1" id="portal1">Portal</a></h3>
<div class="level3">
<p>
For example, in portal/index.pl:
</p>
<pre class="code file perl"><span class="kw1">my</span> <span class="re0">$portal</span> <span class="sy0">=</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">SharedConf</span><span class="sy0">-&gt;</span><span class="me1">new</span><span class="br0">&#40;</span>
<span class="br0">&#123;</span>
portalSkin <span class="sy0">=&gt;</span> <span class="st_h">'dark'</span><span class="sy0">,</span>
<span class="br0">&#125;</span>
<span class="br0">&#41;</span><span class="sy0">;</span></pre>
</div>
<!-- SECTION "Portal" [10015-10185] -->
<h3><a name="handler1" id="handler1">Handler</a></h3>
<div class="level3">
<p>
For example, in handler/MyHandler.pm:
</p>
<pre class="code file perl">__PACKAGE__<span class="sy0">-&gt;</span><span class="me1">init</span><span class="br0">&#40;</span>
<span class="br0">&#123;</span>
domain <span class="sy0">=&gt;</span> <span class="st_h">'acme.com'</span><span class="sy0">,</span>
<span class="br0">&#125;</span>
<span class="br0">&#41;</span><span class="sy0">;</span></pre>
</div>
<!-- SECTION "Handler" [10186-] --></div><!-- closes <div class="dokuwiki export">-->

248
build/lemonldap-ng/doc/pages/documentation/latest/configvhost.html
View File

@ -1,248 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="manage_virtual_hosts" id="manage_virtual_hosts">Manage virtual hosts</a></h1>
<div class="level1">
<p>
LemonLDAP::NG configuration is build around Apache virtual hosts. Each virtual host is a protected resource, with access rules, headers, POST data and options.
</p>
</div>
<!-- SECTION "Manage virtual hosts" [1-197] -->
<h2><a name="apache_configuration" id="apache_configuration">Apache configuration</a></h2>
<div class="level2">
<p>
To protect a virtual host in Apache, the LemonLDAP::NG Handler must be activated (see <a href="../../documentation/latest/configlocation.html#apache" class="wikilink1" title="documentation:latest:configlocation">Apache global configuration</a>).
</p>
<p>
Then you can take any virtual host, and simply add this line to protect it:
</p>
<pre class="code file apache">PerlHeaderParserHandler My::Package</pre>
<p>
For example, a protected virtual host for a local application:
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
<span class="kw1">ServerName</span> localsite.example.com
&nbsp;
PerlHeaderParserHandler My::Package
&nbsp;
<span class="kw1">DocumentRoot</span> /var/www/localsite
&nbsp;
<span class="kw1">ErrorLog</span> /var/log/apache2/localsite_error.log
<span class="kw1">CustomLog</span> /var/log/apache2/localsite_access.log combined
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
And a protected virtual host with LemonLDAP::NG as reverse proxy:
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
<span class="kw1">ServerName</span> proxysite.example.com
&nbsp;
PerlHeaderParserHandler My::Package
&nbsp;
<span class="kw1">ProxyPreserveHost</span> <span class="kw2">on</span>
<span class="kw1">ProxyPass</span> / http://APPLICATION_IP/
<span class="kw1">ProxyPassReverse</span> / http://APPLICATION_IP/
&nbsp;
<span class="kw1">ErrorLog</span> /var/log/apache2/proxysite_error.log
<span class="kw1">CustomLog</span> /var/log/apache2/proxysite_access.log combined
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
<p><div class="noteclassic">The <code>ProxyPreserveHost</code> directive will forward the Host header to the protected application
</div></p>
</p>
<p>
<p><div class="notetip">Using the reverse proxy mode, you will not have the <code>REMOTE_USER</code> environment variable set. Indeed, this variable is set by the Handler on the physical server hosting the Handler, and not on other servers where the Handler is not installed.
</p>
<p>
But this magic Apache configuration will let you transform the Auth-User <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> header in <code>REMOTE_USER</code> envronment variable:
</p>
<pre class="code file apache"><span class="kw1">SetEnvIfNoCase</span> Auth-<span class="kw1">User</span> <span class="st0">&quot;(.*)&quot;</span> REMOTE_USER=$<span class="nu0">1</span></pre>
<p>
</div></p>
</p>
</div>
<!-- SECTION "Apache configuration" [198-1899] -->
<h2><a name="lemonldapng_configuration" id="lemonldapng_configuration">LemonLDAP::NG configuration</a></h2>
<div class="level2">
<p>
An apache virtual host protected by LemonLDAP::NG Handler must be registered in LemonLDAP::NG configuration.
</p>
<p>
To do this, use the Manager, and go in <code>Virtual Hosts</code> branch. You can add, delete or modify a virtual host here.
</p>
<p>
A virtual host contains:
</p>
<ul>
<li class="level1"><div class="li"> Access rules: check user&#039;s right on <acronym title="Uniform Resource Locator">URL</acronym> patterns</div>
</li>
<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> headers: forge information sent to protected applications</div>
</li>
<li class="level1"><div class="li"> POST data: use form replay</div>
</li>
<li class="level1"><div class="li"> Options: redirection port and protocol</div>
</li>
</ul>
</div>
<!-- SECTION "LemonLDAP::NG configuration" [1900-2387] -->
<h3><a name="access_rules" id="access_rules">Access rules</a></h3>
<div class="level3">
<p>
There is a <code>default</code> access rule which is used if no other access rule match the current <acronym title="Uniform Resource Locator">URL</acronym>. Else, each access rule refers to an <acronym title="Uniform Resource Locator">URL</acronym> pattern.
</p>
<p>
Access rule value is an expression, evaluated for each request, and returning 1 if user is authorized, 0 else.
</p>
<p>
<a href="/_detail/documentation/manager_access_rule.png?id=documentation%3Alatest%3Aconfigvhost" class="media" title="documentation:manager_access_rule.png"><img src="../../../media/documentation/manager_access_rule.png" class="mediacenter" alt="" /></a>
</p>
<p>
Access rules examples:
</p>
<pre class="code">
(?#Admin access)^/site/.*$ =&gt; $uid eq &quot;admin&quot; or $groups =~ /\bgroup2\b/
(?#Static content)^/(js|css) =&gt; accept
default =&gt; deny
</pre>
<p>
<p><div class="notetip">Rule comments are used in Manager to display the rule. Comments can also be used to sort rules.
</div></p>
</p>
<p>
Access rules accepts special targets:
</p>
<ul>
<li class="level1"><div class="li"> <strong>accept</strong>: all authenticated users can pass</div>
</li>
<li class="level1"><div class="li"> <strong>deny</strong>: nobody is welcomed</div>
</li>
<li class="level1"><div class="li"> <strong>unprotect</strong>: all is open!</div>
</li>
<li class="level1"><div class="li"> <strong>logout_sso</strong>: request is not forwarded to application, <acronym title="Single Sign On">SSO</acronym> session is closed</div>
</li>
<li class="level1"><div class="li"> <strong>logout_app</strong>: request is forwarded to application, <acronym title="Single Sign On">SSO</acronym> session remains open</div>
</li>
<li class="level1"><div class="li"> <strong>logout_app_sso</strong>: request is forwarded to application, <acronym title="Single Sign On">SSO</acronym> session is closed</div>
</li>
</ul>
<p>
<p><div class="notetip">The logout* targets can have an <acronym title="Uniform Resource Locator">URL</acronym> as parameter. By default, user will be redirected on portal if no <acronym title="Uniform Resource Locator">URL</acronym> defined, or on the specified <acronym title="Uniform Resource Locator">URL</acronym> if any.
</div></p>
</p>
</div>
<!-- SECTION "Access rules" [2388-3565] -->
<h3><a name="http_headers" id="http_headers">HTTP headers</a></h3>
<div class="level3">
<p>
Headers are sent to application, they are not visible to users.
</p>
<p>
Headers value can be a single session key or a full <acronym title="Practical Extraction and Report Language">Perl</acronym> expression. For example:
</p>
<pre class="code">
Auth-User =&gt; $uid
Unit =&gt; &#039;Unit-&#039;.$ou
</pre>
<p>
<p><div class="notetip">By default, <acronym title="Single Sign On">SSO</acronym> cookie is hidden, so protected applications cannot get <acronym title="Single Sign On">SSO</acronym> session key. But you can forward this key if it is really needed:
</p>
<pre class="code">
Session-ID =&gt; $_session_id
</pre>
<p>
</div></p>
</p>
</div>
<!-- SECTION "HTTP headers" [3566-3992] -->
<h3><a name="post_data" id="post_data">POST data</a></h3>
<div class="level3">
<p>
<img src="/lib/images/smileys/fixme.gif" class="middle" alt="FIXME" /> Add link to form replay page
</p>
</div>
<!-- SECTION "POST data" [3993-4049] -->
<h3><a name="options" id="options">Options</a></h3>
<div class="level3">
<p>
Two options are available:
</p>
<ul>
<li class="level1"><div class="li"> Port</div>
</li>
<li class="level1"><div class="li"> HTTPS</div>
</li>
</ul>
<p>
These options are used to build redirection <acronym title="Uniform Resource Locator">URL</acronym> (when user is not logged, or for <acronym title="Cross Domain Authentication">CDA</acronym> requests). By default, default values are used. These options are only here to override default values.
</p>
</div>
<!-- SECTION "Options" [4050-] --></div><!-- closes <div class="dokuwiki export">-->

121
build/lemonldap-ng/doc/pages/documentation/latest/error.html
View File

@ -1,121 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="error_messages" id="error_messages">Error messages</a></h1>
<div class="level1">
<p>
<p><div class="noteclassic">This page do not reference all error messages, but only the frequentest
</div></p>
</p>
</div>
<!-- SECTION "Error messages" [1-116] -->
<h2><a name="lemonldapngcommon" id="lemonldapngcommon">Lemonldap::NG::Common</a></h2>
<div class="level2">
<pre class="file">Warning: key is not defined, set it in the manager !</pre>
<p>
→ LemonLDAP::NG uses a key to crypt/decrypt some datas. You have to set its value in Manager.
</p>
</div>
<!-- SECTION "Lemonldap::NG::Common" [117-314] -->
<h2><a name="lemonldapnghandler" id="lemonldapnghandler">Lemonldap::NG::Handler</a></h2>
<div class="level2">
<pre class="file">Unable to clear local cache</pre>
<p>
→ Local cache cannot be cleard, check the localStorage and localStorageOptions or file permissions
</p>
<pre class="file">Status module can not be loaded without localStorage parameter</pre>
<p>
→ You tried to activate Status module without localStorage. Configure local cache first.
</p>
<pre class="file">No configuration found</pre>
<p>
→ The configuration cannot be loaded. Check configStorage and configStorageOptionsor file permissions.
</p>
<pre class="file">User rejected because VirtualHost XXXX has no configuration</pre>
<p>
→ The specified virtual host was not configured in Manager.
</p>
</div>
<!-- SECTION "Lemonldap::NG::Handler" [315-939] -->
<h2><a name="lemonldapngmanager" id="lemonldapngmanager">Lemonldap::NG::Manager</a></h2>
<div class="level2">
<pre class="file">XXXX was not found in tree</pre>
<p>
→ The specified node is not the uploaded tree.
</p>
</div>
<!-- SECTION "Lemonldap::NG::Manager" [940-1065] -->
<h2><a name="lemonldapngportal" id="lemonldapngportal">Lemonldap::NG::Portal</a></h2>
<div class="level2">
<pre class="file">User XXXX was not granted to open session</pre>
<p>
→ Check grantSessionRule parameter.
</p>
<pre class="file">XML menu configuration is deprecated. Please use lmMigrateConfFiles2ini to migrate your menu configuration</pre>
<p>
→ You do not use the new configuration syntax for application list. <acronym title="Extensible Markup Language">XML</acronym> file is no more accepted.
</p>
<pre class="file">Apache is not configured to authenticate users !</pre>
<p>
→ You use the Apache authentication backend, but Apache is not or bad configured (no REMOTE_USER send to LemonLDAP::NG).
</p>
<pre class="file">URL contains a non protected host</pre>
<p>
→ The host is not known by LemonLDAP::NG. Add it to trustedDomains (or set <code>*</code> in trustedDomains to accept all).
</p>
<pre class="file">XSS attack detected</pre>
<p>
→ Some <acronym title="Uniform Resource Locator">URL</acronym> parameters contain forbidden characters.
</p>
</div>
<!-- SECTION "Lemonldap::NG::Portal" [1066-] --></div><!-- closes <div class="dokuwiki export">-->

118
build/lemonldap-ng/doc/pages/documentation/latest/installdeb.html
View File

@ -1,118 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="installation_on_debianubuntu_with_packages" id="installation_on_debianubuntu_with_packages">Installation on Debian/Ubuntu with packages</a></h1>
<div class="level1">
</div>
<!-- SECTION "Installation on Debian/Ubuntu with packages" [1-59] -->
<h2><a name="get_the_packages" id="get_the_packages">Get the packages</a></h2>
<div class="level2">
<p>
If you run Debian testing or unstable, the LemonLDAP::NG packages are directly installable:
</p>
<pre class="code">
# apt-cache search lemonldap-ng
</pre>
<p>
<p><div class="noteimportant">Packages from <a href="http://packages.debian.org/search?keywords=lemonldap-ng" class="urlextern" title="http://packages.debian.org/search?keywords=lemonldap-ng" rel="nofollow">Debian repository</a> may not be up to date. Prefer installing Debian packages <a href="../../download.html" class="wikilink1" title="download">downloaded from this site</a>.
</div></p>
</p>
</div>
<!-- SECTION "Get the packages" [60-443] -->
<h2><a name="build_your_package" id="build_your_package">Build your package</a></h2>
<div class="level2">
<p>
You can also get the <a href="../../download.html" class="wikilink1" title="download">LemonLDAP::NG archive</a> and make the package yourself:
</p>
<pre class="code">
$ tar xzf lemonldap-ng-*.tar.gz
$ cd lemonldap-ng-*
$ debuild
</pre>
</div>
<!-- SECTION "Build your package" [444-641] -->
<h2><a name="install_packages_with_apt-get" id="install_packages_with_apt-get">Install packages with apt-get</a></h2>
<div class="level2">
<pre class="code">
# apt-get install apache2 lemonldap-ng
</pre>
</div>
<!-- SECTION "Install packages with apt-get" [642-739] -->
<h2><a name="install_packages_with_dpkg" id="install_packages_with_dpkg">Install packages with dpkg</a></h2>
<div class="level2">
<p>
Before installing the packages, install <a href="../../documentation/latest/prereq.html" class="wikilink1" title="documentation:latest:prereq">dependencies</a>.
</p>
<p>
Then:
</p>
<pre class="code">
# dpkg -i liblemonldap-ng-* lemonldap-ng*
</pre>
</div>
<!-- SECTION "Install packages with dpkg" [740-909] -->
<h2><a name="file_location" id="file_location">File location</a></h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> Configuration is in /etc/lemonldap-ng</div>
</li>
<li class="level1"><div class="li"> LemonLDAP::NG configuration (edited by the Manager) is in /var/lib/lemonldap-ng/conf/</div>
</li>
<li class="level1"><div class="li"> All <acronym title="Practical Extraction and Report Language">Perl</acronym> modules are in the VENDOR perl directory </div>
</li>
<li class="level1"><div class="li"> All <acronym title="Practical Extraction and Report Language">Perl</acronym> scripts/pages are in /var/lib/lemonldap-ng/</div>
</li>
<li class="level1"><div class="li"> All static content (examples, <acronym title="Cascading Style Sheets">CSS</acronym>, images, etc.) is in /usr/share/lemonldap-ng/</div>
</li>
</ul>
</div>
<!-- SECTION "File location" [910-1265] -->
<h2><a name="change_default_dns_domain" id="change_default_dns_domain">Change default DNS domain</a></h2>
<div class="level2">
<p>
By default, <acronym title="Domain Name System">DNS</acronym> domain is <code>example.com</code>. You can change it quick with a sed command. For example, we change it to ow2.org:
</p>
<pre class="code shell"># sed -i 's/example\.com/ow2.org/g' /etc/lemonldap-ng/* /var/lib/lemonldap-ng/conf/* /var/lib/lemonldap-ng/test/*</pre>
</div>
<!-- SECTION "Change default DNS domain" [1266-] --></div><!-- closes <div class="dokuwiki export">-->

213
build/lemonldap-ng/doc/pages/documentation/latest/installrpm.html
View File

@ -1,213 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="installation_on_redhatcentos" id="installation_on_redhatcentos">Installation on RedHat/CentOS</a></h1>
<div class="level1">
</div>
<!-- SECTION "Installation on RedHat/CentOS" [1-45] -->
<h2><a name="rpms_organization" id="rpms_organization">RPMs organization</a></h2>
<div class="level2">
<p>
LemonLDAP::NG provides many RPMs :
</p>
<ul>
<li class="level1"><div class="li"> lemonldap-ng: meta-package, contains no file but dependencies on other packages</div>
</li>
<li class="level1"><div class="li"> lemonldap-ng-doc: contains <acronym title="HyperText Markup Language">HTML</acronym> documentation and project docs (README, etc.)</div>
</li>
<li class="level1"><div class="li"> lemonldap-ng-conf: contains default configuration (<acronym title="Domain Name System">DNS</acronym> domain: example.com)</div>
</li>
<li class="level1"><div class="li"> lemonldap-ng-test: contains sample <acronym title="Common Gateway Interface">CGI</acronym> test page</div>
</li>
<li class="level1"><div class="li"> lemonldap-ng-handler: contains Apache Handler implementation (agent)</div>
</li>
<li class="level1"><div class="li"> lemonldap-ng-manager: contains administration interface and session explorer</div>
</li>
<li class="level1"><div class="li"> lemonldap-ng-portal: contains authentication portal and menu</div>
</li>
<li class="level1"><div class="li"> perl-Lemonldap-NG-Common: CPAN - Shared modules</div>
</li>
<li class="level1"><div class="li"> perl-Lemonldap-NG-Handler: CPAN - Handler modules</div>
</li>
<li class="level1"><div class="li"> perl-Lemonldap-NG-Manager: CPAN - Manager modules</div>
</li>
<li class="level1"><div class="li"> perl-Lemonldap-NG-Portal: CPAN - Portal modules</div>
</li>
</ul>
<p>
This schema shows the dependencies between modules:
</p>
<p>
<a href="/_detail/documentation/lemonldap-ng-packages.png?id=documentation%3Alatest%3Ainstallrpm" class="media" title="documentation:lemonldap-ng-packages.png"><img src="../../../media/documentation/lemonldap-ng-packages.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- SECTION "RPMs organization" [46-945] -->
<h2><a name="get_the_packages" id="get_the_packages">Get the packages</a></h2>
<div class="level2">
<p>
For now, RPMS are only available on the <a href="../../download.html" class="wikilink1" title="download">Download page</a>.
</p>
</div>
<!-- SECTION "Get the packages" [946-1045] -->
<h2><a name="build_your_packages" id="build_your_packages">Build your packages</a></h2>
<div class="level2">
<p>
If you need it, you can rebuild RPMs:
</p>
<ul>
<li class="level1"><div class="li"> Install rpm-build package</div>
</li>
<li class="level1"><div class="li"> Install all build dependencies (see BuildRequires in lemonldap-ng.<acronym title="specification">spec</acronym>)</div>
</li>
<li class="level1"><div class="li"> Put lemonldap-ng.<acronym title="specification">spec</acronym> in %_topdir/SPECS</div>
</li>
<li class="level1"><div class="li"> Put LemonLDAP::NG tarball in %_topdir/SOURCES</div>
</li>
<li class="level1"><div class="li"> Edit ~/.rpmmacros and set your build parameters (example for RHEL5):</div>
</li>
</ul>
<pre class="file">
%_topdir /home/user/build
%dist .el5
%rhel 5
</pre>
<ul>
<li class="level1"><div class="li"> Go to %_topdir</div>
</li>
<li class="level1"><div class="li"> Build:</div>
</li>
</ul>
<pre class="code">
$ rpmbuild -ba SPECS/lemonldap-ng.spec
</pre>
</div>
<!-- SECTION "Build your packages" [1046-1534] -->
<h2><a name="package_gpg_signature" id="package_gpg_signature">Package GPG signature</a></h2>
<div class="level2">
<p>
The GPG key can be downloaded here: <a href="../media/rpm-gpg-key-ow2" class="media mediafile mf_" title="rpm-gpg-key-ow2">rpm-gpg-key-ow2</a>
</p>
<p>
Install it to trust RPMs:
</p>
<pre class="code">
# rpm --import rpm-gpg-key-ow2
</pre>
</div>
<!-- SECTION "Package GPG signature" [1535-1703] -->
<h2><a name="install_packages_with_yum" id="install_packages_with_yum">Install packages with yum</a></h2>
<div class="level2">
<p>
If the packages are stored in a yum repository:
</p>
<pre class="code">
# yum install lemonldap-ng
</pre>
<p>
You can also use yum on local RPMs file, to manage dependencies:
</p>
<pre class="code">
# yum install lemonldap-ng-* perl-Lemonldap-NG-*
</pre>
</div>
<!-- SECTION "Install packages with yum" [1704-1963] -->
<h2><a name="install_packages_with_rpm" id="install_packages_with_rpm">Install packages with rpm</a></h2>
<div class="level2">
<p>
Before installing the packages, install <a href="../../documentation/latest/prereq.html" class="wikilink1" title="documentation:latest:prereq">dependencies</a>.
</p>
<p>
You have then to install all the downloaded packages:
</p>
<pre class="code">
# rpm -Uvh lemonldap-ng-* perl-Lemonldap-NG-*
</pre>
</div>
<!-- SECTION "Install packages with rpm" [1964-2184] -->
<h2><a name="install_just_one_component" id="install_just_one_component">Install just one component</a></h2>
<div class="level2">
<p>
You can choose to install only one component by choosing the package lemonldap-ng-portal, lemonldap-ng-handler or lemonldap-ng-manager. Install the package lemonldap-ng-conf only on the server which stores configuration.
</p>
</div>
<!-- SECTION "Install just one component" [2185-2446] -->
<h2><a name="file_location" id="file_location">File location</a></h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> Configuration is in /etc/lemonldap-ng</div>
</li>
<li class="level1"><div class="li"> LemonLDAP::NG configuration (edited by the Manager) is in /var/lib/lemonldap-ng/conf/</div>
</li>
<li class="level1"><div class="li"> All <acronym title="Practical Extraction and Report Language">Perl</acronym> modules are in the VENDOR perl directory </div>
</li>
<li class="level1"><div class="li"> All <acronym title="Practical Extraction and Report Language">Perl</acronym> scripts/pages are in /var/lib/lemonldap-ng/</div>
</li>
<li class="level1"><div class="li"> All static content (examples, <acronym title="Cascading Style Sheets">CSS</acronym>, images, etc.) is in /usr/share/lemonldap-ng/</div>
</li>
</ul>
</div>
<!-- SECTION "File location" [2447-2802] -->
<h2><a name="change_default_dns_domain" id="change_default_dns_domain">Change default DNS domain</a></h2>
<div class="level2">
<p>
By default, <acronym title="Domain Name System">DNS</acronym> domain is <code>example.com</code>. You can change it quick with a sed command. For example, we change it to <code>ow2.org</code>:
</p>
<pre class="code">
# sed -i &#039;s/example\.com/ow2.org/g&#039; /etc/lemonldap-ng/* /var/lib/lemonldap-ng/conf/lmConf-1 /var/lib/lemonldap-ng/test/index.pl
</pre>
</div>
<!-- SECTION "Change default DNS domain" [2803-] --></div><!-- closes <div class="dokuwiki export">-->

202
build/lemonldap-ng/doc/pages/documentation/latest/installtarball.html
View File

@ -1,202 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="installation_from_the_tarball" id="installation_from_the_tarball">Installation from the tarball</a></h1>
<div class="level1">
</div>
<!-- SECTION "Installation from the tarball" [1-45] -->
<h2><a name="get_the_tarball" id="get_the_tarball">Get the tarball</a></h2>
<div class="level2">
<p>
Get the tarball from <a href="../../download.html" class="wikilink1" title="download">download page</a>. You can also find on this page the SVN tarball if you want to test latest features.
</p>
<p>
<p><div class="noteimportant">The content of the SVN tarball is not the same as the official tarball. Please see the next chapter to learn how build an official tarball from SVN files.
</div></p>
</p>
</div>
<!-- SECTION "Get the tarball" [46-388] -->
<h2><a name="build_the_tarball_from_svn" id="build_the_tarball_from_svn">Build the tarball from SVN</a></h2>
<div class="level2">
<p>
Either checkout or export the SVN repository, or extract the SVN tarball to get the SVN files on your disk.
</p>
<p>
Then go to build directory:
</p>
<pre class="code">
$ cd trunk/build/lemonldap-ng
</pre>
<p>
And run the “dist” target:
</p>
<pre class="code">
$ make dist
</pre>
<p>
The generated tarball is in the current directory.
</p>
</div>
<!-- SECTION "Build the tarball from SVN" [389-718] -->
<h2><a name="extraction" id="extraction">Extraction</a></h2>
<div class="level2">
<p>
Just run the tar command:
</p>
<pre class="code">
$ tar zxvf lemonldap-ng-*.tar.gz
</pre>
</div>
<!-- SECTION "Extraction" [719-817] -->
<h2><a name="installation" id="installation">Installation</a></h2>
<div class="level2">
<p>
First check and install the <a href="../../documentation/latest/prereq.html" class="wikilink1" title="documentation:latest:prereq">prerequisites</a>.
</p>
<p>
For full install:
</p>
<pre class="code">
$ cd lemonldap-ng-*
$ make
$ make configure
$ make test
$ sudo make install
</pre>
<p>
You can modify location of default storage configuration file in configure target:
</p>
<pre class="code">
$ sudo make configure STORAGECONFFILE=/etc/lemonldap-ng/lemonldap-ng.ini
</pre>
<p>
You can choose other Makefile targets:
</p>
<ul>
<li class="level1"><div class="li"> <acronym title="Practical Extraction and Report Language">Perl</acronym> libraries install :</div>
<ul>
<li class="level2"><div class="li"> install_libs (all <acronym title="Practical Extraction and Report Language">Perl</acronym> libraries)</div>
</li>
<li class="level2"><div class="li"> install_portal_libs</div>
</li>
<li class="level2"><div class="li"> install_manager_libs</div>
</li>
<li class="level2"><div class="li"> install_handler_libs</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> Binaries install :</div>
<ul>
<li class="level2"><div class="li"> install_bin (/usr/local/lemonldap-ng/bin)</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> Web sites install :</div>
<ul>
<li class="level2"><div class="li"> install_site (all sites including install_doc_site)</div>
</li>
<li class="level2"><div class="li"> install_portal_site (/usr/local/lemonldap-ng/htdocs/portal)</div>
</li>
<li class="level2"><div class="li"> install_manager_site (/usr/local/lemonldap-ng/htdocs/manager)</div>
</li>
<li class="level2"><div class="li"> install_handler_site (/usr/local/lemonldap-ng/handler)</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> Documentation install :</div>
<ul>
<li class="level2"><div class="li"> install_doc_site (/usr/local/lemonldap-ng/htdocs/doc)</div>
</li>
<li class="level2"><div class="li"> install_examples_site (/usr/local/lemonldap-ng/examples)</div>
</li>
</ul>
</li>
</ul>
<p>
You can also pass parameters to the make install command, with this syntax:
</p>
<pre class="code">
$ sudo make install PARAM=VALUE PARAM=VALUE ...
</pre>
<p>
Available parameters are:
</p>
<ul>
<li class="level1"><div class="li"> <strong>ERASECONFIG</strong>: set to 0 if you want to keep your configuration files (default: 1)</div>
</li>
<li class="level1"><div class="li"> <strong>DESTDIR</strong>: only for packaging, install the product in a jailroot (default: ””)</div>
</li>
<li class="level1"><div class="li"> <strong>PREFIX</strong>: installation directory (default: /usr/local)</div>
</li>
<li class="level1"><div class="li"> <strong>STORAGECONFFILE</strong>: location of default storage configuration file (default: /usr/local/lemonldap-ng/etc/lemonldap-ng.ini)</div>
</li>
<li class="level1"><div class="li"> <strong>CRONDIR</strong>: Cronfile directory (default: $PREFIX/etc/lemonldap-ng/cron.d)</div>
</li>
<li class="level1"><div class="li"> <strong>APACHEUSER</strong>: user running Apache</div>
</li>
<li class="level1"><div class="li"> <strong>APACHEGROUP</strong>: group running Apache</div>
</li>
<li class="level1"><div class="li"> <strong>DNSDOMAIN</strong>: Main <acronym title="Domain Name System">DNS</acronym> domain (default: example.com) </div>
</li>
<li class="level1"><div class="li"> <strong>LDAPHOST</strong>: <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> server (default: localhost)</div>
</li>
<li class="level1"><div class="li"> <strong>LDAPPORT</strong>: <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> port (default: 389)</div>
</li>
<li class="level1"><div class="li"> <strong>LDAPSUFFIX</strong>: <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> suffix (default: dc=example,dc=com)</div>
</li>
<li class="level1"><div class="li"> <strong>APACHEVERSION</strong>: Apache major version (default: 2)</div>
</li>
<li class="level1"><div class="li"> <strong>VHOSTLISTEN</strong>: how listen parameter is configured for virtual hosts in Apache (default: \*:80)</div>
</li>
</ul>
</div>
<!-- SECTION "Installation" [818-] --></div><!-- closes <div class="dokuwiki export">-->

101
build/lemonldap-ng/doc/pages/documentation/latest/logs.html
View File

@ -1,101 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="logs" id="logs">Logs</a></h1>
<div class="level1">
</div>
<!-- SECTION "Logs" [1-20] -->
<h2><a name="apache_logging" id="apache_logging">Apache logging</a></h2>
<div class="level2">
<p>
By default, LemonLDAP::NG uses Apache logs to store user actions and other messages:
</p>
<ul>
<li class="level1"><div class="li"> Error log: all messages emitted by the program, depending on the configured log level</div>
</li>
<li class="level1"><div class="li"> Access log: the issuer of each request is identified</div>
</li>
</ul>
<p>
The log level can be set with Apache <code>LogLevel</code> parameter. It can be configured globally, or inside a virtual host.
</p>
<p>
See <a href="http://httpd.apache.org/docs/2.2/mod/core.html#loglevel" class="urlextern" title="http://httpd.apache.org/docs/2.2/mod/core.html#loglevel" rel="nofollow">http://httpd.apache.org/docs/2.2/mod/core.html#loglevel</a> for more information.
</p>
<p>
To configure the user identifier in access log, go in Manager, <code>General Parameters</code> &gt; <code>Logging</code> &gt; <code>REMOTE_USER</code>.
</p>
</div>
<!-- SECTION "Apache logging" [21-607] -->
<h2><a name="syslog" id="syslog">Syslog</a></h2>
<div class="level2">
<p>
LemonLDAP::NG can also use syslog (only for user actions).
</p>
<p>
In Manager, set syslog facility in <code>General Parameters</code> &gt; <code>Logging</code> &gt; <code>Syslog facility</code>.
</p>
<p>
The messages are stored with the facilities :
</p>
<ul>
<li class="level1"><div class="li"> <strong>info</strong> for user actions</div>
</li>
<li class="level1"><div class="li"> <strong>notice</strong> for good authentications or external exchange (<acronym title="Security Assertion Markup Language">SAML</acronym>, OpenID,…)</div>
</li>
<li class="level1"><div class="li"> <strong>warn</strong> for failed authentications</div>
</li>
</ul>
</div>
<!-- SECTION "Syslog" [608-980] -->
<h2><a name="override_logging_functions" id="override_logging_functions">Override logging functions</a></h2>
<div class="level2">
<p>
You can customize logs by redefining userNotice() and userError() methods, directly in <code>lemonldap-ng.ini</code>
</p>
<p>
Example:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">userError</span> <span class="sy0">=</span><span class="re2"> sub <span class="br0">&#123;</span> my <span class="br0">&#40;</span>$self, $message<span class="br0">&#41;</span> <span class="sy0">=</span> @_</span><span class="co0">; ... }</span>
<span class="re1">userNotice</span> <span class="sy0">=</span><span class="re2"> sub <span class="br0">&#123;</span> my <span class="br0">&#40;</span>$self, $message<span class="br0">&#41;</span> <span class="sy0">=</span> @_</span><span class="co0">; ... }</span></pre>
</div>
<!-- SECTION "Override logging functions" [981-] --></div><!-- closes <div class="dokuwiki export">-->

462
build/lemonldap-ng/doc/pages/documentation/latest/parameterlist.html
View File

@ -1,462 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="parameter_list" id="parameter_list">Parameter list</a></h1>
<div class="level1">
<p>
<p><div class="notetip">
Click on a column header to sort table.
The attribute key name can be used directly in <code>lemonldap-ng.ini</code> or in <acronym title="Practical Extraction and Report Language">Perl</acronym> scripts to override configuration parameters (see <a href="../../documentation/latest/configlocation.html" class="wikilink1" title="documentation:latest:configlocation">configuration location</a>).
</div></p>
</p>
<p>
<div class="sortable sort2"><table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Full name </th><th class="col1 centeralign"> Key name </th><th class="col2 centeralign"> Portal </th><th class="col3 leftalign"> Handler </th><th class="col4 leftalign"> Manager </th>
</tr>
<tr class="row1 rowodd">
<td class="col0"> Authentication backend </td><td class="col1"> authentication </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> User backend </td><td class="col1"> userDB </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row3 rowodd">
<td class="col0"> Password backend </td><td class="col1"> passwordDB </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row4 roweven">
<td class="col0"> Session backend </td><td class="col1"> globalStorage </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row5 rowodd">
<td class="col0"> Session backend options </td><td class="col1"> globalStorageOptions </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row6 roweven">
<td class="col0"> <acronym title="Security Assertion Markup Language">SAML</acronym> Session backend </td><td class="col1"> samlStorage </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row7 rowodd">
<td class="col0"> <acronym title="Security Assertion Markup Language">SAML</acronym> Session backend options </td><td class="col1"> samlStorageOptions </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row8 roweven">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> Session backend </td><td class="col1"> casStorage </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row9 rowodd">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> Session backend options </td><td class="col1"> casStorageOptions </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row10 roweven">
<td class="col0"> Configuration backend </td><td class="col1"> configStorage </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td>
</tr>
<tr class="row11 rowodd">
<td class="col0"> Cache backend </td><td class="col1"> localStorage </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td>
</tr>
<tr class="row12 roweven">
<td class="col0"> Cache backend options </td><td class="col1"> localStorageOptions </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td>
</tr>
<tr class="row13 rowodd">
<td class="col0"> Notification backend </td><td class="col1"> notificationStorage </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row14 roweven">
<td class="col0"> Notification backend options </td><td class="col1"> notificationStorageOptions </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row15 rowodd">
<td class="col0"> Remote user </td><td class="col1"> whatToTrace </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row16 roweven">
<td class="col0"> Custom functions </td><td class="col1"> customFunctions </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td>
</tr>
<tr class="row17 rowodd">
<td class="col0 leftalign"> Headers sent </td><td class="col1"> exportedHeaders </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row18 roweven">
<td class="col0"> Access rules </td><td class="col1"> locationRules </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row19 rowodd">
<td class="col0"> Portal <acronym title="Uniform Resource Locator">URL</acronym> </td><td class="col1"> portal </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row20 roweven">
<td class="col0"> Name of the cookie </td><td class="col1"> cookieName </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row21 rowodd">
<td class="col0"> Main <acronym title="Domain Name System">DNS</acronym> domain </td><td class="col1"> domain </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row22 roweven">
<td class="col0"> <acronym title="Cross Domain Authentication">CDA</acronym> activation </td><td class="col1"> cda </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row23 rowodd">
<td class="col0"> Cookie security </td><td class="col1"> securedCookie </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row24 roweven">
<td class="col0"> Cookie expiration </td><td class="col1"> cookieExpiration </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row25 rowodd">
<td class="col0"> Attributes from user backend </td><td class="col1"> exportedVars </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row26 roweven">
<td class="col0"> Local groups </td><td class="col1 leftalign"> groups </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row27 rowodd">
<td class="col0"> Macros </td><td class="col1 leftalign"> macros </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row28 roweven">
<td class="col0"> Session lifetime for cronjob </td><td class="col1"> timeout </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row29 rowodd">
<td class="col0"> Syslog facility </td><td class="col1"> syslog </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row30 roweven">
<td class="col0"> <acronym title="Simple Object Access Protocol">SOAP</acronym> activation </td><td class="col1"> Soap </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row31 rowodd">
<td class="col0"> Attributes exported in <acronym title="Simple Object Access Protocol">SOAP</acronym> </td><td class="col1 leftalign"> exportedAttr </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row32 roweven">
<td class="col0"> Store password in session </td><td class="col1"> storePassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row33 rowodd">
<td class="col0"> Notification activation </td><td class="col1"> notification </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row34 roweven">
<td class="col0"> Trusted domains </td><td class="col1"> trustedDomains </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row35 rowodd">
<td class="col0"> Rule for session granting </td><td class="col1"> grantSessionRule </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row36 roweven">
<td class="col0"> Status module </td><td class="col1"> status </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row37 rowodd">
<td class="col0"> Force HTTPS in redirection </td><td class="col1"> https </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row38 roweven">
<td class="col0"> Force port in redirection </td><td class="col1"> port </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td>
</tr>
<tr class="row39 rowodd">
<td class="col0"> Protection scheme </td><td class="col1"> protection </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4 centeralign"></td>
</tr>
<tr class="row40 roweven">
<td class="col0"> Use XForwardedFor for <acronym title="Internet Protocol">IP</acronym> </td><td class="col1"> useXForwardedForIP </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4 centeralign"></td>
</tr>
<tr class="row41 rowodd">
<td class="col0"> Multi values separator </td><td class="col1 leftalign"> multiValuesSeparator </td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 centeralign"></td>
</tr>
<tr class="row42 roweven">
<td class="col0"> <acronym title="Simple Mail Transfer Protocol">SMTP</acronym> server </td><td class="col1"> SMTPServer </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row43 rowodd">
<td class="col0 leftalign"> Mail From address </td><td class="col1"> mailFrom </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row44 roweven">
<td class="col0"> Regular expression for random password </td><td class="col1"> randomPasswordRegexp </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row45 rowodd">
<td class="col0"> Subject for password mail </td><td class="col1"> mailSubject </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row46 roweven">
<td class="col0"> Body for password mail </td><td class="col1"> mailBody </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row47 rowodd">
<td class="col0"> Subject for confirmation mail </td><td class="col1"> mailConfirmSubject </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row48 roweven">
<td class="col0"> Body for confirmation mail </td><td class="col1"> mailConfirmBody </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row49 rowodd">
<td class="col0"> <acronym title="Uniform Resource Locator">URL</acronym> for mail reset </td><td class="col1"> mailUrl </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row50 roweven">
<td class="col0"> Skin name </td><td class="col1"> portalSkin </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row51 rowodd">
<td class="col0"> Display logout module </td><td class="col1"> portalDisplayLogout </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row52 roweven">
<td class="col0"> Display reset password form </td><td class="col1"> portalDisplayResetPassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row53 rowodd">
<td class="col0"> Display change password module </td><td class="col1"> portalDisplayChangePassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row54 roweven">
<td class="col0"> Display applications list </td><td class="col1"> portalDisplayAppslist </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row55 rowodd">
<td class="col0"> Allow form autocompletion </td><td class="col1"> portalAutocomplete </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row56 roweven">
<td class="col0"> Require old password (change) </td><td class="col1"> portalRequireOldPassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row57 rowodd">
<td class="col0"> User name session field </td><td class="col1"> portalUserAttr </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row58 roweven">
<td class="col0"> Open links in new window </td><td class="col1"> portalOpenLinkInNewWindow </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row59 rowodd">
<td class="col0"> Anti frame protection </td><td class="col1"> portalAntiFrame </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row60 roweven">
<td class="col0"> Delete other session </td><td class="col1"> singleSession </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row61 rowodd">
<td class="col0"> Delete other session if <acronym title="Internet Protocol">IP</acronym> differs </td><td class="col1"> singleIP </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row62 roweven">
<td class="col0"> Do not allow several users for 1 <acronym title="Internet Protocol">IP</acronym> </td><td class="col1"> singleUserByIP </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row63 rowodd">
<td class="col0"> Display other sessions </td><td class="col1"> notifyOther </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row64 roweven">
<td class="col0"> Display deleted sessions </td><td class="col1"> notifyDeleted </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row65 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> server or Net::<acronym title="Lightweight Directory Access Protocol">LDAP</acronym> connexion string </td><td class="col1"> ldapServer </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row66 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> Port </td><td class="col1"> ldapPort </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row67 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> search base </td><td class="col1"> ldapBase </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row68 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> Bind <acronym title="Distinguished Name">DN</acronym> </td><td class="col1"> managerDn </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row69 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> Bind Password </td><td class="col1"> managerPassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row70 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> main search filter </td><td class="col1"> LDAPFilter </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row71 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> authentication search filter </td><td class="col1"> AuthLDAPFilter </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row72 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> mail search filter </td><td class="col1"> mailLDAPFilter </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row73 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> password policy control </td><td class="col1"> ldapPpolicyControl </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row74 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> extended SetPassword modify </td><td class="col1"> ldapSetPassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row75 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups base </td><td class="col1"> ldapGroupBase </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row76 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups objectClass </td><td class="col1"> ldapGroupObjectClass </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row77 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups member attribute </td><td class="col1"> ldapGroupAttributeName </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row78 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups member link value </td><td class="col1"> ldapGroupAttributeNameUser </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row79 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> groups name attribute </td><td class="col1"> ldapGroupAttributeNameSearch </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row80 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> activate recursive groups </td><td class="col1"> ldapGroupRecursive </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row81 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> group link attribute name </td><td class="col1"> ldapGroupAttributeNameGroup </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row82 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> change password as user </td><td class="col1"> ldapChangePasswordAsUser </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row83 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> password encoding </td><td class="col1"> ldapPwdEnc </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row84 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> timeout </td><td class="col1"> ldapTimeout </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row85 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> version </td><td class="col1"> ldapVersion </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row86 roweven">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> binary attributes </td><td class="col1"> ldapRaw </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row87 rowodd">
<td class="col0"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> authentication level </td><td class="col1"> ldapAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row88 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Connection chain </td><td class="col1"> dbiAuthChain </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row89 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Connection user </td><td class="col1"> dbiAuthUser</td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row90 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Connection password </td><td class="col1"> dbiAuthPassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row91 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Authentication table </td><td class="col1"> dbiAuthTable </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row92 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Login column </td><td class="col1"> dbiAuthLoginCol </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row93 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Password column </td><td class="col1"> dbiAuthPasswordCol </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row94 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Password hash </td><td class="col1"> dbiAuthPasswordHash </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row95 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> UserDB connection chain </td><td class="col1"> dbiUserChain </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row96 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> UserDB connection user </td><td class="col1"> dbiUserUser </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row97 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> UserDB connection password </td><td class="col1"> dbiUserPassword </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row98 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> UserDB table </td><td class="col1"> dbiUserTable </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row99 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Mail column </td><td class="col1"> dbiPasswordMailCol </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row100 roweven">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> Pivot from user table </td><td class="col1"> userPivot </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row101 rowodd">
<td class="col0"> <acronym title="Database Interface">DBI</acronym> authentication level </td><td class="col1"> dbiAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row102 roweven">
<td class="col0"> <acronym title="Secure Sockets Layer">SSL</acronym> user field in certificate </td><td class="col1"> SSLVar </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row103 rowodd">
<td class="col0"> <acronym title="Secure Sockets Layer">SSL</acronym> map with <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> attribute </td><td class="col1"> SSLLDAPField </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row104 roweven">
<td class="col0"> <acronym title="Secure Sockets Layer">SSL</acronym> force <acronym title="Secure Sockets Layer">SSL</acronym> authentication </td><td class="col1"> SSLRequire </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row105 rowodd">
<td class="col0"> <acronym title="Secure Sockets Layer">SSL</acronym> authentication level </td><td class="col1"> SSLAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row106 roweven">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> server <acronym title="Uniform Resource Locator">URL</acronym> </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_url </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row107 rowodd">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> CA file </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_CAFile </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row108 roweven">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> force authentication renewal </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_renew </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row109 rowodd">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> force gateway authentication </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_gateway </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row110 roweven">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> <acronym title="Proxy Granting Ticket">PGT</acronym> temporary file </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_pgtFile </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row111 rowodd">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> proxied services </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_proxiedServices </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row112 roweven">
<td class="col0"> <acronym title="Central Authentication Service">CAS</acronym> authentication level </td><td class="col1"> <acronym title="Central Authentication Service">CAS</acronym>_authnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row113 rowodd">
<td class="col0"> Remote portal </td><td class="col1"> remotePortal </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row114 roweven">
<td class="col0"> Remote Session backend </td><td class="col1"> remoteGlobalStorage </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row115 rowodd">
<td class="col0"> Remote Session backend options </td><td class="col1"> remoteGlobalStorageOptions </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row116 roweven">
<td class="col0"> Remote cookie name </td><td class="col1"> remoteCookieName </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row117 rowodd">
<td class="col0"> Proxy portal <acronym title="Uniform Resource Locator">URL</acronym> </td><td class="col1"> soapAuthService </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row118 roweven">
<td class="col0"> Proxy cookie name </td><td class="col1"> remoteCookieName </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row119 rowodd">
<td class="col0"> Proxy session <acronym title="Simple Object Access Protocol">SOAP</acronym> end point </td><td class="col1"> soapSessionService </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row120 roweven">
<td class="col0"> Twitter application key </td><td class="col1"> twitterKey </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row121 rowodd">
<td class="col0"> Twitter application secret </td><td class="col1"> twitterSecret </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row122 roweven">
<td class="col0"> Twitter application name </td><td class="col1"> twitterAppName </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row123 rowodd">
<td class="col0"> Twitter authentication level </td><td class="col1"> twitterAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row124 roweven">
<td class="col0"> OpenID secret token </td><td class="col1"> openIdSecret </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row125 rowodd">
<td class="col0"> OpenID allowed domains </td><td class="col1"> openIdIDPList </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row126 roweven">
<td class="col0"> OpenID authentication level </td><td class="col1"> openIdAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row127 rowodd">
<td class="col0"> Apache authentication level </td><td class="col1"> apacheAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row128 roweven">
<td class="col0"> Null authentication level </td><td class="col1"> nullAuthnLevel </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row129 rowodd">
<td class="col0"> Choice <acronym title="Uniform Resource Locator">URL</acronym> parameter </td><td class="col1"> authChoiceParam </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row130 roweven">
<td class="col0"> Choice modules </td><td class="col1"> authChoiceModules </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row131 rowodd">
<td class="col0"> Multi overridden parameters </td><td class="col1"> multi </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row132 roweven">
<td class="col0"> Zimbra preauthentication key </td><td class="col1"> zimbraPreAuthKey </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row133 rowodd">
<td class="col0"> Zimbra account session key </td><td class="col1"> zimbraAccountKey </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row134 roweven">
<td class="col0"> Zimbra account type </td><td class="col1"> zimbraBy </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row135 rowodd">
<td class="col0"> Zimbra preauthentication <acronym title="Uniform Resource Locator">URL</acronym> </td><td class="col1"> zimbraUr </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row136 roweven">
<td class="col0"> Zimbra local <acronym title="Single Sign On">SSO</acronym> <acronym title="Uniform Resource Locator">URL</acronym> pattern </td><td class="col1"> zimbraSsoUrl </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row137 rowodd">
<td class="col0"> Sympa shared secret </td><td class="col1"> sympaSecret </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
<tr class="row138 roweven">
<td class="col0"> Sympa mail session key </td><td class="col1"> sympaMailKey </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td>
</tr>
</table>
</div>
</p>
</div>
</div><!-- closes <div class="dokuwiki export">-->

151
build/lemonldap-ng/doc/pages/documentation/latest/portalcustom.html
View File

@ -1,151 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="portal_customization" id="portal_customization">Portal customization</a></h1>
<div class="level1">
<p>
<p><div class="noteclassic">The portal is the visible part of LemonLDAP::NG, all user interactions are displayed on it.
</div></p>
</p>
</div>
<!-- SECTION "Portal customization" [1-142] -->
<h2><a name="skin" id="skin">Skin</a></h2>
<div class="level2">
<p>
LemonLDAP::NG is shipped with 3 skins:
</p>
<ul>
<li class="level1"><div class="li"> pastel</div>
</li>
<li class="level1"><div class="li"> impact</div>
</li>
<li class="level1"><div class="li"> dark</div>
</li>
</ul>
<p>
You can change the skin in Manager: <code>General Parameters</code> &gt; <code>Portal</code> &gt; <code>Customization</code> &gt; <code>Skin</code>.
</p>
</div>
<!-- SECTION "Skin" [143-336] -->
<h3><a name="skin_files" id="skin_files">Skin files</a></h3>
<div class="level3">
<p>
A skin is composed of different files:
</p>
<ul>
<li class="level1"><div class="li"> <strong>.tpl</strong>: <acronym title="Practical Extraction and Report Language">Perl</acronym> <acronym title="HyperText Markup Language">HTML</acronym>::Template files, for <acronym title="HyperText Markup Language">HTML</acronym> content</div>
</li>
<li class="level1"><div class="li"> <strong>.css</strong>: <acronym title="Cascading Style Sheets">CSS</acronym> (styles)</div>
</li>
<li class="level1"><div class="li"> <strong>.js</strong>: Javascript</div>
</li>
<li class="level1"><div class="li"> images and other media files</div>
</li>
</ul>
<p>
A skin will often refer to the <code>common</code> skin, which is not a real skin, but shared skin objects (like scripts, images and <acronym title="Cascading Style Sheets">CSS</acronym>).
</p>
</div>
<!-- SECTION "Skin files" [337-671] -->
<h3><a name="skin_customization" id="skin_customization">Skin customization</a></h3>
<div class="level3">
<p>
<p><div class="noteimportant">If you modify directly the skin files, your modifications will certainly be erased on the next upgrade.
</div></p>
</p>
<p>
To customize a skin, the simplest way is to create a new skin folder:
</p>
<pre class="code">
$ cd portal/skins
$ mkdir myskin
$ mkdir myskin/css
$ mkdir myskin/images
</pre>
<p>
Then create symbolic links on template files, as you might not want to rewrite all <acronym title="HyperText Markup Language">HTML</acronym> code (else, do as you want).
</p>
<pre class="code">
$ cd myskin
$ ln -s ../pastel/*.tpl .
</pre>
<p>
Then you <em>only</em> have to write <code>myskin/css/styles.css</code> and add your media to <code>myskin/images</code>.
</p>
<p>
As your skin is not registered in Manager, configure it trough <code>lemonldap-ng.ini</code>:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">portalSkin</span> <span class="sy0">=</span><span class="re2"> myskin</span></pre>
</div>
<!-- SECTION "Skin customization" [672-1394] -->
<h2><a name="other_parameters" id="other_parameters">Other parameters</a></h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> <strong>Reset password</strong>: display a link to reset a password (for password based authentication backends)</div>
</li>
<li class="level1"><div class="li"> <strong>Auto complete</strong>: allow the browser to remember the password (for password based authentication backends)</div>
</li>
<li class="level1"><div class="li"> <strong>Require old password</strong>: used only in the password changing module of the menu, will check the old password before updating it</div>
</li>
<li class="level1"><div class="li"> <strong>User attribute</strong>: which session attribute will be used to display <code>Connected as</code> in the menu</div>
</li>
<li class="level1"><div class="li"> <strong>New window</strong>: open menu links in new window</div>
</li>
<li class="level1"><div class="li"> <strong>Anti iframe protection</strong>: will kill parent frames to avoid some well known attacks</div>
</li>
</ul>
<p>
<p><div class="noteimportant">If you enable auto completion, authentication level will be decreased (-1) as you do not ask the user to type its password (it could be in browser passwords wallet).
</div></p>
</p>
</div>
<!-- SECTION "Other parameters" [1395-] --></div><!-- closes <div class="dokuwiki export">-->

120
build/lemonldap-ng/doc/pages/documentation/latest/portalmenu.html
View File

@ -1,120 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="portal_menu" id="portal_menu">Portal menu</a></h1>
<div class="level1">
<p>
<p><div class="noteclassic">The menu is displayed if authentication is successful.
</div></p>
</p>
</div>
<!-- SECTION "Portal menu" [1-96] -->
<h2><a name="menu_modules" id="menu_modules">Menu modules</a></h2>
<div class="level2">
<p>
LemonLDAP::NG portal menu has 3 modules:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Application list</strong>: display categories and applications allowed for the user</div>
</li>
<li class="level1"><div class="li"> <strong>Password change</strong>: form to change the password</div>
</li>
<li class="level1"><div class="li"> <strong>Logout</strong>: logout button</div>
</li>
</ul>
<p>
Each module can be activated trough a rule, using user session information. These rules can be set trough Manager: <code>General Parameters</code> &gt; <code>Portal</code> &gt; <code>Menu</code> &gt; <code>Modules activation</code>.
</p>
<p>
You can use <code>0</code> or <code>1</code> to disable/enable the module, or use a more complex rule. For example, to display the password change form only for user authenticated trough <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> or <acronym title="Database Interface">DBI</acronym>:
</p>
<pre class="code perl"><span class="re0">$_auth</span> <span class="kw1">eq</span> LDAP <span class="kw1">or</span> <span class="re0">$_auth</span> <span class="kw1">eq</span> DBI</pre>
</div>
<!-- SECTION "Menu modules" [97-755] -->
<h2><a name="categories_and_applications" id="categories_and_applications">Categories and applications</a></h2>
<div class="level2">
<p>
<a href="../../documentation/latest/configvhost.html" class="wikilink1" title="documentation:latest:configvhost">Configuring the virtual hosts</a> is not sufficient to display an application in the menu. Indeed, a virtual host can contain several applications (<a href="http://vhost.example.com/appli1" class="urlextern" title="http://vhost.example.com/appli1" rel="nofollow">http://vhost.example.com/appli1</a>, <a href="http://vhost.example.com/appli2" class="urlextern" title="http://vhost.example.com/appli2" rel="nofollow">http://vhost.example.com/appli2</a>).
</p>
<p>
In Manager, you can configure categories and applications in <code>General Parameters</code> &gt; <code>Portal</code> &gt; <code>Menu</code> &gt; <code>Categories and applications</code>.
</p>
<p>
Category parameters:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Key</strong>: category identifier</div>
</li>
<li class="level1"><div class="li"> <strong>Name</strong>: display text</div>
</li>
</ul>
<p>
Application parameters:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Key</strong>: application identifier</div>
</li>
<li class="level1"><div class="li"> <strong>Name</strong>: display text</div>
</li>
<li class="level1"><div class="li"> <strong>Address</strong>: <acronym title="Uniform Resource Locator">URL</acronym> of application</div>
</li>
<li class="level1"><div class="li"> <strong>Description</strong></div>
</li>
<li class="level1"><div class="li"> <strong>Logo</strong>: file name to use as logo (should be in portal application logos directory)</div>
</li>
<li class="level1"><div class="li"> <strong>Display</strong>:</div>
<ul>
<li class="level2"><div class="li"> <strong>auto</strong>: display only if the user can access it</div>
</li>
<li class="level2"><div class="li"> <strong>on</strong>: always display</div>
</li>
<li class="level2"><div class="li"> <strong>off</strong>: never display</div>
</li>
</ul>
</li>
</ul>
<p>
<p><div class="notetip">Category and application key can have a digit as first character, which will allow to display categories in the right order (categories and applications are displayed in alphabetical order).
</div></p>
</p>
</div>
<!-- SECTION "Categories and applications" [756-] --></div><!-- closes <div class="dokuwiki export">-->

218
build/lemonldap-ng/doc/pages/documentation/latest/prereq.html
View File

@ -1,218 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="prerequisites_and_dependencies" id="prerequisites_and_dependencies">Prerequisites and dependencies</a></h1>
<div class="level1">
</div>
<!-- SECTION "Prerequisites and dependencies" [1-47] -->
<h2><a name="apache" id="apache">Apache</a></h2>
<div class="level2">
<p>
To use LemonLDAP::NG, you have to run an Apache
server compiled with mod-perl (version 1.3 or 2.x).
</p>
<p>
<p><div class="notewarning">In most of cases, the version of Apache proposed with your Linux distribution match, but some distributions used an experimental version of mod_perl with Apache2 (mod_perl-1.99) which does not work with LemonLDAP::NG. With such distributions (like Debian-3.1), you have to use Apache-1.3 or to use a mod_perl backport (<a href="http://www.backports.org" class="urlextern" title="http://www.backports.org" rel="nofollow">www.backports.org</a> package for Debian works fine).
</div></p>
</p>
<p>
For Apache2, you can use both mpm-worker and mpm-prefork. Mpm-worker works faster and LemonLDAP::NG use the thread system for best performance. If you have to use mpm-prefork (for example if you use <acronym title="Hypertext Preprocessor">PHP</acronym>), LemonLDAP::NG will work anyway.
</p>
<p>
You can use LemonLDAP::NG in an heterogeneous world: the authentication portal and the manager can work in any version of Apache 1.3 or more even if mod_perl is not compiled, with ModPerl::Registry or not… Only the handler
need mod_perl. The different handlers can run on different servers with
different versions of Apache/mod_perl.
</p>
</div>
<!-- SECTION "Apache" [48-1134] -->
<h2><a name="perl" id="perl">Perl</a></h2>
<div class="level2">
<p>
<p><div class="noteclassic">Here is the list of <acronym title="Practical Extraction and Report Language">Perl</acronym> modules used in LemonLDAP::NG. Core modules must be installed on the system. Other modules must be installed only if you planned to use the related feature.
</div></p>
</p>
</div>
<!-- SECTION "Perl" [1135-1348] -->
<h3><a name="core" id="core">Core</a></h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> Apache::Session</div>
</li>
<li class="level1"><div class="li"> Net::<acronym title="Lightweight Directory Access Protocol">LDAP</acronym></div>
</li>
<li class="level1"><div class="li"> <acronym title="Multipurpose Internet Mail Extension">MIME</acronym>::Base64</div>
</li>
<li class="level1"><div class="li"> <acronym title="Common Gateway Interface">CGI</acronym></div>
</li>
<li class="level1"><div class="li"> LWP::UserAgent</div>
</li>
<li class="level1"><div class="li"> Cache::Cache</div>
</li>
<li class="level1"><div class="li"> <acronym title="Database Interface">DBI</acronym></div>
</li>
<li class="level1"><div class="li"> <acronym title="Extensible Markup Language">XML</acronym>::Simple</div>
</li>
<li class="level1"><div class="li"> <acronym title="Common Gateway Interface">CGI</acronym>::Session</div>
</li>
<li class="level1"><div class="li"> Regexp::Assemble</div>
</li>
<li class="level1"><div class="li"> <acronym title="Extensible Markup Language">XML</acronym>::LibXML</div>
</li>
<li class="level1"><div class="li"> Crypt::Rijndael</div>
</li>
<li class="level1"><div class="li"> IO::String</div>
</li>
<li class="level1"><div class="li"> <acronym title="Extensible Markup Language">XML</acronym>::LibXSLT</div>
</li>
<li class="level1"><div class="li"> <acronym title="HyperText Markup Language">HTML</acronym>::Template</div>
</li>
<li class="level1"><div class="li"> <acronym title="Simple Object Access Protocol">SOAP</acronym>::Lite</div>
</li>
<li class="level1"><div class="li"> Config::IniFiles</div>
</li>
<li class="level1"><div class="li"> JSON</div>
</li>
<li class="level1"><div class="li"> Digest::HMAC</div>
</li>
</ul>
</div>
<!-- SECTION "Core" [1349-1671] -->
<h3><a name="reset_password_by_mail" id="reset_password_by_mail">Reset password by mail</a></h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> String::Random</div>
</li>
<li class="level1"><div class="li"> <acronym title="Multipurpose Internet Mail Extension">MIME</acronym>::Lite</div>
</li>
<li class="level1"><div class="li"> Email::Date::Format</div>
</li>
</ul>
</div>
<!-- SECTION "Reset password by mail" [1672-1764] -->
<h3><a name="saml2" id="saml2">SAML2</a></h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> <a href="http://lasso.entrouvert.org/" class="urlextern" title="http://lasso.entrouvert.org/" rel="nofollow">Lasso</a></div>
</li>
<li class="level1"><div class="li"> GLib</div>
</li>
<li class="level1"><div class="li"> Crypt::OpenSSL::RSA</div>
</li>
<li class="level1"><div class="li"> Convert::PEM</div>
</li>
</ul>
</div>
<!-- SECTION "SAML2" [1765-1875] -->
<h3><a name="cas" id="cas">CAS</a></h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> <a href="http://sourcesup.cru.fr/projects/perlcas/" class="urlextern" title="http://sourcesup.cru.fr/projects/perlcas/" rel="nofollow">AuthCAS</a></div>
</li>
</ul>
</div>
<!-- SECTION "CAS" [1876-1949] -->
<h3><a name="openid" id="openid">OpenID</a></h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> Net::OpenID::Consumer &gt; 1.00</div>
</li>
<li class="level1"><div class="li"> Net::OpenID::Server &gt; 1.00</div>
</li>
</ul>
</div>
<!-- SECTION "OpenID" [1950-2032] -->
<h3><a name="twitter" id="twitter">Twitter</a></h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> Net::Twitter</div>
</li>
</ul>
</div>
<!-- SECTION "Twitter" [2033-2069] -->
<h3><a name="pod_unit_tests" id="pod_unit_tests">POD unit tests</a></h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> Test::POD</div>
</li>
</ul>
</div>
<!-- SECTION "POD unit tests" [2070-2110] -->
<h2><a name="other" id="other">Other</a></h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> Jquery (javascript framework) is included in tarball and RPMs, but is a dependency on Debian</div>
</li>
</ul>
</div>
<!-- SECTION "Other" [2111-2227] -->
<h2><a name="install_dependencies_on_your_system" id="install_dependencies_on_your_system">Install dependencies on your system</a></h2>
<div class="level2">
</div>
<!-- SECTION "Install dependencies on your system" [2228-2277] -->
<h3><a name="apt-get" id="apt-get">APT-GET</a></h3>
<div class="level3">
<pre class="code">
# apt-get install apache2 libapache2-mod-perl2 libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl libsoap-lite-perl libhtml-template-perl libregexp-assemble-perl libjs-jquery libxml-libxml-perl libcrypt-rijndael-perl libio-string-perl libxml-libxslt-perl libconfig-inifiles-perl libjson-perl libstring-random-perl libemail-date-format-perl libmime-lite-perl libcrypt-openssl-rsa-perl libdigest-hmac-perl
</pre>
</div>
<!-- SECTION "APT-GET" [2278-2802] -->
<h3><a name="yum" id="yum">YUM</a></h3>
<div class="level3">
<p>
Choose a repository which hosted <acronym title="Practical Extraction and Report Language">Perl</acronym> dependencies:
</p>
<ul>
<li class="level1"><div class="li"> <a href="http://fedoraproject.org/wiki/EPEL/" class="urlextern" title="http://fedoraproject.org/wiki/EPEL/" rel="nofollow">EPEL</a> repository, you can activate this repository: <a href="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse" class="urlextern" title="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse" rel="nofollow">http://fedoraproject.org/wiki/EPEL/FAQ#howtouse</a></div>
</li>
<li class="level1"><div class="li"> <a href="https://rpmrepo.org/" class="urlextern" title="https://rpmrepo.org/" rel="nofollow">RPMForge</a> repository, you can activate this repository: <a href="https://rpmrepo.org/RPMforge/Using" class="urlextern" title="https://rpmrepo.org/RPMforge/Using" rel="nofollow">https://rpmrepo.org/RPMforge/Using</a></div>
</li>
</ul>
<pre class="code">
# yum install httpd mod_perl perl-Apache-Session perl-LDAP perl-XML-SAX perl-XML-NamespaceSupport perl-HTML-Template perl-Regexp-Assemble perl-Error perl-IPC-ShareLite perl-Cache-Cache perl-FreezeThaw perl-XML-Simple perl-version perl-CGI-Session perl-DBD-Pg perl-XML-LibXML-Common perl-BSD-Resource perl-XML-LibXML perl-Crypt-Rijndael perl-IO-String perl-XML-LibXSLT perl-SOAP-Lite perl-Config-IniFiles perl-JSON perl-Digest-HMAC
</pre>
</div>
<!-- SECTION "YUM" [2803-] --></div><!-- closes <div class="dokuwiki export">-->

105
build/lemonldap-ng/doc/pages/documentation/latest/ssocookie.html
View File

@ -1,105 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="single_sign_on_cookie_domain_and_portal_url" id="single_sign_on_cookie_domain_and_portal_url">Single Sign On cookie, domain and portal URL</a></h1>
<div class="level1">
</div>
<!-- SECTION "Single Sign On cookie, domain and portal URL" [1-59] -->
<h2><a name="sso_cookie" id="sso_cookie">SSO cookie</a></h2>
<div class="level2">
<p>
The <acronym title="Single Sign On">SSO</acronym> cookie is build by the portal (as described in the <a href="../../documentation/presentation.html#login" class="wikilink1" title="documentation:presentation">login kinematic</a>), or by the Handler for cross domain authentication (see <a href="../../documentation/presentation.html#cross_domain_authentication_cda" class="wikilink1" title="documentation:presentation">CDA kinematic</a>).
</p>
<p>
To edit <acronym title="Single Sign On">SSO</acronym> cookie parameters, go in Manager, <code>General Parameters</code> &gt; <code>Cookies</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Cookie name</strong>: name of the cookie, can be changed to avoid conflicts with other LemonLDAP::NG installations</div>
</li>
<li class="level1"><div class="li"> <strong>Domain</strong>: validity domain for the cookie (the cookie will not be sent on other domains)</div>
</li>
<li class="level1"><div class="li"> <strong>Multiple domains</strong>: enable cross domain mechanism (without this, you cannot extend <acronym title="Single Sign On">SSO</acronym> to other domains)</div>
</li>
<li class="level1"><div class="li"> <strong>Secured cookie</strong>: 3 options:</div>
<ul>
<li class="level2"><div class="li"> <strong>Non secured cookie</strong>: the cookie can be sent over <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> and HTTPS connections</div>
</li>
<li class="level2"><div class="li"> <strong>Secured cookie</strong>: the cookie can only be sent over HTTPS</div>
</li>
<li class="level2"><div class="li"> <strong>Double cookie</strong>: two cookies are built, one for <acronym title="Hyper Text Transfer Protocol">HTTP</acronym>, the other for HTTPS</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> <strong>Cookie expiration time</strong>: by default, <acronym title="Single Sign On">SSO</acronym> cookie is a session cookie, which mean it will be destroyed when the browser is closed. You can change this behavior and set a cookie duration, for example:</div>
<ul>
<li class="level2"><div class="li"> <strong>+30s</strong>: 30 seconds from session creation</div>
</li>
<li class="level2"><div class="li"> <strong>+10m</strong>: ten minutes from session creation</div>
</li>
<li class="level2"><div class="li"> <strong>+1h</strong>: one hour from session creation</div>
</li>
<li class="level2"><div class="li"> <strong>+3M</strong>: three months from session creation</div>
</li>
<li class="level2"><div class="li"> <strong>+10y</strong>: ten years from session creation</div>
</li>
<li class="level2"><div class="li"> <strong>Thursday, 25-Apr-1999 00:40:33 GMT</strong>: at the indicated time and date (but this is probably a bad idea)</div>
</li>
</ul>
</li>
</ul>
<p>
<p><div class="noteimportant">Changing the domain value will not update other configuration parameters, like virtual host names, portal <acronym title="Uniform Resource Locator">URL</acronym>, etc. You have to update them by yourself.
</div></p>
</p>
</div>
<!-- SECTION "SSO cookie" [60-1742] -->
<h2><a name="portal_url" id="portal_url">Portal URL</a></h2>
<div class="level2">
<p>
Portal <acronym title="Uniform Resource Locator">URL</acronym> is the address used to redirect users on the authentication portal by:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Handler</strong>: user is redirected if he has no <acronym title="Single Sign On">SSO</acronym> cookie (or in <acronym title="Cross Domain Authentication">CDA</acronym> mode)</div>
</li>
<li class="level1"><div class="li"> <strong>Portal</strong>: the portal redirect on itself in many cases (credentials POST, <acronym title="Security Assertion Markup Language">SAML</acronym>, etc.)</div>
</li>
</ul>
<p>
<p><div class="notewarning">The portal <acronym title="Uniform Resource Locator">URL</acronym> <strong>must</strong> be inside <acronym title="Single Sign On">SSO</acronym> domain. If secured cookie is enabled, the portal <acronym title="Uniform Resource Locator">URL</acronym> <strong>must</strong> be HTTPS.
</div></p>
</p>
</div>
<!-- SECTION "Portal URL" [1743-] --></div><!-- closes <div class="dokuwiki export">-->

246
build/lemonldap-ng/doc/pages/documentation/latest/start.html
View File

@ -1,246 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="documentation_for_lemonldapng_10" id="documentation_for_lemonldapng_10">Documentation for LemonLDAP::NG 1.0</a></h1>
<div class="level1">
</div>
<!-- SECTION "Documentation for LemonLDAP::NG 1.0" [1-51] -->
<h2><a name="installation" id="installation">Installation</a></h2>
<div class="level2">
<p>
<a href="/_detail/icons/warehause.png?id=documentation%3Alatest%3Astart" class="media" title="icons:warehause.png"><img src="../../../media/icons/warehause.png" class="medialeft" align="left" alt="" /></a>
</p>
<ul>
<li class="level1"><div class="li"> <a href="../../documentation/latest/prereq.html" class="wikilink1" title="documentation:latest:prereq">Prerequisites and dependencies</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/latest/installtarball.html" class="wikilink1" title="documentation:latest:installtarball">Installation from the tarball</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/latest/installdeb.html" class="wikilink1" title="documentation:latest:installdeb">Installation on Debian/Ubuntu with packages</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/latest/installrpm.html" class="wikilink1" title="documentation:latest:installrpm">Installation on RHEL/CentOS with packages</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/latest/upgrade.html" class="wikilink1" title="documentation:latest:upgrade">Upgrade from 0.9.4</a></div>
</li>
</ul>
</div>
<!-- SECTION "Installation" [52-364] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
</div>
<!-- SECTION "Configuration" [365-391] -->
<h3><a name="first_steps" id="first_steps">First steps</a></h3>
<div class="level3">
<p>
<a href="/_detail/icons/lists.png?id=documentation%3Alatest%3Astart" class="media" title="icons:lists.png"><img src="../../../media/icons/lists.png" class="medialeft" align="left" alt="" /></a>
</p>
<ul>
<li class="level1"><div class="li"> <a href="../../documentation/latest/configlocation.html" class="wikilink1" title="documentation:latest:configlocation">Configuration location</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/latest/ssocookie.html" class="wikilink1" title="documentation:latest:ssocookie">Single Sign On cookie, domain and portal URL</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/latest/configvhost.html" class="wikilink1" title="documentation:latest:configvhost">Manage virtual hosts</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/latest/parameterlist.html" class="wikilink1" title="documentation:latest:parameterlist">Parameters list</a></div>
</li>
</ul>
</div>
<!-- SECTION "First steps" [392-627] -->
<h3><a name="portal" id="portal">Portal</a></h3>
<div class="level3">
<p>
<a href="/_detail/icons/colors.png?id=documentation%3Alatest%3Astart" class="media" title="icons:colors.png"><img src="../../../media/icons/colors.png" class="medialeft" align="left" alt="" /></a>
</p>
<ul>
<li class="level1"><div class="li"> <a href="../../documentation/latest/portalcustom.html" class="wikilink1" title="documentation:latest:portalcustom">Portal customization</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/latest/portalmenu.html" class="wikilink1" title="documentation:latest:portalmenu">Portal menu</a></div>
</li>
</ul>
<p>
<br/>
</p>
</div>
<!-- SECTION "Portal" [628-748] -->
<h3><a name="authentication" id="authentication">Authentication</a></h3>
<div class="level3">
<p>
<a href="/_detail/icons/gpg.png?id=documentation%3Alatest%3Astart" class="media" title="icons:gpg.png"><img src="../../../media/icons/gpg.png" class="medialeft" align="left" alt="" /></a>
</p>
<p>
<br/>
<br/>
<br/>
<br/>
</p>
</div>
<!-- SECTION "Authentication" [749-809] -->
<h3><a name="configuration1" id="configuration1">Configuration</a></h3>
<div class="level3">
<p>
<a href="/_detail/icons/utilities.png?id=documentation%3Alatest%3Astart" class="media" title="icons:utilities.png"><img src="../../../media/icons/utilities.png" class="medialeft" align="left" alt="" /></a>
</p>
<p>
<br/>
<br/>
<br/>
<br/>
</p>
</div>
<!-- SECTION "Configuration" [810-875] -->
<h3><a name="sessions" id="sessions">Sessions</a></h3>
<div class="level3">
<p>
<a href="/_detail/icons/kmultiple.png?id=documentation%3Alatest%3Astart" class="media" title="icons:kmultiple.png"><img src="../../../media/icons/kmultiple.png" class="medialeft" align="left" alt="" /></a>
</p>
<p>
<br/>
<br/>
<br/>
<br/>
</p>
</div>
<!-- SECTION "Sessions" [876-936] -->
<h3><a name="identity_provider" id="identity_provider">Identity provider</a></h3>
<div class="level3">
<p>
<a href="/_detail/icons/personal.png?id=documentation%3Alatest%3Astart" class="media" title="icons:personal.png"><img src="../../../media/icons/personal.png" class="medialeft" align="left" alt="" /></a>
</p>
<p>
<br/>
<br/>
<br/>
<br/>
</p>
</div>
<!-- SECTION "Identity provider" [937-1005] -->
<h2><a name="applications_protection" id="applications_protection">Applications protection</a></h2>
<div class="level2">
<p>
<a href="/_detail/icons/access.png?id=documentation%3Alatest%3Astart" class="media" title="icons:access.png"><img src="../../../media/icons/access.png" class="medialeft" align="left" alt="" /></a>
</p>
<p>
<br/>
<br/>
<br/>
<br/>
</p>
</div>
<!-- SECTION "Applications protection" [1006-1080] -->
<h2><a name="advanced_features" id="advanced_features">Advanced features</a></h2>
<div class="level2">
<p>
<a href="/_detail/icons/neotux.png?id=documentation%3Alatest%3Astart" class="media" title="icons:neotux.png"><img src="../../../media/icons/neotux.png" class="medialeft" align="left" alt="" /></a>
</p>
<p>
<br/>
<br/>
<br/>
<br/>
</p>
</div>
<!-- SECTION "Advanced features" [1081-1149] -->
<h2><a name="exploitation" id="exploitation">Exploitation</a></h2>
<div class="level2">
<p>
<a href="/_detail/icons/xeyes.png?id=documentation%3Alatest%3Astart" class="media" title="icons:xeyes.png"><img src="../../../media/icons/xeyes.png" class="medialeft" align="left" alt="" /></a>
</p>
<ul>
<li class="level1"><div class="li"> <a href="../../documentation/latest/status.html" class="wikilink1" title="documentation:latest:status">Handler status page</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/latest/logs.html" class="wikilink1" title="documentation:latest:logs">Logs settings</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/latest/error.html" class="wikilink1" title="documentation:latest:error">Error messages</a></div>
</li>
</ul>
</div>
<!-- SECTION "Exploitation" [1150-] --></div><!-- closes <div class="dokuwiki export">-->

114
build/lemonldap-ng/doc/pages/documentation/latest/status.html
View File

@ -1,114 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="handler_status" id="handler_status">Handler Status</a></h1>
<div class="level1">
</div>
<!-- SECTION "Handler Status" [1-30] -->
<h2><a name="presentation" id="presentation">Presentation</a></h2>
<div class="level2">
<p>
When status feature is activated, Handlers and portal will collect statistics and save them in their local cache. This means that if several Handlers are deployed, each will manage its own statistics.
</p>
<p>
<p><div class="notetip">
This page can be browsed for example by <a href="http://oss.oetiker.ch/mrtg/" class="urlextern" title="http://oss.oetiker.ch/mrtg/" rel="nofollow">mrtg</a> using the script <strong>lmng-mrtg</strong>
</div></p>
</p>
<p>
The statistics are collected trough a daemon launched by the Handler. It can be seen in system processes, for example:
</p>
<pre class="code">
perl -MLemonldap::NG::Handler::Status -I/etc/perl -I/usr/local/lib/perl/5.10.1 -I/usr/local/share/perl/5.10.1 -I/usr/lib/perl5 -I/usr/share/perl5 -I/usr/lib/perl/5.10 -I/usr/share/perl/5.10 -I/usr/local/lib/site_perl -I. -I/etc/apache2 -e &amp;Lemonldap::NG::Handler::Status::run(Cache::FileCache,{? &#039;cache_depth&#039; =&gt; 5,? &#039;cache_root&#039; =&gt; &#039;/tmp&#039;,? &#039;directory_umask&#039; =&gt; &#039;007&#039;,? &#039;default_expires_in&#039; =&gt; 600,? &#039;namespace&#039; =&gt; &#039;MyNamespace&#039;? }?);
</pre>
<p>
Statistics are displayed when calling the status path on an Handler (for example: <a href="http://test1.example.com/status" class="urlextern" title="http://test1.example.com/status" rel="nofollow">http://test1.example.com/status</a>).
</p>
<p>
Example of status page:
</p>
<p>
<a href="/_detail/screenshots/1.00/status_standard.png?id=documentation%3Alatest%3Astatus" class="media" title="screenshots:1.00:status_standard.png"><img src="../../../media/screenshots/1.00/status_standard.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- SECTION "Presentation" [31-1197] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
</div>
<!-- SECTION "Configuration" [1198-1224] -->
<h3><a name="apache" id="apache">Apache</a></h3>
<div class="level3">
<p>
You need to give access to status path in the Handler Apache configuration:
</p>
<pre class="code file apache"> <span class="co1"># Uncomment this to activate status module</span>
&lt;<span class="kw3">Location</span> /status&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Allow</span> from 127.0.0.0/8
PerlHeaderParserHandler My::Package-&gt;status
&lt;/<span class="kw3">Location</span>&gt;</pre>
<p>
Then restart Apache.
</p>
<p>
<p><div class="notetip">You should change the <code>Allow</code> directive to match administration <acronym title="Internet Protocol">IP</acronym>, or use another Apache protection mean.
</div></p>
</p>
</div>
<!-- SECTION "Apache" [1225-1685] -->
<h3><a name="lemonldapng" id="lemonldapng">LemonLDAP::NG</a></h3>
<div class="level3">
<p>
Edit <code>lemonldap-ng.ini</code>, and activate status in the <code>handler</code> section:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>handler<span class="br0">&#93;</span></span>
# Set status to 1 if you want to have the report of activity <span class="br0">&#40;</span>used for
# example to inform MRTG<span class="br0">&#41;</span>
<span class="re1">status</span> <span class="sy0">=</span><span class="re2"> 1</span></pre>
<p>
Then restart Apache.
</p>
</div>
<!-- SECTION "LemonLDAP::NG" [1686-] --></div><!-- closes <div class="dokuwiki export">-->

203
build/lemonldap-ng/doc/pages/documentation/latest/upgrade.html
View File

@ -1,203 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="upgrade_from_094_to_10" id="upgrade_from_094_to_10">Upgrade from 0.9.4 to 1.0</a></h1>
<div class="level1">
<p>
<p><div class="noteclassic">If you are using packages, they should have done the upgrade process for you, but you can check here that all is in order.
</div></p>
</p>
</div>
<!-- SECTION "Upgrade from 0.9.4 to 1.0" [1-178] -->
<h2><a name="apache_configuration" id="apache_configuration">Apache configuration</a></h2>
<div class="level2">
<p>
Now LemonLDAP::NG is shipped with 3 Apache configuration files:
</p>
<ul>
<li class="level1"><div class="li"> <strong>portal-apache2.conf</strong>: portal virtual host</div>
</li>
<li class="level1"><div class="li"> <strong>manager-apache2.conf</strong>: manager virtual host</div>
</li>
<li class="level1"><div class="li"> <strong>handler-apache2.conf</strong>: handler declaration and protected application virtual hosts</div>
</li>
</ul>
<p>
<p><div class="noteimportant">If you are still using Apache 1, those files are named <strong>portal-apache.conf</strong>, <strong>manager-apache.conf</strong>, <strong>handler-apache.conf</strong>, but some features will not work (automatic post,…).
</div></p>
</p>
<p>
You need to update these files with all your Apache configuration customization.
</p>
</div>
<!-- SECTION "Apache configuration" [179-756] -->
<h2><a name="lemonldapng_configuration_files" id="lemonldapng_configuration_files">LemonLDAP::NG configuration files</a></h2>
<div class="level2">
<p>
LemonLDAP::NG 0.9.4 used local files for some settings:
</p>
<ul>
<li class="level1"><div class="li"> <strong>apply.conf</strong>: <acronym title="Uniform Resource Identifier">URI</acronym> used by Manager to apply changes</div>
</li>
<li class="level1"><div class="li"> <strong>storage.conf</strong>: Configuration location and Cache settings</div>
</li>
<li class="level1"><div class="li"> <strong>apps-list.xml</strong>: Application menu</div>
</li>
</ul>
<p>
Those file are not used anymore, and merged into <code>lemonldap-ng.ini</code>.
</p>
<p>
There is a script in the bin/ directory called <code>lmMigrateConfFiles2ini</code> designed to parse old configuration files and copy parameters in the new file.
</p>
<p>
Script options:
</p>
<ul>
<li class="level1"><div class="li"> <strong>--dir,-d</strong>: path to main configuration directory (default: /etc/lemonldap-ng)</div>
</li>
<li class="level1"><div class="li"> <strong>--storage,-s</strong>: path to storage.conf (if not stored in conf dir)</div>
</li>
<li class="level1"><div class="li"> <strong>--apply,-a</strong>: path to apply.conf (if not stored in conf dir)</div>
</li>
<li class="level1"><div class="li"> <strong>--menuxml,-m</strong>: path to apps-list.xml (if not stored in conf dir)</div>
</li>
<li class="level1"><div class="li"> <strong>--ini,-i</strong>: path to lemonldap-ng.ini (if not stored in conf dir)</div>
</li>
<li class="level1"><div class="li"> <strong>--preserve,-p</strong>: do not erase old files after import</div>
</li>
<li class="level1"><div class="li"> <strong>--help,-h</strong>: show this message</div>
</li>
<li class="level1"><div class="li"> <strong>--verbose,-v</strong>: let me tell you my life</div>
</li>
</ul>
<p>
Here is how you can use it, if you installed LemonLDAP::NG from the tarball in the /usr/local/lemonldap-ng directory:
</p>
<pre class="code">
$ sudo /usr/local/lemonldap-ng/bin/lmMigrateConfFiles2ini -d /usr/local/lemonldap-ng/etc -v -p
</pre>
<p>
Remove the <code>-p</code> options if you want to delete old files.
</p>
<p>
<p><div class="noteimportant">The migration of application list in ini file will work, but it will then be hard to update. You should use the Manager and reconfigure all categories and applications trough it, and then comment application list in ini file.
</div></p>
</p>
</div>
<!-- SECTION "LemonLDAP::NG configuration files" [757-2342] -->
<h2><a name="customized_scripts_parameters" id="customized_scripts_parameters">Customized scripts parameters</a></h2>
<div class="level2">
<p>
Before 1.0, we used to override some configuration parameters by editing perl scripts (like <code>portal/index.pl</code>) and setting values like this :
</p>
<pre class="code file perl"><span class="kw1">my</span> <span class="re0">$portal</span> <span class="sy0">=</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">SharedConf</span><span class="sy0">-&gt;</span><span class="me1">new</span><span class="br0">&#40;</span> <span class="br0">&#123;</span>
portal <span class="sy0">=&gt;</span> <span class="st_h">'auth.example.com'</span><span class="sy0">,</span>
cookieName <span class="sy0">=&gt;</span> <span class="st_h">'lemonldap'</span><span class="sy0">,</span>
ldapPort <span class="sy0">=&gt;</span> <span class="st_h">'390'</span><span class="sy0">,</span>
<span class="br0">&#125;</span> <span class="br0">&#41;</span><span class="sy0">;</span></pre>
<p>
The new <code>lemonldap-ng.ini</code> file should be now used to do this, as perl scripts are program files that are erased on software updates. You have to know too that all configuration parameters are now available in Manager interface.
</p>
<p>
If you still need to customize those program files, please prefer to copy them:
</p>
<pre class="code">
# cp portal/index.pl portal/indexcustom.pl
</pre>
<p>
And declare your custom file in Apache configuration
</p>
<pre class="code file apache"><span class="kw1">DirectoryIndex</span> indexcustom.pl</pre>
<p>
This will prevent your local modifications to be dropped when you will update your LemonLDAP::NG version.
</p>
</div>
<!-- SECTION "Customized scripts parameters" [2343-3283] -->
<h2><a name="liberty_alliance_portal" id="liberty_alliance_portal">Liberty Alliance portal</a></h2>
<div class="level2">
<p>
Liberty Alliance portal was removed. So ID-FF authentication is no more supported.
</p>
<p>
To replace it, LemonLDAP::NG has now SAML2 authentication backend.
</p>
</div>
<!-- SECTION "Liberty Alliance portal" [3284-3473] -->
<h2><a name="dbi_configuration_backend" id="dbi_configuration_backend">DBI configuration backend</a></h2>
<div class="level2">
<p>
<acronym title="Database Interface">DBI</acronym> configuration has been removed. You now have two choices to store configuration in a database:
</p>
<ul>
<li class="level1"><div class="li"> RDBI</div>
</li>
<li class="level1"><div class="li"> CDBI</div>
</li>
</ul>
<p>
<img src="/lib/images/smileys/fixme.gif" class="middle" alt="FIXME" /> add links to RDBI and CDBI conf
</p>
</div>
<!-- SECTION "DBI configuration backend" [3474-] --></div><!-- closes <div class="dokuwiki export">-->