From f2c1530168c5fa625bac02a723dd855f0f28a437 Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Thu, 28 Oct 2010 13:39:23 +0000 Subject: [PATCH] Replace latest by a link (1/3) --- build/lemonldap-ng/Makefile | 6 + .../documentation/latest/configlocation.html | 463 ------------------ .../documentation/latest/configvhost.html | 248 ---------- .../doc/pages/documentation/latest/error.html | 121 ----- .../documentation/latest/installdeb.html | 118 ----- .../documentation/latest/installrpm.html | 213 -------- .../documentation/latest/installtarball.html | 202 -------- .../doc/pages/documentation/latest/logs.html | 101 ---- .../documentation/latest/parameterlist.html | 462 ----------------- .../documentation/latest/portalcustom.html | 151 ------ .../documentation/latest/portalmenu.html | 120 ----- .../pages/documentation/latest/prereq.html | 218 --------- .../pages/documentation/latest/ssocookie.html | 105 ---- .../doc/pages/documentation/latest/start.html | 246 ---------- .../pages/documentation/latest/status.html | 114 ----- .../pages/documentation/latest/upgrade.html | 203 -------- 16 files changed, 6 insertions(+), 3085 deletions(-) delete mode 100644 build/lemonldap-ng/doc/pages/documentation/latest/configlocation.html delete mode 100644 build/lemonldap-ng/doc/pages/documentation/latest/configvhost.html delete mode 100644 build/lemonldap-ng/doc/pages/documentation/latest/error.html delete mode 100644 build/lemonldap-ng/doc/pages/documentation/latest/installdeb.html delete mode 100644 build/lemonldap-ng/doc/pages/documentation/latest/installrpm.html delete mode 100644 build/lemonldap-ng/doc/pages/documentation/latest/installtarball.html delete mode 100644 build/lemonldap-ng/doc/pages/documentation/latest/logs.html delete mode 100644 build/lemonldap-ng/doc/pages/documentation/latest/parameterlist.html delete mode 100644 build/lemonldap-ng/doc/pages/documentation/latest/portalcustom.html delete mode 100644 build/lemonldap-ng/doc/pages/documentation/latest/portalmenu.html delete mode 100644 build/lemonldap-ng/doc/pages/documentation/latest/prereq.html delete mode 100644 build/lemonldap-ng/doc/pages/documentation/latest/ssocookie.html delete mode 100644 build/lemonldap-ng/doc/pages/documentation/latest/start.html delete mode 100644 build/lemonldap-ng/doc/pages/documentation/latest/status.html delete mode 100644 build/lemonldap-ng/doc/pages/documentation/latest/upgrade.html diff --git a/build/lemonldap-ng/Makefile b/build/lemonldap-ng/Makefile index 9c40d3dfa..9e03da517 100644 --- a/build/lemonldap-ng/Makefile +++ b/build/lemonldap-ng/Makefile @@ -494,6 +494,12 @@ static_example: documentation: @cd doc/ && ../scripts/doc.pl + @rm -rf doc/pages/documentation/latest + @ln -s $$(perl -e '$$h{sprintf("%03d\.%03d\.%03d",split/\./,$$_)}=$$_ foreach(@ARGV); \ + foreach(sort keys %h){$$last="$$h{$$_}\n"};print $$last;' \ + $$(find doc/pages/documentation/ -maxdepth 1 -mindepth 1 -type d ! \ + -name .svn ! -name latest -printf "%f\n") \ + ) doc/pages/documentation/latest doxygen: clean $(PERL) -i -pe 's/^(PROJECT_NUMBER\s*=\s*)\d.*$$/$${1}'$(VERSION)'/' Doxyfile diff --git a/build/lemonldap-ng/doc/pages/documentation/latest/configlocation.html b/build/lemonldap-ng/doc/pages/documentation/latest/configlocation.html deleted file mode 100644 index 442d7c68f..000000000 --- a/build/lemonldap-ng/doc/pages/documentation/latest/configlocation.html +++ /dev/null @@ -1,463 +0,0 @@ - - - - - - - - - - - - - - - - - -
- - - - -

Configuration overview

-
- -
- -

Backends

-
- -

- -LemonLDAP::NG configuration is stored in a backend (File, database, …), that allows all modules to access it. -

- -

-

Detailled configuration backends documentation is available here. -

-

- -

-By default, configuration is stored in files, so access trough network is not possible. To allow this, use SOAP for configuration access, or use a network service like SQL database or LDAP directory. -

- -

-Configuration backend can be set in the local configuration file, in configuration section. -

- -

-For example, to configure the File configuration backend: -

-
[configuration]
-type=File
-dirName = /usr/local/lemonldap-ng/data/conf
- -
- -

Manager

-
- -

- -Most of configuration can be done trough LemonLDAP::NG Manager (by default http://manager.example.com). -

- -

-By default, Manager is protected to allow only localhost. This can be changed in etc/manager-apache2.conf: -

-
    <Directory /usr/local/lemonldap-ng/htdocs/manager/>
-        Order deny,allow
-        Deny from all
-        Allow from 127.0.0.0/8
-        Options +ExecCGI
-    </Directory>
- -

-

You can change allowed IP, or add an Apache authentication module. When LemonLDAP::NG will be fully configured, you can also protect Manager with the Handler, as any other web application. -

-

- -

-The Manager displays main branches: -

-
    -
  • General Parameters: authentication modules, portal, etc.
    -
    • -
  • Variables: user information, macros and groups used to fill SSO session
    -
    • -
  • Virtual Hosts: access rules, headers, etc.
    -
    • -
  • SAML 2 Service: SAML metadata administration
    -
    • -
  • SAML identity providers: Registered IDP
    -
    • -
  • SAML service providers: Registered SP
    -
    • -
- -

- -LemonLDAP::NG configuration is mainly a key/value structure, so Manager will present all keys into a structured tree. A click on a key will display the associated value. -

- -

-When modifying a value, always click on the Apply button if available, to be sure the value is saved. When all modifications are done, click on Save to store configuration. -

- -

-

LemonLDAP::NG will do some checks on configuration and display errors if any. Configuration is not saved if errors occur. -

-

- -
- -

Apache

-
- -

- -

LemonLDAP::NG does not manage Apache configuration -

-

- -

-LemonLDAP::NG ships 3 Apache configuration files: -

-
    -
  • portal-apache2.conf: Portal virtual host, with SOAP and Issuer end points
    -
    • -
  • manager-apache2.conf: Manager virtual host
    -
    • -
  • handler-apache2.conf : Handler declaration, reload and sample virtual hosts
    -
    • -
- -

- -These files must be included in Apache configuration, either with Include directives in httpd.conf (see quick start example), or with symbolic links in Apache configuration directory (like /etc/httpd/conf.d). -

- -

-

Mod Perl must be loaded before LemonLDAP::NG, so include configuration after the mod_perl LoadModule directive. -

-

- -
- -

Portal

-
- -

- -In Portal virtual host, you will find several configuration parts: - -

-
    -
  • Standard virtual host directives, to serve portal pages:
    -
    • -
-
    ServerName auth.example.com
- 
-    # DocumentRoot
-    DocumentRoot /usr/local/lemonldap-ng/htdocs/portal/
-    <Directory /usr/local/lemonldap-ng/htdocs/portal/>
-        Order allow,deny
-        Allow from all
-        Options +ExecCGI
-    </Directory>
- 
-    # Perl script
-    <Files *.pl>
-        SetHandler perl-script
-        PerlResponseHandler ModPerl::Registry
-    </Files>
- 
-    # Directory index
-    <IfModule mod_dir.c>
-        DirectoryIndex index.pl index.html
-    </IfModule>
-
    -
  • SOAP end points (inactivated by default):
    -
    • -
-
    # SOAP functions for sessions management (disabled by default)
-    <Directory /usr/local/lemonldap-ng/htdocs/portal//index.pl/adminSessions>
-        Order deny,allow
-        Deny from all
-    </Directory>
- 
-    # SOAP functions for sessions access (disabled by default)
-    <Directory /usr/local/lemonldap-ng/htdocs/portal//index.pl/sessions>
-        Order deny,allow
-        Deny from all
-    </Directory>
- 
-    # SOAP functions for configuration access (disabled by default)
-    <Directory /usr/local/lemonldap-ng/htdocs/portal//index.pl/config>
-        Order deny,allow
-        Deny from all
-    </Directory>
- 
-    # SOAP functions for notification insertion (disabled by default)
-    <Directory /usr/local/lemonldap-ng/htdocs/portal//index.pl/notification>
-        Order deny,allow
-        Deny from all
-    </Directory>
-
    -
  • Issuer rewrite rules (requires mod_rewrite):
    -
    • -
-
    # SAML2 Issuer
-    <IfModule mod_rewrite.c>
-        RewriteEngine On
-        RewriteRule ^/saml/metadata /metadata.pl
-        RewriteRule ^/saml/.* /index.pl
-    </IfModule>
- 
-    # CAS Issuer
-    <IfModule mod_rewrite.c>
-        RewriteEngine On
-        RewriteRule ^/cas/.* /index.pl
-    </IfModule>
- 
-    # OpenID Issuer
-    <IfModule mod_rewrite.c>
-        RewriteEngine On
-        RewriteRule ^/openidserver/.* /index.pl
-    </IfModule>
-
    -
  • Some Perl optimizations:
    -
    • -
-
# Best performance under ModPerl::Registry
-# Uncomment this to increase performance of Portal
-<Perl>
-    require Lemonldap::NG::Portal::SharedConf;
-    Lemonldap::NG::Portal::SharedConf->compile(
-        qw(delete header cache read_from_client cookie redirect unescapeHTML));
-    # Uncomment this line if you use Lemonldap::NG menu
-    require Lemonldap::NG::Portal::Menu;
-    # Uncomment this line if you use portal SOAP capabilities
-    require SOAP::Lite;
-</Perl>
- -
- -

Manager

-
- -

- -Manager virtual host is used to serve configuration interface and local documentation. - -

-
    -
  • Configuration interface access is protected:
    -
    • -
-
    DocumentRoot /usr/local/lemonldap-ng/htdocs/manager/
-    <Directory /usr/local/lemonldap-ng/htdocs/manager/>
-        Order deny,allow
-        Deny from all
-        Allow from 127.0.0.0/8
-        Options +ExecCGI
-    </Directory>
-
    -
  • Local documentation is open to all:
    -
    • -
-
    Alias /doc/ /usr/local/lemonldap-ng/htdocs/doc/
-    <Directory /usr/local/lemonldap-ng/htdocs/doc/>
-        Order deny,allow
-        Allow from all
-    </Directory>
- -
- -

Handler

-
-
    -
  • Load Handler in Apache memory:
    -
    • -
-
PerlOptions +GlobalRequest
-PerlRequire /usr/local/lemonldap-ng/handler/MyHandler.pm
- -

-

The Handler must be loaded before any protected virtual host. -

- -

-
    -
  • Catch error pages:
    -
    • -
-
ErrorDocument 403 http://auth.example.com/?lmError=403
-ErrorDocument 500 http://auth.example.com/?lmError=500
-
    -
  • Reload virtual host:
    -
    • -
-
<VirtualHost *:80>
-    ServerName reload.example.com
- 
-    # Configuration reload mechanism (only 1 per physical server is
-    # needed): choose your URL to avoid restarting Apache when
-    # configuration change
-    <Location /reload>
-        Order deny,allow
-        Deny from all
-        Allow from 127.0.0.0/8
-        PerlHeaderParserHandler My::Package->refresh
-    </Location>
- 
-    # Uncomment this to activate status module
-    #<Location /status>
-    #    Order deny,allow
-    #    Deny from all
-    #    Allow from 127.0.0.0/8
-    #    PerlHeaderParserHandler My::Package->status
-    #</Location>
- 
-</VirtualHost>
- -

-Then, to protect a standard virutal host, the only configuration line to add is: -

-
PerlHeaderParserHandler My::Package
- -
- -

Configuration reload

-
- -

- -

As Handlers keep configuration in cache, when configuration change, it should be updated in Handlers. An Apache restart will work, but LemonLDAP::NG offers the mean to reload them trough an HTTP request. Configuration reload will then be effective in less than 10 minutes. -

-

- -

-After configuration is saved by Manager, LemonLDAP::NG will try to reload configuration on distant Handlers. This can be configured in LemonLDAP::NG ini file, in the section apply: -

-
[apply]
- 
-# URL used to reload configuration
-reload.example.com=http://reload.example.com/reload
-;reloaddist.example.com=http://reloaddist.example.com/reload
- -

-

You only need a reload URL per physical servers, as Handlers share the same configuration cache on each physical server. -

-

- -

-The reload target is managed in Apache configuration, inside a virtual host protected by LemonLDAP::NG Handler, for example: -

-
<VirtualHost *:80>
-    ServerName reload.example.com
- 
-    <Location /reload>
-        Order deny,allow
-        Deny from all
-        Allow from 127.0.0.0/8
-        PerlHeaderParserHandler My::Package->refresh
-    </Location>
- 
-</VirtualHost>
- -

-

You must allow access to Manager IP. -

-

- -
- -

Local file

-
- -

- -LemonLDAP::NG configuration can be managed in a local file with INI format. This file is called lemonldap-ng.ini and has the following sections: -

-
    -
  • configuration: where configuration is stored
    -
    • -
  • apply: reload URL for distant Hanlders
    -
    • -
  • all: parameters for all modules
    -
    • -
  • portal: parameters only for Portal
    -
    • -
  • manager: parameters only for Manager
    -
    • -
  • handler: parameters only for Handler
    -
    • -
- -

- -When you set a parameter in lemonldap-ng.ini, it will override the parameter from the global configuration. -

- -

-For example, to override configured skin for portal: -

-
[portal]
-portalSkin = dark
- -

-

You need to know the technical name of configuration parameter to do this. You can refer to parameter list to find it. -

-

- -
- -

Script files

-
- -

- -LemonLDAP::NG allows to override any configuration parameter directly in script file. However, it is not advised to edit such files, as they are part of the program, and will be erased at next upgrade. -

- -

-

You also need to know the technical name of configuration parameter to do this. You can refer to parameter list to find it. -

-

- -
- -

Portal

-
- -

- -For example, in portal/index.pl: -

-
my $portal = Lemonldap::NG::Portal::SharedConf->new(
-    {
-        portalSkin => 'dark',
-    }
-);
- -
- -

Handler

-
- -

- -For example, in handler/MyHandler.pm: -

-
__PACKAGE__->init(
-    {
-        domain => 'acme.com',
-    }
-);
- -
-
\ No newline at end of file diff --git a/build/lemonldap-ng/doc/pages/documentation/latest/configvhost.html b/build/lemonldap-ng/doc/pages/documentation/latest/configvhost.html deleted file mode 100644 index dc59b4ec0..000000000 --- a/build/lemonldap-ng/doc/pages/documentation/latest/configvhost.html +++ /dev/null @@ -1,248 +0,0 @@ - - - - - - - - - - - - - - - - - -
- - - - -

Manage virtual hosts

-
- -

- -LemonLDAP::NG configuration is build around Apache virtual hosts. Each virtual host is a protected resource, with access rules, headers, POST data and options. -

- -
- -

Apache configuration

-
- -

- -To protect a virtual host in Apache, the LemonLDAP::NG Handler must be activated (see Apache global configuration). -

- -

-Then you can take any virtual host, and simply add this line to protect it: -

-
PerlHeaderParserHandler My::Package
- -

-For example, a protected virtual host for a local application: -

-
<VirtualHost *:80>
-        ServerName localsite.example.com
- 
-        PerlHeaderParserHandler My::Package
- 
-        DocumentRoot /var/www/localsite
- 
-        ErrorLog /var/log/apache2/localsite_error.log
-        CustomLog /var/log/apache2/localsite_access.log combined
- 
-</VirtualHost>
- -

-And a protected virtual host with LemonLDAP::NG as reverse proxy: -

-
<VirtualHost *:80>
-        ServerName proxysite.example.com
- 
-        PerlHeaderParserHandler My::Package
- 
-        ProxyPreserveHost on
-        ProxyPass / http://APPLICATION_IP/
-        ProxyPassReverse / http://APPLICATION_IP/
- 
-        ErrorLog /var/log/apache2/proxysite_error.log
-        CustomLog /var/log/apache2/proxysite_access.log combined
-</VirtualHost>
- -

-

The ProxyPreserveHost directive will forward the Host header to the protected application -

-

- -

-

Using the reverse proxy mode, you will not have the REMOTE_USER environment variable set. Indeed, this variable is set by the Handler on the physical server hosting the Handler, and not on other servers where the Handler is not installed. -

- -

-But this magic Apache configuration will let you transform the Auth-User HTTP header in REMOTE_USER envronment variable: -

-
SetEnvIfNoCase Auth-User "(.*)" REMOTE_USER=$1
- -

- -

-

- -
- -

LemonLDAP::NG configuration

-
- -

- -An apache virtual host protected by LemonLDAP::NG Handler must be registered in LemonLDAP::NG configuration. -

- -

-To do this, use the Manager, and go in Virtual Hosts branch. You can add, delete or modify a virtual host here. -

- -

-A virtual host contains: -

-
    -
  • Access rules: check user's right on URL patterns
    -
    • -
  • HTTP headers: forge information sent to protected applications
    -
    • -
  • POST data: use form replay
    -
    • -
  • Options: redirection port and protocol
    -
    • -
- -
- -

Access rules

-
- -

- -There is a default access rule which is used if no other access rule match the current URL. Else, each access rule refers to an URL pattern. -

- -

-Access rule value is an expression, evaluated for each request, and returning 1 if user is authorized, 0 else. -

- -

- -

- -

-Access rules examples: - -

-
-(?#Admin access)^/site/.*$ => $uid eq "admin" or $groups =~ /\bgroup2\b/
-(?#Static content)^/(js|css) => accept
-default => deny
-
- -

-

Rule comments are used in Manager to display the rule. Comments can also be used to sort rules. -

-

- -

-Access rules accepts special targets: -

-
    -
  • accept: all authenticated users can pass
    -
    • -
  • deny: nobody is welcomed
    -
    • -
  • unprotect: all is open!
    -
    • -
  • logout_sso: request is not forwarded to application, SSO session is closed
    -
    • -
  • logout_app: request is forwarded to application, SSO session remains open
    -
    • -
  • logout_app_sso: request is forwarded to application, SSO session is closed
    -
    • -
- -

- -

The logout* targets can have an URL as parameter. By default, user will be redirected on portal if no URL defined, or on the specified URL if any. -

-

- -
- -

HTTP headers

-
- -

- -Headers are sent to application, they are not visible to users. -

- -

-Headers value can be a single session key or a full Perl expression. For example: - -

-
-Auth-User => $uid
-Unit => 'Unit-'.$ou
-
- -

-

By default, SSO cookie is hidden, so protected applications cannot get SSO session key. But you can forward this key if it is really needed: - -

-
-Session-ID => $_session_id
-
- -

- - -

-

- -
- -

POST data

-
- -

- -FIXME Add link to form replay page -

- -
- -

Options

-
- -

- -Two options are available: -

-
    -
  • Port
    -
    • -
  • HTTPS
    -
    • -
- -

- -These options are used to build redirection URL (when user is not logged, or for CDA requests). By default, default values are used. These options are only here to override default values. -

- -
-
\ No newline at end of file diff --git a/build/lemonldap-ng/doc/pages/documentation/latest/error.html b/build/lemonldap-ng/doc/pages/documentation/latest/error.html deleted file mode 100644 index 00202e681..000000000 --- a/build/lemonldap-ng/doc/pages/documentation/latest/error.html +++ /dev/null @@ -1,121 +0,0 @@ - - - - - - - - - - - - - - - - - -
- - - - -

Error messages

-
- -

- -

This page do not reference all error messages, but only the frequentest -

-

- -
- -

Lemonldap::NG::Common

-
-
Warning: key is not defined, set it in the manager !
- -

- -→ LemonLDAP::NG uses a key to crypt/decrypt some datas. You have to set its value in Manager. -

- -
- -

Lemonldap::NG::Handler

-
-
Unable to clear local cache
- -

- -→ Local cache cannot be cleard, check the localStorage and localStorageOptions or file permissions -

-
Status module can not be loaded without localStorage parameter
- -

- -→ You tried to activate Status module without localStorage. Configure local cache first. -

-
No configuration found
- -

- -→ The configuration cannot be loaded. Check configStorage and configStorageOptionsor file permissions. -

-
User rejected because VirtualHost XXXX has no configuration
- -

- -→ The specified virtual host was not configured in Manager. -

- -
- -

Lemonldap::NG::Manager

-
-
XXXX was not found in tree
- -

- -→ The specified node is not the uploaded tree. -

- -
- -

Lemonldap::NG::Portal

-
-
User XXXX was not granted to open session
- -

- -→ Check grantSessionRule parameter. -

-
XML menu configuration is deprecated. Please use lmMigrateConfFiles2ini to migrate your menu configuration
- -

- -→ You do not use the new configuration syntax for application list. XML file is no more accepted. -

-
Apache is not configured to authenticate users !
- -

- -→ You use the Apache authentication backend, but Apache is not or bad configured (no REMOTE_USER send to LemonLDAP::NG). -

-
URL contains a non protected host
- -

- -→ The host is not known by LemonLDAP::NG. Add it to trustedDomains (or set * in trustedDomains to accept all). -

-
XSS attack detected
- -

- -→ Some URL parameters contain forbidden characters. -

- -
-
\ No newline at end of file diff --git a/build/lemonldap-ng/doc/pages/documentation/latest/installdeb.html b/build/lemonldap-ng/doc/pages/documentation/latest/installdeb.html deleted file mode 100644 index 97c5ab7e0..000000000 --- a/build/lemonldap-ng/doc/pages/documentation/latest/installdeb.html +++ /dev/null @@ -1,118 +0,0 @@ - - - - - - - - - - - - - - - - - -
- - - - -

Installation on Debian/Ubuntu with packages

-
- -
- -

Get the packages

-
- -

- -If you run Debian testing or unstable, the LemonLDAP::NG packages are directly installable: - -

-
-# apt-cache search lemonldap-ng
-
- -

-

Packages from Debian repository may not be up to date. Prefer installing Debian packages downloaded from this site. -

-

- -
- -

Build your package

-
- -

- -You can also get the LemonLDAP::NG archive and make the package yourself: - -

-
-$ tar xzf lemonldap-ng-*.tar.gz
-$ cd lemonldap-ng-*
-$ debuild
-
- -
- -

Install packages with apt-get

-
-
-# apt-get install apache2 lemonldap-ng
-
- -
- -

Install packages with dpkg

-
- -

- -Before installing the packages, install dependencies. -

- -

-Then: - -

-
-# dpkg -i liblemonldap-ng-* lemonldap-ng*
-
- -
- -

File location

-
-
    -
  • Configuration is in /etc/lemonldap-ng
    -
    • -
  • LemonLDAP::NG configuration (edited by the Manager) is in /var/lib/lemonldap-ng/conf/
    -
    • -
  • All Perl modules are in the VENDOR perl directory
    -
    • -
  • All Perl scripts/pages are in /var/lib/lemonldap-ng/
    -
    • -
  • All static content (examples, CSS, images, etc.) is in /usr/share/lemonldap-ng/
    -
    • -
- -
- -

Change default DNS domain

-
- -

- -By default, DNS domain is example.com. You can change it quick with a sed command. For example, we change it to ow2.org: -

-
# sed -i 's/example\.com/ow2.org/g' /etc/lemonldap-ng/* /var/lib/lemonldap-ng/conf/* /var/lib/lemonldap-ng/test/*
- -
-
\ No newline at end of file diff --git a/build/lemonldap-ng/doc/pages/documentation/latest/installrpm.html b/build/lemonldap-ng/doc/pages/documentation/latest/installrpm.html deleted file mode 100644 index 4f5663a5c..000000000 --- a/build/lemonldap-ng/doc/pages/documentation/latest/installrpm.html +++ /dev/null @@ -1,213 +0,0 @@ - - - - - - - - - - - - - - - - - -
- - - - -

Installation on RedHat/CentOS

-
- -
- -

RPMs organization

-
- -

- -LemonLDAP::NG provides many RPMs : -

-
    -
  • lemonldap-ng: meta-package, contains no file but dependencies on other packages
    -
    • -
  • lemonldap-ng-doc: contains HTML documentation and project docs (README, etc.)
    -
    • -
  • lemonldap-ng-conf: contains default configuration (DNS domain: example.com)
    -
    • -
  • lemonldap-ng-test: contains sample CGI test page
    -
    • -
  • lemonldap-ng-handler: contains Apache Handler implementation (agent)
    -
    • -
  • lemonldap-ng-manager: contains administration interface and session explorer
    -
    • -
  • lemonldap-ng-portal: contains authentication portal and menu
    -
    • -
  • perl-Lemonldap-NG-Common: CPAN - Shared modules
    -
    • -
  • perl-Lemonldap-NG-Handler: CPAN - Handler modules
    -
    • -
  • perl-Lemonldap-NG-Manager: CPAN - Manager modules
    -
    • -
  • perl-Lemonldap-NG-Portal: CPAN - Portal modules
    -
    • -
- -

-This schema shows the dependencies between modules: -

- -

- -

- -
- -

Get the packages

-
- -

- -For now, RPMS are only available on the Download page. -

- -
- -

Build your packages

-
- -

- -If you need it, you can rebuild RPMs: -

-
    -
  • Install rpm-build package
    -
    • -
  • Install all build dependencies (see BuildRequires in lemonldap-ng.spec)
    -
    • -
  • Put lemonldap-ng.spec in %_topdir/SPECS
    -
    • -
  • Put LemonLDAP::NG tarball in %_topdir/SOURCES
    -
    • -
  • Edit ~/.rpmmacros and set your build parameters (example for RHEL5):
    -
    • -
-
-%_topdir /home/user/build
-%dist .el5
-%rhel 5
-
-
    -
  • Go to %_topdir
    -
    • -
  • Build:
    -
    • -
-
-$ rpmbuild -ba SPECS/lemonldap-ng.spec
-
- -
- -

Package GPG signature

-
- -

-The GPG key can be downloaded here: rpm-gpg-key-ow2 -

- -

-Install it to trust RPMs: -

-
-# rpm --import rpm-gpg-key-ow2
-
- -
- -

Install packages with yum

-
- -

- -If the packages are stored in a yum repository: - -

-
-# yum install lemonldap-ng
-
- -

-You can also use yum on local RPMs file, to manage dependencies: - -

-
-# yum install lemonldap-ng-* perl-Lemonldap-NG-*
-
- -
- -

Install packages with rpm

-
- -

- -Before installing the packages, install dependencies. -

- -

-You have then to install all the downloaded packages: - -

-
-# rpm -Uvh lemonldap-ng-* perl-Lemonldap-NG-*
-
- -
- -

Install just one component

-
- -

- -You can choose to install only one component by choosing the package lemonldap-ng-portal, lemonldap-ng-handler or lemonldap-ng-manager. Install the package lemonldap-ng-conf only on the server which stores configuration. -

- -
- -

File location

-
-
    -
  • Configuration is in /etc/lemonldap-ng
    -
    • -
  • LemonLDAP::NG configuration (edited by the Manager) is in /var/lib/lemonldap-ng/conf/
    -
    • -
  • All Perl modules are in the VENDOR perl directory
    -
    • -
  • All Perl scripts/pages are in /var/lib/lemonldap-ng/
    -
    • -
  • All static content (examples, CSS, images, etc.) is in /usr/share/lemonldap-ng/
    -
    • -
- -
- -

Change default DNS domain

-
- -

- -By default, DNS domain is example.com. You can change it quick with a sed command. For example, we change it to ow2.org: -

-
-# sed -i 's/example\.com/ow2.org/g' /etc/lemonldap-ng/* /var/lib/lemonldap-ng/conf/lmConf-1 /var/lib/lemonldap-ng/test/index.pl
-
- -
-
\ No newline at end of file diff --git a/build/lemonldap-ng/doc/pages/documentation/latest/installtarball.html b/build/lemonldap-ng/doc/pages/documentation/latest/installtarball.html deleted file mode 100644 index 8a147b25e..000000000 --- a/build/lemonldap-ng/doc/pages/documentation/latest/installtarball.html +++ /dev/null @@ -1,202 +0,0 @@ - - - - - - - - - - - - - - - - - -
- - - - -

Installation from the tarball

-
- -
- -

Get the tarball

-
- -

- -Get the tarball from download page. You can also find on this page the SVN tarball if you want to test latest features. -

- -

-

The content of the SVN tarball is not the same as the official tarball. Please see the next chapter to learn how build an official tarball from SVN files. -

-

- -
- -

Build the tarball from SVN

-
- -

- -Either checkout or export the SVN repository, or extract the SVN tarball to get the SVN files on your disk. -

- -

-Then go to build directory: - -

-
-$ cd trunk/build/lemonldap-ng
-
- -

-And run the “dist” target: - -

-
-$ make dist
-
- -

-The generated tarball is in the current directory. -

- -
- -

Extraction

-
- -

- -Just run the tar command: - -

-
-$ tar zxvf lemonldap-ng-*.tar.gz
-
- -
- -

Installation

-
- -

- -First check and install the prerequisites. -

- -

-For full install: -

-
-$ cd lemonldap-ng-*
-$ make
-$ make configure
-$ make test
-$ sudo make install
-
- -

-You can modify location of default storage configuration file in configure target: - -

-
-$ sudo make configure STORAGECONFFILE=/etc/lemonldap-ng/lemonldap-ng.ini
-
- -

-You can choose other Makefile targets: -

-
    -
  • Perl libraries install :
    -
      -
    • install_libs (all Perl libraries)
      -
      • -
    • install_portal_libs
      -
      • -
    • install_manager_libs
      -
      • -
    • install_handler_libs
      -
      • -
    -
    • -
  • Binaries install :
    -
      -
    • install_bin (/usr/local/lemonldap-ng/bin)
      -
      • -
    -
    • -
  • Web sites install :
    -
      -
    • install_site (all sites including install_doc_site)
      -
      • -
    • install_portal_site (/usr/local/lemonldap-ng/htdocs/portal)
      -
      • -
    • install_manager_site (/usr/local/lemonldap-ng/htdocs/manager)
      -
      • -
    • install_handler_site (/usr/local/lemonldap-ng/handler)
      -
      • -
    -
    • -
  • Documentation install :
    -
      -
    • install_doc_site (/usr/local/lemonldap-ng/htdocs/doc)
      -
      • -
    • install_examples_site (/usr/local/lemonldap-ng/examples)
      -
      • -
    -
    • -
- -

- -You can also pass parameters to the make install command, with this syntax: - -

-
-$ sudo make install PARAM=VALUE PARAM=VALUE ...
-
- -

-Available parameters are: -

-
    -
  • ERASECONFIG: set to 0 if you want to keep your configuration files (default: 1)
    -
    • -
  • DESTDIR: only for packaging, install the product in a jailroot (default: ””)
    -
    • -
  • PREFIX: installation directory (default: /usr/local)
    -
    • -
  • STORAGECONFFILE: location of default storage configuration file (default: /usr/local/lemonldap-ng/etc/lemonldap-ng.ini)
    -
    • -
  • CRONDIR: Cronfile directory (default: $PREFIX/etc/lemonldap-ng/cron.d)
    -
    • -
  • APACHEUSER: user running Apache
    -
    • -
  • APACHEGROUP: group running Apache
    -
    • -
  • DNSDOMAIN: Main DNS domain (default: example.com)
    -
    • -
  • LDAPHOST: LDAP server (default: localhost)
    -
    • -
  • LDAPPORT: LDAP port (default: 389)
    -
    • -
  • LDAPSUFFIX: LDAP suffix (default: dc=example,dc=com)
    -
    • -
  • APACHEVERSION: Apache major version (default: 2)
    -
    • -
  • VHOSTLISTEN: how listen parameter is configured for virtual hosts in Apache (default: \*:80)
    -
    • -
- -
-
\ No newline at end of file diff --git a/build/lemonldap-ng/doc/pages/documentation/latest/logs.html b/build/lemonldap-ng/doc/pages/documentation/latest/logs.html deleted file mode 100644 index a22214fc0..000000000 --- a/build/lemonldap-ng/doc/pages/documentation/latest/logs.html +++ /dev/null @@ -1,101 +0,0 @@ - - - - - - - - - - - - - - - - - -
- - - - -

Logs

-
- -
- -

Apache logging

-
- -

- -By default, LemonLDAP::NG uses Apache logs to store user actions and other messages: -

-
    -
  • Error log: all messages emitted by the program, depending on the configured log level
    -
    • -
  • Access log: the issuer of each request is identified
    -
    • -
- -

- -The log level can be set with Apache LogLevel parameter. It can be configured globally, or inside a virtual host. -

- -

-See http://httpd.apache.org/docs/2.2/mod/core.html#loglevel for more information. -

- -

-To configure the user identifier in access log, go in Manager, General Parameters > Logging > REMOTE_USER. -

- -
- -

Syslog

-
- -

- -LemonLDAP::NG can also use syslog (only for user actions). -

- -

-In Manager, set syslog facility in General Parameters > Logging > Syslog facility. -

- -

-The messages are stored with the facilities : -

-
    -
  • info for user actions
    -
    • -
  • notice for good authentications or external exchange (SAML, OpenID,…)
    -
    • -
  • warn for failed authentications
    -
    • -
- -
- -

Override logging functions

-
- -

- -You can customize logs by redefining userNotice() and userError() methods, directly in lemonldap-ng.ini -

- -

-Example: -

-
[portal]
-userError = sub { my ($self, $message) = @_; ... }
-userNotice = sub { my ($self, $message) = @_; ... }
- -
-
\ No newline at end of file diff --git a/build/lemonldap-ng/doc/pages/documentation/latest/parameterlist.html b/build/lemonldap-ng/doc/pages/documentation/latest/parameterlist.html deleted file mode 100644 index ff7a7f21d..000000000 --- a/build/lemonldap-ng/doc/pages/documentation/latest/parameterlist.html +++ /dev/null @@ -1,462 +0,0 @@ - - - - - - - - - - - - - - - - - -
- - - - -

Parameter list

-
- -

- -

-Click on a column header to sort table. -The attribute key name can be used directly in lemonldap-ng.ini or in Perl scripts to override configuration parameters (see configuration location). - -

-

- -

-

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Full name Key name Portal Handler Manager
Authentication backend authentication
User backend userDB
Password backend passwordDB
Session backend globalStorage
Session backend options globalStorageOptions
SAML Session backend samlStorage
SAML Session backend options samlStorageOptions
CAS Session backend casStorage
CAS Session backend options casStorageOptions
Configuration backend configStorage
Cache backend localStorage
Cache backend options localStorageOptions
Notification backend notificationStorage
Notification backend options notificationStorageOptions
Remote user whatToTrace
Custom functions customFunctions
Headers sent exportedHeaders
Access rules locationRules
Portal URL portal
Name of the cookie cookieName
Main DNS domain domain
CDA activation cda
Cookie security securedCookie
Cookie expiration cookieExpiration
Attributes from user backend exportedVars
Local groups groups
Macros macros
Session lifetime for cronjob timeout
Syslog facility syslog
SOAP activation Soap
Attributes exported in SOAP exportedAttr
Store password in session storePassword
Notification activation notification
Trusted domains trustedDomains
Rule for session granting grantSessionRule
Status module status
Force HTTPS in redirection https
Force port in redirection port
Protection scheme protection
Use XForwardedFor for IP useXForwardedForIP
Multi values separator multiValuesSeparator
SMTP server SMTPServer
Mail From address mailFrom
Regular expression for random password randomPasswordRegexp
Subject for password mail mailSubject
Body for password mail mailBody
Subject for confirmation mail mailConfirmSubject
Body for confirmation mail mailConfirmBody
URL for mail reset mailUrl
Skin name portalSkin
Display logout module portalDisplayLogout
Display reset password form portalDisplayResetPassword
Display change password module portalDisplayChangePassword
Display applications list portalDisplayAppslist
Allow form autocompletion portalAutocomplete
Require old password (change) portalRequireOldPassword
User name session field portalUserAttr
Open links in new window portalOpenLinkInNewWindow
Anti frame protection portalAntiFrame
Delete other session singleSession
Delete other session if IP differs singleIP
Do not allow several users for 1 IP singleUserByIP
Display other sessions notifyOther
Display deleted sessions notifyDeleted
LDAP server or Net::LDAP connexion string ldapServer
LDAP Port ldapPort
LDAP search base ldapBase
LDAP Bind DN managerDn
LDAP Bind Password managerPassword
LDAP main search filter LDAPFilter
LDAP authentication search filter AuthLDAPFilter
LDAP mail search filter mailLDAPFilter
LDAP password policy control ldapPpolicyControl
LDAP extended SetPassword modify ldapSetPassword
LDAP groups base ldapGroupBase
LDAP groups objectClass ldapGroupObjectClass
LDAP groups member attribute ldapGroupAttributeName
LDAP groups member link value ldapGroupAttributeNameUser
LDAP groups name attribute ldapGroupAttributeNameSearch
LDAP activate recursive groups ldapGroupRecursive
LDAP group link attribute name ldapGroupAttributeNameGroup
LDAP change password as user ldapChangePasswordAsUser
LDAP password encoding ldapPwdEnc
LDAP timeout ldapTimeout
LDAP version ldapVersion
LDAP binary attributes ldapRaw
LDAP authentication level ldapAuthnLevel
DBI Connection chain dbiAuthChain
DBI Connection user dbiAuthUser
DBI Connection password dbiAuthPassword
DBI Authentication table dbiAuthTable
DBI Login column dbiAuthLoginCol
DBI Password column dbiAuthPasswordCol
DBI Password hash dbiAuthPasswordHash
DBI UserDB connection chain dbiUserChain
DBI UserDB connection user dbiUserUser
DBI UserDB connection password dbiUserPassword
DBI UserDB table dbiUserTable
DBI Mail column dbiPasswordMailCol
DBI Pivot from user table userPivot
DBI authentication level dbiAuthnLevel
SSL user field in certificate SSLVar
SSL map with LDAP attribute SSLLDAPField
SSL force SSL authentication SSLRequire
SSL authentication level SSLAuthnLevel
CAS server URL CAS_url
CAS CA file CAS_CAFile
CAS force authentication renewal CAS_renew
CAS force gateway authentication CAS_gateway
CAS PGT temporary file CAS_pgtFile
CAS proxied services CAS_proxiedServices
CAS authentication level CAS_authnLevel
Remote portal remotePortal
Remote Session backend remoteGlobalStorage
Remote Session backend options remoteGlobalStorageOptions
Remote cookie name remoteCookieName
Proxy portal URL soapAuthService
Proxy cookie name remoteCookieName
Proxy session SOAP end point soapSessionService
Twitter application key twitterKey
Twitter application secret twitterSecret
Twitter application name twitterAppName
Twitter authentication level twitterAuthnLevel
OpenID secret token openIdSecret
OpenID allowed domains openIdIDPList
OpenID authentication level openIdAuthnLevel
Apache authentication level apacheAuthnLevel
Null authentication level nullAuthnLevel
Choice URL parameter authChoiceParam
Choice modules authChoiceModules
Multi overridden parameters multi
Zimbra preauthentication key zimbraPreAuthKey
Zimbra account session key zimbraAccountKey
Zimbra account type zimbraBy
Zimbra preauthentication URL zimbraUr
Zimbra local SSO URL pattern zimbraSsoUrl
Sympa shared secret sympaSecret
Sympa mail session key sympaMailKey
-
- -

- -
-
\ No newline at end of file diff --git a/build/lemonldap-ng/doc/pages/documentation/latest/portalcustom.html b/build/lemonldap-ng/doc/pages/documentation/latest/portalcustom.html deleted file mode 100644 index 7645446af..000000000 --- a/build/lemonldap-ng/doc/pages/documentation/latest/portalcustom.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - - - - - - - - - -
- - - - -

Portal customization

-
- -

- -

The portal is the visible part of LemonLDAP::NG, all user interactions are displayed on it. -

-

- -
- -

Skin

-
- -

- -LemonLDAP::NG is shipped with 3 skins: -

-
    -
  • pastel
    -
    • -
  • impact
    -
    • -
  • dark
    -
    • -
- -

- -You can change the skin in Manager: General Parameters > Portal > Customization > Skin. -

- -
- -

Skin files

-
- -

- -A skin is composed of different files: -

-
    -
  • .tpl: Perl HTML::Template files, for HTML content
    -
    • -
  • .css: CSS (styles)
    -
    • -
  • .js: Javascript
    -
    • -
  • images and other media files
    -
    • -
- -

- -A skin will often refer to the common skin, which is not a real skin, but shared skin objects (like scripts, images and CSS). -

- -
- -

Skin customization

-
- -

- -

If you modify directly the skin files, your modifications will certainly be erased on the next upgrade. -

-

- -

-To customize a skin, the simplest way is to create a new skin folder: - -

-
-$ cd portal/skins
-$ mkdir myskin
-$ mkdir myskin/css
-$ mkdir myskin/images
-
- -

-Then create symbolic links on template files, as you might not want to rewrite all HTML code (else, do as you want). - -

-
-$ cd myskin
-$ ln -s ../pastel/*.tpl .
-
- -

-Then you only have to write myskin/css/styles.css and add your media to myskin/images. -

- -

-As your skin is not registered in Manager, configure it trough lemonldap-ng.ini: - -

-
[portal]
-portalSkin = myskin
- -
- -

Other parameters

-
-
    -
  • Reset password: display a link to reset a password (for password based authentication backends)
    -
    • -
  • Auto complete: allow the browser to remember the password (for password based authentication backends)
    -
    • -
  • Require old password: used only in the password changing module of the menu, will check the old password before updating it
    -
    • -
  • User attribute: which session attribute will be used to display Connected as in the menu
    -
    • -
  • New window: open menu links in new window
    -
    • -
  • Anti iframe protection: will kill parent frames to avoid some well known attacks
    -
    • -
- -

- -

If you enable auto completion, authentication level will be decreased (-1) as you do not ask the user to type its password (it could be in browser passwords wallet). -

- -

- -
-
\ No newline at end of file diff --git a/build/lemonldap-ng/doc/pages/documentation/latest/portalmenu.html b/build/lemonldap-ng/doc/pages/documentation/latest/portalmenu.html deleted file mode 100644 index 73473e6c9..000000000 --- a/build/lemonldap-ng/doc/pages/documentation/latest/portalmenu.html +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - -
- - - - -

Portal menu

-
- -

- -

The menu is displayed if authentication is successful. -

-

- -
- -

Menu modules

-
- -

- -LemonLDAP::NG portal menu has 3 modules: -

-
    -
  • Application list: display categories and applications allowed for the user
    -
    • -
  • Password change: form to change the password
    -
    • -
  • Logout: logout button
    -
    • -
- -

- -Each module can be activated trough a rule, using user session information. These rules can be set trough Manager: General Parameters > Portal > Menu > Modules activation. -

- -

-You can use 0 or 1 to disable/enable the module, or use a more complex rule. For example, to display the password change form only for user authenticated trough LDAP or DBI: -

-
$_auth eq LDAP or $_auth eq DBI
- -
- -

Categories and applications

-
- -

- -Configuring the virtual hosts is not sufficient to display an application in the menu. Indeed, a virtual host can contain several applications (http://vhost.example.com/appli1, http://vhost.example.com/appli2). -

- -

-In Manager, you can configure categories and applications in General Parameters > Portal > Menu > Categories and applications. -

- -

-Category parameters: -

-
    -
  • Key: category identifier
    -
    • -
  • Name: display text
    -
    • -
- -

- -Application parameters: -

-
    -
  • Key: application identifier
    -
    • -
  • Name: display text
    -
    • -
  • Address: URL of application
    -
    • -
  • Description
    -
    • -
  • Logo: file name to use as logo (should be in portal application logos directory)
    -
    • -
  • Display:
    -
      -
    • auto: display only if the user can access it
      -
      • -
    • on: always display
      -
      • -
    • off: never display
      -
      • -
    -
    • -
- -

- -

Category and application key can have a digit as first character, which will allow to display categories in the right order (categories and applications are displayed in alphabetical order). -

-

- -
-
\ No newline at end of file diff --git a/build/lemonldap-ng/doc/pages/documentation/latest/prereq.html b/build/lemonldap-ng/doc/pages/documentation/latest/prereq.html deleted file mode 100644 index dfec3d15b..000000000 --- a/build/lemonldap-ng/doc/pages/documentation/latest/prereq.html +++ /dev/null @@ -1,218 +0,0 @@ - - - - - - - - - - - - - - - - - -
- - - - -

Prerequisites and dependencies

-
- -
- -

Apache

-
- -

- -To use LemonLDAP::NG, you have to run an Apache -server compiled with mod-perl (version 1.3 or 2.x). -

- -

-

In most of cases, the version of Apache proposed with your Linux distribution match, but some distributions used an experimental version of mod_perl with Apache2 (mod_perl-1.99) which does not work with LemonLDAP::NG. With such distributions (like Debian-3.1), you have to use Apache-1.3 or to use a mod_perl backport (www.backports.org package for Debian works fine). -

-

- -

-For Apache2, you can use both mpm-worker and mpm-prefork. Mpm-worker works faster and LemonLDAP::NG use the thread system for best performance. If you have to use mpm-prefork (for example if you use PHP), LemonLDAP::NG will work anyway. -

- -

-You can use LemonLDAP::NG in an heterogeneous world: the authentication portal and the manager can work in any version of Apache 1.3 or more even if mod_perl is not compiled, with ModPerl::Registry or not… Only the handler -need mod_perl. The different handlers can run on different servers with -different versions of Apache/mod_perl. -

- -
- -

Perl

-
- -

- -

Here is the list of Perl modules used in LemonLDAP::NG. Core modules must be installed on the system. Other modules must be installed only if you planned to use the related feature. -

-

- -
- -

Core

-
-
    -
  • Apache::Session
    -
    • -
  • Net::LDAP
    -
    • -
  • MIME::Base64
    -
    • -
  • CGI
    -
    • -
  • LWP::UserAgent
    -
    • -
  • Cache::Cache
    -
    • -
  • DBI
    -
    • -
  • XML::Simple
    -
    • -
  • CGI::Session
    -
    • -
  • Regexp::Assemble
    -
    • -
  • XML::LibXML
    -
    • -
  • Crypt::Rijndael
    -
    • -
  • IO::String
    -
    • -
  • XML::LibXSLT
    -
    • -
  • HTML::Template
    -
    • -
  • SOAP::Lite
    -
    • -
  • Config::IniFiles
    -
    • -
  • JSON
    -
    • -
  • Digest::HMAC
    -
    • -
- -
- -

Reset password by mail

-
-
    -
  • String::Random
    -
    • -
  • MIME::Lite
    -
    • -
  • Email::Date::Format
    -
    • -
- -
- -

SAML2

-
-
    -
  • Lasso
    -
    • -
  • GLib
    -
    • -
  • Crypt::OpenSSL::RSA
    -
    • -
  • Convert::PEM
    -
    • -
- -
- -

CAS

-
- - -
- -

OpenID

-
-
    -
  • Net::OpenID::Consumer > 1.00
    -
    • -
  • Net::OpenID::Server > 1.00
    -
    • -
- -
- -

Twitter

-
-
    -
  • Net::Twitter
    -
    • -
- -
- -

POD unit tests

-
-
    -
  • Test::POD
    -
    • -
- -
- -

Other

-
-
    -
  • Jquery (javascript framework) is included in tarball and RPMs, but is a dependency on Debian
    -
    • -
- -
- -

Install dependencies on your system

-
- -
- -

APT-GET

-
-
-# apt-get install apache2 libapache2-mod-perl2 libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl  libsoap-lite-perl libhtml-template-perl libregexp-assemble-perl libjs-jquery libxml-libxml-perl libcrypt-rijndael-perl libio-string-perl libxml-libxslt-perl libconfig-inifiles-perl libjson-perl libstring-random-perl libemail-date-format-perl libmime-lite-perl libcrypt-openssl-rsa-perl libdigest-hmac-perl
-
- -
- -

YUM

-
- -

- -Choose a repository which hosted Perl dependencies: -

- -
-# yum install httpd mod_perl perl-Apache-Session perl-LDAP perl-XML-SAX perl-XML-NamespaceSupport perl-HTML-Template perl-Regexp-Assemble perl-Error perl-IPC-ShareLite perl-Cache-Cache perl-FreezeThaw perl-XML-Simple perl-version perl-CGI-Session perl-DBD-Pg perl-XML-LibXML-Common perl-BSD-Resource perl-XML-LibXML perl-Crypt-Rijndael perl-IO-String perl-XML-LibXSLT perl-SOAP-Lite perl-Config-IniFiles perl-JSON perl-Digest-HMAC
-
- -
-
\ No newline at end of file diff --git a/build/lemonldap-ng/doc/pages/documentation/latest/ssocookie.html b/build/lemonldap-ng/doc/pages/documentation/latest/ssocookie.html deleted file mode 100644 index ae1da69b2..000000000 --- a/build/lemonldap-ng/doc/pages/documentation/latest/ssocookie.html +++ /dev/null @@ -1,105 +0,0 @@ - - - - - - - - - - - - - - - - - -
- - - - -

Single Sign On cookie, domain and portal URL

-
- -
- -

SSO cookie

-
- -

- -The SSO cookie is build by the portal (as described in the login kinematic), or by the Handler for cross domain authentication (see CDA kinematic). -

- -

-To edit SSO cookie parameters, go in Manager, General Parameters > Cookies: -

-
    -
  • Cookie name: name of the cookie, can be changed to avoid conflicts with other LemonLDAP::NG installations
    -
    • -
  • Domain: validity domain for the cookie (the cookie will not be sent on other domains)
    -
    • -
  • Multiple domains: enable cross domain mechanism (without this, you cannot extend SSO to other domains)
    -
    • -
  • Secured cookie: 3 options:
    -
      -
    • Non secured cookie: the cookie can be sent over HTTP and HTTPS connections
      -
      • -
    • Secured cookie: the cookie can only be sent over HTTPS
      -
      • -
    • Double cookie: two cookies are built, one for HTTP, the other for HTTPS
      -
      • -
    -
    • -
  • Cookie expiration time: by default, SSO cookie is a session cookie, which mean it will be destroyed when the browser is closed. You can change this behavior and set a cookie duration, for example:
    -
      -
    • +30s: 30 seconds from session creation
      -
      • -
    • +10m: ten minutes from session creation
      -
      • -
    • +1h: one hour from session creation
      -
      • -
    • +3M: three months from session creation
      -
      • -
    • +10y: ten years from session creation
      -
      • -
    • Thursday, 25-Apr-1999 00:40:33 GMT: at the indicated time and date (but this is probably a bad idea)
      -
      • -
    -
    • -
- -

- -

Changing the domain value will not update other configuration parameters, like virtual host names, portal URL, etc. You have to update them by yourself. -

-

- -
- -

Portal URL

-
- -

- -Portal URL is the address used to redirect users on the authentication portal by: -

-
    -
  • Handler: user is redirected if he has no SSO cookie (or in CDA mode)
    -
    • -
  • Portal: the portal redirect on itself in many cases (credentials POST, SAML, etc.)
    -
    • -
- -

- -

The portal URL must be inside SSO domain. If secured cookie is enabled, the portal URL must be HTTPS. -

-

- -
-
\ No newline at end of file diff --git a/build/lemonldap-ng/doc/pages/documentation/latest/start.html b/build/lemonldap-ng/doc/pages/documentation/latest/start.html deleted file mode 100644 index 650315d6c..000000000 --- a/build/lemonldap-ng/doc/pages/documentation/latest/start.html +++ /dev/null @@ -1,246 +0,0 @@ - - - - - - - - - - - - - - - - - -
- - - - -

Documentation for LemonLDAP::NG 1.0

-
- -
- -

Installation

-
- -

- - - -

- - -
- -

Configuration

-
- -
- -

First steps

-
- -

- - - -

- - -
- -

Portal

-
- -

- - - -

- - -

- -
- -

- -
- -

Authentication

-
- -

- - -

- -

-
- -
- -
- -
- -

- -
- -

Configuration

-
- -

- - -

- -

-
- -
- -
- -
- -

- -
- -

Sessions

-
- -

- - -

- -

-
- -
- -
- -
- -

- -
- -

Identity provider

-
- -

- - -

- -

-
- -
- -
- -
- -

- -
- -

Applications protection

-
- -

- - -

- -

-
- -
- -
- -
- -

- -
- -

Advanced features

-
- -

- - -

- -

-
- -
- -
- -
- -

- -
- -

Exploitation

-
- -

- - - -

- - -
-
\ No newline at end of file diff --git a/build/lemonldap-ng/doc/pages/documentation/latest/status.html b/build/lemonldap-ng/doc/pages/documentation/latest/status.html deleted file mode 100644 index 0bf379a5e..000000000 --- a/build/lemonldap-ng/doc/pages/documentation/latest/status.html +++ /dev/null @@ -1,114 +0,0 @@ - - - - - - - - - - - - - - - - - -
- - - - -

Handler Status

-
- -
- -

Presentation

-
- -

- -When status feature is activated, Handlers and portal will collect statistics and save them in their local cache. This means that if several Handlers are deployed, each will manage its own statistics. -

- -

-

-This page can be browsed for example by mrtg using the script lmng-mrtg - -

-

- -

-The statistics are collected trough a daemon launched by the Handler. It can be seen in system processes, for example: - -

-
-perl -MLemonldap::NG::Handler::Status -I/etc/perl -I/usr/local/lib/perl/5.10.1 -I/usr/local/share/perl/5.10.1 -I/usr/lib/perl5 -I/usr/share/perl5 -I/usr/lib/perl/5.10 -I/usr/share/perl/5.10 -I/usr/local/lib/site_perl -I. -I/etc/apache2 -e &Lemonldap::NG::Handler::Status::run(Cache::FileCache,{?          'cache_depth' => 5,?          'cache_root' => '/tmp',?          'directory_umask' => '007',?          'default_expires_in' => 600,?          'namespace' => 'MyNamespace'?        }?);
-
- -

-Statistics are displayed when calling the status path on an Handler (for example: http://test1.example.com/status). -

- -

-Example of status page: -

- -

- -

- -
- -

Configuration

-
- -
- -

Apache

-
- -

- -You need to give access to status path in the Handler Apache configuration: -

-
    # Uncomment this to activate status module
-    <Location /status>
-        Order deny,allow
-        Allow from 127.0.0.0/8
-        PerlHeaderParserHandler My::Package->status
-    </Location>
- -

-Then restart Apache. -

- -

-

You should change the Allow directive to match administration IP, or use another Apache protection mean. -

-

- -
- -

LemonLDAP::NG

-
- -

- -Edit lemonldap-ng.ini, and activate status in the handler section: -

-
[handler]
-# Set status to 1 if you want to have the report of activity (used for
-# example to inform MRTG)
-status = 1
- -

-Then restart Apache. -

- -
-
\ No newline at end of file diff --git a/build/lemonldap-ng/doc/pages/documentation/latest/upgrade.html b/build/lemonldap-ng/doc/pages/documentation/latest/upgrade.html deleted file mode 100644 index f5732c496..000000000 --- a/build/lemonldap-ng/doc/pages/documentation/latest/upgrade.html +++ /dev/null @@ -1,203 +0,0 @@ - - - - - - - - - - - - - - - - - -
- - - - -

Upgrade from 0.9.4 to 1.0

-
- -

- -

If you are using packages, they should have done the upgrade process for you, but you can check here that all is in order. -

-

- -
- -

Apache configuration

-
- -

- -Now LemonLDAP::NG is shipped with 3 Apache configuration files: -

-
    -
  • portal-apache2.conf: portal virtual host
    -
    • -
  • manager-apache2.conf: manager virtual host
    -
    • -
  • handler-apache2.conf: handler declaration and protected application virtual hosts
    -
    • -
- -

- -

If you are still using Apache 1, those files are named portal-apache.conf, manager-apache.conf, handler-apache.conf, but some features will not work (automatic post,…). -

-

- -

-You need to update these files with all your Apache configuration customization. -

- -
- -

LemonLDAP::NG configuration files

-
- -

- -LemonLDAP::NG 0.9.4 used local files for some settings: -

-
    -
  • apply.conf: URI used by Manager to apply changes
    -
    • -
  • storage.conf: Configuration location and Cache settings
    -
    • -
  • apps-list.xml: Application menu
    -
    • -
- -

- -Those file are not used anymore, and merged into lemonldap-ng.ini. -

- -

-There is a script in the bin/ directory called lmMigrateConfFiles2ini designed to parse old configuration files and copy parameters in the new file. -

- -

-Script options: -

-
    -
  • --dir,-d: path to main configuration directory (default: /etc/lemonldap-ng)
    -
    • -
  • --storage,-s: path to storage.conf (if not stored in conf dir)
    -
    • -
  • --apply,-a: path to apply.conf (if not stored in conf dir)
    -
    • -
  • --menuxml,-m: path to apps-list.xml (if not stored in conf dir)
    -
    • -
  • --ini,-i: path to lemonldap-ng.ini (if not stored in conf dir)
    -
    • -
  • --preserve,-p: do not erase old files after import
    -
    • -
  • --help,-h: show this message
    -
    • -
  • --verbose,-v: let me tell you my life
    -
    • -
- -

- -Here is how you can use it, if you installed LemonLDAP::NG from the tarball in the /usr/local/lemonldap-ng directory: - -

-
-$ sudo /usr/local/lemonldap-ng/bin/lmMigrateConfFiles2ini -d /usr/local/lemonldap-ng/etc -v -p
-
- -

-Remove the -p options if you want to delete old files. -

- -

-

The migration of application list in ini file will work, but it will then be hard to update. You should use the Manager and reconfigure all categories and applications trough it, and then comment application list in ini file. -

-

- -
- -

Customized scripts parameters

-
- -

- -Before 1.0, we used to override some configuration parameters by editing perl scripts (like portal/index.pl) and setting values like this : -

-
my $portal = Lemonldap::NG::Portal::SharedConf->new( {
-    portal => 'auth.example.com',
-    cookieName => 'lemonldap',
-    ldapPort => '390',
-} );
- -

-The new lemonldap-ng.ini file should be now used to do this, as perl scripts are program files that are erased on software updates. You have to know too that all configuration parameters are now available in Manager interface. -

- -

-If you still need to customize those program files, please prefer to copy them: - -

-
-# cp portal/index.pl portal/indexcustom.pl
-
- -

-And declare your custom file in Apache configuration - -

-
DirectoryIndex indexcustom.pl
- -

-This will prevent your local modifications to be dropped when you will update your LemonLDAP::NG version. -

- -
- -

Liberty Alliance portal

-
- -

- -Liberty Alliance portal was removed. So ID-FF authentication is no more supported. -

- -

-To replace it, LemonLDAP::NG has now SAML2 authentication backend. -

- -
- -

DBI configuration backend

-
- -

- -DBI configuration has been removed. You now have two choices to store configuration in a database: -

-
    -
  • RDBI
    -
    • -
  • CDBI
    -
    • -
- -

- -FIXME add links to RDBI and CDBI conf - -

- -
-
\ No newline at end of file