Upgrade from 1.4 to 1.9

JSON serialization

From now, LemonLDAP::NG uses JSON serialization to store configuration and sessions instead of Storable::nfreeze Perl function. This permits to have heterogenous servers connected to the same LL::NG organization (32/64 bits or different Perl versions). Old format still works but:

configuration backends: new format is applied at first configuration save,
sessions storages: new format is applied for each new session or when updating an existing session. You can force LemonLDAP::NG to keep the old serialization method by setting useStorable to 1 in sessions backend options if you have some custom hooks.

If you have more than one server and don't want to stop the SSO service, start upgrading in the following order:

servers that have only handlers;
portal servers (all together if your load balancer doesn't keep state by user or client IP and if users use the menu);
manager server

Portal autocomplete configuration

Modern browsers do not take into account the autocomplete attribute in password fields anymore. This means even if you don't want users to remember the password, the browser will still propose it.

As it was not used anymore, this option is now removed. See https://jira.ow2.org/browse/LEMONLDAP-824 for more details.

Support for CentOS/RHEL 5 and CentOS/RHEL 6 dropped

Due to a too old Perl version and some missing modules, LL::NG is no more available for CentOS/RHEL 5 and 6. You need CentOS/RHEL 7 or a Debian based box to run this version of LL::NG.

Manager components protection

You can no more set up a different protection parameter for sessions explorer and configuration management. The protection is used for all components, but can use access rules to manage authorizations between configuration, notifications and sessions:

^/(manager\.html|conf/) => $uid eq "dwho"
default => $uid eq "dwho" or $uid eq "rtyler"

AJAX unauthenticated requests in handler

To request for authentication, handlers sent a 302 HTTP code, then portal sent the HTML form even if request was an Ajax one. From now, after being redirected by the Handler, a 401 code will be sent by the portal with a WWW-Authenticate header containing “SSO <portal-URL>”. This is a little HTTP protocol hook created because browsers follow redirection transparently and we have to respond to JSON queries by JSON.

If you want to keep old behavior, set noAjaxHook to 1 (in General Parameters → Advanced → Portal redirections → Keep redirections for Ajax).

Persistent sessions

Persistent sessions have a new attributes:

_session_uid: real user identifier
_utime: creation timestamp

These attributes allow to browse them in the sessions explorer. Old persistent sessions will automatically get these new attributes at user connexion.

Multi backend

The Multi backend configuration has changed. Now the stacks are defined in separate attributes:

multiAuthStack
multiUserDBStack

So an old configuration like this:

authentication = Multi LDAP;DBI
userDB = Multi LDAP;DBI

Must be replaced by:

authentication = Multi
userDB = Multi
multiAuthStack = LDAP;DBI
multiUserDBStack = LDAP;DBI

Specific Handler

Handler API has changed and specific Handlers have been rewritten. They still work but their configuration must be set in lemonldap-ng.ini file instead of Manager. More details:

Note that some specific Handlers have been removed, you will not be able to use them anymore:

Sympa AutoLogin
UpdateCookie
Proxy interne