This plugin allows certain users to assume the identity of another user. A privileged user first logs in with its real account and can then choose another profile to appear as. This feature can be especially useful for training/learning or development platforms.
Just enable it in the Manager (section “plugins”) by setting a rule. Impersonation can be allowed or denied for specific users. Furthermore, specific identities like administrators or anonymous users can be protected from being impersonated.
separator
is used. By example : su; admins; anonymous
Set a macro like this :
_whatToTrace -> $real__user ? "$real__user/$_user" : "$_user/$_user"
and set Genaral Parameters > Logs > REMOTE_USER
with _whatToTrace
By example : $real_uid eq 'dwho
' or $real_groups =~ /\bsu\b/
Keep in mind that real session is computed first. Afterward, if access is granted, impersonated session is computed with real and spoofed session attributes if Impersonation is allowed.
$uid ne 'dwho'
impersonationPrefix is used to rename user's real profile attributes. You can set real attributes prefix ('real_' by default) by editing lemonldap-ng.ini
in section [portal]:
[portal] impersonationPrefix = real_