Table of Contents

Documentation for LemonLDAP::NG 2.0

Installation

Before installation

Installation

After installation

Configuration

First steps

Portal

Authentication, users and password databases

Official Backends Authentication Users Password
Active Directory
Apache (Kerberos, NTLM, OTP, ...)
CAS
Databases (DBI)
Demonstration
Facebook
LDAP
Null
OpenID Connect
PAM
Proxy LL::NG
Radius
REST
SAML 2.0 / Shibboleth
Slave
SSL
Twitter
WebID
Yubikey
Custom modules
Combo Backends Authentication Users Password
Choice by users
Combination of auth schemes
Multiple backends stack Deprecated, replaced by Combination
Obsolete Backends Authentication Users Password
OpenID
Remote LL::NG
Second factor Authentication
U2F
External Second Factor

Configuration database

LL::NG needs a storage system to store its own configuration (managed by the manager). Choose one of the following:

Backend Shareable Comment
File (JSON) Not shareable between servers except if used in conjunction with SOAP or with a shared file system (NFS,…). Selected by default during installation.
SQL (RDBI/CDBI)
LDAP
MongoDB
SOAP Proxy backend to be used in conjunction with another configuration backend.
Can be used to secure another backend for remote servers.
You can not start with an empty configuration, so read how to change configuration backend to convert your existing configuration into another one.

Sessions database

Sessions are stored using Apache::Session modules family. All Apache::Session style modules are useable except for some features.

Backend Shareable Session explorer Session restrictions Session expiration Comment
File Not shareable between servers except if used in conjunction with SOAP session backend or with a shared file system (NFS,…). Selected by default during installation.
SQL Unoptimized for session explorer and single session features.
LDAP
Redis The faster. Must be secured by network access control.
MongoDB Must be secured by network access control.
Browseable (SQL, Redis or LDAP) Optimized for session explorer and single session features.
REST Proxy backend to be used in conjunction with another session backend.
Can be used to secure another backend for remote servers.
SOAP Proxy backend to be used in conjunction with another session backend.
Can be used to secure another backend for remote servers.

Identity provider

Applications protection

Well known compatible applications

Here is a list of well known applications that are compatible with LL::NG. A full list is available on vendor applications page.

ADFS

Alfresco

Bugzilla

Dokuwiki

Drupal

GLPI

Liferay

Mediawiki

NextCloud

simpleSAMLphp

Zimbra

Advanced features

Mini howtos

Exploitation

Developer corner

To develop an handler, see:

To develop a portal plugin, see manpages:

To add a new language (XX must be replace by your language code):

To translate this doc (Manager help):