dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lemonldap-ng/build/lemonldap-ng/doc/advanced-install.html

378 lines
11 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 1 September 2005), see www.w3.org" />
<title>FAQ LEMONLDAP::NG</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HADVANCEDINSTALLATION">ADVANCED
INSTALLATION</span></h2>
<p class="paragraph"></p><strong class="strong">Warning:</strong> This
document is written for people who know Lemonldap::NG. For other people,
it is recommended to build the <span class="wikilink"><a href=
"/xwiki/bin/view/NG/DocInstallExample">example</a></span> provided in the
source and next to adapt it to local installation.
<p class="paragraph"></p>
<ul>
<li>
<a href="#HPREREQ">PREREQ</a>
<ul>
<li><a href="#HApache">Apache</a></li>
<li><a href="#HPerlprereq">Perl prereq</a></li>
</ul>
</li>
<li><a href="#HSOFTWAREINSTALLATION">SOFTWARE INSTALLATION</a></li>
<li>
<a href="#HLEMONLDAPINSTALLATION">LEMONLDAP INSTALLATION</a>
<ul>
<li>
<a href="#HDatabaseconfiguration">Database configuration</a>
<ul>
<li><a href=
"#HLemonldap3A3ANGConfigurationdatabase">Lemonldap::NG
Configuration database</a></li>
<li><a href="#HApache3A3ASessiondatabase">Apache::Session
database</a></li>
</ul>
</li>
<li><a href="#HManagerconfiguration">Manager configuration</a></li>
<li>
<a href="#HConfigurationedition">Configuration edition</a>
<ul>
<li><a href="#HGeneralparameters">General parameters</a></li>
<li><a href="#HUsergroups">User groups</a></li>
<li><a href="#HVirtualhosts">Virtual hosts</a></li>
</ul>
</li>
</ul>
</li>
</ul>
<h3 class="heading-1-1"><span id="HPREREQ">PREREQ</span></h3>
<h4 class="heading-1-1-1"><span id="HApache">Apache</span></h4>
<p class="paragraph"></p>To use Lemonldap::NG, you have to run a LDAP
server and of course an Apache server compiled with mod-perl (version 1.3
or 2.x). Generaly, the version of Apache proposed with your Linux
distribution match, but some distributions used an experimental version of
mod_perl with Apache2 (mod_perl-1.99) which does not work with
Lemonldap::NG. With such distributions (like Debian-3.1), you have to use
Apache-1.3 or to use a mod_perl backport (www.backports.org package for
Debian works fine).
<p class="paragraph"></p>For Apache2, you can use both mpm-worker and
mpm-prefork. Mpm-worker works faster and Lemonldap::NG use the thread
system for best performance. If you have to use mpm-prefork (for example
if you use PHP), Lemonldap::NG will work anyway.
<p class="paragraph"></p>You can use Lemonldap::NG in an heterogene world:
the authentication portal and the manager can work in any version of
Apache 1.3 or more even if mod_perl is not compiled, with
ModPerl::Registry or not&hellip; Only the handler (site protector) need
mod_perl. The different handlers can run on different servers with
different versions of Apache/mod_perl.
<h4 class="heading-1-1-1"><span id="HPerlprereq">Perl prereq</span></h4>
<p class="paragraph"></p>Perl modules: Apache::Session, Net::LDAP,
MIME::Base64, CGI, LWP::UserAgent, Cache::Cache, DBI, XML::Simple
<p class="paragraph"></p>With Debian:
<p class="paragraph"></p>
<div class="code">
<pre>
apt-get install libapache-session-perl libnet-ldap-perl libcache-cache-perl &#13;
libdbi-perl perl-modules libwww-perl libcache-cache-perl &#13;
libxml-simple-perl
</pre>
</div>
<p class="paragraph"></p>Portal:
<p class="paragraph"></p>Apache::Session, Net::LDAP, MIME::Base64, CGI,
DBI
<p class="paragraph"></p>With Debian:
<p class="paragraph"></p>
<div class="code">
<pre>
apt-get install libapache-session-perl libnet-ldap-perl libdbi-perl &#13;
perl-modules
</pre>
</div>
<p class="paragraph"></p>Handler:
<p class="paragraph"></p>Apache::Session, LWP::UserAgent, Cache::Cache,
DBI
<p class="paragraph"></p>With Debian:
<p class="paragraph"></p>
<div class="code">
<pre>
apt-get install libapache-session-perl libdbi-perl libwww-perl &#13;
libcache-cache-perl
</pre>
</div>
<p class="paragraph"></p>Manager:
<p class="paragraph"></p>CGI, XML::Simple, DBI
<p class="paragraph"></p>With Debian:
<p class="paragraph"></p>
<div class="code">
<pre>
apt-get install perl-modules libxml-simple-perl
</pre>
</div>
<h3 class="heading-1-1"><span id="HSOFTWAREINSTALLATION">SOFTWARE
INSTALLATION</span></h3>
<p class="paragraph"></p>If you just want to install a handler or a portal
or a manager:
<p class="paragraph"></p>
<div class="code">
<pre>
$ tar xzf lemonldap-ng-*.tar.gz
$ cd lemonldap-ng-*/Lemonldap-NG-(Portal|Handler|Manager)
$ perl Makefile.PL &amp;&amp; make &amp;&amp; make test
$ sudo make install
</pre>
</div>
<p class="paragraph"></p>else for a complete install:
<p class="paragraph"></p>
<div class="code">
<pre>
$ tar xzf lemonldap-ng-*.tar.gz
$ cd lemonldap-ng-*
$ make &amp;&amp; make test
$ sudo make install
</pre>
</div>
<p class="paragraph"></p>See prereq in
<h3 class="heading-1-1"><span id="HLEMONLDAPINSTALLATION">LEMONLDAP
INSTALLATION</span></h3>
<h4 class="heading-1-1-1"><span id="HDatabaseconfiguration">Database
configuration</span></h4>If you use DBI or another system to share
Lemonldap::NG configuration, you have to initialize the database.
<p class="paragraph"></p>For example, create the database "lemonldapng" :
<p class="paragraph"></p>
<div class="code">
<pre>
# mysqladmin create lemonldapng
</pre>
</div>
<h5 class="heading-1-1-1-1"><span id=
"HLemonldap3A3ANGConfigurationdatabase">Lemonldap::NG Configuration
database</span></h5>
<p class="paragraph"></p>To store configuration, use this table :
<p class="paragraph"></p>
<div class="code">
<pre>
CREATE TABLE lmConfig (
cfgNum <span class="java-object">int</span> not <span class=
"java-keyword">null</span> primary key,
locationRules text,
exportedHeaders text,
globalStorage text,
globalStorageOptions text,
macros text,
groups text,
portal text,
domain text,
ldapServer text,
ldapPort <span class="java-object">int</span>,
ldapBase text,
securedCookie <span class="java-object">int</span>,
cookieName text,
authentication text,
exportedVars text,
managerDn text,
managerPassword text,
whatToTrace text
);
</pre>
</div>
<h5 class="heading-1-1-1-1"><span id=
"HApache3A3ASessiondatabase">Apache::Session database</span></h5>
<p class="paragraph"></p>The choice of Apache::Session::* module is free.
See Apache::Session::Store::* or Apache::Session::* to know how to
configure the module. For example, if you want to use
Apache::Session::MySQL, you can create the database like this:
<p class="paragraph"></p>
<div class="code">
<pre>
CREATE TABLE sessions (
id <span class="java-object">char</span>(32),
a_session text
);
</pre>
</div>
<h4 class="heading-1-1-1"><span id="HManagerconfiguration">Manager
configuration</span></h4>
<p class="paragraph"></p>Copy example/manager.cgi and personalize it if
you want (see Lemonldap::NG::Manager). You have to set in particular
configStorage. For example with MySQL:
<p class="paragraph"></p>
<div class="code">
<pre>
$my $manager = Lemonldap::NG::Manager-&gt;<span class=
"java-keyword">new</span> ( {
dbiChain =&gt; <span class=
"java-quote">"DBI:mysql:database=mybase;host=1.2.3.4"</span>,
dbiUser =&gt; <span class=
"java-quote">"lemonldap-ng"</span>,
dbiPasword =&gt; <span class=
"java-quote">"mypass"</span>,
} );
</pre>
</div>
<p class="paragraph"></p>Securise Manager access with Apache: Lemonldap
does not securise the manager itself yet:
<p class="paragraph"></p>
<div class="code">
<pre>
SSLEngine On
Order Deny, Allow
Deny from all
Allow from admin/network
AuthType Basic
...
</pre>
</div>
<h4 class="heading-1-1-1"><span id="HConfigurationedition">Configuration
edition</span></h4>
<p class="paragraph"></p>Connect to the manager with your browser start
configure your Web-SSO. You have to set at least some parameters:
<h5 class="heading-1-1-1-1"><span id="HGeneralparameters">General
parameters</span></h5>
<ul class="star">
<li>Authentication parameters -&gt; portal URL to access to the
authentication portal.</li>
<li>Domain: the cookie domain. All protected VirtualHosts have to be
under it.</li>
<li>LDAP parameters -&gt; LDAP Server.</li>
<li>LDAP parameters -&gt; LDAP Accout and password: required only if
anonymous binds are not accepted.</li>
<li>Session Storage -&gt; Apache::Session module: how to store user
sessions. You can use all module that inherit from Apache::Session like
Apache::Session::MySQL.</li>
<li>Session Storage -&gt; Apache::Session Module parameters: see
Apache::Session::&lt;Choosen module&gt;.</li>
</ul>
<h5 class="heading-1-1-1-1"><span id="HUsergroups">User groups</span></h5>
<p class="paragraph"></p>Use the "New Group" button to add your first
group. On the left, set the keyword which will be used later and set on
the right the corresponding rule. You can use :
<ul class="star">
<li>an LDAP filter (it will be tested with the user uid)</li>
</ul>or
<ul class="star">
<li>a Perl condition enclosed with {}. All variables declared in
"General parameters -&gt; LDAP attributes" can be used with a "$". For
example: MyGroup / { $uid eq "foo" or $uid eq "bar" }</li>
</ul>
<h5 class="heading-1-1-1-1"><span id="HVirtualhosts">Virtual
hosts</span></h5>
<p class="paragraph"></p>You have to create a virtual host for each Apache
host (virtual or real) protected by Lemonldap::NG even if just a
sub-directory is protected. Else, user who want to access to the protected
area will be rejected with a "500 Internal Server Error" message and the
apache logs will explain the problem.
<p class="paragraph"></p>Each virtual host has 2 groups of parameters:
<ul class="star">
<li>Headers: the headers added to the apache request. Default: Auth-User
=&gt; $uid.</li>
<li>Rules: subdivised in 2 categories:
<ul class="star">
<li>default: the default rule</li>
<li>personalized rules: association of a Perl regular expression and
a condition. For example: ^/restricted.*$ / $groups =~
/bMyGroupb/</li>
</ul>
</li>
</ul>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink