dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0d47bd9d20
lemonldap-ng/doc/pages/documentation/1.9/configlocation.html
Clément Oudot 1b3063f271 Move documentation from 2.0 to 1.9
2015-12-18 09:46:34 +00:00

592 lines
27 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1 class="sectionedit1" id="configuration_overview">Configuration overview</h1>
<div class="level1">
</div>
<!-- EDIT1 SECTION "Configuration overview" [1-38] -->
<h2 class="sectionedit2" id="backends">Backends</h2>
<div class="level2">
<p>
LemonLDAP::NG configuration is stored in a backend that allows all modules to access it.
</p>
<p>
<p><div class="noteimportant">Note that all <abbr title="LemonLDAP::NG">LL::NG</abbr> components must have access :
</p>
<ul>
<li class="level1"><div class="li"> to the configuration backend</div>
</li>
<li class="level1"><div class="li"> to the sessions storage backend</div>
</li>
</ul>
<p>
Detailled configuration backends documentation is available <a href="../../documentation/1.9/start.html#configuration_database" class="wikilink1" title="documentation:1.9:start">here</a>.
</div></p>
</p>
<p>
By default, configuration is stored in <a href="../../documentation/1.9/fileconfbackend.html" class="wikilink1" title="documentation:1.9:fileconfbackend">files</a>, so access trough network is not possible. To allow this, use <a href="../../documentation/1.9/soapconfbackend.html" class="wikilink1" title="documentation:1.9:soapconfbackend">SOAP</a> for configuration access, or use a network service like <a href="../../documentation/1.9/sqlconfbackend.html" class="wikilink1" title="documentation:1.9:sqlconfbackend">SQL database</a> or <a href="../../documentation/1.9/ldapconfbackend.html" class="wikilink1" title="documentation:1.9:ldapconfbackend">LDAP directory</a>.
</p>
<p>
Configuration backend can be set in the <a href="#local_file" title="documentation:1.9:configlocation ↵" class="wikilink1">local configuration file</a>, in <code>configuration</code> section.
</p>
<p>
For example, to configure the <code>File</code> configuration backend:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>configuration<span class="br0">&#93;</span></span>
<span class="re1">type</span><span class="sy0">=</span><span class="re2">File</span>
<span class="re1">dirName</span> <span class="sy0">=</span><span class="re2"> /usr/local/lemonldap-ng/data/conf</span></pre>
<p>
<p><div class="notetip">See <a href="../../documentation/1.9/changeconfbackend.html" class="wikilink1" title="documentation:1.9:changeconfbackend">How to change configuration backend</a> to known how to change this.
</div></p>
</p>
</div>
<!-- EDIT2 SECTION "Backends" [39-1049] -->
<h2 class="sectionedit3" id="manager">Manager</h2>
<div class="level2">
<p>
Most of configuration can be done trough LemonLDAP::NG Manager (by default <a href="http://manager.example.com" class="urlextern" title="http://manager.example.com" rel="nofollow">http://manager.example.com</a>).
</p>
<p>
By default, Manager is protected to allow only the demonstration user “dwho”.
</p>
<p>
<p><div class="noteimportant">This user will not be available anymore if you configure a new authentication backend! Remember to change the access rule in Manager virtual host to allow new administrators.
</div></p>
</p>
<p>
If you can not access the Manager anymore, you can unprotect it by editing <code>lemonldap-ng.in</code> and changing the <code>protection</code> parameter:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>manager<span class="br0">&#93;</span></span>
&nbsp;
# Manager protection: by default, the manager is protected by a demo account.
# You can protect it :
# * by Apache itself,
# * by the parameter 'protection' which can take one of the following
# values :
# * authenticate : all authenticated users can access
# * manager : manager is protected like other virtual hosts: you
# have to set rules in the corresponding virtual host
# * rule: &lt;rule&gt; : you can set here directly the rule to apply
# * none : no protection</pre>
<p>
<p><div class="notetip">See <a href="../../documentation/1.9/managerprotection.html" class="wikilink1" title="documentation:1.9:managerprotection">Manager protection documentation</a> to know how to use Apache modules or <abbr title="LemonLDAP::NG">LL::NG</abbr> to manage access to Manager.
</div></p>
</p>
<p>
The Manager displays main branches:
</p>
<ul>
<li class="level1"><div class="li"> <strong>General Parameters</strong>: authentication modules, portal, etc.</div>
</li>
<li class="level1"><div class="li"> <strong>Variables</strong>: user information, macros and groups used to fill <abbr title="Single Sign On">SSO</abbr> session</div>
</li>
<li class="level1"><div class="li"> <strong>Virtual Hosts</strong>: access rules, headers, etc.</div>
</li>
<li class="level1"><div class="li"> <strong><abbr title="Security Assertion Markup Language">SAML</abbr> 2 Service</strong>: <abbr title="Security Assertion Markup Language">SAML</abbr> metadata administration</div>
</li>
<li class="level1"><div class="li"> <strong><abbr title="Security Assertion Markup Language">SAML</abbr> identity providers</strong>: Registered IDP</div>
</li>
<li class="level1"><div class="li"> <strong><abbr title="Security Assertion Markup Language">SAML</abbr> service providers</strong>: Registered SP</div>
</li>
</ul>
<p>
LemonLDAP::NG configuration is mainly a key/value structure, so Manager will present all keys into a structured tree. A click on a key will display the associated value.
</p>
<p>
<p><div class="noteimportant">When modifying a value, always click on the <code>Apply</code> button if available, to be sure the value is saved.
</div></p>
</p>
<p>
When all modifications are done, click on <code>Save</code> to store configuration.
</p>
<p>
<p><div class="notewarning">LemonLDAP::NG will do some checks on configuration and display errors and warnings if any. Configuration <strong>is not saved</strong> if errors occur.
</div></p>
</p>
<p>
You can change the graphical aspect of the Manager, by clicking on the <code>Menu style</code> button. It will open a dialog to choose:
</p>
<ul>
<li class="level1"><div class="li"> Menu organization: tree or accordion</div>
</li>
<li class="level1"><div class="li"> Theme (<a href="http://jqueryui.com/themeroller/" class="urlextern" title="http://jqueryui.com/themeroller/" rel="nofollow">jQuery UI theme</a>).</div>
</li>
</ul>
<p>
<p><div class="notetip">
Menu style preferences are stored in cookies (1 year duration). You can fix default values by editing these values in <code>lemonldap-ng.ini</code>, section <code>manager</code>:
</p>
<ul>
<li class="level1"><div class="li"> managerCss</div>
</li>
<li class="level1"><div class="li"> managerCssTheme</div>
</li>
</ul>
<p>
</div></p>
</p>
</div>
<!-- EDIT3 SECTION "Manager" [1050-3647] -->
<h2 class="sectionedit4" id="configuration_text_editor">Configuration text editor</h2>
<div class="level2">
<p>
LemonLDAP::NG provide a script that allows to edit configuration without graphical interface, this script is called <code>lmConfigEditor</code> and is stored in the LemonLDAP::NG bin/ directory, for example /usr/share/lemonldap-ng/bin:
</p>
<pre class="code">/usr/share/lemonldap-ng/bin/lmConfigEditor</pre>
<p>
<p><div class="notetip">This script must be run as root, it will then use the Apache user and group to access configuration.
</div></p>
</p>
<p>
The script uses the <code>editor</code> system command, that links to your favorite editor. To change it:
</p>
<pre class="code">update-alternatives --config editor</pre>
<p>
The configuration is displayed as a big Perl Hash, that you can edit:
</p>
<pre class="code file perl"><span class="re0">$VAR1</span> <span class="sy0">=</span> <span class="br0">&#123;</span>
<span class="st_h">'ldapAuthnLevel'</span> <span class="sy0">=&gt;</span> <span class="st_h">'2'</span><span class="sy0">,</span>
<span class="st_h">'notificationWildcard'</span> <span class="sy0">=&gt;</span> <span class="st_h">'allusers'</span><span class="sy0">,</span>
<span class="st_h">'loginHistoryEnabled'</span> <span class="sy0">=&gt;</span> <span class="st_h">'1'</span><span class="sy0">,</span>
<span class="st_h">'key'</span> <span class="sy0">=&gt;</span> <span class="st_h">'q`e)kJE%&lt;&amp;wm&gt;uaA'</span><span class="sy0">,</span>
<span class="st_h">'samlIDPSSODescriptorSingleSignOnServiceHTTPPost'</span> <span class="sy0">=&gt;</span> <span class="st_h">'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;'</span><span class="sy0">,</span>
<span class="st_h">'portalSkin'</span> <span class="sy0">=&gt;</span> <span class="st_h">'pastel'</span><span class="sy0">,</span>
<span class="st_h">'failedLoginNumber'</span> <span class="sy0">=&gt;</span> <span class="st_h">'5'</span><span class="sy0">,</span>
<span class="sy0">...</span>
<span class="br0">&#125;</span><span class="sy0">;</span></pre>
<p>
If a modification is done, the configuration is saved with a new configuration number. Else, current configuration is kept.
</p>
</div>
<!-- EDIT4 SECTION "Configuration text editor" [3648-4872] -->
<h2 class="sectionedit5" id="command_line_interface_cli">Command Line Interface (CLI)</h2>
<div class="level2">
<p>
LemonLDAP::NG provide a script that allows to edit configuration items in non interactive mode. This script is called <code>lemonldap-ng-cli</code> and is stored in the LemonLDAP::NG bin/ directory, for example /usr/share/lemonldap-ng/bin:
</p>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli</pre>
<p>
<p><div class="notetip">This script must be run as root, it will then use the Apache user and group to access configuration.
</div></p>
</p>
<p>
To see available actions, do:
</p>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli help</pre>
<p>
By default, when you change a value, it will be written to configuration backend but:
</p>
<ul>
<li class="level1"><div class="li"> Configuration cache is not updated</div>
</li>
<li class="level1"><div class="li"> Configuration number is not incremented</div>
</li>
</ul>
<p>
This allows to modify configuration without impacting running users.
</p>
<p>
You can force an update of the cache with:
</p>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli update-cache</pre>
<p>
And you can save current configuration into a new one:
</p>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli increment</pre>
<p>
To get information abour current configuration:
</p>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli info</pre>
</div>
<!-- EDIT5 SECTION "Command Line Interface (CLI)" [4873-6018] -->
<h2 class="sectionedit6" id="apache">Apache</h2>
<div class="level2">
<p>
<p><div class="noteimportant">LemonLDAP::NG does not manage Apache configuration
</div></p>
</p>
<p>
LemonLDAP::NG ships 3 Apache configuration files:
</p>
<ul>
<li class="level1"><div class="li"> <strong>portal-apache2.conf</strong>: Portal virtual host, with SOAP and Issuer end points</div>
</li>
<li class="level1"><div class="li"> <strong>manager-apache2.conf</strong>: Manager virtual host</div>
</li>
<li class="level1"><div class="li"> <strong>handler-apache2.conf</strong> : Handler declaration, reload and sample virtual hosts</div>
</li>
</ul>
<p>
These files must be included in Apache configuration, either with <code>Include</code> directives in <code>httpd.conf</code> (see <a href="../../documentation/quickstart.html#apache" class="wikilink1" title="documentation:quickstart">quick start example</a>), or with symbolic links in Apache configuration directory (like <code>/etc/httpd/conf.d</code>).
</p>
<p>
<p><div class="notewarning">Mod Perl must be loaded before LemonLDAP::NG, so include configuration after the mod_perl <code>LoadModule</code> directive.
</div></p>
</p>
</div>
<!-- EDIT6 SECTION "Apache" [6019-6778] -->
<h3 class="sectionedit7" id="portal">Portal</h3>
<div class="level3">
<p>
In Portal virtual host, you will find several configuration parts:
</p>
<ul>
<li class="level1"><div class="li"> Standard virtual host directives, to serve portal pages:</div>
</li>
</ul>
<pre class="code file apache"> <span class="kw1">ServerName</span> auth.example.com
&nbsp;
<span class="co1"># DocumentRoot</span>
<span class="kw1">DocumentRoot</span> /usr/local/lemonldap-ng/htdocs/portal/
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/portal/&gt;
<span class="kw1">Order</span> <span class="kw1">allow</span>,<span class="kw1">deny</span>
<span class="kw1">Allow</span> from <span class="kw2">all</span>
<span class="kw1">Options</span> +ExecCGI
&lt;/<span class="kw3">Directory</span>&gt;
&nbsp;
<span class="co1"># Perl script</span>
&lt;<span class="kw3">Files</span> *.pl&gt;
<span class="kw1">SetHandler</span> perl-<span class="kw1">script</span>
PerlResponseHandler ModPerl::Registry
&lt;/<span class="kw3">Files</span>&gt;
&nbsp;
<span class="co1"># Directory index</span>
&lt;<span class="kw3">IfModule</span> mod_dir.c&gt;
<span class="kw1">DirectoryIndex</span> index.pl index.html
&lt;/<span class="kw3">IfModule</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> SOAP end points (inactivated by default):</div>
</li>
</ul>
<pre class="code file apache"> <span class="co1"># SOAP functions for sessions management (disabled by default)</span>
&lt;<span class="kw3">Location</span> /index.pl/adminSessions&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
&lt;/<span class="kw3">Location</span>&gt;
&nbsp;
<span class="co1"># SOAP functions for sessions access (disabled by default)</span>
&lt;<span class="kw3">Location</span> /index.pl/sessions&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
&lt;/<span class="kw3">Location</span>&gt;
&nbsp;
<span class="co1"># SOAP functions for configuration access (disabled by default)</span>
&lt;<span class="kw3">Location</span> /index.pl/config&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
&lt;/<span class="kw3">Location</span>&gt;
&nbsp;
<span class="co1"># SOAP functions for notification insertion (disabled by default)</span>
&lt;<span class="kw3">Location</span> /index.pl/notification&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
&lt;/<span class="kw3">Location</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> Issuer rewrite rules (requires <code>mod_rewrite</code>):</div>
</li>
</ul>
<pre class="code file apache"> <span class="co1"># SAML2 Issuer</span>
&lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
<span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
<span class="kw1">RewriteRule</span> ^/saml/metadata /metadata.pl
<span class="kw1">RewriteRule</span> ^/saml/.* /index.pl
&lt;/<span class="kw3">IfModule</span>&gt;
&nbsp;
<span class="co1"># CAS Issuer</span>
&lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
<span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
<span class="kw1">RewriteRule</span> ^/cas/.* /index.pl
&lt;/<span class="kw3">IfModule</span>&gt;
&nbsp;
<span class="co1"># OpenID Issuer</span>
&lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
<span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
<span class="kw1">RewriteRule</span> ^/openidserver/.* /index.pl
&lt;/<span class="kw3">IfModule</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> Some Perl optimizations:</div>
</li>
</ul>
<pre class="code file apache"><span class="co1"># Best performance under ModPerl::Registry</span>
<span class="co1"># Uncomment this to increase performance of Portal</span>
&lt;Perl&gt;
<span class="kw1">require</span> Lemonldap::NG::Portal::SharedConf;
Lemonldap::NG::Portal::SharedConf-&gt;compile(
qw(delete <span class="kw1">header</span> cache read_from_client cookie <span class="kw1">redirect</span> unescapeHTML));
<span class="co1"># Uncomment this line if you use Lemonldap::NG menu</span>
<span class="kw1">require</span> Lemonldap::NG::Portal::Menu;
<span class="co1"># Uncomment this line if you use portal SOAP capabilities</span>
<span class="kw1">require</span> SOAP::Lite;
&lt;/Perl&gt;</pre>
</div>
<!-- EDIT7 SECTION "Portal" [6779-9212] -->
<h3 class="sectionedit8" id="manager1">Manager</h3>
<div class="level3">
<p>
Manager virtual host is used to serve configuration interface and local documentation.
</p>
<ul>
<li class="level1"><div class="li"> Configuration interface access is not protected by Apache but by LemonLDAP::NG itself (see <code>lemonldap-ng.ini</code>):</div>
</li>
</ul>
<pre class="code file apache"> <span class="kw1">DocumentRoot</span> /usr/local/lemonldap-ng/htdocs/manager/
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/manager/&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Allow</span> from <span class="kw2">all</span>
<span class="kw1">Options</span> +ExecCGI
&lt;/<span class="kw3">Directory</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> Local documentation is open to all:</div>
</li>
</ul>
<pre class="code file apache"> <span class="kw1">Alias</span> /doc/ /usr/local/lemonldap-ng/htdocs/doc/
&lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/doc/&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Allow</span> from <span class="kw2">all</span>
&lt;/<span class="kw3">Directory</span>&gt;</pre>
</div>
<!-- EDIT8 SECTION "Manager" [9213-9897] -->
<h3 class="sectionedit9" id="handler">Handler</h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> Load Handler in Apache memory:</div>
</li>
</ul>
<pre class="code file apache">PerlOptions +GlobalRequest
PerlRequire /usr/local/lemonldap-ng/handler/MyHandler.pm</pre>
<p>
<p><div class="noteimportant">The Handler must be loaded before any protected virtual host.
</div></p>
</p>
<ul>
<li class="level1"><div class="li"> Catch error pages:</div>
</li>
</ul>
<pre class="code file apache"><span class="kw1">ErrorDocument</span> <span class="nu0">403</span> http://auth.example.com/?lmError=<span class="nu0">403</span>
<span class="kw1">ErrorDocument</span> <span class="nu0">500</span> http://auth.example.com/?lmError=<span class="nu0">500</span>
<span class="kw1">ErrorDocument</span> <span class="nu0">503</span> http://auth.example.com/?lmError=<span class="nu0">503</span></pre>
<ul>
<li class="level1"><div class="li"> Reload virtual host:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> reload.example.com
&nbsp;
<span class="co1"># Configuration reload mechanism (only 1 per physical server is</span>
<span class="co1"># needed): choose your URL to avoid restarting Apache when</span>
<span class="co1"># configuration change</span>
&lt;<span class="kw3">Location</span> /reload&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
<span class="kw1">Allow</span> from 127.0.0.0/<span class="nu0">8</span>
PerlHeaderParserHandler Lemonldap::NG::Handler-&gt;refresh
&lt;/<span class="kw3">Location</span>&gt;
&nbsp;
<span class="co1"># Uncomment this to activate status module</span>
<span class="co1">#&lt;Location /status&gt;</span>
<span class="co1"># Order deny,allow</span>
<span class="co1"># Deny from all</span>
<span class="co1"># Allow from 127.0.0.0/8</span>
<span class="co1"># PerlHeaderParserHandler Lemonldap::NG::Handler-&gt;status</span>
<span class="co1">#&lt;/Location&gt;</span>
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
Then, to protect a standard virtual host, the only configuration line to add is:
</p>
<pre class="code file apache">PerlHeaderParserHandler Lemonldap::NG::Handler</pre>
</div>
<!-- EDIT9 SECTION "Handler" [9898-11201] -->
<h2 class="sectionedit10" id="configuration_reload">Configuration reload</h2>
<div class="level2">
<p>
<p><div class="noteclassic">As Handlers keep configuration in cache, when configuration change, it should be updated in Handlers. An Apache restart will work, but LemonLDAP::NG offers the mean to reload them through an HTTP request. Configuration reload will then be effective in less than 10 minutes.
</div></p>
</p>
<p>
After configuration is saved by Manager, LemonLDAP::NG will try to reload configuration on distant Handlers by sending an HTTP request to the servers. The servers and URLs can be configured in Manager, <code>General Parameters</code> &gt; <code>reload configuration URLs</code>: keys are server names or <abbr title="Internet Protocol">IP</abbr> the requests will be sent to, and values are the requested URLs.
</p>
<p>
These parameters can be overwritten in LemonLDAP::NG ini file, in the section <code>apply</code>.
</p>
<p>
<p><div class="notetip">You only need a reload <abbr title="Uniform Resource Locator">URL</abbr> per physical servers, as Handlers share the same configuration cache on each physical server.
</div></p>
</p>
<p>
The <code>reload</code> target is managed in Apache configuration, inside a virtual host protected by LemonLDAP::NG Handler, for example:
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> reload.example.com
&nbsp;
&lt;<span class="kw3">Location</span> /reload&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
<span class="kw1">Allow</span> from 127.0.0.0/<span class="nu0">8</span>
PerlHeaderParserHandler Lemonldap::NG::Handler-&gt;refresh
&lt;/<span class="kw3">Location</span>&gt;
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
<p><div class="noteimportant">You must allow access to Manager <abbr title="Internet Protocol">IP</abbr>.
</div></p>
</p>
</div>
<!-- EDIT10 SECTION "Configuration reload" [11202-12569] -->
<h2 class="sectionedit11" id="local_file">Local file</h2>
<div class="level2">
<p>
LemonLDAP::NG configuration can be managed in a local file with <a href="http://en.wikipedia.org/wiki/INI_file" class="urlextern" title="http://en.wikipedia.org/wiki/INI_file" rel="nofollow">INI format</a>. This file is called <code>lemonldap-ng.ini</code> and has the following sections:
</p>
<ul>
<li class="level1"><div class="li"> <strong>configuration</strong>: where configuration is stored</div>
</li>
<li class="level1"><div class="li"> <strong>apply</strong>: reload <abbr title="Uniform Resource Locator">URL</abbr> for distant Hanlders</div>
</li>
<li class="level1"><div class="li"> <strong>all</strong>: parameters for all modules</div>
</li>
<li class="level1"><div class="li"> <strong>portal</strong>: parameters only for Portal</div>
</li>
<li class="level1"><div class="li"> <strong>manager</strong>: parameters only for Manager</div>
</li>
<li class="level1"><div class="li"> <strong>handler</strong>: parameters only for Handler</div>
</li>
</ul>
<p>
When you set a parameter in <code>lemonldap-ng.ini</code>, it will override the parameter from the global configuration.
</p>
<p>
For example, to override configured skin for portal:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">portalSkin</span> <span class="sy0">=</span><span class="re2"> dark</span></pre>
<p>
<p><div class="notetip">You need to know the technical name of configuration parameter to do this. You can refer to <a href="../../documentation/1.9/parameterlist.html" class="wikilink1" title="documentation:1.9:parameterlist">parameter list</a> to find it.
</div></p>
</p>
</div>
<!-- EDIT11 SECTION "Local file" [12570-13427] -->
<h2 class="sectionedit12" id="script_files">Script files</h2>
<div class="level2">
<p>
LemonLDAP::NG allows to override any configuration parameter directly in script file. However, it is not advised to edit such files, as they are part of the program, and will be erased at next upgrade.
</p>
<p>
<p><div class="notetip">You also need to know the technical name of configuration parameter to do this. You can refer to <a href="../../documentation/1.9/parameterlist.html" class="wikilink1" title="documentation:1.9:parameterlist">parameter list</a> to find it.
</div></p>
</p>
</div>
<!-- EDIT12 SECTION "Script files" [13428-13816] -->
<h3 class="sectionedit13" id="portal1">Portal</h3>
<div class="level3">
<p>
For example, in portal/index.pl:
</p>
<pre class="code file perl"><span class="kw1">my</span> <span class="re0">$portal</span> <span class="sy0">=</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">SharedConf</span><span class="sy0">-&gt;</span><span class="kw2">new</span><span class="br0">&#40;</span>
<span class="br0">&#123;</span>
portalSkin <span class="sy0">=&gt;</span> <span class="st_h">'dark'</span><span class="sy0">,</span>
<span class="br0">&#125;</span>
<span class="br0">&#41;</span><span class="sy0">;</span></pre>
</div>
<!-- EDIT13 SECTION "Portal" [13817-13987] -->
<h3 class="sectionedit14" id="handler1">Handler</h3>
<div class="level3">
<p>
For example, in handler/MyHandler.pm:
</p>
<pre class="code file perl">__PACKAGE__<span class="sy0">-&gt;</span><span class="me1">init</span><span class="br0">&#40;</span>
<span class="br0">&#123;</span>
domain <span class="sy0">=&gt;</span> <span class="st_h">'acme.com'</span><span class="sy0">,</span>
<span class="br0">&#125;</span>
<span class="br0">&#41;</span><span class="sy0">;</span></pre>
</div>
</div><!-- closes <div class="dokuwiki export">-->
Reference in New Issue View Git Blame Copy Permalink