dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4d7a3b8a33
lemonldap-ng/doc/pages/documentation/current/impersonation.html
Xavier 6b355f47a1 make doc
2019-04-09 22:26:40 +02:00

104 lines
4.8 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:impersonation</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,impersonation"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="impersonation.html"/>
<link rel="contents" href="impersonation.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:impersonation","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="impersonation_plugin">Impersonation plugin</h1>
<div class="level1">
<p>
This plugin allows us to use identity of another user. User have to log in with its real account and can choose to use an another profile. Can be useful for training/learning or development platforms.
</p>
</div>
<!-- EDIT1 SECTION "Impersonation plugin" [1-239] -->
<h2 class="sectionedit2" id="configuration">Configuration</h2>
<div class="level2">
<p>
Just enable it in the Manager (section “plugins”) by setting a rule. Impersonation can be allowed or denied for specific users. Furthermore, specific identities like administrators or anonymous users can be forbidden to impersonate.
</p>
<ul>
<li class="level1"><div class="li"> <strong>Parameters</strong>:</div>
<ul>
<li class="level2"><div class="li"> <strong>Use rule</strong>: Allow or deny only specific users to use this plugin</div>
</li>
<li class="level2"><div class="li"> <strong>Identities use rule</strong>: Rule to define which identities can be spoofed. Useful to prevent impersonation with specific identities like CEO, administrators or anonymous/protected users.</div>
</li>
<li class="level2"><div class="li"> <strong>Real attributes prefix</strong>: Prefix use to rename user real profile attributes.</div>
</li>
<li class="level2"><div class="li"> <strong>Hidden attributes</strong>: Attributes not displayed</div>
</li>
<li class="level2"><div class="li"> <strong>Skip empty values</strong>: Do not use empty profile attributes</div>
</li>
<li class="level2"><div class="li"> <strong>Merge spoofed and real <abbr title="Single Sign On">SSO</abbr> groups</strong>: Can be useful for administrators to keep higher privileges</div>
</li>
</ul>
</li>
</ul>
<div class="notewarning">You HAVE TO modify <strong>REMOTE_USER</strong> to log both real AND spoofed uid.
<p>
Set a macro like this : <code> _whatToTrace -&gt; $real__user ? &quot;$real__user/$_user&quot; : $_user </code>
</p>
<p>
and set <code>Genaral Parameters &gt; Logs &gt; REMOTE_USER</code> with <code> _whatToTrace </code>
</p>
</div><div class="noteimportant">Both spoofed and real profile attributes can be used to set access rules, groups or macros.
<p>
By example : <code>$real_uid eq &#039;dwho</code>&#039; or <code>$real_groups =~ /\bsu\b/</code>
</p>
</div><div class="noteimportant">By example, to prevent impersonation with &#039;dwho&#039; set <strong>Identities use rule</strong> like :
<p>
<code> $uid ne &#039;dwho&#039; </code>
</p>
</div>
</div>
<!-- EDIT2 SECTION "Configuration" [240-] --></div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink