dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5d35b3271f
lemonldap-ng/po-doc/fr/pages/documentation/current/authdbi.html
Clément Oudot 9a938793d8 FR documentation update
2017-08-30 16:47:26 +00:00

335 lines
15 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="fr" dir="ltr">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta charset="utf-8" />
<title>documentation:2.0:authdbi</title><!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else --><!-- //endif -->
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authdbi"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authdbi.html"/>
<link rel="contents" href="authdbi.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authdbi","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script><!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script><!-- //endif --><!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script><!-- //endif -->
</head>
<body>
<div class="dokuwiki export container"><!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Présentation</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#drivers">Drivers</a></div></li>
<li class="level2"><div class="li"><a href="#schema">Schéma</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#example_1two_tables">Exemple 1 : deux tables</a></div></li>
<li class="level3"><div class="li"><a href="#example_2single_table">Example 2: single table</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#sql">SQL</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#authentication_level">Niveau d'authentification</a></div></li>
<li class="level2"><div class="li"><a href="#exported_variables">Variables exportées</a></div></li>
<li class="level2"><div class="li"><a href="#connection">Connexion</a></div></li>
<li class="level2"><div class="li"><a href="#schema1">Schéma</a></div></li>
<li class="level2"><div class="li"><a href="#password">Mot-de-passe</a></div></li>
</ul></li>
</ul>
</div>
</div><!-- TOC END -->
<h1 class="sectionedit1" id="databases">Bases de données</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentification </th><th class="col1 centeralign"> Utilisateurs </th><th class="col2 centeralign"> Mot-de-passe </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2 centeralign"></td>
</tr>
</table></div><!-- EDIT2 TABLE [26-95] -->
</div><!-- EDIT1 SECTION "Databases" [1-96] -->
<h2 class="sectionedit3" id="presentation">Présentation</h2>
<div class="level2">
</div><!-- EDIT3 SECTION "Presentation" [97-122] -->
<h3 class="sectionedit4" id="drivers">Drivers</h3>
<div class="level3">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> peut utiliser de nombreuses bases de données comme backend d'authentification, d'utilisateurs et de mots de passe :
</p>
<ul>
<li class="level1"><div class="li"> MySQL</div>
</li>
<li class="level1"><div class="li"> PostGreSQL</div>
</li>
<li class="level1"><div class="li"> Oracle</div>
</li>
<li class="level1"><div class="li"></div>
</li>
</ul>
<p>
Ainsi, tout <a href="http://search.cpan.org/search?query=DBD%3A%3A&amp;mode=module" class="urlextern" title="http://search.cpan.org/search?query=DBD%3A%3A&amp;mode=module" rel="nofollow">driver Perl DBD</a> peut être utilisé.
</p>
</div><!-- EDIT4 SECTION "Drivers" [123-371] -->
<h3 class="sectionedit5" id="schema">Schéma</h3>
<div class="level3">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> peut utiliser deux tables :
</p>
<ul>
<li class="level1"><div class="li"> La table d'authentification : où les logins and et mots-de-passe sont stockés</div>
</li>
<li class="level1"><div class="li"> La table utilisateurs : où les données utilisateurs sont stockées (mail, nom, etc.)</div>
</li>
</ul>
<div class="notetip">Les tables d'authentification et utilisateurs peuvent être confondues.
</div>
<p>
Le mot-de-passe peut être stocké en clair ou encodé avec une méthode SQL standard :
</p>
<ul>
<li class="level1"><div class="li"> SHA</div>
</li>
<li class="level1"><div class="li"> SHA1</div>
</li>
<li class="level1"><div class="li"> MD5</div>
</li>
</ul>
</div>
<h4 id="example_1two_tables">Exemple 1 : deux tables</h4>
<div class="level4">
</div>
<h5 id="authentication_table">Table d'authentification</h5>
<div class="level5">
<div class="table sectionedit6"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> id </th><th class="col1"> login </th><th class="col2"> password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> 0 </td><td class="col1"> coudot </td><td class="col2"> 1f777a6581e478499f4284e54fe2d4a4e513dfff </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> 1 </td><td class="col1"> xguimard </td><td class="col2"> a15a18c8bb17e6f67886a9af1898c018b9f5a072 </td>
</tr>
<tr class="row3 rowodd">
<td class="col0"> 2 </td><td class="col1"> tchemineau </td><td class="col2"> 1f777a6581e478499f4284e54fe2d4a4e513dfff </td>
</tr>
</table></div><!-- EDIT6 TABLE [772-977] -->
</div>
<h5 id="user_table">Table utilisateurs</h5>
<div class="level5">
<div class="table sectionedit7"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> id </th><th class="col1"> user </th><th class="col2"> nom </th><th class="col3"> mail </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> 0 </td><td class="col1"> coudot </td><td class="col2"> Clément OUDOT </td><td class="col3"> coudot@example.com </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> 1 </td><td class="col1"> tchemineau </td><td class="col2"> Thomas CHEMINEAU </td><td class="col3"> tchemineau@example.com </td>
</tr>
<tr class="row3 rowodd">
<td class="col0"> 2 </td><td class="col1"> xguimard </td><td class="col2"> Xavier GUIMARD </td><td class="col3"> xguimard@example.com </td>
</tr>
</table></div><!-- EDIT7 TABLE [997-1197] -->
</div>
<h4 id="example_2single_table">Example 2: single table</h4>
<div class="level4">
<div class="table sectionedit8"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> id </th><th class="col1"> user </th><th class="col2"> password </th><th class="col3"> nom </th><th class="col4"> mail </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> 0 </td><td class="col1"> coudot </td><td class="col2"> 1f777a6581e478499f4284e54fe2d4a4e513dfff </td><td class="col3"> Clément OUDOT </td><td class="col4"> coudot@example.com </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> 1 </td><td class="col1"> tchemineau </td><td class="col2"> 1f777a6581e478499f4284e54fe2d4a4e513dfff </td><td class="col3"> Thomas CHEMINEAU </td><td class="col4"> tchemineau@example.com </td>
</tr>
<tr class="row3 rowodd">
<td class="col0"> 2 </td><td class="col1"> xguimard </td><td class="col2"> a15a18c8bb17e6f67886a9af1898c018b9f5a072 </td><td class="col3"> Xavier GUIMARD </td><td class="col4"> xguimard@example.com </td>
</tr>
</table></div><!-- EDIT8 TABLE [1232-1572] -->
</div><!-- EDIT5 SECTION "Schema" [372-1573] -->
<h3 class="sectionedit9" id="sql">SQL</h3>
<div class="level3">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> exécutera quelques requêtes SQL :
</p>
<ul>
<li class="level1"><div class="li"> Authentification : selectionne la ligne de la table d'authentification contenant l'utilisateur et le mot-de-passe</div>
</li>
<li class="level1"><div class="li"> Recherche de l'utilisateur : selectionne la ligne de la table utilisateurs correspondant à l'utilisateur</div>
</li>
<li class="level1"><div class="li"> Changement de mot-de-passe : met à jour le champ mot-de-passe de la table d'authentification correspondant à l'utilisateur</div>
</li>
</ul>
</div><!-- EDIT9 SECTION "SQL" [1574-1847] -->
<h2 class="sectionedit10" id="configuration">Configuration</h2>
<div class="level2">
<p>
Dans le manager, aller dans <code>Paramètres généraux</code> &gt; <code>Modules d'authentification</code> et choisir "base de données" (<abbr title="Database Interface">DBI</abbr>) pour les modules authentification, utilisateurs et/ou mots-de-passe.
</p>
</div><!-- EDIT10 SECTION "Configuration" [1848-2022] -->
<h3 class="sectionedit11" id="authentication_level">Niveau d'authentification</h3>
<div class="level3">
<p>
Le niveau d'authentification accordé aux utilisateurs authentifiés par ce module.
</p>
<div class="noteimportant">Comme <abbr title="Database Interface">DBI</abbr> est un module de type login/mot-de-passe, le niveau d'authentification peut être :<ul>
<li class="level1"><div class="li"> augmenté (+1) si le portail est protégé par SSL (HTTPS)</div>
</li>
<li class="level1"><div class="li"> diminué (-1) si l'autocompletion est autorisée sur le portail (voir <a href="portalcustom.html" class="wikilink1" title="documentation:2.0:portalcustom">Personnalisation du portail</a>)</div>
</li>
</ul>
</div>
</div><!-- EDIT11 SECTION "Authentication level" [2023-2387] -->
<h3 class="sectionedit12" id="exported_variables">Variables exportées</h3>
<div class="level3">
<p>
Liste de colonnes à interroger pour trouver la session utilisateur. Voir aussi la <a href="exportedvars.html" class="wikilink1" title="documentation:2.0:exportedvars">configuration des variables exportées</a>.
</p>
</div><!-- EDIT12 SECTION "Exported variables" [2388-2525] -->
<h3 class="sectionedit13" id="connection">Connexion</h3>
<div class="level3">
<div class="notetip">Les paramètres de connexion peuvent être configurés différemment pour les processus d'authentification et de recherche d'utilisateur. This allows one to use different databases for these process. Par défaut, si les paramètres de processus de connexion utilisateur sont vides , ceux d'authentification seront utilisés.
</div><ul>
<li class="level1"><div class="li"> <strong>Chaîne</strong> : chaîne <abbr title="Database Interface">DBI</abbr>, contenant le nom de driver et le nom de la base de données (par exemple : dbi:mysql:database=lemonldapng;host=localhost).</div>
</li>
<li class="level1"><div class="li"> <strong>Utilisateur</strong> : compte de connexion</div>
</li>
<li class="level1"><div class="li"> <strong>Mot-de-passe</strong> : mot-de-passe du compte de connexion</div>
</li>
</ul>
</div><!-- EDIT13 SECTION "Connection" [2526-3044] -->
<h3 class="sectionedit14" id="schema1">Schéma</h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> <strong>Table d'authentification</strong> : nom de la table d'authentification</div>
</li>
<li class="level1"><div class="li"> <strong>Table utilisateurs</strong> : nom de la table utilisateurs</div>
</li>
<li class="level1"><div class="li"> <strong>Nom du champ de compte</strong> : nom de la colonne de la table d'authentification contenant le login</div>
</li>
<li class="level1"><div class="li"> <strong>Nom du champ mot-de-passe</strong> : nom de la colonne de la table d'authentification contenant le mot-de-passe</div>
</li>
<li class="level1"><div class="li"> <strong>Nom du chmap mail</strong> : nom de la colonne de la table d'authentification contenant le mail (pour la réinitialisation du mot-de-passe)</div>
</li>
<li class="level1"><div class="li"> <strong>Nom du champ login dans la table utilisateur</strong> : nom de la colonne de la table utilisateur contenant le login</div>
</li>
</ul>
</div><!-- EDIT14 SECTION "Schema" [3045-3488] -->
<h3 class="sectionedit15" id="password">Mot-de-passe</h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> <strong>Schéma de hachage</strong> : méthode SQL pour hacher les mots-de-passe. Peut être vide pour le stockage des mots-de-passe en clair.</div>
</li>
<li class="level1"><div class="li"> <strong>Dynamic hash activation</strong>: Activate dynamic hashing. With dynamic hashing, the hash scheme is recovered from the user password in the database during authentication.</div>
</li>
<li class="level1"><div class="li"> <strong>Supported non-salted schemes</strong>: List of whitespace separated hash schemes. Every hash scheme MUST match a non-salted hash function in the database. LemonLDAP::NG relies on this hashing function for computing user password hashes. These hashes MUST NOT be salted (no random data used in conjunction with the password).</div>
</li>
<li class="level1"><div class="li"> <strong>Supported salted schemes</strong>: List of whitespace separated salted hash schemes, of the form “<strong>s</strong>scheme”, where scheme MUST match a non-salted hash function in the database. LemonLDAP::NG relies on this hashing function for computing user password hashes. Salted and non-salted scheme lists are not necessarily equivalent. (for example: non-salted=“sha256” and salted=“ssha ssha512” is valid)</div>
</li>
<li class="level1"><div class="li"> <strong>Dynamic hash scheme for new passwords</strong>: LemonLDAP::NG is able to store new passwords in the database (while modifying or reinitializing the password). You can choose a salted or non salted dynamic hashed password. The value must be an element of “Supported non-salted schemes” or “Supported salted schemes”.</div>
</li>
</ul>
<div class="noteimportant">The SQL function MUST have hexadecimal values as input AND output
</div><div class="notetip">Here is an example for creating a postgreSQL SHA256 function.
1. Install postgresql-contrib.
2. Activate extension: <pre class="code">CREATE EXTENSION pgcrypto;</pre>
<p>
3. Create the hash function:
</p>
<pre class="code">CREATE OR REPLACE FUNCTION sha256(varchar) returns text AS $$
SELECT encode(digest(decode($1, 'hex'), 'sha256'), 'hex')
$$ LANGUAGE SQL STRICT IMMUTABLE;</pre>
</div>
</div><!-- EDIT15 SECTION "Password" [3489-] -->
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink