lemonldap-ng/doc/pages/documentation/1.4/browseablesessionbackend.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
 lang="en" dir="ltr">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />

</head>
<body>
<div class="dokuwiki export">




<h1><a name="browseable_session_backend" id="browseable_session_backend">Browseable session backend</a></h1>
<div class="level1">

<p>

Browseable session backend (<a href="http://search.cpan.org/perldoc?Apache::Session::Browseable" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Browseable"  rel="nofollow">Apache::Session::Browseable</a>) works exactly like Apache::Session::* corresponding module but add indexes that increase <a href="../../documentation/features.html#session_explorer" class="wikilink1" title="documentation:features">session explorer</a> and <a href="../../documentation/features.html#session_restrictions" class="wikilink1" title="documentation:features">session restrictions</a> performances.
</p>

<p>
If you use features like <acronym title="Security Assertion Markup Language">SAML</acronym> (authentication and issuer), <acronym title="Central Authentication Service">CAS</acronym> (issuer) and password reset self-service, you also need to index some fields.
</p>

<p>
The following table list fields to index depending on the feature you want to increase performance:
</p>
<table class="inline">
	<tr class="row0 roweven">
		<th class="col0 centeralign">  Feature  </th><th class="col1 centeralign">  Fields to index  </th>
	</tr>
	<tr class="row1 rowodd">
		<td class="col0"> Session explorer </td><td class="col1 centeralign">  ipAddr <em>WHATTOTRACE</em> _httpSessionType ipAddr  </td>
	</tr>
	<tr class="row2 roweven">
		<td class="col0"> Session restrictions </td><td class="col1 centeralign">  ipAddr <em>WHATTOTRACE</em>  </td>
	</tr>
	<tr class="row3 rowodd">
		<td class="col0 rightalign">  <acronym title="Security Assertion Markup Language">SAML</acronym> authentication and issuer </td><td class="col1 centeralign">  _saml_id ProxyID _nameID _assert_id _art_id _session_id  </td>
	</tr>
	<tr class="row4 roweven">
		<td class="col0 centeralign">  <acronym title="Central Authentication Service">CAS</acronym> issuer  </td><td class="col1 centeralign">  _cas_id  </td>
	</tr>
	<tr class="row5 rowodd">
		<td class="col0 centeralign">  Password reset  </td><td class="col1 centeralign">  user  </td>
	</tr>
</table>

<p>

<p><div class="noteimportant"><em>WHATTOTRACE</em> must be replaced by the attribute or macro configured in the What To Trace parameter (REMOTE_USER)
</div></p>
</p>

<p>
<p><div class="notetip">It is advised to use separate session backends for standard sessions, <acronym title="Security Assertion Markup Language">SAML</acronym> sessions and <acronym title="Central Authentication Service">CAS</acronym> sessions, in order to manage index separately.
</div></p>
</p>

<p>
<p><div class="noteclassic">Documentation below explains how set index on ipAddr and _whatToTrace; Adapt it to configure the index you need.
</div></p>
</p>

</div>
<!-- SECTION "Browseable session backend" [1-1379] -->
<h2><a name="setup" id="setup">Setup</a></h2>
<div class="level2">

</div>
<!-- SECTION "Setup" [1380-1398] -->
<h3><a name="prepare_database" id="prepare_database">Prepare database</a></h3>
<div class="level3">

<p>

Using Redis, you just have to prepare Redis database. See <a href="../../documentation/1.4/nosqlsessionbackend.html" class="wikilink1" title="documentation:1.4:nosqlsessionbackend">Redis session backend</a>.
</p>

<p>
<em class="u">Exemple with MySQL</em>:
</p>

<p>
Database must be prepared exactly like in <a href="../../documentation/1.4/sqlsessionbackend.html#prepare_the_database" class="wikilink1" title="documentation:1.4:sqlsessionbackend">SQL session backend</a> except that a field must be added for each data to index.
</p>
<pre class="code file sql"><span class="kw1">CREATE</span> <span class="kw1">TABLE</span> sessions <span class="br0">&#40;</span>
    id char<span class="br0">&#40;</span>32<span class="br0">&#41;</span> <span class="kw1">NOT</span> <span class="kw1">NULL</span> <span class="kw1">PRIMARY</span> <span class="kw1">KEY</span><span class="sy0">,</span>
    a_session blob<span class="sy0">,</span>
    _whatToTrace varchar<span class="br0">&#40;</span>255<span class="br0">&#41;</span><span class="sy0">,</span>
    ipAddr varchar<span class="br0">&#40;</span>15<span class="br0">&#41;</span><span class="sy0">,</span>
    <span class="kw1">KEY</span> _whatToTrace <span class="br0">&#40;</span>_whatToTrace<span class="br0">&#41;</span><span class="sy0">,</span>
    <span class="kw1">KEY</span> ipAddr <span class="br0">&#40;</span>ipAddr<span class="br0">&#41;</span>
    <span class="br0">&#41;</span>;</pre>

</div>
<!-- SECTION "Prepare database" [1399-1946] -->
<h3><a name="manager" id="manager">Manager</a></h3>
<div class="level3">

<p>

Using Redis, you just have to add the “Index” parameter  in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> :

</p>
<table class="inline">
	<tr class="row0 roweven">
		<th class="col0 centeralign" colspan="3">  Required parameters  </th>
	</tr>
	<tr class="row1 rowodd">
		<th class="col0 centeralign">  Name  </th><th class="col1 centeralign">  Comment  </th><th class="col2 centeralign">  Example  </th>
	</tr>
	<tr class="row2 roweven">
		<td class="col0 centeralign">  <strong>server</strong>  </td><td class="col1"> Redis server </td><td class="col2"> 127.0.0.1:6379 </td>
	</tr>
	<tr class="row3 rowodd">
		<td class="col0 centeralign">  <strong>Index</strong>  </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr </td>
	</tr>
</table>

<p>

<em class="u">Example with MySQL</em>:
</p>

<p>
Go in the Manager and set the session module (<a href="http://search.cpan.org/perldoc?Apache::Session::Browseable::MySQL" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Browseable::MySQL"  rel="nofollow">Apache::Session::Browseable::MySQL</a> for MySQL) in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):

</p>
<table class="inline">
	<tr class="row0 roweven">
		<th class="col0 centeralign" colspan="3">  Required parameters  </th>
	</tr>
	<tr class="row1 rowodd">
		<th class="col0 centeralign">  Name  </th><th class="col1 centeralign">  Comment  </th><th class="col2 centeralign">  Example  </th>
	</tr>
	<tr class="row2 roweven">
		<td class="col0 centeralign">  <strong>DataSource</strong>  </td><td class="col1"> The <a href="http://search.cpan.org/perldoc?DBI" class="urlextern" title="http://search.cpan.org/perldoc?DBI"  rel="nofollow">DBI</a> string </td><td class="col2"> dbi:mysql:dbname=sessions </td>
	</tr>
	<tr class="row3 rowodd">
		<td class="col0 centeralign">  <strong>UserName</strong>  </td><td class="col1"> The database username </td><td class="col2"> lemonldapng </td>
	</tr>
	<tr class="row4 roweven">
		<td class="col0 centeralign">  <strong>Password</strong>  </td><td class="col1"> The database password </td><td class="col2"> mysuperpassword </td>
	</tr>
	<tr class="row5 rowodd">
		<td class="col0 centeralign">  <strong>Index</strong>  </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr </td>
	</tr>
</table>

<p>

<p><div class="notetip">Apache::Session::Browseable::MySQL doesn&#039;t use locks so performances are keeped.
</p>

<p>
For databases like PostgreSQL, don&#039;t forget to add “Commit” with a value of 1
</div></p>
</p>

</div>
<!-- SECTION "Manager" [1947-3124] -->
<h2><a name="security" id="security">Security</a></h2>
<div class="level2">

<p>

Restrict network access to the database.
</p>

<p>
You can also use different user/password for your servers by overriding parameters <code>globalStorage</code> and <code>globalStorageOptions</code> in lemonldap-ng.ini file.
</p>

</div>
<!-- SECTION "Security" [3125-] --></div><!-- closes <div class="dokuwiki export">-->