188 lines
8.4 KiB
HTML
188 lines
8.4 KiB
HTML
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
|
|
lang="en" dir="ltr">
|
|
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<title></title>
|
|
<!-- metadata -->
|
|
<meta name="generator" content="Offline" />
|
|
<meta name="version" content="Offline 0.1" />
|
|
<!-- style sheet links -->
|
|
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
|
|
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
|
|
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
|
|
|
|
</head>
|
|
<body>
|
|
<div class="dokuwiki export">
|
|
|
|
|
|
|
|
|
|
<h1><a name="browseable_session_backend" id="browseable_session_backend">Browseable session backend</a></h1>
|
|
<div class="level1">
|
|
|
|
<p>
|
|
|
|
Browseable session backend (<a href="http://search.cpan.org/perldoc?Apache::Session::Browseable" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Browseable" rel="nofollow">Apache::Session::Browseable</a>) works exactly like Apache::Session::* corresponding module but add indexes that increase <a href="../../documentation/features.html#session_explorer" class="wikilink1" title="documentation:features">session explorer</a> and <a href="../../documentation/features.html#session_restrictions" class="wikilink1" title="documentation:features">session restrictions</a> performances.
|
|
</p>
|
|
|
|
<p>
|
|
If you use features like <acronym title="Security Assertion Markup Language">SAML</acronym> (authentication and issuer), <acronym title="Central Authentication Service">CAS</acronym> (issuer) and password reset self-service, you also need to index some fields.
|
|
</p>
|
|
|
|
<p>
|
|
The following table list fields to index depending on the feature you want to increase performance:
|
|
</p>
|
|
<table class="inline">
|
|
<tr class="row0 roweven">
|
|
<th class="col0 centeralign"> Feature </th><th class="col1 centeralign"> Fields to index </th>
|
|
</tr>
|
|
<tr class="row1 rowodd">
|
|
<td class="col0"> Session explorer </td><td class="col1 centeralign"> ipAddr <em>WHATTOTRACE</em> _httpSessionType ipAddr </td>
|
|
</tr>
|
|
<tr class="row2 roweven">
|
|
<td class="col0"> Session restrictions </td><td class="col1 centeralign"> ipAddr <em>WHATTOTRACE</em> </td>
|
|
</tr>
|
|
<tr class="row3 rowodd">
|
|
<td class="col0 rightalign"> <acronym title="Security Assertion Markup Language">SAML</acronym> authentication and issuer </td><td class="col1 centeralign"> _saml_id ProxyID _nameID _assert_id _art_id _session_id </td>
|
|
</tr>
|
|
<tr class="row4 roweven">
|
|
<td class="col0 centeralign"> <acronym title="Central Authentication Service">CAS</acronym> issuer </td><td class="col1 centeralign"> _cas_id </td>
|
|
</tr>
|
|
<tr class="row5 rowodd">
|
|
<td class="col0 centeralign"> Password reset </td><td class="col1 centeralign"> user </td>
|
|
</tr>
|
|
</table>
|
|
|
|
<p>
|
|
|
|
<p><div class="noteimportant"><em>WHATTOTRACE</em> must be replaced by the attribute or macro configured in the What To Trace parameter (REMOTE_USER)
|
|
</div></p>
|
|
</p>
|
|
|
|
<p>
|
|
<p><div class="notetip">It is advised to use separate session backends for standard sessions, <acronym title="Security Assertion Markup Language">SAML</acronym> sessions and <acronym title="Central Authentication Service">CAS</acronym> sessions, in order to manage index separately.
|
|
</div></p>
|
|
</p>
|
|
|
|
<p>
|
|
<p><div class="noteclassic">Documentation below explains how set index on ipAddr and _whatToTrace; Adapt it to configure the index you need.
|
|
</div></p>
|
|
</p>
|
|
|
|
</div>
|
|
<!-- SECTION "Browseable session backend" [1-1379] -->
|
|
<h2><a name="setup" id="setup">Setup</a></h2>
|
|
<div class="level2">
|
|
|
|
</div>
|
|
<!-- SECTION "Setup" [1380-1398] -->
|
|
<h3><a name="prepare_database" id="prepare_database">Prepare database</a></h3>
|
|
<div class="level3">
|
|
|
|
<p>
|
|
|
|
Using Redis, you just have to prepare Redis database. See <a href="../../documentation/1.4/nosqlsessionbackend.html" class="wikilink1" title="documentation:1.4:nosqlsessionbackend">Redis session backend</a>.
|
|
</p>
|
|
|
|
<p>
|
|
<em class="u">Exemple with MySQL</em>:
|
|
</p>
|
|
|
|
<p>
|
|
Database must be prepared exactly like in <a href="../../documentation/1.4/sqlsessionbackend.html#prepare_the_database" class="wikilink1" title="documentation:1.4:sqlsessionbackend">SQL session backend</a> except that a field must be added for each data to index.
|
|
</p>
|
|
<pre class="code file sql"><span class="kw1">CREATE</span> <span class="kw1">TABLE</span> sessions <span class="br0">(</span>
|
|
id char<span class="br0">(</span>32<span class="br0">)</span> <span class="kw1">NOT</span> <span class="kw1">NULL</span> <span class="kw1">PRIMARY</span> <span class="kw1">KEY</span><span class="sy0">,</span>
|
|
a_session blob<span class="sy0">,</span>
|
|
_whatToTrace varchar<span class="br0">(</span>255<span class="br0">)</span><span class="sy0">,</span>
|
|
ipAddr varchar<span class="br0">(</span>15<span class="br0">)</span><span class="sy0">,</span>
|
|
<span class="kw1">KEY</span> _whatToTrace <span class="br0">(</span>_whatToTrace<span class="br0">)</span><span class="sy0">,</span>
|
|
<span class="kw1">KEY</span> ipAddr <span class="br0">(</span>ipAddr<span class="br0">)</span>
|
|
<span class="br0">)</span>;</pre>
|
|
|
|
</div>
|
|
<!-- SECTION "Prepare database" [1399-1946] -->
|
|
<h3><a name="manager" id="manager">Manager</a></h3>
|
|
<div class="level3">
|
|
|
|
<p>
|
|
|
|
Using Redis, you just have to add the “Index” parameter in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> :
|
|
|
|
</p>
|
|
<table class="inline">
|
|
<tr class="row0 roweven">
|
|
<th class="col0 centeralign" colspan="3"> Required parameters </th>
|
|
</tr>
|
|
<tr class="row1 rowodd">
|
|
<th class="col0 centeralign"> Name </th><th class="col1 centeralign"> Comment </th><th class="col2 centeralign"> Example </th>
|
|
</tr>
|
|
<tr class="row2 roweven">
|
|
<td class="col0 centeralign"> <strong>server</strong> </td><td class="col1"> Redis server </td><td class="col2"> 127.0.0.1:6379 </td>
|
|
</tr>
|
|
<tr class="row3 rowodd">
|
|
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr </td>
|
|
</tr>
|
|
</table>
|
|
|
|
<p>
|
|
|
|
<em class="u">Example with MySQL</em>:
|
|
</p>
|
|
|
|
<p>
|
|
Go in the Manager and set the session module (<a href="http://search.cpan.org/perldoc?Apache::Session::Browseable::MySQL" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Browseable::MySQL" rel="nofollow">Apache::Session::Browseable::MySQL</a> for MySQL) in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
|
|
|
|
</p>
|
|
<table class="inline">
|
|
<tr class="row0 roweven">
|
|
<th class="col0 centeralign" colspan="3"> Required parameters </th>
|
|
</tr>
|
|
<tr class="row1 rowodd">
|
|
<th class="col0 centeralign"> Name </th><th class="col1 centeralign"> Comment </th><th class="col2 centeralign"> Example </th>
|
|
</tr>
|
|
<tr class="row2 roweven">
|
|
<td class="col0 centeralign"> <strong>DataSource</strong> </td><td class="col1"> The <a href="http://search.cpan.org/perldoc?DBI" class="urlextern" title="http://search.cpan.org/perldoc?DBI" rel="nofollow">DBI</a> string </td><td class="col2"> dbi:mysql:dbname=sessions </td>
|
|
</tr>
|
|
<tr class="row3 rowodd">
|
|
<td class="col0 centeralign"> <strong>UserName</strong> </td><td class="col1"> The database username </td><td class="col2"> lemonldapng </td>
|
|
</tr>
|
|
<tr class="row4 roweven">
|
|
<td class="col0 centeralign"> <strong>Password</strong> </td><td class="col1"> The database password </td><td class="col2"> mysuperpassword </td>
|
|
</tr>
|
|
<tr class="row5 rowodd">
|
|
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr </td>
|
|
</tr>
|
|
</table>
|
|
|
|
<p>
|
|
|
|
<p><div class="notetip">Apache::Session::Browseable::MySQL doesn't use locks so performances are keeped.
|
|
</p>
|
|
|
|
<p>
|
|
For databases like PostgreSQL, don't forget to add “Commit” with a value of 1
|
|
</div></p>
|
|
</p>
|
|
|
|
</div>
|
|
<!-- SECTION "Manager" [1947-3124] -->
|
|
<h2><a name="security" id="security">Security</a></h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
|
|
Restrict network access to the database.
|
|
</p>
|
|
|
|
<p>
|
|
You can also use different user/password for your servers by overriding parameters <code>globalStorage</code> and <code>globalStorageOptions</code> in lemonldap-ng.ini file.
|
|
</p>
|
|
|
|
</div>
|
|
<!-- SECTION "Security" [3125-] --></div><!-- closes <div class="dokuwiki export">--> |