dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
78c64717f1
lemonldap-ng/doc/pages/documentation/1.4/upgrade.html
Clément Oudot 52c5ab2f23 Update documentation and translation (#648)
2014-06-29 20:23:27 +00:00

206 lines
6.9 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="upgrade_from_13_to_14" id="upgrade_from_13_to_14">Upgrade from 1.3 to 1.4</a></h1>
<div class="level1">
<p>
<p><div class="noteclassic">If you are using packages, they should have done the upgrade process for you, but you can check here that all is in order.
</div></p>
</p>
<p>
<p><div class="noteimportant">
If you upgrade from older versions, please follow first:
</p>
<ul>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/upgrade.html" class="wikilink1" title="documentation:1.0:upgrade">Upgrade to 1.0</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.1/upgrade.html" class="wikilink1" title="documentation:1.1:upgrade">Upgrade to 1.1</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.2/upgrade.html" class="wikilink1" title="documentation:1.2:upgrade">Upgrade to 1.2</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.3/upgrade.html" class="wikilink1" title="documentation:1.3:upgrade">Upgrade to 1.3</a></div>
</li>
</ul>
<p>
</div></p>
</p>
</div>
<!-- SECTION "Upgrade from 1.3 to 1.4" [1-459] -->
<h2><a name="handler" id="handler">Handler</a></h2>
<div class="level2">
<p>
Handler module has been completely rewritten. You should now call the default module in your virtual host:
</p>
<pre class="code file apache">PerlHeaderParserHandler Lemonldap::NG::Handler</pre>
<p>
The main Apache handler configuration file has also been modified, check it:
</p>
<pre class="code file apache"><span class="co1"># Load LemonLDAP::NG Handler</span>
PerlOptions +GlobalRequest
PerlRequire Lemonldap/NG/Handler.pm
&nbsp;
<span class="co1"># Common error page and security parameters</span>
<span class="kw1">ErrorDocument</span> 403 http://auth.example.com/?lmError=403
<span class="kw1">ErrorDocument</span> 500 http://auth.example.com/?lmError=500
<span class="kw1">ErrorDocument</span> 503 http://auth.example.com/?lmError=503
&nbsp;
&lt;<span class="kw3">VirtualHost</span> *:80&gt;
<span class="kw1">ServerName</span> reload.example.com
&nbsp;
<span class="co1"># Configuration reload mechanism (only 1 per physical server is</span>
<span class="co1"># needed): choose your URL to avoid restarting Apache when</span>
<span class="co1"># configuration change</span>
&lt;<span class="kw3">Location</span> /reload&gt;
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
<span class="kw1">Deny</span> from <span class="kw2">all</span>
<span class="kw1">Allow</span> from 127.0.0.0/8
PerlHeaderParserHandler Lemonldap::NG::Handler-&gt;refresh
&lt;/<span class="kw3">Location</span>&gt;
&nbsp;
<span class="co1"># Uncomment this to activate status module</span>
<span class="co1">#&lt;Location /status&gt;</span>
<span class="co1"># Order deny,allow</span>
<span class="co1"># Deny from all</span>
<span class="co1"># Allow from 127.0.0.0/8</span>
<span class="co1"># PerlHeaderParserHandler Lemonldap::NG::Handler-&gt;status</span>
<span class="co1">#&lt;/Location&gt;</span>
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
</div>
<!-- SECTION "Handler" [460-1703] -->
<h2><a name="new_portal_skin" id="new_portal_skin">New portal skin</a></h2>
<div class="level2">
<p>
We provide a new skin: bootstrap. This skin uses Twitter Bootstrap framework, and allows to have a good rendering on mobile devices. Try it!
</p>
</div>
<!-- SECTION "New portal skin" [1704-1875] -->
<h2><a name="specific_handlers" id="specific_handlers">Specific handlers</a></h2>
<div class="level2">
<p>
If you are using one of these specific handlers:
</p>
<ul>
<li class="level1"><div class="li"> AuthBasic.pm</div>
</li>
<li class="level1"><div class="li"> SecureToken.pm</div>
</li>
<li class="level1"><div class="li"> SympaAutoLogin.pm</div>
</li>
<li class="level1"><div class="li"> UpdateCookie.pm</div>
</li>
<li class="level1"><div class="li"> ZimbraPreAuth.pm</div>
</li>
</ul>
<p>
You should now change their path in you virtual host:
For example for sympa, from:
</p>
<pre class="code">
PerlRequire /usr/local/lemonldap-ng/handler/MyHandlerSympa.pm
PerlHeaderParserHandler My::Sympa
</pre>
<p>
to:
</p>
<pre class="code">
PerlRequire Lemonldap/NG/Handler/Specific/SympaAutoLogin.pm
PerlHeaderParserHandler Lemonldap::NG::Handler::Specific::SympaAutoLogin
</pre>
<p>
<p><div class="notewarning">Take care to save every specificity in these files before you do the upgrade.
</p>
<ul>
<li class="level1"><div class="li"> MyHandlerAuthBasic.pm</div>
</li>
<li class="level1"><div class="li"> MyHandler.pm</div>
</li>
<li class="level1"><div class="li"> MyHandlerSecureToken.pm</div>
</li>
<li class="level1"><div class="li"> MyHandlerSympa.pm</div>
</li>
<li class="level1"><div class="li"> MyHandlerZimbra.pm</div>
</li>
<li class="level1"><div class="li"> MyUpdateCookieHandler.pm</div>
</li>
</ul>
<p>
</div></p>
</p>
</div>
<!-- SECTION "Specific handlers" [1876-2649] -->
<h2><a name="security" id="security">Security</a></h2>
<div class="level2">
<p>
We found that the default session identifier generation may be too simple and can allow to do brute force attack to find a valid session identifier (see <a href="https://jira.ow2.org/browse/LEMONLDAP-695" class="urlextern" title="https://jira.ow2.org/browse/LEMONLDAP-695" rel="nofollow">https://jira.ow2.org/browse/LEMONLDAP-695</a>).
</p>
<p>
We recommend that you use a new generate module. Add <code>generateModule</code> key inside your sessions backend options and use <code>Lemonldap::NG::Common::Apache::Session::Generate::SHA256</code> as value.
</p>
</div>
<!-- SECTION "Security" [2650-3062] -->
<h2><a name="captcha" id="captcha">Captcha</a></h2>
<div class="level2">
<p>
Captcha now use an Apache::Session module as backend, you need to adapt your previous configuration to replace <code>captcha_data</code> and <code>captcha_output</code> by <code>captchaStorage</code> and <code>captchaStorageOptions</code>.
</p>
<p>
This allows to use a DB or <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> to share captchas in a cluster.
</p>
</div>
<!-- SECTION "Captcha" [3063-] --></div><!-- closes <div class="dokuwiki export">-->
Reference in New Issue View Git Blame Copy Permalink