206 lines
6.9 KiB
HTML
206 lines
6.9 KiB
HTML
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
|
|
lang="en" dir="ltr">
|
|
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<title></title>
|
|
<!-- metadata -->
|
|
<meta name="generator" content="Offline" />
|
|
<meta name="version" content="Offline 0.1" />
|
|
<!-- style sheet links -->
|
|
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
|
|
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
|
|
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
|
|
|
|
</head>
|
|
<body>
|
|
<div class="dokuwiki export">
|
|
|
|
|
|
|
|
|
|
<h1><a name="upgrade_from_13_to_14" id="upgrade_from_13_to_14">Upgrade from 1.3 to 1.4</a></h1>
|
|
<div class="level1">
|
|
|
|
<p>
|
|
|
|
<p><div class="noteclassic">If you are using packages, they should have done the upgrade process for you, but you can check here that all is in order.
|
|
</div></p>
|
|
</p>
|
|
|
|
<p>
|
|
<p><div class="noteimportant">
|
|
If you upgrade from older versions, please follow first:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> <a href="../../documentation/1.0/upgrade.html" class="wikilink1" title="documentation:1.0:upgrade">Upgrade to 1.0</a></div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <a href="../../documentation/1.1/upgrade.html" class="wikilink1" title="documentation:1.1:upgrade">Upgrade to 1.1</a></div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <a href="../../documentation/1.2/upgrade.html" class="wikilink1" title="documentation:1.2:upgrade">Upgrade to 1.2</a></div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <a href="../../documentation/1.3/upgrade.html" class="wikilink1" title="documentation:1.3:upgrade">Upgrade to 1.3</a></div>
|
|
</li>
|
|
</ul>
|
|
|
|
<p>
|
|
|
|
</div></p>
|
|
</p>
|
|
|
|
</div>
|
|
<!-- SECTION "Upgrade from 1.3 to 1.4" [1-459] -->
|
|
<h2><a name="handler" id="handler">Handler</a></h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
|
|
Handler module has been completely rewritten. You should now call the default module in your virtual host:
|
|
|
|
</p>
|
|
<pre class="code file apache">PerlHeaderParserHandler Lemonldap::NG::Handler</pre>
|
|
|
|
<p>
|
|
The main Apache handler configuration file has also been modified, check it:
|
|
|
|
</p>
|
|
<pre class="code file apache"><span class="co1"># Load LemonLDAP::NG Handler</span>
|
|
PerlOptions +GlobalRequest
|
|
PerlRequire Lemonldap/NG/Handler.pm
|
|
|
|
<span class="co1"># Common error page and security parameters</span>
|
|
<span class="kw1">ErrorDocument</span> 403 http://auth.example.com/?lmError=403
|
|
<span class="kw1">ErrorDocument</span> 500 http://auth.example.com/?lmError=500
|
|
<span class="kw1">ErrorDocument</span> 503 http://auth.example.com/?lmError=503
|
|
|
|
<<span class="kw3">VirtualHost</span> *:80>
|
|
<span class="kw1">ServerName</span> reload.example.com
|
|
|
|
<span class="co1"># Configuration reload mechanism (only 1 per physical server is</span>
|
|
<span class="co1"># needed): choose your URL to avoid restarting Apache when</span>
|
|
<span class="co1"># configuration change</span>
|
|
<<span class="kw3">Location</span> /reload>
|
|
<span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
|
|
<span class="kw1">Deny</span> from <span class="kw2">all</span>
|
|
<span class="kw1">Allow</span> from 127.0.0.0/8
|
|
PerlHeaderParserHandler Lemonldap::NG::Handler->refresh
|
|
</<span class="kw3">Location</span>>
|
|
|
|
<span class="co1"># Uncomment this to activate status module</span>
|
|
<span class="co1">#<Location /status></span>
|
|
<span class="co1"># Order deny,allow</span>
|
|
<span class="co1"># Deny from all</span>
|
|
<span class="co1"># Allow from 127.0.0.0/8</span>
|
|
<span class="co1"># PerlHeaderParserHandler Lemonldap::NG::Handler->status</span>
|
|
<span class="co1">#</Location></span>
|
|
|
|
</<span class="kw3">VirtualHost</span>></pre>
|
|
|
|
</div>
|
|
<!-- SECTION "Handler" [460-1703] -->
|
|
<h2><a name="new_portal_skin" id="new_portal_skin">New portal skin</a></h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
|
|
We provide a new skin: bootstrap. This skin uses Twitter Bootstrap framework, and allows to have a good rendering on mobile devices. Try it!
|
|
</p>
|
|
|
|
</div>
|
|
<!-- SECTION "New portal skin" [1704-1875] -->
|
|
<h2><a name="specific_handlers" id="specific_handlers">Specific handlers</a></h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
|
|
If you are using one of these specific handlers:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> AuthBasic.pm</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> SecureToken.pm</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> SympaAutoLogin.pm</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> UpdateCookie.pm</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> ZimbraPreAuth.pm</div>
|
|
</li>
|
|
</ul>
|
|
|
|
<p>
|
|
|
|
You should now change their path in you virtual host:
|
|
For example for sympa, from:
|
|
|
|
</p>
|
|
<pre class="code">
|
|
PerlRequire /usr/local/lemonldap-ng/handler/MyHandlerSympa.pm
|
|
PerlHeaderParserHandler My::Sympa
|
|
</pre>
|
|
|
|
<p>
|
|
to:
|
|
|
|
</p>
|
|
<pre class="code">
|
|
PerlRequire Lemonldap/NG/Handler/Specific/SympaAutoLogin.pm
|
|
PerlHeaderParserHandler Lemonldap::NG::Handler::Specific::SympaAutoLogin
|
|
</pre>
|
|
|
|
<p>
|
|
<p><div class="notewarning">Take care to save every specificity in these files before you do the upgrade.
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> MyHandlerAuthBasic.pm</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> MyHandler.pm</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> MyHandlerSecureToken.pm</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> MyHandlerSympa.pm</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> MyHandlerZimbra.pm</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> MyUpdateCookieHandler.pm</div>
|
|
</li>
|
|
</ul>
|
|
|
|
<p>
|
|
|
|
</div></p>
|
|
</p>
|
|
|
|
</div>
|
|
<!-- SECTION "Specific handlers" [1876-2649] -->
|
|
<h2><a name="security" id="security">Security</a></h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
|
|
We found that the default session identifier generation may be too simple and can allow to do brute force attack to find a valid session identifier (see <a href="https://jira.ow2.org/browse/LEMONLDAP-695" class="urlextern" title="https://jira.ow2.org/browse/LEMONLDAP-695" rel="nofollow">https://jira.ow2.org/browse/LEMONLDAP-695</a>).
|
|
</p>
|
|
|
|
<p>
|
|
We recommend that you use a new generate module. Add <code>generateModule</code> key inside your sessions backend options and use <code>Lemonldap::NG::Common::Apache::Session::Generate::SHA256</code> as value.
|
|
</p>
|
|
|
|
</div>
|
|
<!-- SECTION "Security" [2650-3062] -->
|
|
<h2><a name="captcha" id="captcha">Captcha</a></h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
|
|
Captcha now use an Apache::Session module as backend, you need to adapt your previous configuration to replace <code>captcha_data</code> and <code>captcha_output</code> by <code>captchaStorage</code> and <code>captchaStorageOptions</code>.
|
|
</p>
|
|
|
|
<p>
|
|
This allows to use a DB or <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> to share captchas in a cluster.
|
|
</p>
|
|
|
|
</div>
|
|
<!-- SECTION "Captcha" [3063-] --></div><!-- closes <div class="dokuwiki export">--> |