dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b855f175bc
lemonldap-ng/doc/pages/documentation/current/authdbi.html
Xavier 39c968b215 Update doc
2019-09-23 22:41:16 +02:00

331 lines
14 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authdbi</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authdbi"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authdbi.html"/>
<link rel="contents" href="authdbi.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authdbi","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#drivers">Drivers</a></div></li>
<li class="level2"><div class="li"><a href="#schema">Schema</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#example_1two_tables">Example 1: two tables</a></div></li>
<li class="level3"><div class="li"><a href="#example_2single_table">Example 2: single table</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#sql">SQL</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#authentication_level">Authentication level</a></div></li>
<li class="level2"><div class="li"><a href="#exported_variables">Exported variables</a></div></li>
<li class="level2"><div class="li"><a href="#connection">Connection</a></div></li>
<li class="level2"><div class="li"><a href="#schema1">Schema</a></div></li>
<li class="level2"><div class="li"><a href="#password">Password</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="databases">Databases</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2 centeralign"></td>
</tr>
</table></div>
<!-- EDIT2 TABLE [26-95] -->
</div>
<!-- EDIT1 SECTION "Databases" [1-96] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Presentation" [97-122] -->
<h3 class="sectionedit4" id="drivers">Drivers</h3>
<div class="level3">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can use a lot of databases as authentication, users and password backend:
</p>
<ul>
<li class="level1"><div class="li"> MariaDB/MySQL</div>
</li>
<li class="level1"><div class="li"> PostGreSQL</div>
</li>
<li class="level1"><div class="li"> Oracle</div>
</li>
<li class="level1"><div class="li"> ...</div>
</li>
</ul>
<p>
Indeed, any <a href="http://search.cpan.org/search?query=DBD%3A%3A&amp;mode=module" class="urlextern" title="http://search.cpan.org/search?query=DBD%3A%3A&amp;mode=module" rel="nofollow">Perl DBD driver</a> can be used.
</p>
</div>
<!-- EDIT4 SECTION "Drivers" [123-379] -->
<h3 class="sectionedit5" id="schema">Schema</h3>
<div class="level3">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can use two tables:
</p>
<ul>
<li class="level1"><div class="li"> Authentication table: where login and password are stored</div>
</li>
<li class="level1"><div class="li"> User table: where user data are stored (mail, name, etc.)</div>
</li>
</ul>
<div class="notetip">Authentication table and user table can be the same.
</div>
<p>
The password can be in plain text, or encoded with a standard SQL method:
</p>
<ul>
<li class="level1"><div class="li"> SHA</div>
</li>
<li class="level1"><div class="li"> SHA1</div>
</li>
<li class="level1"><div class="li"> MD5</div>
</li>
</ul>
</div>
<h4 id="example_1two_tables">Example 1: two tables</h4>
<div class="level4">
</div>
<h5 id="authentication_table">Authentication table</h5>
<div class="level5">
<div class="table sectionedit6"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> id </th><th class="col1"> login </th><th class="col2"> password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> 0 </td><td class="col1"> coudot </td><td class="col2"> 1f777a6581e478499f4284e54fe2d4a4e513dfff </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> 1 </td><td class="col1"> xguimard </td><td class="col2"> a15a18c8bb17e6f67886a9af1898c018b9f5a072 </td>
</tr>
<tr class="row3 rowodd">
<td class="col0"> 2 </td><td class="col1"> tchemineau </td><td class="col2"> 1f777a6581e478499f4284e54fe2d4a4e513dfff </td>
</tr>
</table></div>
<!-- EDIT6 TABLE [780-985] -->
</div>
<h5 id="user_table">User table</h5>
<div class="level5">
<div class="table sectionedit7"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> id </th><th class="col1"> user </th><th class="col2"> name </th><th class="col3"> mail </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> 0 </td><td class="col1"> coudot </td><td class="col2"> Clément OUDOT </td><td class="col3"> coudot@example.com </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> 1 </td><td class="col1"> tchemineau </td><td class="col2"> Thomas CHEMINEAU </td><td class="col3"> tchemineau@example.com </td>
</tr>
<tr class="row3 rowodd">
<td class="col0"> 2 </td><td class="col1"> xguimard </td><td class="col2"> Xavier GUIMARD </td><td class="col3"> xguimard@example.com </td>
</tr>
</table></div>
<!-- EDIT7 TABLE [1005-1205] -->
</div>
<h4 id="example_2single_table">Example 2: single table</h4>
<div class="level4">
<div class="table sectionedit8"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> id </th><th class="col1"> user </th><th class="col2"> password </th><th class="col3"> name </th><th class="col4"> mail </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> 0 </td><td class="col1"> coudot </td><td class="col2"> 1f777a6581e478499f4284e54fe2d4a4e513dfff </td><td class="col3"> Clément OUDOT </td><td class="col4"> coudot@example.com </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> 1 </td><td class="col1"> tchemineau </td><td class="col2"> 1f777a6581e478499f4284e54fe2d4a4e513dfff </td><td class="col3"> Thomas CHEMINEAU </td><td class="col4"> tchemineau@example.com </td>
</tr>
<tr class="row3 rowodd">
<td class="col0"> 2 </td><td class="col1"> xguimard </td><td class="col2"> a15a18c8bb17e6f67886a9af1898c018b9f5a072 </td><td class="col3"> Xavier GUIMARD </td><td class="col4"> xguimard@example.com </td>
</tr>
</table></div>
<!-- EDIT8 TABLE [1240-1580] -->
</div>
<!-- EDIT5 SECTION "Schema" [380-1581] -->
<h3 class="sectionedit9" id="sql">SQL</h3>
<div class="level3">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> will operate some SQL queries:
</p>
<ul>
<li class="level1"><div class="li"> Authentication: select row in authentication table matching user and password</div>
</li>
<li class="level1"><div class="li"> Search user: select row in user table matching user</div>
</li>
<li class="level1"><div class="li"> Change password: update password column in authentication table matching user</div>
</li>
</ul>
</div>
<!-- EDIT9 SECTION "SQL" [1582-1855] -->
<h2 class="sectionedit10" id="configuration">Configuration</h2>
<div class="level2">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Database (<abbr title="Database Interface">DBI</abbr>) for authentication, users and/or password modules.
</p>
</div>
<!-- EDIT10 SECTION "Configuration" [1856-2030] -->
<h3 class="sectionedit11" id="authentication_level">Authentication level</h3>
<div class="level3">
<p>
The authentication level given to users authenticated with this module.
</p>
<div class="noteimportant">As <abbr title="Database Interface">DBI</abbr> is a login/password based module, the authentication level can be:<ul>
<li class="level1"><div class="li"> increased (+1) if portal is protected by SSL (HTTPS)</div>
</li>
<li class="level1"><div class="li"> decreased (-1) if the portal autocompletion is allowed (see <a href="portalcustom.html" class="wikilink1" title="documentation:2.0:portalcustom">portal customization</a>)</div>
</li>
</ul>
</div>
</div>
<!-- EDIT11 SECTION "Authentication level" [2031-2395] -->
<h3 class="sectionedit12" id="exported_variables">Exported variables</h3>
<div class="level3">
<p>
List of columns to query to fill user session. See also <a href="exportedvars.html" class="wikilink1" title="documentation:2.0:exportedvars">exported variables configuration</a>.
</p>
</div>
<!-- EDIT12 SECTION "Exported variables" [2396-2533] -->
<h3 class="sectionedit13" id="connection">Connection</h3>
<div class="level3">
<div class="notetip">Connection settings can be configured differently for authentication process and user process. This allows one to use different databases for these process. By default, if user process connection settings are empty, authentication process connection settings will be used.
</div><ul>
<li class="level1"><div class="li"> <strong>Chain</strong>: <abbr title="Database Interface">DBI</abbr> chain, including database driver name and database name (for example: dbi:mysql:database=lemonldapng;host=localhost).</div>
</li>
<li class="level1"><div class="li"> <strong>User</strong>: Connection user</div>
</li>
<li class="level1"><div class="li"> <strong>Password</strong>: Connection password</div>
</li>
</ul>
</div>
<!-- EDIT13 SECTION "Connection" [2534-3052] -->
<h3 class="sectionedit14" id="schema1">Schema</h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> <strong>Authentication table</strong>: authentication table name</div>
</li>
<li class="level1"><div class="li"> <strong>User table</strong>: user table name</div>
</li>
<li class="level1"><div class="li"> <strong>Login field name</strong>: name of authentication table column hosting login</div>
</li>
<li class="level1"><div class="li"> <strong>Password field name</strong>: name of authentication table column hosting password</div>
</li>
<li class="level1"><div class="li"> <strong>Mail field name</strong>: name of authentication table column hosting mail (for password reset)</div>
</li>
<li class="level1"><div class="li"> <strong>Login field name in user table</strong>: name of user table column hosting login</div>
</li>
</ul>
</div>
<!-- EDIT14 SECTION "Schema" [3053-3496] -->
<h3 class="sectionedit15" id="password">Password</h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> <strong>Hash schema</strong>: SQL method for hashing password. Can be left blank for plain text passwords.</div>
</li>
<li class="level1"><div class="li"> <strong>Dynamic hash activation</strong>: Activate dynamic hashing. With dynamic hashing, the hash scheme is recovered from the user password in the database during authentication.</div>
</li>
<li class="level1"><div class="li"> <strong>Supported non-salted schemes</strong>: List of whitespace separated hash schemes. Every hash scheme MUST match a non-salted hash function in the database. LemonLDAP::NG relies on this hashing function for computing user password hashes. These hashes MUST NOT be salted (no random data used in conjunction with the password).</div>
</li>
<li class="level1"><div class="li"> <strong>Supported salted schemes</strong>: List of whitespace separated salted hash schemes, of the form &quot;<strong>s</strong>scheme&quot;, where scheme MUST match a non-salted hash function in the database. LemonLDAP::NG relies on this hashing function for computing user password hashes. Salted and non-salted scheme lists are not necessarily equivalent. (for example: non-salted=&quot;sha256&quot; and salted=&quot;ssha ssha512&quot; is valid)</div>
</li>
<li class="level1"><div class="li"> <strong>Dynamic hash scheme for new passwords</strong>: LemonLDAP::NG is able to store new passwords in the database (while modifying or reinitializing the password). You can choose a salted or non salted dynamic hashed password. The value must be an element of &quot;Supported non-salted schemes&quot; or &quot;Supported salted schemes&quot;.</div>
</li>
</ul>
<div class="noteimportant">The SQL function MUST have hexadecimal values as input AND output
</div><div class="notetip">Here is an example for creating a postgreSQL SHA256 function.
1. Install postgresql-contrib.
2. Activate extension: <pre class="code">CREATE EXTENSION pgcrypto;</pre>
<p>
3. Create the hash function:
</p>
<pre class="code">CREATE OR REPLACE FUNCTION sha256(varchar) returns text AS $$
SELECT encode(digest(decode($1, &#039;hex&#039;), &#039;sha256&#039;), &#039;hex&#039;)
$$ LANGUAGE SQL STRICT IMMUTABLE;</pre>
</div>
</div>
<!-- EDIT15 SECTION "Password" [3497-] --></div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink