"<div class=\"alert alert-warning\">Note that LemonLDAP::NG cookie is hidden. So that application developpers can not spoof sessions.</div>\n";
"<div class=\"alert alert-warning\">Note that LemonLDAP::NG cookie is hidden. So that application developers can not spoof sessions.</div>\n";
print
"<div class=\"alert alert-info\">You can access to any information (IP address or LDAP attribute) by customizing exported headers with the <a href=\"$manager_url\">LemonLDAP::NG Management interface</a>.</div>\n";
<h1class="sectionedit1"id="this_topic_does_not_exist_yet">This topic does not exist yet</h1>
<divclass="level1">
<p>
You've followed a link to a topic that doesn't exist yet. If permissions allow, you may create it by clicking on "Create this page".
<ahref="https://www.ow2con.org/view/2014/Awards_Results?year=2014&event=OW2con14"class="urlextern"title="https://www.ow2con.org/view/2014/Awards_Results?year=2014&event=OW2con14"rel="nofollow">OW2con'14 Community Award</a>
</p>
<p>
<ahref="https://www.ow2con.org/view/2018/Awards_Results?year=2018&event=OW2con18"class="urlextern"title="https://www.ow2con.org/view/2018/Awards_Results?year=2018&event=OW2con18"rel="nofollow">OW2con'18 Community Award</a>
<ahref="javascript:void(0)"class="back-to-top hidden-print btn btn-default btn-sm"title="skip to content>"id="back-to-top"><iclass="glyphicon glyphicon-chevron-up"></i></a>
<divclass="text-center">
<pid="dw__license">
<divclass="license">Except where otherwise noted, content on this wiki is licensed under the following license: <bdi><ahref="http://creativecommons.org/licenses/by-nc-sa/3.0/"rel="license"class="urlextern">CC Attribution-Noncommercial-Share Alike 3.0 Unported</a></bdi></div></p>
To use Active Directory as LDAP backend, you must change few things in the manager :
</p>
<ul>
<liclass="level1"><divclass="li"> Use “Active Directory” as authentication, userDB and passwordDBbackends,</div>
<liclass="level1"><divclass="li"> Use "Active Directory" as authentication, userDB and passwordDBbackends,</div>
</li>
<liclass="level1"><divclass="li"> Export sAMAccountName in a variable declared in <ahref="exportedvars.html"class="wikilink1"title="documentation:2.0:exportedvars">exported variables</a></div>
</li>
<liclass="level1"><divclass="li"> Change the user attribute to store in Apache logs <em>(“General Parameters » Logs » REMOTE_USER”)</em>: use the variable declared above</div>
<liclass="level1"><divclass="li"> Change the user attribute to store in Apache logs <em>("General Parameters » Logs » REMOTE_USER")</em>: use the variable declared above</div>
</li>
</ul>
...
...
@@ -69,7 +69,7 @@ To use Active Directory as LDAP backend, you must change few things in the manag
<h2class="sectionedit3"id="authentication_with_kerberos">Authentication with Kerberos</h2>
<liclass="level1"><divclass="li"><ahref="authapache.html"class="wikilink1"title="documentation:2.0:authapache">Configure the Apache server</a> that host the portal to use the Apache Kerberos authentication module</div>
@@ -67,7 +67,7 @@ In the context of an HTTP transaction, the basic access authentication is a meth
</p>
<p>
Before transmission, the username and password are encoded as a sequence of base-64 characters. For example, the user name Aladdin and password open sesame would be combined as Aladdin:open sesame – which is equivalent to QWxhZGRpbjpvcGVuIHNlc2FtZQ== when encoded in Base64. Little effort is required to translate the encoded string back into the user name and password, and many popular security tools will decode the strings “on the fly”.
Before transmission, the username and password are encoded as a sequence of base-64 characters. For example, the user name Aladdin and password open sesame would be combined as Aladdin:open sesame – which is equivalent to QWxhZGRpbjpvcGVuIHNlc2FtZQ== when encoded in Base64. Little effort is required to translate the encoded string back into the user name and password, and many popular security tools will decode the strings "on the fly".
@@ -96,11 +96,11 @@ similar, using whatever attribute makes sense to you. For example:<pre class="c
</li>
<liclass="level1"><divclass="li"> Now go to *Variables -> Macros*. Here set up variables which will be computed based on the attributes you exported above. You will need to emit strings in this format <code>arn:aws:iam::account-number:role/role-name1,arn:aws:iam::account-number:saml-provider/provider-name</code>. The parts you need to change are <code>account-number</code>, <code>role-name1</code> and <code>provier-name</code>. The last two will be the provider name and role names you just set up in AWS.</div>
</li>
<liclass="level1"><divclass="li"> Perl works in here, so something like this is valid: <code>aws_eu_role</code> -><code>$ou =~ sysadmin ? “arn:aws...” : “arn:...”</code></div>
<liclass="level1"><divclass="li"> Perl works in here, so something like this is valid: <code>aws_eu_role</code> -><code>$ou =~ sysadmin ? "arn:aws..." : "arn:..."</code></div>
</li>
<liclass="level1"><divclass="li"> If it easier, split multiple roles into different macros. Then tie all the variables you define together into one string concatenating them with whatever is in General Parameters -> Advanced Parameters -> Separator. Actually click into this field and move around with the arrow keys to see if there is a space, since spaces can be part of the separator.</div>
</li>
<liclass="level1"><divclass="li"> Remember macros are defined alphanumerically, so you want one right at the end, like <code>z_aws_roles</code> -><code>join(“; ”, $role_name1, $role_name2, ...)</code></div>
<liclass="level1"><divclass="li"> Remember macros are defined alphanumerically, so you want one right at the end, like <code>z_aws_roles</code> -><code>join("; ", $role_name1, $role_name2, ...)</code></div>
</li>
<liclass="level1"><divclass="li"> On the left again, click <code><abbrtitle="Security Assertion Markup Language">SAML</abbr> service providers</code>, then <code>Add <abbrtitle="Security Assertion Markup Language">SAML</abbr> SP</code>.</div>