Commit 289930e2 authored by Yadd's avatar Yadd

Update doc

parent 671459ff
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=62a29c35a267f658799e362598e991b4" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=d85714290cf235b49a654de9f78398ef" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1490850178" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1491283164" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=62a29c35a267f658799e362598e991b4" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=d85714290cf235b49a654de9f78398ef" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1490850178" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1491283164" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authcombination</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authcombination"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authcombination.html"/>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authsaml</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authsaml"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authsaml.html"/>
......@@ -199,14 +199,14 @@ For each attribute, you can set:
<h5 id="general_options">General options</h5>
<div class="level5">
<ul>
<li class="level1"><div class="li"> <strong>Resolution Rule</strong>: rule that will be applied to preselect an IDP for a user. You have access to all environment variable, like user <abbr title="Internet Protocol">IP</abbr> address.</div>
<li class="level1"><div class="li"> <strong>Resolution Rule</strong>: rule that will be applied to preselect an IDP for a user. You have access to all environment variable <em>(like user <abbr title="Internet Protocol">IP</abbr> address)</em> and all session keys.</div>
</li>
</ul>
<p>
For example, to preselect this IDP for users coming from 129.168.0.0/16 network:
For example, to preselect this IDP for users coming from 129.168.0.0/16 network and member of “admin” group:
</p>
<pre class="code">$ENV{REMOTE_ADDR} =~ /^192\.168/</pre>
<pre class="code">$ENV{REMOTE_ADDR} =~ /^192\.168/ and $groups =~ /\badmin\b/</pre>
</div>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:browseablesessionbackend</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,browseablesessionbackend"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="browseablesessionbackend.html"/>
......@@ -91,30 +91,28 @@ The following table list fields to index depending on the feature you want to in
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> Session explorer </td><td class="col1 centeralign"> ipAddr <em>WHATTOTRACE</em> </td>
<td class="col0"> Database cleaup <em>(cron)</em> </td><td class="col1 centeralign"> _session_kind _utime </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> Session explorer (persistent sessions) </td><td class="col1 centeralign"> _session_uid </td>
<td class="col0"> Session explorer </td><td class="col1 centeralign"> _session_kind ipAddr <em>WHATTOTRACE</em> </td>
</tr>
<tr class="row3 rowodd">
<td class="col0"> Session restrictions </td><td class="col1 centeralign"> ipAddr <em>WHATTOTRACE</em> </td>
<td class="col0"> Session explorer (persistent sessions) </td><td class="col1 centeralign"> _session_kind _session_uid </td>
</tr>
<tr class="row4 roweven">
<td class="col0"> <abbr title="Security Assertion Markup Language">SAML</abbr> authentication and issuer </td><td class="col1 centeralign"> _saml_id ProxyID _nameID _assert_id _art_id _session_id </td>
</tr>
<tr class="row5 rowodd">
<td class="col0 leftalign"> <abbr title="Central Authentication Service">CAS</abbr> issuer </td><td class="col1 centeralign"> _cas_id </td>
</tr>
<tr class="row6 roweven">
<td class="col0 leftalign"> Password reset </td><td class="col1 centeralign"> user </td>
<td class="col0"> Session restrictions </td><td class="col1 centeralign"> _session_kind ipAddr <em>WHATTOTRACE</em> </td>
</tr>
</table></div>
<!-- EDIT3 TABLE [877-1222] --><div class="noteimportant"><em>WHATTOTRACE</em> must be replaced by the attribute or macro configured in the What To Trace parameter (REMOTE_USER)
<!-- EDIT3 TABLE [877-1168] -->
<p>
See Apache::Session::Browseable::* man page to see how use indexes.
</p>
<div class="noteimportant"><em>WHATTOTRACE</em> must be replaced by the attribute or macro configured in the What To Trace parameter (REMOTE_USER). By default: <strong>_whatToTrace</strong>
</div><div class="notetip">It is advised to use separate session backends for standard sessions, <abbr title="Security Assertion Markup Language">SAML</abbr> sessions and <abbr title="Central Authentication Service">CAS</abbr> sessions, in order to manage index separately.
</div><div class="noteclassic">Documentation below explains how set index on ipAddr and _whatToTrace. Adapt it to configure the index you need.
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [43-1646] -->
<!-- EDIT2 SECTION "Presentation" [43-1691] -->
<h2 class="sectionedit4" id="browseable_nosql">Browseable NoSQL</h2>
<div class="level2">
......@@ -141,33 +139,44 @@ You then just have to add the <code>Index</code> parameter in <code>General par
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr </td>
</tr>
</table></div>
<!-- EDIT5 TABLE [1934-2091] -->
<!-- EDIT5 TABLE [1979-2136] -->
</div>
<!-- EDIT4 SECTION "Browseable NoSQL" [1647-2092] -->
<!-- EDIT4 SECTION "Browseable NoSQL" [1692-2137] -->
<h2 class="sectionedit6" id="browseable_sql">Browseable SQL</h2>
<div class="level2">
<div class="noteclassic">This documentation concerns MySQL. Some adaptations are needed with other databases.
<div class="noteclassic">This documentation concerns PostgreSQL. Some adaptations are needed with other databases.
</div>
</div>
<!-- EDIT6 SECTION "Browseable SQL" [2093-2219] -->
<!-- EDIT6 SECTION "Browseable SQL" [2138-2269] -->
<h3 class="sectionedit7" id="prepare_database">Prepare database</h3>
<div class="level3">
<p>
Database must be prepared exactly like in <a href="sqlsessionbackend.html#prepare_the_database" class="wikilink1" title="documentation:2.0:sqlsessionbackend">SQL session backend</a> except that a field must be added for each data to index.
</p>
<pre class="code file sql"><span class="kw1">CREATE</span> <span class="kw1">TABLE</span> sessions <span class="br0">&#40;</span>
id <span class="kw1">CHAR</span><span class="br0">&#40;</span><span class="nu0">32</span><span class="br0">&#41;</span> <span class="kw1">NOT</span> <span class="kw1">NULL</span> <span class="kw1">PRIMARY</span> <span class="kw1">KEY</span><span class="sy0">,</span>
a_session <span class="kw1">BLOB</span><span class="sy0">,</span>
_whatToTrace <span class="kw1">VARCHAR</span><span class="br0">&#40;</span><span class="nu0">255</span><span class="br0">&#41;</span><span class="sy0">,</span>
ipAddr <span class="kw1">VARCHAR</span><span class="br0">&#40;</span><span class="nu0">15</span><span class="br0">&#41;</span><span class="sy0">,</span>
<span class="kw1">KEY</span> _whatToTrace <span class="br0">&#40;</span>_whatToTrace<span class="br0">&#41;</span><span class="sy0">,</span>
<span class="kw1">KEY</span> ipAddr <span class="br0">&#40;</span>ipAddr<span class="br0">&#41;</span>
<span class="br0">&#41;</span>;</pre>
<div class="noteimportant">Change char(32) by char(64) if you use the now recommended SHA256 hash algorithm. See <a href="documentation/latest/sessions.html" class="wikilink1" title="documentation:latest:sessions">Sessions</a> for more details
<pre class="code file sql"> Apache::<span class="kw1">SESSION</span>::Browseable::Postgres example:
<span class="sy0">&lt;</span>code sql<span class="sy0">&gt;</span>
<span class="kw1">CREATE</span> UNLOGGED <span class="kw1">TABLE</span> sessions <span class="br0">&#40;</span>
id <span class="kw1">VARCHAR</span><span class="br0">&#40;</span><span class="nu0">64</span><span class="br0">&#41;</span> <span class="kw1">NOT</span> <span class="kw1">NULL</span> <span class="kw1">PRIMARY</span> <span class="kw1">KEY</span><span class="sy0">,</span>
a_session text<span class="sy0">,</span>
_whatToTrace text<span class="sy0">,</span>
_session_kind text<span class="sy0">,</span>
_utime <span class="kw1">BIGINT</span><span class="sy0">,</span>
ipAddr text
<span class="br0">&#41;</span>;
<span class="kw1">CREATE</span> <span class="kw1">INDEX</span> uid1 <span class="kw1">ON</span> sessions <span class="kw1">USING</span> BTREE <span class="br0">&#40;</span>_whatToTrace<span class="br0">&#41;</span>;
<span class="kw1">CREATE</span> <span class="kw1">INDEX</span> s1 <span class="kw1">ON</span> sessions <span class="br0">&#40;</span>_session_kind<span class="br0">&#41;</span>;
<span class="kw1">CREATE</span> <span class="kw1">INDEX</span> u1 <span class="kw1">ON</span> sessions <span class="br0">&#40;</span>_utime<span class="br0">&#41;</span>;
<span class="kw1">CREATE</span> <span class="kw1">INDEX</span> ip1 <span class="kw1">ON</span> sessions <span class="kw1">USING</span> BTREE <span class="br0">&#40;</span>ipAddr<span class="br0">&#41;</span>;</pre>
<div class="noteimportant">For Session Explorer and one-off sessions, it is recommended to use BTREE or any index method that indexes partial content.
</div>
<p>
“id” fieds is set to <code>varchar(64)</code> (instead of char(32)) to use the now recommended SHA256 hash algorithm. See <a href="documentation/latest/sessions.html" class="wikilink1" title="documentation:latest:sessions">Sessions</a> for more details.
</p>
<div class="notetip">With new Apache::Session::Browseable::<strong>PgHstore</strong> and <strong>PgJSON</strong>, you don&#039;t need to declare indexes in <code>CREATE TABLE</code> since “json” and “hstore” type are browseable. You should anyway add some indexes <em>(see manpage)</em>.
</div>
<!-- EDIT7 SECTION "Prepare database" [2220-2806] -->
</div>
<!-- EDIT7 SECTION "Prepare database" [2270-3479] -->
<h3 class="sectionedit8" id="manager">Manager</h3>
<div class="level3">
......@@ -184,7 +193,7 @@ Go in the Manager and set the session module (<a href="http://search.cpan.org/pe
</tr>
</thead>
<tr class="row2 roweven">
<td class="col0 centeralign"> <strong>DataSource</strong> </td><td class="col1"> The <a href="http://search.cpan.org/perldoc?DBI" class="urlextern" title="http://search.cpan.org/perldoc?DBI" rel="nofollow">DBI</a> string </td><td class="col2"> dbi:mysql:dbname=sessions </td>
<td class="col0 centeralign"> <strong>DataSource</strong> </td><td class="col1"> The <a href="http://search.cpan.org/perldoc?DBI" class="urlextern" title="http://search.cpan.org/perldoc?DBI" rel="nofollow">DBI</a> string </td><td class="col2"> dbi:Pg:database=sessions </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <strong>UserName</strong> </td><td class="col1"> The database username </td><td class="col2"> lemonldapng </td>
......@@ -193,17 +202,17 @@ Go in the Manager and set the session module (<a href="http://search.cpan.org/pe
<td class="col0 centeralign"> <strong>Password</strong> </td><td class="col1"> The database password </td><td class="col2"> mysuperpassword </td>
</tr>
<tr class="row5 rowodd">
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr </td>
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr _session_kind _utime </td>
</tr>
</table></div>
<!-- EDIT9 TABLE [3135-3466] --><div class="notetip">Apache::Session::Browseable::MySQL doesn&#039;t use locks so performances are keeped.
<!-- EDIT9 TABLE [3808-4159] --><div class="notetip">Apache::Session::Browseable::MySQL doesn&#039;t use locks so performances are keeped.
<p>
For databases like PostgreSQL, don&#039;t forget to add “Commit” with a value of 1
</p>
</div>
</div>
<!-- EDIT8 SECTION "Manager" [2807-3645] -->
<!-- EDIT8 SECTION "Manager" [3480-4338] -->
<h2 class="sectionedit10" id="browseable_ldap">Browseable LDAP</h2>
<div class="level2">
......@@ -257,9 +266,9 @@ You need to add the <code>Index</code> field and can also configure the <code>ld
<td class="col0 centeralign"> <strong>ldapAttributeIndex</strong> </td><td class="col1"> Attribute storing index </td><td class="col2"> ou </td>
</tr>
</table></div>
<!-- EDIT11 TABLE [3997-4731] -->
<!-- EDIT11 TABLE [4690-5424] -->
</div>
<!-- EDIT10 SECTION "Browseable LDAP" [3646-4732] -->
<!-- EDIT10 SECTION "Browseable LDAP" [4339-5425] -->
<h2 class="sectionedit12" id="security">Security</h2>
<div class="level2">
......@@ -272,6 +281,6 @@ You can also use different user/password for your servers by overriding paramete
</p>
</div>
<!-- EDIT12 SECTION "Security" [4733-] --></div>
<!-- EDIT12 SECTION "Security" [5426-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:customfunctions</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,customfunctions"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="customfunctions.html"/>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:exportedvars</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,exportedvars"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="exportedvars.html"/>
......@@ -90,7 +90,7 @@ You can define exported variables for each module in the module configuration it
<div class="notetip">You can define environment variables in <code>Exported variables</code>, this allows one to populate user session with some environment values. Environment variables will not be queried in users database.
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [35-1270] -->
<!-- EDIT2 SECTION "Presentation" [35-1271] -->
<h2 class="sectionedit4" id="extend_variables_using_macros_and_groups">Extend variables using macros and groups</h2>
<div class="level2">
......@@ -104,6 +104,8 @@ Macros and groups are calculated during authentication process by the portal:
<ul>
<li class="level1"><div class="li"> macros are used to extend (or rewrite) <span class="curid"><a href="exportedvars.html" class="wikilink1" title="documentation:2.0:exportedvars">exported variables</a></span>. A macro is stored as attributes: it can contain boolean results or any string</div>
</li>
<li class="level1"><div class="li"> macros can also be used to import environment variables <em>(these variables are in CGI format)</em>. Example: <code>$ENV{HTTP_COOKIE}</code></div>
</li>
<li class="level1"><div class="li"> groups are stored as space-separated strings in the special attribute “groups”: it contains the names of groups whose rules were returned true for the current user</div>
</li>
<li class="level1"><div class="li"> You can also get groups in <code>$hGroups</code> which is a Hash Reference of this form:</div>
......@@ -157,6 +159,6 @@ admin <span class="sy0">-&gt;</span> <span class="re0">$uid</span> <span class="
<div class="level2">
</div>
<!-- EDIT4 SECTION "Extend variables using macros and groups" [1271-] --></div>
<!-- EDIT4 SECTION "Extend variables using macros and groups" [1272-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:extendedfunctions</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,extendedfunctions"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="extendedfunctions.html"/>
......@@ -50,7 +50,6 @@
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#request_information">Request information</a></div></li>
<li class="level1"><div class="li"><a href="#extended_functions_list">Extended Functions List</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#date">date</a></div></li>
......@@ -101,14 +100,14 @@ This is also true for:
Inside this jail, you can access to:
</p>
<ul>
<li class="level1"><div class="li"> all session values and CGI environment variables <em>(through $ENV{&lt;HTTP_NAME&gt;})</em></div>
</li>
<li class="level1"><div class="li"> Core Perl subroutines (split, pop, map, etc.)</div>
</li>
<li class="level1"><div class="li"> <a href="customfunctions.html" class="wikilink1" title="documentation:2.0:customfunctions">Custom functions</a></div>
</li>
<li class="level1"><div class="li"> The <a href="http://perldoc.perl.org/MIME/Base64.html" class="urlextern" title="http://perldoc.perl.org/MIME/Base64.html" rel="nofollow">encode_base64</a> subroutine</div>
</li>
<li class="level1"><div class="li"> Environment variables, in some cases (through %ENV). <em>(NB: with Apache handlers it is generally empty, so unusable for rules/headers)</em> </div>
</li>
<li class="level1"><div class="li"> <a href="#request_information" title="documentation:2.0:extendedfunctions ↵" class="wikilink1">Information about current request</a></div>
</li>
<li class="level1"><div class="li"> <a href="#extended_functions_list" title="documentation:2.0:extendedfunctions ↵" class="wikilink1">Extended functions</a>:</div>
......@@ -139,40 +138,13 @@ Inside this jail, you can access to:
<div class="notetip">To know more about the jail, check <a href="http://perldoc.perl.org/Safe.html" class="urlextern" title="http://perldoc.perl.org/Safe.html" rel="nofollow">Safe module documentation</a>.
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [35-1271] -->
<h2 class="sectionedit3" id="request_information">Request information</h2>
<div class="level2">
<p>
The following data about the current request are available through functions :
</p>
<ul>
<li class="level1"><div class="li"> hostname</div>
</li>
<li class="level1"><div class="li"> remote_ip: the client <abbr title="Internet Protocol">IP</abbr> address</div>
</li>
<li class="level1"><div class="li"> uri: <abbr title="Uniform Resource Locator">URL</abbr> path</div>
</li>
<li class="level1"><div class="li"> uri_with_args: <abbr title="Uniform Resource Locator">URL</abbr> path with query string</div>
</li>
<li class="level1"><div class="li"> unparsed_uri: <abbr title="Uniform Resource Locator">URL</abbr> path, before <abbr title="Uniform Resource Locator">URL</abbr> decoding</div>
</li>
<li class="level1"><div class="li"> args: the query string</div>
</li>
<li class="level1"><div class="li"> method: the request method (GET, POST etc.)</div>
</li>
<li class="level1"><div class="li"> header_in(“Your-Request-Header”): any request header</div>
</li>
</ul>
</div>
<!-- EDIT3 SECTION "Request information" [1272-1677] -->
<h2 class="sectionedit4" id="extended_functions_list">Extended Functions List</h2>
<!-- EDIT2 SECTION "Presentation" [35-1215] -->
<h2 class="sectionedit3" id="extended_functions_list">Extended Functions List</h2>
<div class="level2">
</div>
<!-- EDIT4 SECTION "Extended Functions List" [1678-1714] -->
<h3 class="sectionedit5" id="date">date</h3>
<!-- EDIT3 SECTION "Extended Functions List" [1216-1252] -->
<h3 class="sectionedit4" id="date">date</h3>
<div class="level3">
<p>
......@@ -181,8 +153,8 @@ Returns the date, in format YYYYMMDDHHMMSS, local time by default, GMT by callin
<pre class="code">date(1)</pre>
</div>
<!-- EDIT5 SECTION "date" [1715-1834] -->
<h3 class="sectionedit6" id="checklogonhours">checkLogonHours</h3>
<!-- EDIT4 SECTION "date" [1253-1372] -->
<h3 class="sectionedit5" id="checklogonhours">checkLogonHours</h3>
<div class="level3">
<p>
......@@ -238,8 +210,8 @@ You can modify the default behavior for people without value in ssoLogonHours. I
<pre class="code">checkLogonHours($ssoLogonHours, &#039;&#039;, &#039;&#039;, &#039;1&#039;)</pre>
</div>
<!-- EDIT6 SECTION "checkLogonHours" [1835-3772] -->
<h3 class="sectionedit7" id="checkdate">checkDate</h3>
<!-- EDIT5 SECTION "checkLogonHours" [1373-3310] -->
<h3 class="sectionedit6" id="checkdate">checkDate</h3>
<div class="level3">
<p>
......@@ -270,8 +242,8 @@ Simple usage example:
<pre class="code">checkDate($ssoStartDate, $ssoEndDate)</pre>
</div>
<!-- EDIT7 SECTION "checkDate" [3773-4400] -->
<h3 class="sectionedit8" id="basic">basic</h3>
<!-- EDIT6 SECTION "checkDate" [3311-3938] -->
<h3 class="sectionedit7" id="basic">basic</h3>
<div class="level3">
<div class="noteimportant">This function is not compliant with <a href="safejail.html" class="wikilink1" title="documentation:2.0:safejail">Safe jail</a>, you will need to disable the jail to use it.
</div>
......@@ -295,8 +267,8 @@ Simple usage example:
<pre class="code">basic($uid,$_password)</pre>
</div>
<!-- EDIT8 SECTION "basic" [4401-4863] -->
<h3 class="sectionedit9" id="unicode2iso">unicode2iso</h3>
<!-- EDIT7 SECTION "basic" [3939-4401] -->
<h3 class="sectionedit8" id="unicode2iso">unicode2iso</h3>
<div class="level3">
<div class="noteimportant">This function is not compliant with <a href="safejail.html" class="wikilink1" title="documentation:2.0:safejail">Safe jail</a>, you will need to disable the jail to use it.
</div>
......@@ -318,8 +290,8 @@ Simple usage example:
<pre class="code">unicode2iso($name)</pre>
</div>
<!-- EDIT9 SECTION "unicode2iso" [4864-5168] -->
<h3 class="sectionedit10" id="iso2unicode">iso2unicode</h3>
<!-- EDIT8 SECTION "unicode2iso" [4402-4706] -->
<h3 class="sectionedit9" id="iso2unicode">iso2unicode</h3>
<div class="level3">
<div class="noteimportant">This function is not compliant with <a href="safejail.html" class="wikilink1" title="documentation:2.0:safejail">Safe jail</a>, you will need to disable the jail to use it.
</div>
......@@ -341,8 +313,8 @@ Simple usage example:
<pre class="code">iso2unicode($name)</pre>
</div>
<!-- EDIT10 SECTION "iso2unicode" [5169-5473] -->
<h3 class="sectionedit11" id="groupmatch">groupMatch</h3>
<!-- EDIT9 SECTION "iso2unicode" [4707-5011] -->
<h3 class="sectionedit10" id="groupmatch">groupMatch</h3>
<div class="level3">
<p>
......@@ -367,8 +339,8 @@ Simple usage example:
<pre class="code">groupMatch($hGroups, &#039;description&#039;, &#039;Service 1&#039;)</pre>
</div>
<!-- EDIT11 SECTION "groupMatch" [5474-5832] -->
<h3 class="sectionedit12" id="encrypt">encrypt</h3>
<!-- EDIT10 SECTION "groupMatch" [5012-5370] -->
<h3 class="sectionedit11" id="encrypt">encrypt</h3>
<div class="level3">
<div class="notetip">Since version 2.0, this function is now compliant with <a href="safejail.html" class="wikilink1" title="documentation:2.0:safejail">Safe jail</a>.
</div>
......@@ -378,8 +350,8 @@ This function uses the secret key of LLNG configuration to crypt a data. This ca
<pre class="code">encrypt($_whatToTrace)</pre>
</div>
<!-- EDIT12 SECTION "encrypt" [5833-6138] -->
<h3 class="sectionedit13" id="token">token</h3>
<!-- EDIT11 SECTION "encrypt" [5371-5676] -->
<h3 class="sectionedit12" id="token">token</h3>
<div class="level3">
<p>
......@@ -388,8 +360,8 @@ This function generates token used to <a href="servertoserver.html" class="wikil
<pre class="code">token($_session_id,&#039;webapp1.example.com&#039;,&#039;webapp2.example.com&#039;)</pre>
</div>
<!-- EDIT13 SECTION "token" [6139-6343] -->
<h3 class="sectionedit14" id="isinnet6">isInNet6</h3>
<!-- EDIT12 SECTION "token" [5677-5881] -->
<h3 class="sectionedit13" id="isinnet6">isInNet6</h3>
<div class="level3">
<p>
......@@ -398,6 +370,6 @@ Function to check if an IPv6 address is in a subnet. Example <em>check if <abbr
<pre class="code perl">isInNet6<span class="br0">&#40;</span><span class="re0">$ipAddr</span><span class="sy0">,</span> <span class="st_h">'fe80::/10'</span><span class="br0">&#41;</span></pre>
</div>
<!-- EDIT14 SECTION "isInNet6" [6344-] --></div>
<!-- EDIT13 SECTION "isInNet6" [5882-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:performances</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,performances"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="performances.html"/>
......@@ -63,6 +63,7 @@
<ul class="toc">
<li class="level3"><div class="li"><a href="#replace_mysql_by_apachesessionflex">Replace MySQL by Apache::Session::Flex</a></div></li>
<li class="level3"><div class="li"><a href="#use_apachesessionbrowseable">Use Apache::Session::Browseable</a></div></li>
<li class="level3"><div class="li"><a href="#performance_test">Performance test</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#ldap_performances">LDAP performances</a></div></li>
......@@ -128,6 +129,8 @@ Macros and groups are calculated during authentication process by the portal:
<ul>
<li class="level1"><div class="li"> macros are used to extend (or rewrite) <a href="exportedvars.html" class="wikilink1" title="documentation:2.0:exportedvars">exported variables</a>. A macro is stored as attributes: it can contain boolean results or any string</div>
</li>
<li class="level1"><div class="li"> macros can also be used to import environment variables <em>(these variables are in CGI format)</em>. Example: <code>$ENV{HTTP_COOKIE}</code></div>
</li>
<li class="level1"><div class="li"> groups are stored as space-separated strings in the special attribute “groups”: it contains the names of groups whose rules were returned true for the current user</div>
</li>
<li class="level1"><div class="li"> You can also get groups in <code>$hGroups</code> which is a Hash Reference of this form:</div>
......@@ -177,7 +180,7 @@ admin <span class="sy0">-&gt;</span> <span class="re0">$uid</span> <span class="
</div><div class="noteimportant">Macros and groups are computed in alphanumeric order, that is, in the order they are displayed in the manager. For example, macro “macro1” will be computed before macro “macro2”: so, expression of macro2 may involve value of macro1. As same for groups: a group rule may involve another, previously computed group.
</div>
</div>
<!-- EDIT4 SECTION "Macros and groups" [987-2949] -->
<!-- EDIT4 SECTION "Macros and groups" [987-3081] -->
<h3 class="sectionedit5" id="local_macros">Local macros</h3>
<div class="level3">
......@@ -191,12 +194,12 @@ Display<span class="sy0">-</span>Name <span class="sy0">-&gt;</span> <span class
<div class="notetip">Note that this feature is interesting only for the Lemonldap::NG systems protecting a high number of applications
</div>
</div>
<!-- EDIT5 SECTION "Local macros" [2950-3611] -->
<!-- EDIT5 SECTION "Local macros" [3082-3743] -->
<h2 class="sectionedit6" id="portal_performances">Portal performances</h2>
<div class="level2">
</div>
<!-- EDIT6 SECTION "Portal performances" [3612-3644] -->
<!-- EDIT6 SECTION "Portal performances" [3744-3776] -->
<h3 class="sectionedit7" id="general_performances">General performances</h3>
<div class="level3">
......@@ -219,7 +222,7 @@ By default it uses local storage to store its tokens. If you have more than 1 po
</div>
</div>
<!-- EDIT7 SECTION "General performances" [3645-4511] -->
<!-- EDIT7 SECTION "General performances" [3777-4643] -->
<h3 class="sectionedit8" id="apachesession_performances">Apache::Session performances</h3>
<div class="level3">
......@@ -232,7 +235,8 @@ Lemonldap::NG handlers use a local cache to store sessions (for 10 minutes). So
<li class="level1"><div class="li"> Since MySQL does not have always transaction feature, Apache::Session::MySQL has been designed to use MySQL locks. Since MySQL performances are very bad using this, if you want to store sessions in a MySQL database, prefer one of the following</div>
</li>
</ol>
<div class="notetip">Since 1.9.6, LLNG portal and handler check if session is valid at each access, so purgeCentralCache cron no longer needs to be launched every 10 minutes: one or two times per day is enough.
</div>
</div>
<h4 id="replace_mysql_by_apachesessionflex">Replace MySQL by Apache::Session::Flex</h4>
......@@ -256,9 +260,9 @@ Password -&gt; ...</pre>
<div class="level4">
<p>
<a href="https://metacpan.org/module/Apache::Session::Browseable" class="urlextern" title="https://metacpan.org/module/Apache::Session::Browseable" rel="nofollow">Apache::Session::Browseable</a> is a wrapper for other Apache::Session modules that add the capability to manage indexes. To use it (with MySQL for example), choose “Apache::Session::Browseable::MySQL” as “Apache::Session module” and use the following parameters:
<a href="https://metacpan.org/module/Apache::Session::Browseable" class="urlextern" title="https://metacpan.org/module/Apache::Session::Browseable" rel="nofollow">Apache::Session::Browseable</a> is a wrapper for other Apache::Session modules that add the capability to manage indexes. Prefer versions ≥ 1.2.5 to have better performances in DB cleaning. To use it (with PostgreSQL for example), choose “Apache::Session::Browseable::Postgres” as “Apache::Session module” and use the following parameters:
</p>
<pre class="code">DataSource -&gt; dbi:mysql:sessions;host=...
<pre class="code">DataSource -&gt; dbi:Pg:database=sessions;host=...
UserName -&gt; user
Password -&gt; password
Index -&gt; ipAddr uid</pre>
......@@ -266,12 +270,85 @@ Index -&gt; ipAddr uid</pre>
<p>
Note that Apache::Session::Browseable::MySQL doesn&#039;t use MySQL locks.
</p>
<div class="notetip">A <a href="https://metacpan.org/module/Apache::Session::Browseable::Redis" class="urlextern" title="https://metacpan.org/module/Apache::Session::Browseable::Redis" rel="nofollow">Apache::Session::Browseable::Redis</a> has been created, it is the faster (except for session explorer, defeated by Apache::Session::Browseable::<a href="https://metacpan.org/module/Apache::Session::Browseable" class="urlextern" title="https://metacpan.org/module/Apache::Session::Browseable" rel="nofollow">DBI</a>/<a href="https://metacpan.org/module/Apache::Session::Browseable::LDAP" class="urlextern" title="https://metacpan.org/module/Apache::Session::Browseable::LDAP" rel="nofollow">LDAP</a> ≥ 1.0)
</div><div class="noteimportant">Some Apache::Session module are not fully usable by Lemonldap::NG such as Apache::Session::Memcached since this modules do not offer capability to browse sessions. They does not allow one to use sessions explorer neither manage one-off sessions.
<p>
Look at <a href="browseablesessionbackend.html" class="wikilink1" title="documentation:2.0:browseablesessionbackend">Browseable session backend</a> to known which index to choose.
</p>
<div class="noteimportant">Some Apache::Session module are not fully usable by Lemonldap::NG such as Apache::Session::Memcached since these modules do not offer capability to browse sessions. They does not allow one to use sessions explorer neither manage one-off sessions.
</div>
</div>
<h4 id="performance_test">Performance test</h4>
<div class="level4">
<div class="notetip">A <a href="https://metacpan.org/module/Apache::Session::Browseable::Redis" class="urlextern" title="https://metacpan.org/module/Apache::Session::Browseable::Redis" rel="nofollow">Apache::Session::Browseable::Redis</a> has been created, it is the faster (except for session explorer, defeated by Apache::Session::Browseable::<a href="https://metacpan.org/module/Apache::Session::Browseable" class="urlextern" title="https://metacpan.org/module/Apache::Session::Browseable" rel="nofollow">DBI</a>/<a href="https://metacpan.org/module/Apache::Session::Browseable::LDAP" class="urlextern" title="https://metacpan.org/module/Apache::Session::Browseable::LDAP" rel="nofollow">LDAP</a>])
</div>
<p>
This test isn&#039;t a “only-backend” test but embed some LLNG methods, so real differences between engines are mitigate here.
</p>
<div class="table sectionedit9"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign" colspan="2"> Backend </th><th class="col2 centeralign" colspan="3"> Portal and handlers </th><th class="col5 centeralign" colspan="3"> Session explorer and one-off sessions </th>
</tr>
<tr class="row1 rowodd">
<th class="col0 centeralign"> Name </th><th class="col1 centeralign"> Configuration </th><th class="col2 centeralign"> Insert 1000 </th><th class="col3 centeralign"> Search 1 </th><th class="col4 centeralign"> Purge 500 </th><th class="col5 centeralign"> Parse all </th><th class="col6 centeralign"> Search by substring </th><th class="col7 centeralign"> Search by UID </th>
</tr>
</thead>
<tr class="row2 roweven">
<td class="col0 leftalign"> Apache::Session::<strong>Browseable::LDAP</strong> </td><td class="col1 leftalign"> mdb </td><td class="col2 centeralign"> 159.66 </td><td class="col3 centeralign"> 0.0120 </td><td class="col4 centeralign"> 49.22 </td><td class="col5 centeralign"> 0.1110 </td><td class="col6 centeralign"> 0.0076 </td><td class="col7 centeralign"> 0.0050 </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 leftalign"> Apache::Session::<strong>MySQL</strong> </td><td class="col1"> No lock </td><td class="col2 centeralign"> 87.20 </td><td class="col3 centeralign"> <strong>0.0039</strong> </td><td class="col4 centeralign"> 23.14 </td><td class="col5 centeralign"> 0.0281 </td><td class="col6 centeralign"> 0.0252 </td><td class="col7 centeralign"> 0.0235 </td>
</tr>
<tr class="row4 roweven">
<td class="col0"> Apache::Session::<strong>Browseable::MySQL</strong> </td><td class="col1 leftalign"> </td><td class="col2 centeralign"> 91.79 </td><td