Commit b372d1de authored by Yadd's avatar Yadd

Add cli_examples.html in doc

parent 7d33324e
Pipeline #1447 passed with stage
in 2 minutes and 24 seconds
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=45028167f2e261fa4a999f15ab580280" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=1ec7eb5b1665f9db3d769287145fdc46" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1523953719" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1524488100" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=45028167f2e261fa4a999f15ab580280" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=1ec7eb5b1665f9db3d769287145fdc46" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1523953719" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1524488100" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authkerberos</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authkerberos"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authkerberos.html"/>
......
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:cli_examples</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,cli_examples"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="cli_examples.html"/>
<link rel="contents" href="cli_examples.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:cli_examples","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#configure_https">Configure HTTPS</a></div></li>
<li class="level1"><div class="li"><a href="#configure_sessions_backend">Configure sessions backend</a></div></li>
<li class="level1"><div class="li"><a href="#configure_virtual_host">Configure virtual host</a></div></li>
<li class="level1"><div class="li"><a href="#configure_ldap_authentication_backend">Configure LDAP authentication backend</a></div></li>
<li class="level1"><div class="li"><a href="#configure_saml_identity_provider">Configure SAML Identity Provider</a></div></li>
<li class="level1"><div class="li"><a href="#register_an_saml_service_provider">Register an SAML Service Provider</a></div></li>
<li class="level1"><div class="li"><a href="#configure_openid_connect_identity_provider">Configure OpenID Connect Identity Provider</a></div></li>
<li class="level1"><div class="li"><a href="#register_an_openid_connect_relying_party">Register an OpenID Connect Relying Party</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="command_line_interface_lemonldap-ng-cli_examples">Command Line Interface (lemonldap-ng-cli) examples</h1>
<div class="level1">
<p>
This page shows some examples of <abbr title="LemonLDAP::NG">LL::NG</abbr> Command Line Interface. See <a href="configlocation.html#command_line_interface_cli" class="wikilink1" title="documentation:2.0:configlocation">how to use the command</a>.
</p>
</div>
<!-- EDIT1 SECTION "Command Line Interface (lemonldap-ng-cli) examples" [1-205] -->
<h2 class="sectionedit2" id="configure_https">Configure HTTPS</h2>
<div class="level2">
<p>
When setting HTTPS, you first need to modify Apache/Nginx configuration, then you must configure <abbr title="LemonLDAP::NG">LL::NG</abbr> to change portal <abbr title="Uniform Resource Locator">URL</abbr>, Handler redirections, cookie settings, …
</p>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set portal https://auth.example.com https 1 securedCookie 1</pre>
</div>
<!-- EDIT2 SECTION "Configure HTTPS" [206-532] -->
<h2 class="sectionedit3" id="configure_sessions_backend">Configure sessions backend</h2>
<div class="level2">
<p>
For production, it is recommended to use <a href="browseablesessionbackend.html" class="wikilink1" title="documentation:2.0:browseablesessionbackend">Browseable session backend</a>. Once tables are created with columns corresponding to index, the following commands can be executed to set all the session backends.
</p>
<p>
In this example we have:
</p>
<ul>
<li class="level1"><div class="li"> Backend: PostGreSQL</div>
</li>
<li class="level1"><div class="li"> DB user: lemonldaplogin</div>
</li>
<li class="level1"><div class="li"> DB password: lemonldappw</div>
</li>
<li class="level1"><div class="li"> Database: lemonldapdb</div>
</li>
<li class="level1"><div class="li"> Host: pg.example.com</div>
</li>
</ul>
<ul>
<li class="level1"><div class="li"> <abbr title="Single Sign On">SSO</abbr> sessions:</div>
</li>
</ul>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 delKey globalStorageOptions Directory globalStorageOptions LockDirectory
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set globalStorage Apache::Session::Browseable::Postgres
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 addKey globalStorageOptions DataSource &#039;DBI:Pg:database=lemonldapdb;host=pg.example.com&#039; globalStorageOptions UserName &#039;lemonldaplogin&#039; globalStorageOptions Password &#039;lemonldappw&#039; globalStorageOptions Commit 1 globalStorageOptions Index &#039;ipAddr _whatToTrace user&#039; globalStorageOptions TableName &#039;sessions&#039;</pre>
<ul>
<li class="level1"><div class="li"> Persistent sessions:</div>
</li>
</ul>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 delKey persistentStorageOptions Directory persistentStorageOptions LockDirectory
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set persistentStorage Apache::Session::Browseable::Postgres
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 addKey persistentStorageOptions DataSource &#039;DBI:Pg:database=lemonldapdb;host=pg.example.com&#039; persistentStorageOptions UserName &#039;lemonldaplogin&#039; persistentStorageOptions Password &#039;lemonldappw&#039; persistentStorageOptions Commit 1 persistentStorageOptions Index &#039;_session_uid&#039; persistentStorageOptions TableName &#039;psessions&#039;</pre>
<ul>
<li class="level1"><div class="li"> <abbr title="Central Authentication Service">CAS</abbr> sessions</div>
</li>
</ul>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set casStorage Apache::Session::Browseable::Postgres
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 addKey casStorageOptions DataSource &#039;DBI:Pg:database=lemonldapdb;host=pg.example.com&#039; casStorageOptions UserName &#039;lemonldaplogin&#039; casStorageOptions Password &#039;lemonldappw&#039; casStorageOptions Commit 1 casStorageOptions Index &#039;_cas_id&#039; casStorageOptions TableName &#039;cassessions&#039;</pre>
<ul>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> sessions</div>
</li>
</ul>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set samlStorage Apache::Session::Browseable::Postgres
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 addKey samlStorageOptions DataSource &#039;DBI:Pg:database=lemonldapdb;host=pg.example.com&#039; samlStorageOptions UserName &#039;lemonldaplogin&#039; samlStorageOptions Password &#039;lemonldappw&#039; samlStorageOptions Commit 1 samlStorageOptions Index &#039;_saml_id ProxyID _nameID _assert_id _art_id _session_id&#039; samlStorageOptions TableName &#039;samlsessions&#039;</pre>
<ul>
<li class="level1"><div class="li"> OpenID Connect sessions</div>
</li>
</ul>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set oidcStorage Apache::Session::Browseable::Postgres
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 addKey oidcStorageOptions DataSource &#039;DBI:Pg:database=lemonldapdb;host=pg.example.com&#039; oidcStorageOptions UserName &#039;lemonldaplogin&#039; oidcStorageOptions Password &#039;lemonldappw&#039; oidcStorageOptions Commit 1 oidcStorageOptions TableName &#039;oidcsessions&#039;</pre>
</div>
<!-- EDIT3 SECTION "Configure sessions backend" [533-3673] -->
<h2 class="sectionedit4" id="configure_virtual_host">Configure virtual host</h2>
<div class="level2">
<p>
A virtual host must be defined in Apache/Nginx and access rules and exported headers must be configured in <abbr title="LemonLDAP::NG">LL::NG</abbr>.
</p>
<p>
In this example we have:
</p>
<ul>
<li class="level1"><div class="li"> host: test.example.com</div>
</li>
<li class="level1"><div class="li"> Access rules:</div>
<ul>
<li class="level2"><div class="li"> default ⇒ accept</div>
</li>
<li class="level2"><div class="li"> Logout: ^/logout\.php ⇒ logout_sso</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> Headers:</div>
<ul>
<li class="level2"><div class="li"> Auth-User: $uid</div>
</li>
<li class="level2"><div class="li"> Auth-Mail: $mail</div>
</li>
</ul>
</li>
</ul>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 addKey &#039;locationRules/test.example.com&#039; &#039;default&#039; &#039;accept&#039; &#039;locationRules/test.example.com&#039; &#039;(?#Logout)^/logout\.php&#039; &#039;logout_sso&#039; &#039;exportedHeaders/test.example.com&#039; &#039;Auth-User&#039; &#039;$uid&#039; &#039;exportedHeaders/test.example.com&#039; &#039;Auth-Mail&#039; &#039;$mail&#039;</pre>
</div>
<!-- EDIT4 SECTION "Configure virtual host" [3674-4328] -->
<h2 class="sectionedit5" id="configure_ldap_authentication_backend">Configure LDAP authentication backend</h2>
<div class="level2">
<p>
In this example we use:
</p>
<ul>
<li class="level1"><div class="li"> LDAP server: <a href="cli_examples.html" class="urlextern" title="ldap://ldap.example.com" rel="nofollow">ldap://ldap.example.com</a></div>
</li>
<li class="level1"><div class="li"> LDAP Bind <abbr title="Distinguished Name">DN</abbr> : cn=lemonldapng,ou=dsa,dc=example,dc=com</div>
</li>
<li class="level1"><div class="li"> LDAP Bind PW: changeit</div>
</li>
<li class="level1"><div class="li"> LDAP search base: ou=users,dc=example,dc=com</div>
</li>
<li class="level1"><div class="li"> LDAP attributes:</div>
<ul>
<li class="level2"><div class="li"> uid ⇒ uid</div>
</li>
<li class="level2"><div class="li"> cn ⇒ cn</div>
</li>
<li class="level2"><div class="li"> mail ⇒ mail</div>
</li>
<li class="level2"><div class="li"> sn ⇒ sn</div>
</li>
<li class="level2"><div class="li"> givenName ⇒ givenName</div>
</li>
<li class="level2"><div class="li"> mobile ⇒ mobile</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> LDAP group base: ou=groups,dc=example,dc=com</div>
</li>
<li class="level1"><div class="li"> Use recursive search for groups</div>
</li>
</ul>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set authentication LDAP userDB LDAP passwordDB LDAP ldapServer &#039;ldap://ldap.example.com&#039; managerDn &#039;cn=lemonldapng,ou=dsa,dc=example,dc=com&#039; managerPassword &#039;changeit&#039; ldapBase &#039;ou=users,dc=example,dc=com&#039;
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 addKey ldapExportedVars uid uid ldapExportedVars cn cn ldapExportedVars sn sn ldapExportedVars mobile mobile ldapExportedVars mail mail ldapExportedVars givenName givenName
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set ldapGroupBase &#039;ou=groups,dc=example,dc=com&#039; ldapGroupObjectClass groupOfNames ldapGroupAttributeName member ldapGroupAttributeNameGroup dn ldapGroupAttributeNameSearch cn ldapGroupAttributeNameUser dn ldapGroupRecursive 1</pre>
</div>
<!-- EDIT5 SECTION "Configure LDAP authentication backend" [4329-5582] -->
<h2 class="sectionedit6" id="configure_saml_identity_provider">Configure SAML Identity Provider</h2>
<div class="level2">
<p>
Activate the <abbr title="Security Assertion Markup Language">SAML</abbr> Issuer:
</p>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set issuerDBSAMLActivation 1</pre>
<p>
You can then generate a private key and a self-signed certificate with these commands;
</p>
<pre class="code">openssl genrsa -out saml.key 4096
openssl req -new -key saml.key -out saml.csr
openssl x509 -req -days 3650 -in saml.csr -signkey saml.key -out saml.pem</pre>
<p>
Import them in configuration:
</p>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set samlServicePrivateKeySig &quot;`cat saml.key`&quot; samlServicePublicKeySig &quot;`cat saml.pem`&quot;</pre>
<p>
You can also define organization name and <abbr title="Uniform Resource Locator">URL</abbr> for <abbr title="Security Assertion Markup Language">SAML</abbr> metadata:
</p>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set samlOrganizationName &#039;ACME&#039; samlOrganizationDisplayName &#039;ACME Corporation&#039; samlOrganizationURL &#039;http://www.acme.com&#039;</pre>
</div>
<!-- EDIT6 SECTION "Configure SAML Identity Provider" [5583-6446] -->
<h2 class="sectionedit7" id="register_an_saml_service_provider">Register an SAML Service Provider</h2>
<div class="level2">
<p>
In this example we have:
</p>
<ul>
<li class="level1"><div class="li"> SP configuration key: testsp</div>
</li>
<li class="level1"><div class="li"> SP metadata file: metadata-testsp.xml</div>
</li>
<li class="level1"><div class="li"> SP exported attribute: EmailAdress (filled with mail session key)</div>
</li>
</ul>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 addKey samlSPMetaDataXML/testsp samlSPMetaDataXML &quot;`cat metadata-testsp.xml`&quot; samlSPMetaDataExportedAttributes/testsp mail &#039;1;EmailAddress&#039;</pre>
</div>
<!-- EDIT7 SECTION "Register an SAML Service Provider" [6447-6873] -->
<h2 class="sectionedit8" id="configure_openid_connect_identity_provider">Configure OpenID Connect Identity Provider</h2>
<div class="level2">
<p>
Activate the OpenID Connect Issuer and set issuer name (equal to portal <abbr title="Uniform Resource Locator">URL</abbr>):
</p>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set issuerDBOpenIDConnectActivation 1 oidcServiceMetaDataIssuer http://auth.example.com</pre>
<p>
Generate keys:
</p>
<pre class="code">openssl genrsa -out oidc.key 4096
openssl rsa -pubout -in oidc.key -out oidc_pub.key</pre>
<p>
Import them:
</p>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set oidcServicePrivateKeySig &quot;`cat oidc.key`&quot; oidcServicePublicKeySig &quot;`cat oidc_pub.key`&quot; oidcServiceKeyIdSig &quot;`genpasswd`&quot;</pre>
<p>
If needed you can allow implicit and hybrid flows:
</p>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set oidcServiceAllowImplicitFlow 1 oidcServiceAllowHybridFlow 1</pre>
</div>
<!-- EDIT8 SECTION "Configure OpenID Connect Identity Provider" [6874-7669] -->
<h2 class="sectionedit9" id="register_an_openid_connect_relying_party">Register an OpenID Connect Relying Party</h2>
<div class="level2">
<p>
In this example we have:
</p>
<ul>
<li class="level1"><div class="li"> RP configuration key: testrp</div>
</li>
<li class="level1"><div class="li"> Client ID : testclientid</div>
</li>
<li class="level1"><div class="li"> Client secret : testclientsecret</div>
</li>
<li class="level1"><div class="li"> Allowed redirection <abbr title="Uniform Resource Locator">URL</abbr>: <a href="https://testrp.e-serv.ch/?callback=1" class="urlextern" title="https://testrp.e-serv.ch/?callback=1" rel="nofollow">https://testrp.e-serv.ch/?callback=1</a></div>
</li>
<li class="level1"><div class="li"> Exported attributes:</div>
<ul>
<li class="level2"><div class="li"> email ⇒ mail</div>
</li>
<li class="level2"><div class="li"> familiy_name ⇒ sn</div>
</li>
<li class="level2"><div class="li"> name ⇒ cn</div>
</li>
</ul>
</li>
</ul>
<ul>
<li class="level1"><div class="li"> Exported attributes:</div>
</li>
</ul>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 addKey oidcRPMetaDataExportedVars/testrp email mail oidcRPMetaDataExportedVars/testrp family_name sn oidcRPMetaDataExportedVars/testrp name cn</pre>
<ul>
<li class="level1"><div class="li"> Credentials:</div>
</li>
</ul>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 addKey oidcRPMetaDataOptions/testrp oidcRPMetaDataOptionsClientID testclientid oidcRPMetaDataOptions/testrp oidcRPMetaDataOptionsClientSecret testclientsecret</pre>
<ul>
<li class="level1"><div class="li"> Redirection:</div>
</li>
</ul>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 addKey oidcRPMetaDataOptions/testrp oidcRPMetaDataOptionsRedirectUris &#039;https://testrp.e-serv.ch/?callback=1&#039;</pre>
<ul>
<li class="level1"><div class="li"> Signature and token expiration:</div>
</li>
</ul>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 addKey oidcRPMetaDataOptions/idm oidcRPMetaDataOptionsIDTokenSignAlg RS512 oidcRPMetaDataOptions/idm oidcRPMetaDataOptionsIDTokenExpiration 3600 oidcRPMetaDataOptions/idm oidcRPMetaDataOptionsAccessTokenExpiration 3600</pre>
</div>
<!-- EDIT9 SECTION "Register an OpenID Connect Relying Party" [7670-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:configlocation</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,configlocation"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="configlocation.html"/>
......@@ -215,8 +215,7 @@ If a modification is done, the configuration is saved with a new configuration n
<!-- EDIT4 SECTION "Configuration text editor" [3237-4465] -->
<h2 class="sectionedit5" id="command_line_interface_cli">Command Line Interface (CLI)</h2>
<div class="level2">
<div class="notewarning">This an experimental tool that may evolve in next releases.
</div>
<p>
LemonLDAP::NG provide a script that allows one to edit configuration items in non interactive mode. This script is called <code>lemonldap-ng-cli</code> and is stored in the LemonLDAP::NG bin/ directory, for example /usr/share/lemonldap-ng/bin:
</p>
......@@ -270,9 +269,10 @@ Some examples:
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -cfgNum 10 get exportedHeaders/test1.example.com
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set notification 1
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -sep &#039;,&#039; get macros,_whatToTrace</pre>
<div class="notetip">See <a href="cli_examples.html" class="wikilink1" title="documentation:2.0:cli_examples">other examples</a>.
</div>
</div>
<!-- EDIT5 SECTION "Command Line Interface (CLI)" [4466-6288] -->
<!-- EDIT5 SECTION "Command Line Interface (CLI)" [4466-6260] -->
<h2 class="sectionedit6" id="apache">Apache</h2>
<div class="level2">
<div class="noteimportant">LemonLDAP::NG does not manage Apache configuration
......@@ -294,7 +294,7 @@ See <a href="configapache.html" class="wikilink1" title="documentation:2.0:confi
</p>
</div>
<!-- EDIT6 SECTION "Apache" [6289-6687] -->
<!-- EDIT6 SECTION "Apache" [6261-6659] -->
<h3 class="sectionedit7" id="portal">Portal</h3>
<div class="level3">
......@@ -368,7 +368,7 @@ In Portal virtual host, you will find several configuration parts:
&lt;/<span class="kw3">Location</span>&gt;</pre>
</div>
<!-- EDIT7 SECTION "Portal" [6688-8788] -->
<!-- EDIT7 SECTION "Portal" [6660-8760] -->
<h3 class="sectionedit8" id="manager1">Manager</h3>
<div class="level3">
......@@ -415,7 +415,7 @@ Configuration interface access is not protected by Apache but by LemonLDAP::NG i
</p>
</div>
<!-- EDIT8 SECTION "Manager" [8789-10339] -->
<!-- EDIT8 SECTION "Manager" [8761-10311] -->
<h3 class="sectionedit9" id="handler">Handler</h3>
<div class="level3">
<ul>
......@@ -468,7 +468,7 @@ Then, to protect a standard virtual host, the only configuration line to add is:
<pre class="code file apache">PerlHeaderParserHandler Lemonldap::NG::Handler</pre>
</div>
<!-- EDIT9 SECTION "Handler" [10340-11698] -->
<!-- EDIT9 SECTION "Handler" [10312-11670] -->
<h2 class="sectionedit10" id="nginx">Nginx</h2>
<div class="level2">
<div class="noteimportant">LemonLDAP::NG does not manage Nginx configuration
......@@ -491,7 +491,7 @@ See <a href="confignginx.html" class="wikilink1" title="documentation:2.0:config
<div class="notewarning"><a href="fastcgiserver.html" class="wikilink1" title="documentation:2.0:fastcgiserver">LL::NG FastCGI</a> server must be loaded separately.
</div>
</div>
<!-- EDIT10 SECTION "Nginx" [11699-12152] -->
<!-- EDIT10 SECTION "Nginx" [11671-12124] -->
<h3 class="sectionedit11" id="portal1">Portal</h3>
<div class="level3">
......@@ -563,7 +563,7 @@ In Portal virtual host, you will find several configuration parts:
}</pre>
</div>
<!-- EDIT11 SECTION "Portal" [12153-13944] -->
<!-- EDIT11 SECTION "Portal" [12125-13916] -->
<h3 class="sectionedit12" id="manager2">Manager</h3>
<div class="level3">
......@@ -597,7 +597,7 @@ By default, configuration interface access is not protected by Nginx but by Lemo
</p>
</div>
<!-- EDIT12 SECTION "Manager" [13945-14697] -->
<!-- EDIT12 SECTION "Manager" [13917-14669] -->
<h3 class="sectionedit13" id="handler1">Handler</h3>
<div class="level3">
......@@ -697,7 +697,7 @@ Then, to protect a standard virtual host, you must insert this (or create an inc
# Insert then your configuration (fastcgi_* or proxy_*)</pre>
</div>
<!-- EDIT13 SECTION "Handler" [14698-17784] -->
<!-- EDIT13 SECTION "Handler" [14670-17756] -->
<h2 class="sectionedit14" id="configuration_reload">Configuration reload</h2>
<div class="level2">
<div class="noteclassic">As Handlers keep configuration in cache, when configuration change, it should be updated in Handlers. An Apache restart will work, but LemonLDAP::NG offers the mean to reload them through an HTTP request. Configuration reload will then be effective in less than 10 minutes.
......@@ -717,7 +717,7 @@ The <code>reload</code> target is managed in Apache or Nginx configuration, insi
<div class="noteimportant">You must allow access to declared URLs to your Manager <abbr title="Internet Protocol">IP</abbr>.
</div>
</div>
<!-- EDIT14 SECTION "Configuration reload" [17785-18954] -->
<!-- EDIT14 SECTION "Configuration reload" [17757-18926] -->
<h2 class="sectionedit15" id="local_file">Local file</h2>
<div class="level2">
......@@ -751,6 +751,6 @@ For example, to override configured skin for portal:
<div class="notetip">You need to know the technical name of configuration parameter to do this. You can refer to <a href="parameterlist.html" class="wikilink1" title="documentation:2.0:parameterlist">parameter list</a> to find it.
</div>
</div>
<!-- EDIT15 SECTION "Local file" [18955-] --></div>
<!-- EDIT15 SECTION "Local file" [18927-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:devopshandler</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,devopshandler"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="devopshandler.html"/>
......@@ -111,7 +111,7 @@ Here is a simple Nginx configuration file. It looks like a standard LLNG nginx c
fastcgi_param X_ORIGINAL_URI $request_uri;
}
location /rules.json {
proxy_pass http://$vhost;
auth_request off;
allow 127.0.0.0/8;
deny all;
}
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:nodehandler</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,nodehandler"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="nodehandler.html"/>
......@@ -43,19 +43,149 @@
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#examples">Examples</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#use_it_as_fastcgi_server_application_protection_only">Use it as FastCGI server (application protection only)</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#fastcgi_server">FastCGI server</a></div></li>
<li class="level3"><div class="li"><a href="#nginx_configuration">Nginx configuration</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#use_it_to_protect_an_express_app">Use it to protect an express app</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="nodejs_handler">Node.js handler</h1>
<div class="level1">
<p>
Since version 2.0, an experimental Node.js handler is available on <a href="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler" class="urlextern" title="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler" rel="nofollow">GitHub</a>.
Since version 2.0, a beta Node.js handler is available on <a href="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler" class="urlextern" title="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler" rel="nofollow">GitHub</a>.
</p>
<p>
Documentation is available on GitHub.
Up-to-date documentation is available on GitHub.
</p>
</div>
<!-- EDIT1 SECTION "Node.js handler" [1-209] -->
<h2 class="sectionedit2" id="examples">Examples</h2>
<div class="level2">
<p>
<strong>Important things</strong>:
</p>
<ul>
<li class="level1"><div class="li"> Rules and headers must be written in javascript for these hosts <em>(example <code>$uid eq “dwho”</code> becomes <code>$uid === “dwho”</code>)</em></div>
</li>
<li class="level1"><div class="li"> Virtualhosts handled by node-lemonldap-ng-handler must be explicitly declared in you <code>lemonldap-ng.ini</code> file in <code>[node-handler]</code> section:</div>
</li>
</ul>
<pre class="code ini"><span class="re0"><span class="br0">&#91;</span>node-handler<span class="br0">&#93;</span></span>