Commit e9211d73 authored by Clément OUDOT's avatar Clément OUDOT

Update documentation

parent f3fb2df9
Pipeline #6567 passed with stage
in 5 minutes and 59 seconds
......@@ -56,11 +56,11 @@
To use Active Directory as LDAP backend, you must change few things in the manager :
</p>
<ul>
<li class="level1"><div class="li"> Use “Active Directory” as authentication, userDB and passwordDBbackends,</div>
<li class="level1"><div class="li"> Use &quot;Active Directory&quot; as authentication, userDB and passwordDBbackends,</div>
</li>
<li class="level1"><div class="li"> Export sAMAccountName in a variable declared in <a href="exportedvars.html" class="wikilink1" title="documentation:1.9:exportedvars">exported variables</a></div>
</li>
<li class="level1"><div class="li"> Change the user attribute to store in Apache logs <em>(“General Parameters » Logs » REMOTE_USER”)</em>: use the variable declared above</div>
<li class="level1"><div class="li"> Change the user attribute to store in Apache logs <em>(&quot;General Parameters » Logs » REMOTE_USER&quot;)</em>: use the variable declared above</div>
</li>
</ul>
......@@ -69,7 +69,7 @@ To use Active Directory as LDAP backend, you must change few things in the manag
<h2 class="sectionedit3" id="authentication_with_kerberos">Authentication with Kerberos</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> Choose “Apache” as authentication module <em>(“General Parameters » Authentication modules » Authentication module”)</em></div>
<li class="level1"><div class="li"> Choose &quot;Apache&quot; as authentication module <em>(&quot;General Parameters » Authentication modules » Authentication module&quot;)</em></div>
</li>
<li class="level1"><div class="li"> <a href="authapache.html" class="wikilink1" title="documentation:1.9:authapache">Configure the Apache server</a> that host the portal to use the Apache Kerberos authentication module</div>
</li>
......
......@@ -67,7 +67,7 @@ In the context of an HTTP transaction, the basic access authentication is a meth
</p>
<p>
Before transmission, the username and password are encoded as a sequence of base-64 characters. For example, the user name Aladdin and password open sesame would be combined as Aladdin:open sesame – which is equivalent to QWxhZGRpbjpvcGVuIHNlc2FtZQ== when encoded in Base64. Little effort is required to translate the encoded string back into the user name and password, and many popular security tools will decode the strings “on the fly”.
Before transmission, the username and password are encoded as a sequence of base-64 characters. For example, the user name Aladdin and password open sesame would be combined as Aladdin:open sesame – which is equivalent to QWxhZGRpbjpvcGVuIHNlc2FtZQ== when encoded in Base64. Little effort is required to translate the encoded string back into the user name and password, and many popular security tools will decode the strings &quot;on the fly&quot;.
</blockquote>
</p>
......@@ -94,7 +94,7 @@ The Basic Authentication relies on a specific HTTP header, as described above. S
For example, to forward login (<code>$uid</code>) and password (<code>$_password</code> if <a href="../passwordstore.html" class="wikilink1" title="documentation:1.9:passwordstore">password is stored in session</a>):
</p>
<pre class="code">Authorization =&gt; &quot;Basic &quot;.encode_base64(&quot;$uid:$_password&quot;, &quot;&quot;)</pre>
<div class="noteimportant">Don&#039;t forget to add an empty string as second argument of encode_base64 to avoid insert of “newline” characters
<div class="noteimportant">Don&#039;t forget to add an empty string as second argument of encode_base64 to avoid insert of &quot;newline&quot; characters
</div>
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> provides a special function named <a href="../extendedfunctions.html#basic" class="wikilink1" title="documentation:1.9:extendedfunctions">basic</a> to build this header.
......
......@@ -96,11 +96,11 @@ similar, using whatever attribute makes sense to you. For example:<pre class="c
</li>
<li class="level1"><div class="li"> Now go to *Variables -&gt; Macros*. Here set up variables which will be computed based on the attributes you exported above. You will need to emit strings in this format <code>arn:aws:iam::account-number:role/role-name1,arn:aws:iam::account-number:saml-provider/provider-name</code>. The parts you need to change are <code>account-number</code>, <code>role-name1</code> and <code>provier-name</code>. The last two will be the provider name and role names you just set up in AWS.</div>
</li>
<li class="level1"><div class="li"> Perl works in here, so something like this is valid: <code>aws_eu_role</code> -&gt; <code>$ou =~ sysadmin ? “arn:aws...” : “arn:...”</code></div>
<li class="level1"><div class="li"> Perl works in here, so something like this is valid: <code>aws_eu_role</code> -&gt; <code>$ou =~ sysadmin ? &quot;arn:aws...&quot; : &quot;arn:...&quot;</code></div>
</li>
<li class="level1"><div class="li"> If it easier, split multiple roles into different macros. Then tie all the variables you define together into one string concatenating them with whatever is in General Parameters -&gt; Advanced Parameters -&gt; Separator. Actually click into this field and move around with the arrow keys to see if there is a space, since spaces can be part of the separator.</div>
</li>
<li class="level1"><div class="li"> Remember macros are defined alphanumerically, so you want one right at the end, like <code>z_aws_roles</code> -&gt; <code>join(“; ”, $role_name1, $role_name2, ...)</code></div>
<li class="level1"><div class="li"> Remember macros are defined alphanumerically, so you want one right at the end, like <code>z_aws_roles</code> -&gt; <code>join(&quot;; &quot;, $role_name1, $role_name2, ...)</code></div>
</li>
<li class="level1"><div class="li"> On the left again, click <code><abbr title="Security Assertion Markup Language">SAML</abbr> service providers</code>, then <code>Add <abbr title="Security Assertion Markup Language">SAML</abbr> SP</code>.</div>
</li>
......
......@@ -23,10 +23,10 @@
<link rel="alternate" type="application/rss+xml" title="Current namespace" href="/feed.php?mode=list&amp;ns=documentation:1.9:applications:img"/>
<link rel="alternate" type="text/html" title="Plain HTML" href="/_export/xhtml/documentation/1.9/applications/img/icons.png"/>
<link rel="alternate" type="text/plain" title="Wiki Markup" href="/_export/raw/documentation/1.9/applications/img/icons.png"/>
<link rel="stylesheet" type="text/css" href="/lib/exe/css.php?t=bootstrap3&amp;tseed=666dbe073d7d2522373106d8d2d68438"/>
<link rel="stylesheet" type="text/css" href="/lib/exe/css.php?t=bootstrap3&amp;tseed=a3a28b97aa1359a6551738d33203e559"/>
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:1.9:applications:img';var JSINFO = {"id":"documentation:1.9:applications:img:icons.png","namespace":"documentation:1.9:applications:img"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="/lib/exe/js.php?tseed=666dbe073d7d2522373106d8d2d68438&amp;template=bootstrap3"></script>
<script type="text/javascript" charset="utf-8" src="/lib/exe/js.php?tseed=a3a28b97aa1359a6551738d33203e559&amp;template=bootstrap3"></script>
<script type="text/javascript" src="/lib/tpl/bootstrap3/assets/bootstrap/js/bootstrap.min.js"></script>
<style type="text/css">
body { padding-top: 20px; }
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/1.9/applications/img/icons.png?do=login&amp;sectok=b2fbc55688247480a2b4816a5fa7949e" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/1.9/applications/img/icons.png?do=login&amp;sectok=3b84770ecd5f9bebe922d135abe51e86" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -133,7 +133,7 @@
<div class="level1">
<p>
You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissions allow, you may create it by clicking on “Create this page”.
You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissions allow, you may create it by clicking on &quot;Create this page&quot;.
</p>
</div>
......@@ -218,8 +218,18 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
<div class="level3">
<p>
<a href="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" class="media" title="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" rel="nofollow"><img src="/_media/logos/ow2.png?w=150&amp;tok=b7af43" class="mediacenter" alt="" width="150" /></a>
<strong>OW2con&#039;14 Community Award</strong>
<a href="/_detail/logos/ow2_awards.png?id=default_sidebar" class="media" title="logos:ow2_awards.png"><img src="/_media/logos/ow2_awards.png?w=150&amp;tok=b33854" class="mediacenter" alt="" width="150" /></a>
</p>
<p>
<a href="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" class="urlextern" title="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" rel="nofollow">OW2con&#039;14 Community Award</a>
</p>
<p>
<a href="https://www.ow2con.org/view/2018/Awards_Results?year=2018&amp;event=OW2con18" class="urlextern" title="https://www.ow2con.org/view/2018/Awards_Results?year=2018&amp;event=OW2con18" rel="nofollow">OW2con&#039;18 Community Award</a>
</p>
<p>
</div>
</p>
<hr />
......@@ -262,7 +272,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A1.9%3Aapplications%3Aimg%3Aicons.png&amp;1557669144" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A1.9%3Aapplications%3Aimg%3Aicons.png&amp;1569254792" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -23,10 +23,10 @@
<link rel="alternate" type="application/rss+xml" title="Current namespace" href="/feed.php?mode=list&amp;ns=documentation:1.9:applications:img"/>
<link rel="alternate" type="text/html" title="Plain HTML" href="/_export/xhtml/documentation/1.9/applications/img/loader.gif"/>
<link rel="alternate" type="text/plain" title="Wiki Markup" href="/_export/raw/documentation/1.9/applications/img/loader.gif"/>
<link rel="stylesheet" type="text/css" href="/lib/exe/css.php?t=bootstrap3&amp;tseed=666dbe073d7d2522373106d8d2d68438"/>
<link rel="stylesheet" type="text/css" href="/lib/exe/css.php?t=bootstrap3&amp;tseed=a3a28b97aa1359a6551738d33203e559"/>
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:1.9:applications:img';var JSINFO = {"id":"documentation:1.9:applications:img:loader.gif","namespace":"documentation:1.9:applications:img"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="/lib/exe/js.php?tseed=666dbe073d7d2522373106d8d2d68438&amp;template=bootstrap3"></script>
<script type="text/javascript" charset="utf-8" src="/lib/exe/js.php?tseed=a3a28b97aa1359a6551738d33203e559&amp;template=bootstrap3"></script>
<script type="text/javascript" src="/lib/tpl/bootstrap3/assets/bootstrap/js/bootstrap.min.js"></script>
<style type="text/css">
body { padding-top: 20px; }
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/1.9/applications/img/loader.gif?do=login&amp;sectok=b2fbc55688247480a2b4816a5fa7949e" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/1.9/applications/img/loader.gif?do=login&amp;sectok=3b84770ecd5f9bebe922d135abe51e86" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -133,7 +133,7 @@
<div class="level1">
<p>
You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissions allow, you may create it by clicking on “Create this page”.
You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissions allow, you may create it by clicking on &quot;Create this page&quot;.
</p>
</div>
......@@ -218,8 +218,18 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
<div class="level3">
<p>
<a href="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" class="media" title="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" rel="nofollow"><img src="/_media/logos/ow2.png?w=150&amp;tok=b7af43" class="mediacenter" alt="" width="150" /></a>
<strong>OW2con&#039;14 Community Award</strong>
<a href="/_detail/logos/ow2_awards.png?id=default_sidebar" class="media" title="logos:ow2_awards.png"><img src="/_media/logos/ow2_awards.png?w=150&amp;tok=b33854" class="mediacenter" alt="" width="150" /></a>
</p>
<p>
<a href="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" class="urlextern" title="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" rel="nofollow">OW2con&#039;14 Community Award</a>
</p>
<p>
<a href="https://www.ow2con.org/view/2018/Awards_Results?year=2018&amp;event=OW2con18" class="urlextern" title="https://www.ow2con.org/view/2018/Awards_Results?year=2018&amp;event=OW2con18" rel="nofollow">OW2con&#039;18 Community Award</a>
</p>
<p>
</div>
</p>
<hr />
......@@ -262,7 +272,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A1.9%3Aapplications%3Aimg%3Aloader.gif&amp;1557669144" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A1.9%3Aapplications%3Aimg%3Aloader.gif&amp;1569254792" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -159,17 +159,17 @@ Add then extension configuration, for example:
<span class="br0">&#125;</span>
<span class="re0">$wgHooks</span><span class="br0">&#91;</span><span class="st_h">'PersonalUrls'</span><span class="br0">&#93;</span><span class="br0">&#91;</span><span class="br0">&#93;</span> <span class="sy0">=</span> <span class="st_h">'StripLogin'</span><span class="sy0">;</span></pre>
<div class="notewarning">In last version of Auth_remoteuser and Mediawiki, empty passwords are not authorized, so you may need to patch the extension code if you get the error:
“Unexpected REMOTE_USER authentication failure. Login Error was:EmptyPass”.
&quot;Unexpected REMOTE_USER authentication failure. Login Error was:EmptyPass&quot;.
</div>
<p>
If necessary, use the code below to patch the extension:
</p>
<pre class="code">sed -i &quot;s/&#039;wpPassword&#039; =&gt; &#039;&#039;/&#039;wpPassword&#039; =&gt; &#039;none&#039;/&quot; extensions/Auth_remoteuser/Auth_remoteuser.body.php</pre>
<div class="notewarning">In last version of Auth_remoteuser and Mediawiki, auto-provisioning requires REMOTE_USER to match the normalized mediawiki username (for example: john_doe -&gt; john doe), so you may need to patch the extension code if you get the error:
“Unexpected REMOTE_USER authentication failure. Login Error was:WrongPluginPass”
&quot;Unexpected REMOTE_USER authentication failure. Login Error was:WrongPluginPass&quot;
</div>
<p>
You can use the code below for normalizing logins containing “_” in the extension:
You can use the code below for normalizing logins containing &quot;_&quot; in the extension:
</p>
<pre class="code">sed -i &#039;/$usertest = $this-&gt;getRemoteUsername();/a\ $usertest = str_replace( &quot;_&quot;,&quot; &quot;, $usertest );&#039; extensions/Auth_remoteuser/Auth_remoteuser.body.php</pre>
......
......@@ -104,7 +104,7 @@ Consider changing the configuration of NextCloud to force the domain, in <strong
</div>
<p>
You also need to enable the <abbr title="Security Assertion Markup Language">SAML</abbr> authentication” plugin in your NextCloud.
You also need to enable the &quot;<abbr title="Security Assertion Markup Language">SAML</abbr> authentication&quot; plugin in your NextCloud.
</p>
<pre class="code"> + Apps -&gt; Not enabled -&gt; SAML authentication</pre>
......@@ -159,7 +159,7 @@ You first need to create a pair of SSH Keys in LL:NG:
<pre class="code">SAML 2 Service -&gt; Security Parameters -&gt; Signature</pre>
<p>
and click “New keys”
and click &quot;New keys&quot;
<img src="nextcloud_certificate_keys.png" class="mediacenter" alt="" />
</p>
......@@ -170,7 +170,7 @@ Take the private key in a private.key file, and run the following:
openssl x509 -req -days 3650 -in cert.csr -signkey private.key -out cert.pem</pre>
<p>
Copy/Paste the content of your new cert.pem in the “Public X.509 certificate of the IdP” field of your NextCloud.
Copy/Paste the content of your new cert.pem in the &quot;Public X.509 certificate of the IdP&quot; field of your NextCloud.
</p>
<p>
......@@ -192,7 +192,7 @@ We now have to define a service provider (e.g our nextcloud) in LL:NG.
</p>
<p>
Go to <abbr title="Security Assertion Markup Language">SAML</abbr> service providers”, click on “Add <abbr title="Security Assertion Markup Language">SAML</abbr> SP” and name it as you want (example : &#039;NextCloud&#039;)
Go to &quot;<abbr title="Security Assertion Markup Language">SAML</abbr> service providers&quot;, click on &quot;Add <abbr title="Security Assertion Markup Language">SAML</abbr> SP&quot; and name it as you want (example : &#039;NextCloud&#039;)
</p>
<p>
......@@ -204,7 +204,7 @@ In the new subtree &#039;NextCloud&#039;, open &#039;Metadata&#039; and paste th
</p>
<p>
Now go in “Exported attributes” and add, at least, the &#039;uid&#039;
Now go in &quot;Exported attributes&quot; and add, at least, the &#039;uid&#039;
</p>
<p>
......
......@@ -74,7 +74,7 @@
</p>
<p>
Symfony provides many methods conventions to authenticate users (basic, ldap,...) and to load external user sources (ldap, database). The method presented here relies on the “remote_user” method. (in security firewall)
Symfony provides many methods conventions to authenticate users (basic, ldap,...) and to load external user sources (ldap, database). The method presented here relies on the &quot;remote_user&quot; method. (in security firewall)
</p>
</div>
......@@ -83,7 +83,7 @@ Symfony provides many methods conventions to authenticate users (basic, ldap,...
<div class="level2">
<p>
Follow these step to protect your application using the “REMOTE_USER” HTTP header.
Follow these step to protect your application using the &quot;REMOTE_USER&quot; HTTP header.
</p>
<p>
......@@ -113,7 +113,7 @@ Follow these step to protect your application using the “REMOTE_USER” HTTP h
</li>
<li class="level1"><div class="li"> providers : define the user providers (even virtual)</div>
</li>
<li class="level1"><div class="li"> remote_user : define the authentication method to “assume the user is already authenticated and get an http variable to know his username”</div>
<li class="level1"><div class="li"> remote_user : define the authentication method to &quot;assume the user is already authenticated and get an http variable to know his username&quot;</div>
</li>
<li class="level1"><div class="li"> user : define the HTTP header containing the username</div>
</li>
......@@ -122,7 +122,7 @@ Follow these step to protect your application using the “REMOTE_USER” HTTP h
</ul>
<p>
2. Define a “header user” class
2. Define a &quot;header user&quot; class
</p>
<p>
......@@ -194,7 +194,7 @@ Create the file src/AppBundle/Security/User/HeaderUser.php :
<span class="sy1">?&gt;</span></pre>
<p>
3. Define a “header user provider” class relying on the previous class
3. Define a &quot;header user provider&quot; class relying on the previous class
</p>
<p>
......
......@@ -94,7 +94,7 @@ To configure <abbr title="Single Sign On">SSO</abbr> with Sympa, use <strong>Mag
<div class="level3">
<p>
Edit the file “auth.conf”, for example:
Edit the file &quot;auth.conf&quot;, for example:
</p>
<pre class="code">vi /etc/sympa/auth.conf</pre>
......@@ -115,7 +115,7 @@ Note that if you use FastCGI, you must restart Apache to enable changes.
</div>
<p>
You can also use &lt;portal&gt;?logout=1 as logout_url to remove LemonLDAP::NG session when “disconnect” is chosen.
You can also use &lt;portal&gt;?logout=1 as logout_url to remove LemonLDAP::NG session when &quot;disconnect&quot; is chosen.
</p>
</div>
......
......@@ -127,9 +127,9 @@ Configure attributes:
</li>
<li class="level1"><div class="li"> <strong>roleSeparator</strong> (optional): role values separator.</div>
</li>
<li class="level1"><div class="li"> <strong>allows</strong> (optional): Define allowed remote <abbr title="Internet Protocol">IP</abbr> (use “,” separator for multiple <abbr title="Internet Protocol">IP</abbr>). Just set the <abbr title="LemonLDAP::NG">LL::NG</abbr> Handler <abbr title="Internet Protocol">IP</abbr> on this attribute in order to add more security. If this attribute is missed all hosts are allowed.</div>
<li class="level1"><div class="li"> <strong>allows</strong> (optional): Define allowed remote <abbr title="Internet Protocol">IP</abbr> (use &quot;,&quot; separator for multiple <abbr title="Internet Protocol">IP</abbr>). Just set the <abbr title="LemonLDAP::NG">LL::NG</abbr> Handler <abbr title="Internet Protocol">IP</abbr> on this attribute in order to add more security. If this attribute is missed all hosts are allowed.</div>
</li>
<li class="level1"><div class="li"> <strong>passThrough</strong> (optional): Allow anonymous access or not. When it takes “false”, HTTP headers have to be sent by <abbr title="LemonLDAP::NG">LL::NG</abbr> to make authentication. So, if the user is not recognized or HTTP headers not present, a 403 error is sent.</div>
<li class="level1"><div class="li"> <strong>passThrough</strong> (optional): Allow anonymous access or not. When it takes &quot;false&quot;, HTTP headers have to be sent by <abbr title="LemonLDAP::NG">LL::NG</abbr> to make authentication. So, if the user is not recognized or HTTP headers not present, a 403 error is sent.</div>
</li>
</ul>
<div class="notetip">For debugging, this valve can print some helpful information in debug level. See <a href="http://tomcat.apache.org/tomcat-5.5-doc/logging.html" class="urlextern" title="http://tomcat.apache.org/tomcat-5.5-doc/logging.html" rel="nofollow">how configure logging in Tomcat</a> .
......@@ -158,7 +158,7 @@ Required :
<p>
Configure your tomcat home in <code>build.properties</code> files.
</p>
<div class="noteimportant">Be careful for Windows user, path must contains “/”. Example:
<div class="noteimportant">Be careful for Windows user, path must contains &quot;/&quot;. Example:
<pre class="code">c:/my hardisk/tomcat/</pre>
</div>
......
......@@ -110,10 +110,10 @@ LemonLDAP::NG implements partially the policy:
</li>
<li class="level1"><div class="li"> when computed virtual attribute &#039;msDS-User-Account-Control-Computed&#039; as 6th flag set to 8, the password is considered expired. (support from Windows Server 2003) It is too late for the user to do anything. He must contact his administrator.</div>
</li>
<li class="level1"><div class="li"> a warning before password expiration is possible in AD, but only in GPO (Computer Configuration\Windows Settings\Local Policies\Security Options under Interactive Logon: Prompt user to change password before expiration) However it as no reality in LDAP referential. A “password warning time before password expiration” variable can be specified in LemonLDAP::NG to do so.</div>
<li class="level1"><div class="li"> a warning before password expiration is possible in AD, but only in GPO (Computer Configuration\Windows Settings\Local Policies\Security Options under Interactive Logon: Prompt user to change password before expiration) However it as no reality in LDAP referential. A &quot;password warning time before password expiration&quot; variable can be specified in LemonLDAP::NG to do so.</div>
</li>
</ul>
<div class="noteimportant">Note: since AD 2012, each user can have a specific password expiration policy. Then, the “maximum password age” can have different values. This is currently unsupported in LemonLDAP::NG because every policy must be computed with their precedence to know which maximum password age to apply.
<div class="noteimportant">Note: since AD 2012, each user can have a specific password expiration policy. Then, the &quot;maximum password age&quot; can have different values. This is currently unsupported in LemonLDAP::NG because every policy must be computed with their precedence to know which maximum password age to apply.
</div>
<p>
To configure warning before password expiration, you must set two variables in Active Directory parameters in Manager:
......
......@@ -306,9 +306,9 @@ List of columns to query to fill user session. See also <a href="exportedvars.ht
</li>
<li class="level1"><div class="li"> <strong>Supported non-salted schemes</strong>: List of whitespace separated hash schemes. Every hash scheme MUST match a non-salted hash function in the database. LemonLDAP::NG relies on this hashing function for computing user password hashes. These hashes MUST NOT be salted (no random data used in conjunction with the password).</div>
</li>
<li class="level1"><div class="li"> <strong>Supported salted schemes</strong>: List of whitespace separated salted hash schemes, of the form <strong>s</strong>scheme”, where scheme MUST match a non-salted hash function in the database. LemonLDAP::NG relies on this hashing function for computing user password hashes. Salted and non-salted scheme lists are not necessarily equivalent. (for example: non-salted=“sha256” and salted=“ssha ssha512” is valid)</div>
<li class="level1"><div class="li"> <strong>Supported salted schemes</strong>: List of whitespace separated salted hash schemes, of the form &quot;<strong>s</strong>scheme&quot;, where scheme MUST match a non-salted hash function in the database. LemonLDAP::NG relies on this hashing function for computing user password hashes. Salted and non-salted scheme lists are not necessarily equivalent. (for example: non-salted=&quot;sha256&quot; and salted=&quot;ssha ssha512&quot; is valid)</div>
</li>
<li class="level1"><div class="li"> <strong>Dynamic hash scheme for new passwords</strong>: LemonLDAP::NG is able to store new passwords in the database (while modifying or reinitializing the password). You can choose a salted or non salted dynamic hashed password. The value must be an element of “Supported non-salted schemes” or “Supported salted schemes”.</div>
<li class="level1"><div class="li"> <strong>Dynamic hash scheme for new passwords</strong>: LemonLDAP::NG is able to store new passwords in the database (while modifying or reinitializing the password). You can choose a salted or non salted dynamic hashed password. The value must be an element of &quot;Supported non-salted schemes&quot; or &quot;Supported salted schemes&quot;.</div>
</li>
</ul>
<div class="noteimportant">The SQL function MUST have hexadecimal values as input AND output
......
......@@ -100,7 +100,7 @@ Then, go in <code>Facebook parameters</code>:
If you use Facebook as user database, declare values in exported variables:
</p>
<ul>
<li class="level1"><div class="li"> use any key name you want. If you want to refuse access when a data is missing, just add a “!” before the key name</div>
<li class="level1"><div class="li"> use any key name you want. If you want to refuse access when a data is missing, just add a &quot;!&quot; before the key name</div>
</li>
<li class="level1"><div class="li"> in the value field, set the field name. You can show them using <a href="https://developers.facebook.com/tools/explorer" class="urlextern" title="https://developers.facebook.com/tools/explorer" rel="nofollow">Facebook Graph API explorer</a> and have a list of supported fields in the <a href="https://developers.facebook.com/docs/graph-api/reference/user/" class="urlextern" title="https://developers.facebook.com/docs/graph-api/reference/user/" rel="nofollow">Graph API User reference</a>. For example:</div>
<ul>
......
......@@ -102,12 +102,12 @@ In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modu
</ul>
<p>
Use the name you want but this values in the value field. If you want to require that a field is set, add “!” before the key name :
Use the name you want but this values in the value field. If you want to require that a field is set, add &quot;!&quot; before the key name :
</p>
<ul>
<li class="level1"><div class="li"> “myfield =&gt; firstname” can be “”</div>
<li class="level1"><div class="li"> &quot;myfield =&gt; firstname&quot; can be &quot;&quot;</div>
</li>
<li class="level1"><div class="li"> “!myfield =&gt; lastname” must be set</div>
<li class="level1"><div class="li"> &quot;!myfield =&gt; lastname&quot; must be set</div>
</li>
</ul>
......
......@@ -129,7 +129,7 @@ The <code>Multiple</code> system can :
<div class="notetip">Overloading is not available trough the Manager
</div>
<p>
To stack several times the same module, use “#name” with different names. Example:
To stack several times the same module, use &quot;#name&quot; with different names. Example:
</p>
<pre class="code">LDAP#Openldap; LDAP#ActiveDirectory</pre>
......@@ -170,7 +170,7 @@ This key must be stored directly in lemonldap-ng.ini:
<div class="level3">
<p>
When using this module, <abbr title="LemonLDAP::NG">LL::NG</abbr> portal will be called only if Apache does not return “401 Authentication required”, but this is not the Apache behaviour: if the auth module fails, Apache returns 401.
When using this module, <abbr title="LemonLDAP::NG">LL::NG</abbr> portal will be called only if Apache does not return &quot;401 Authentication required&quot;, but this is not the Apache behaviour: if the auth module fails, Apache returns 401.
</p>
<p>
......@@ -183,7 +183,7 @@ To bypass this, follow the documentation of <a href="authapache.html" class="wik
<div class="level3">
<p>
To chain SSL, you have to set “SSLRequire optional” in Apache configuration, else users will be authenticated by SSL only.
To chain SSL, you have to set &quot;SSLRequire optional&quot; in Apache configuration, else users will be authenticated by SSL only.
</p>
</div>
......
......@@ -199,7 +199,7 @@ After registration, the OP must give you a client ID and a client secret, that w
<div class="level3">
<p>
In the Manager, select node <code>OpenID Connect Providers</code> and click on <code>Add OpenID Connect Provider</code>. Give a technical name (no spaces, no special characters), like “sample-op”;
In the Manager, select node <code>OpenID Connect Providers</code> and click on <code>Add OpenID Connect Provider</code>. Give a technical name (no spaces, no special characters), like &quot;sample-op&quot;;
</p>
<p>
......
......@@ -120,7 +120,7 @@ You can skip JWKS data, they are not provided by France Connect. The security re
</p>
<p>
Go in <code>Exported attributes</code> to choose which attributes from “identité pivot” you want to collect. See <a href="https://doc.integ01.dev-franceconnect.fr/identite-pivot" class="urlextern" title="https://doc.integ01.dev-franceconnect.fr/identite-pivot" rel="nofollow">https://doc.integ01.dev-franceconnect.fr/identite-pivot</a>
Go in <code>Exported attributes</code> to choose which attributes from &quot;identité pivot&quot; you want to collect. See <a href="https://doc.integ01.dev-franceconnect.fr/identite-pivot" class="urlextern" title="https://doc.integ01.dev-franceconnect.fr/identite-pivot" rel="nofollow">https://doc.integ01.dev-franceconnect.fr/identite-pivot</a>
</p>
<p>
......
......@@ -173,7 +173,7 @@ You must register IDP metadata here. You can do it either by uploading the file,
For each attribute, you can set:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Key name</strong>: name of the key in LemonLDAP::NG session (for example “uid” will then be used as $uid in access rules)</div>
<li class="level1"><div class="li"> <strong>Key name</strong>: name of the key in LemonLDAP::NG session (for example &quot;uid&quot; will then be used as $uid in access rules)</div>
</li>
<li class="level1"><div class="li"> <strong>Mandatory</strong>: if set to On, then session will not open if this attribute is not given by IDP.</div>
</li>
......
......@@ -68,7 +68,7 @@
<ul>
<li class="level1"><div class="li"> Authentication: will check user login in a header and create session without prompting any credentials (but will register client <abbr title="Internet Protocol">IP</abbr> and creation date)</div>
</li>
<li class="level1"><div class="li"> Users: collect data transferred in HTTP headers by the “master”.</div>
<li class="level1"><div class="li"> Users: collect data transferred in HTTP headers by the &quot;master&quot;.</div>
</li>
</ul>
......
......@@ -332,7 +332,7 @@ $('.enteteBouton').click( function (e) {
});
<span class="sc2">&lt;<span class="sy0">/</span><a href="http://december.com/html/4/element/script.html"><span class="kw2">script</span></a>&gt;</span>
<span class="sc2">&lt;<span class="sy0">/</span><a href="http://december.com/html/4/element/body.html"><span class="kw2">body</span></a>&gt;</span></pre>
<div class="notewarning">It is incompatible with authentication chaining (see Stack Multiple backends), because of Apache parameter “SSLVerifyClient”, which must have the value “require”
<div class="notewarning">It is incompatible with authentication chaining (see Stack Multiple backends), because of Apache parameter &quot;SSLVerifyClient&quot;, which must have the value &quot;require&quot;
</div>
</div>
<!-- EDIT8 SECTION "Auto reloading SSL Certificates" [3388-] --></div>
......
......@@ -110,7 +110,7 @@ Then, go in <code>WebID parameters</code>:
If you use WebID as user database, declare values in <strong>exported variables</strong> :
</p>
<ul>
<li class="level1"><div class="li"> use any key name you want. If you want to refuse access when a data is missing, just add a “!” before the key name</div>
<li class="level1"><div class="li"> use any key name you want. If you want to refuse access when a data is missing, just add a &quot;!&quot; before the key name</div>
</li>
<li class="level1"><div class="li"> in the value field, set the field name. Take a look at <a href="http://xmlns.com/foaf/spec/#sec-crossref" class="urlextern" title="http://xmlns.com/foaf/spec/#sec-crossref" rel="nofollow">http://xmlns.com/foaf/spec/#sec-crossref</a>. Example :<pre class="code">name =&gt; foaf:name</pre>
</div>
......
......@@ -23,10 +23,10 @@
<link rel="alternate" type="application/rss+xml" title="Current namespace" href="/feed.php?mode=list&amp;ns=bootswatch:3.3.4:flatly"/>
<link rel="alternate" type="text/html" title="Plain HTML" href="/_export/xhtml/bootswatch/3.3.4/flatly/bootstrap.min.css"/>
<link rel="alternate" type="text/plain" title="Wiki Markup" href="/_export/raw/bootswatch/3.3.4/flatly/bootstrap.min.css"/>
<link rel="stylesheet" type="text/css" href="/lib/exe/css.php?t=bootstrap3&amp;tseed=666dbe073d7d2522373106d8d2d68438"/>
<link rel="stylesheet" type="text/css" href="/lib/exe/css.php?t=bootstrap3&amp;tseed=a3a28b97aa1359a6551738d33203e559"/>
<script type="text/javascript">/*<![CDATA[*/var NS='bootswatch:3.3.4:flatly';var JSINFO = {"id":"bootswatch:3.3.4:flatly:bootstrap.min.css","namespace":"bootswatch:3.3.4:flatly"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="/lib/exe/js.php?tseed=666dbe073d7d2522373106d8d2d68438&amp;template=bootstrap3"></script>
<script type="text/javascript" charset="utf-8" src="/lib/exe/js.php?tseed=a3a28b97aa1359a6551738d33203e559&amp;template=bootstrap3"></script>
<script type="text/javascript" src="/lib/tpl/bootstrap3/assets/bootstrap/js/bootstrap.min.js"></script>
<style type="text/css">
body { padding-top: 20px; }
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/bootswatch/3.3.4/flatly/bootstrap.min.css?do=login&amp;sectok=b2fbc55688247480a2b4816a5fa7949e" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/bootswatch/3.3.4/flatly/bootstrap.min.css?do=login&amp;sectok=3b84770ecd5f9bebe922d135abe51e86" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -133,7 +133,7 @@
<div class="level1">
<p>
You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissions allow, you may create it by clicking on “Create this page”.
You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissions allow, you may create it by clicking on &quot;Create this page&quot;.
</p>
</div>
......@@ -218,8 +218,18 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
<div class="level3">
<p>
<a href="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" class="media" title="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" rel="nofollow"><img src="/_media/logos/ow2.png?w=150&amp;tok=b7af43" class="mediacenter" alt="" width="150" /></a>
<strong>OW2con&#039;14 Community Award</strong>
<a href="/_detail/logos/ow2_awards.png?id=default_sidebar" class="media" title="logos:ow2_awards.png"><img src="/_media/logos/ow2_awards.png?w=150&amp;tok=b33854" class="mediacenter" alt="" width="150" /></a>
</p>
<p>
<a href="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" class="urlextern" title="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" rel="nofollow">OW2con&#039;14 Community Award</a>
</p>
<p>
<a href="https://www.ow2con.org/view/2018/Awards_Results?year=2018&amp;event=OW2con18" class="urlextern" title="https://www.ow2con.org/view/2018/Awards_Results?year=2018&amp;event=OW2con18" rel="nofollow">OW2con&#039;18 Community Award</a>
</p>
<p>
</div>
</p>
<hr />
......@@ -262,7 +272,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=bootswatch%3A3.3.4%3Aflatly%3Abootstrap.min.css&amp;1557669145" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=bootswatch%3A3.3.4%3Aflatly%3Abootstrap.min.css&amp;1569254793" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -200,7 +200,7 @@ Go in the Manager and set the session module (<a href="https://metacpan.org/pod/
</table></div>
<!-- EDIT9 TABLE [3072-3397] --><div class="notetip">Apache::Session::Browseable::MySQL doesn&#039;t use locks so performances are keeped.
<p>
For databases like PostgreSQL, don&#039;t forget to add “Commit” with a value of 1
For databases like PostgreSQL, don&#039;t forget to add &quot;Commit&quot; with a value of 1
</p>
</div>
......
......@@ -345,14 +345,14 @@ In this example we have:
<div class="level2">
<p>
Create the category “applications”:
Create the category &quot;applications&quot;:
</p>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli addKey \
applicationList/applications type category \
applicationList/applications catname Applications</pre>
<p>
Create the application “sample” inside category “applications”:
Create the application &quot;sample&quot; inside category &quot;applications&quot;:
</p>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli addKey \
applicationList/applications/sample type application \
......
......@@ -123,7 +123,7 @@ Most of configuration can be done trough LemonLDAP::NG Manager (by default <a hr
</p>
<p>
By default, Manager is protected to allow only the demonstration user “dwho”.
By default, Manager is protected to allow only the demonstration user &quot;dwho&quot;.
</p>
<div class="noteimportant">This user will not be available anymore if you configure a new authentication backend! Remember to change the access rule in Manager virtual host to allow new administrators.
</div>
......
......@@ -66,7 +66,7 @@ LLNG provides Perl libraries that can be easily used by inheritance. To launch t
Three actions are needed:
</p>
<ul>
<li class="level1"><div class="li"> declare them in the manager “General Parameters &gt;&gt; Advanced Parameters &gt;&gt; Custom handlers (Nginx)”. Key is the name that will be used below and value is the name of the custom package,</div>
<li class="level1"><div class="li"> declare them in the manager &quot;General Parameters &gt;&gt; Advanced Parameters &gt;&gt; Custom handlers (Nginx)&quot;. Key is the name that will be used below and value is the name of the custom package,</div>
</li>
<li class="level1"><div class="li"> in your Nginx configuration file, add <code>LLTYPE=&lt;name&gt;;</code> in the <code>location = /lmauth {...}</code> paragraph</div>
</li>
......
......@@ -106,7 +106,7 @@
<p>
→ The cache has been created by another user than Apache&#039;s user. Restart Apache to purge it.
</p>
<div class="noteimportant">This can happen when you use lmConfigEditor or launch <strong>cron files</strong> with a different user than Apache process. That is why it is important to set APACHEUSER variable when you launch “make install”
<div class="noteimportant">This can happen when you use lmConfigEditor or launch <strong>cron files</strong> with a different user than Apache process. That is why it is important to set APACHEUSER variable when you launch &quot;make install&quot;
</div><pre class="file">Lemonldap::NG::Handler::SharedConf: No cookie found</pre>
......
......@@ -104,7 +104,7 @@ Macros and groups are calculated during authentication process by the portal:
<ul>
<li class="level1"><div class="li"> macros are used to extend (or rewrite) <span class="curid"><a href="exportedvars.html" class="wikilink1" title="documentation:1.9:exportedvars">exported variables</a></span>. A macro is stored as attributes: it can contain boolean results or any string</div>
</li>
<li class="level1"><div class="li"> groups are stored as space-separated strings in the special attribute “groups”: it contains the names of groups whose rules were returned true for the current user</div>
<li class="level1"><div class="li"> groups are stored as space-separated strings in the special attribute &quot;groups&quot;: it contains the names of groups whose rules were returned true for the current user</div>
</li>
<li class="level1"><div class="li"> You can also get groups in <code>$hGroups</code> which is a Hash Reference of this form:</div>
</li>
......@@ -150,7 +150,7 @@ admin <span class="sy0">-&gt;</span> <span class="re0">$uid</span> <span class="
<span class="co1"># Or with hGroups</span>
<span class="sy0">^/</span>admin <span class="sy0">-&gt;</span> <a href="http://perldoc.perl.org/functions/defined.html"><span class="kw3">defined</span></a> <span class="re0">$hGroups</span><span class="sy0">-&gt;</span><span class="br0">&#123;</span><span class="st_h">'admin'</span><span class="br0">&#125;</span></pre>
<div class="noteclassic">Groups are computed after macros, so a group rule may involve a macro value.
</div><div class="noteimportant">Macros and groups are computed in alphanumeric order, that is, in the order they are displayed in the manager. For example, macro “macro1” will be computed before macro “macro2”: so, expression of macro2 may involve value of macro1. As same for groups: a group rule may involve another, previously computed group.
</div><div class="noteimportant">Macros and groups are computed in alphanumeric order, that is, in the order they are displayed in the manager. For example, macro &quot;macro1&quot; will be computed before macro &quot;macro2&quot;: so, expression of macro2 may involve value of macro1. As same for groups: a group rule may involve another, previously computed group.
</div>
</div>
<!-- EDIT6 PLUGIN_INCLUDE_END "documentation:1.9:performances" [0-] --></div>
......
......@@ -102,7 +102,7 @@ Inside this jail, you can access to:
</li>
<li class="level1"><div class="li"> <a href="customfunctions.html" class="wikilink1" title="documentation:1.9:customfunctions">Custom functions</a></div>
</li>
<li class="level1"><div class="li"> The <a href="http://perldoc.perl.org/MIME/Base64.html" class="urlextern" title="http://perldoc.perl.org/MIME/Base64.html" rel="nofollow">encode_base64</a> subroutine <em>(be careful with it: you must add an empty string as second argument to avoid inserting “newline” codes)</em></div>
<li class="level1"><div class="li"> The <a href="http://perldoc.perl.org/MIME/Base64.html" class="urlextern" title="http://perldoc.perl.org/MIME/Base64.html" rel="nofollow">encode_base64</a> subroutine <em>(be careful with it: you must add an empty string as second argument to avoid inserting &quot;newline&quot; codes)</em></div>
</li>
<li class="level1"><div class="li"> Environment variables, in some cases (through %ENV)</div>
</li>
......@@ -152,7 +152,7 @@ The following data about the current request are available through functions :
</li>
<li class="level1"><div class="li"> method: the request method (GET, POST etc.)</div>
</li>
<li class="level1"><div class="li"> header_in(“Your-Request-Header”): any request header</div>
<li class="level1"><div class="li"> header_in(&quot;Your-Request-Header&quot;): any request header</div>
</li>
</ul>
......
......@@ -67,11 +67,11 @@
Key steps :
</p>
<ul>
<li class="level1"><div class="li"> Load <strong>“Lemonldap::NG::Common::CGI qw(fastcgi)“</strong> before any other <abbr title="LemonLDAP::NG">LL::NG</abbr> library</div>
<li class="level1"><div class="li"> Load <strong>&quot;Lemonldap::NG::Common::CGI qw(fastcgi)&quot;</strong> before any other <abbr title="LemonLDAP::NG">LL::NG</abbr> library</div>
</li>
<li class="level1"><div class="li"> insert a loop around the <abbr title="HyperText Markup Language">HTML</abbr> printing, starting with the object creation <em>(-&gt;new)</em></div>
</li>
<li class="level1"><div class="li"> insert a label <strong>“LMAUTH”</strong> ahead of the loop</div>
<li class="level1"><div class="li"> insert a label <strong>&quot;LMAUTH&quot;</strong> ahead of the loop</div>
</li>
</ul>
......
......@@ -57,7 +57,7 @@ File session backend is the more simple session database. Sessions are stored as
<div class="level2">
<p>
In the manager: set <a href="http://search.cpan.org/perldoc?Apache::Session::File" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::File" rel="nofollow">Apache::Session::File</a>” in “General parameters » Sessions » Session storage » Apache::Session module” and add the following parameters (case sensitive):
In the manager: set &quot;<a href="http://search.cpan.org/perldoc?Apache::Session::File" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::File" rel="nofollow">Apache::Session::File</a>&quot; in &quot;General parameters » Sessions » Session storage » Apache::Session module&quot; and add the following parameters (case sensitive):
</p>
<div class="table sectionedit3"><table class="inline table table-bordered table-striped">
<thead>
......
......@@ -94,7 +94,7 @@ You should grab information:
</ul>
<p>
If you don&#039;t know jQuery selector, just be aware that they are similar to css selectors: for example, button#foo points to the html button whose id is “foo”, and .bar points to all html elements of css class “bar”.
If you don&#039;t know jQuery selector, just be aware that they are similar to css selectors: for example, button#foo points to the html button whose id is &quot;foo&quot;, and .bar points to all html elements of css class &quot;bar&quot;.
</p>
<p>
......@@ -109,7 +109,7 @@ For example:
</li>
<li