lemonldap-ng issues
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues
2018-02-16T15:36:02Z
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1378
lemonldap-ng-doc unable to install on Debian 7
2018-02-16T15:36:02Z
dcoutadeur dcoutadeur
lemonldap-ng-doc unable to install on Debian 7
### Concerned version
Debian LemonLDAP::NG documentation 1.9.15
```
apt-cache show lemonldap-ng-doc
Pre-Depends: dpkg (>= 1.17.14)
```
### Summary
Debian 7 doesn't have such a recent version of dpkg (1.17.14)
Curiously, only the debi...
### Concerned version
Debian LemonLDAP::NG documentation 1.9.15
```
apt-cache show lemonldap-ng-doc
Pre-Depends: dpkg (>= 1.17.14)
```
### Summary
Debian 7 doesn't have such a recent version of dpkg (1.17.14)
Curiously, only the debian repository has such pre-requisite:
```
# LemonLDAP::NG repository
deb https://lemonldap-ng.org/deb stable main
deb-src https://lemonldap-ng.org/deb stable main
```
My debian testing doesn't have the pre-requisite on dpkg:
```
deb http://ftp.fr.debian.org/debian/ testing main non-free contrib
deb-src http://ftp.fr.debian.org/debian/ testing main non-free contrib
```
1.9.16
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1454
Portal doesn't update app urls
2018-06-18T16:35:46Z
Paul Curie
Portal doesn't update app urls
### Concerned version
Version: 2.0.0~alpha3+20180614095215+2019+master+stretch+olab1
Platform: Apache
### Summary
Debian 9 / Apache2 mpm-prefork
login as ldap user, test app 2 is http://
go to manager, change test app 2 menu item u...
### Concerned version
Version: 2.0.0~alpha3+20180614095215+2019+master+stretch+olab1
Platform: Apache
### Summary
Debian 9 / Apache2 mpm-prefork
login as ldap user, test app 2 is http://
go to manager, change test app 2 menu item url to https://, save, in manager the new value is here, in diff, it only show old value, no new value shown.
![Selection_155](/uploads/801e79c8f7e9771b25e83beb18bf9a92/Selection_155.png)
F5 or Ctrl+F5 on portal doesn't show new value for test app 2 url
logout/login doesn't show new value
Refresh my rights doesn't show new value
Restart apache2 service, new url is shown on portal
I can't reproduce this bug 100% of times, more like 99%, in a few cases the diff show the new value, but portal still doesn't show new url, once it did.
I tested on 1.9 with same environment/config, no need to restart apache2 to show new urls, it works 100% of times.
### Logs
llng debug log of saving the new value
```
[debug] Get session fd10b516ed150445a73bdcdebe4a70174c7dcc3241fa3aedc227bc513cb98d7b
[debug] manager.xps.local: Apply default rule
[debug] removing cookie
[debug] User fd-admin was granted to access to /manager.fcgi/confs/?cfgNum=27
[debug] User authenticated, calling handler()
[debug] Start routing confs
[notice] User fd-admin has stored conf 28
[debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[debug] Configuration 28 stored.
Get configuration from cache without verification.
[debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[Thu Jun 14 17:09:05.262461 2018] [perl:notice] [pid 17925] Request for configuration reload
[notice] Apply configuration for reload.xps.local: ok
[debug] Get session fd10b516ed150445a73bdcdebe4a70174c7dcc3241fa3aedc227bc513cb98d7b from Handler internal cache
[debug] manager.xps.local: Apply default rule
[debug] removing cookie
[debug] User fd-admin was granted to access to /manager.fcgi/confs/latest
[debug] User authenticated, calling handler()
[debug] Start routing confs
[debug] Search for cfgNum in conf
[debug] Cfgnum set to latest
[debug] Search for cfgAuthor in conf
[debug] Cfgnum set to 28
[debug] Search for cfgDate in conf
[debug] Cfgnum set to 28
[debug] Search for cfgAuthorIP in conf
[debug] Cfgnum set to 28
[debug] Search for cfgLog in conf
[debug] Cfgnum set to 28
[debug] Search for cfgVersion in conf
[debug] Cfgnum set to 28
[info] User fd-admin ask for configuration metadatas (28)
[debug] Get session fd10b516ed150445a73bdcdebe4a70174c7dcc3241fa3aedc227bc513cb98d7b from Handler internal cache
[debug] manager.xps.local: Apply default rule
[debug] removing cookie
[debug] User fd-admin was granted to access to /manager.fcgi/confs/28/portal
[debug] User authenticated, calling handler()
[debug] Start routing confs
[info] User fd-admin asks for key portal
[debug] Search for portal in conf
[debug] Cfgnum set to 28
[debug] Get session fd10b516ed150445a73bdcdebe4a70174c7dcc3241fa3aedc227bc513cb98d7b from Handler internal cache
[debug] manager.xps.local: Apply default rule
[debug] removing cookie
[debug] User fd-admin was granted to access to /manager.fcgi/confs/28/domain
[debug] User authenticated, calling handler()
[debug] Start routing confs
[info] User fd-admin asks for key domain
[debug] Search for domain in conf
[debug] Cfgnum set to 28
```
### Backends used
LDAP for auth/user/password
Files for config/sessions
2.0.0
Yadd
Yadd
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2382
CDA: failure when accessing CDA if already logged in, and using double cookies
2020-11-16T17:41:42Z
Maxime Besson
CDA: failure when accessing CDA if already logged in, and using double cookies
### Concerned version
Version: 2.0.9
### Summary
* Configure a http:// CDA vhost
* set double cookies (http + https)
* Login to portal
* Try to access http:// CDA vhost
* Access fails with 403 error
### Logs
```
CDA request with id...
### Concerned version
Version: 2.0.9
### Summary
* Configure a http:// CDA vhost
* set double cookies (http + https)
* Login to portal
* Try to access http:// CDA vhost
* Access fails with 403 error
### Logs
```
CDA request with id XXX
Get CDA session XXX
CDA request for id XXX is not valid
```
Tracked down to :
```perl
$cdaInfos->{cookie_value} =
$req->{sessionInfo}->{_httpSession};
$cdaInfos->{cookie_name} = $self->{conf}->{cookieName} . "http";
```
Unfortunately, when the user is already logger on the portal, `_httpSession` is not defined.
### Possible fixes
We should store `_httpSession` in the database instead of only setting it during the connection
2.0.10
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2624
Import unicode2iso and iso2unicode into Safe jail
2022-07-01T18:07:28Z
Christophe Maudoux
chrmdx@gmail.com
Import unicode2iso and iso2unicode into Safe jail
### Summary
I planned to deploy two flavours of SSO as a service soon (full and hybrid). So, DevOps handler will be employed but Safe jail is required. We use uWSGI server and we are facing encoding issues. To by pass those I used unic...
### Summary
I planned to deploy two flavours of SSO as a service soon (full and hybrid). So, DevOps handler will be employed but Safe jail is required. We use uWSGI server and we are facing encoding issues. To by pass those I used unicode2iso and iso2unicode extended functions.
Problem is those functions are not compliant with Safe jail. I tried many solutions but without success...
Help would be appreciated 🙏
### Design proposition
Import unicode2iso and other into Safe jail.
2.0.15
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2551
Bad encoding in session with LDAP backend and special characters
2021-07-18T17:49:47Z
Albert Rinceau
Bad encoding in session with LDAP backend and special characters
### Concerned version
Version: %2.0.11
Platform: Nginx
### Summary
Accents or special characters in attributes of LDAP userDB are not well displayed when saved into backend session.
I also looked into session DB directly, and charact...
### Concerned version
Version: %2.0.11
Platform: Nginx
### Summary
Accents or special characters in attributes of LDAP userDB are not well displayed when saved into backend session.
I also looked into session DB directly, and characters are not well encoded here too, then it's not a browser display problem I suppose.
### Logs
In session explorer but also in CAS tickets
```
for example "é" gives "é"
```
### Backends used
LDAP for Auth, UserDB and Session
### Possible fixes
Into /usr/share/perl5/Lemonldap/NG/Portal/UserDB/LDAP.pm::setSessionInfo()
replacing
```
51: $req->sessionInfo->{$k} = $value;
```
by
```
51: $req->sessionInfo->{$k} = encode($value);
```
looks fixing the problem but cannot test with other session backends
I included the standard Encode library. Don't know if it was really necessary though
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2441
Microsoft Edge kerberos authentification error
2021-01-18T13:00:19Z
Mame Dieynaba SENE
Microsoft Edge kerberos authentification error
### Concerned version
Version: 2.0.8
Platform: (Edge 87/Apache 2.4)
### Summary
LL::NG is configured with combinaison module Kerberos/LDAP. Kerberos authentication is ok in Firefox and Edge when user has a valid ticket.
If the user is...
### Concerned version
Version: 2.0.8
Platform: (Edge 87/Apache 2.4)
### Summary
LL::NG is configured with combinaison module Kerberos/LDAP. Kerberos authentication is ok in Firefox and Edge when user has a valid ticket.
If the user is out of the Domain or has no valid ticket every thing works fine with firefox but not Edge.
Here how to reproduce the bug
-user goes to Edge, open a private window ( no kerneros ticket) and tap portal url
-Edge shows a credential popup and then user must click on "cancel" to be redirect on LDAP login page.
There is no error in logs
what will I be missing ?
Thanks guys
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2405
Access rules problem for manager vhosts
2020-12-09T19:45:46Z
Maxime Lombard
Access rules problem for manager vhosts
Hello,
I have some troubles trying to restrict access to LL:NG manager using access rules ("protection = manager"). I have tested different rules like :
```
$_user eq "[username]"
$uid eq "[username]"
$mail eq "[usermail]"
inGroup("[gr...
Hello,
I have some troubles trying to restrict access to LL:NG manager using access rules ("protection = manager"). I have tested different rules like :
```
$_user eq "[username]"
$uid eq "[username]"
$mail eq "[usermail]"
inGroup("[groupname]")
```
But nothing seems to work, I get the errors "forbidden" then "networkProblem" when accessing the manager interface. The datas I am testing are visible in the session browser.
The only way I can actually access to manager is using the parameter "protection = authenticate" or "none".
I am using LL:NG 2.9, with Kerberos Authentication module and LDAP based user/password module. The authentication module is working perfectly well.
Do you have any ideas on that problem
Thank you in advance
FAQ
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2363
[SAML] Upgrade 2.0.7 > 2.0.9 led some SAML SPs not working unless Check SSO m...
2021-01-08T17:12:06Z
Mehdi KHELIFA
[SAML] Upgrade 2.0.7 > 2.0.9 led some SAML SPs not working unless Check SSO message signature is disabled
### Concerned version
Version: %2.0.9-1
Platform: Apache / Debian GNU/Linux 9 (stretch) /Linux 4.9.0-13-amd64 #1 SMP Debian 4.9.228-1 (2020-07-05) x86_64 GNU/Linux
### Summary
Since upgraded from 2.0.7 to 2.0.9, some SAML service pro...
### Concerned version
Version: %2.0.9-1
Platform: Apache / Debian GNU/Linux 9 (stretch) /Linux 4.9.0-13-amd64 #1 SMP Debian 4.9.228-1 (2020-07-05) x86_64 GNU/Linux
### Summary
Since upgraded from 2.0.7 to 2.0.9, some SAML service providers can't be authenticated. Portal displays that an error occured during SAML messages signing (translation from french message : "Erreur lors de la gestion de la signature du message SAML")
Other SAML SP are working fine.
I also checked the validity of the public keys provided in the metadatas (including my own just to be sure). They are still valid.
### Logs
```
[LLNG:3781] [error] Lasso error code -1500: The provider has no known public key
[LLNG:3781] [error] Signature is not valid
[LLNG:3781] [debug] Returned error: 57 (PE_SAML_SIGNATURE_ERROR)
See attached error.log file
```
[error.log](/uploads/814ca14fc1aa668ffe9e42178c700e6a/error.log)
You will find attached concerned service providers metadata files.
- [sp1-md.xml](/uploads/9e6b002745d87d61d770796d40421619/sp1-md.xml)
- [sp2-md.xml](/uploads/22e4fd17ad421776611f605c6175b16a/sp2-md.xml)
Here is an URL encoded request from the SP
```
fZBbT4QwEEb%2FCun7llvirhMgIbImxGvcFY1vFRtoUlrsTEX%2FvcC%2BrC%2B%2BzznfyWQoBj1C6ak3T%2FLTS6SgkQ6VNTlLeMSCusrZ3m9fa7OvX26qj0vePF%2FHQ%2FO181v1Ps0HiF7WBkkYmpkoiTZxtEmjY7yDNIUo5hdJ%2BsaCanYrI2hV90QjQhiKeZgjWk5OjErz1g7hkhSiMp2WB9WZB8OC70EbhLU1Z94ZsAIVghGDRKAWDuXdLcy5MDpLtrWaFdlyDWucO%2BP%2FxwWidEshK6Zp4qP2TmhUXU9LWRaeOU8DI9zPkrp6tFq1P0GptZ2unBQkc0bOSxYWJ%2Brvj4tf&RelayState=CquY9iUTrVrkoL3B3yZBph61zAjsqR&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=W8cRNc4N77VJShg9SToCIm1xXvA%2BnJ3ZFv4xqqcRph3TiylsYzARUVy%2Bu8FbuRzRvUhzMbftA%2FWHPs9HFrk2qulbdWMu6iT9JAIgB6tLflM66BZwkJtxTpTmj0iie8iZFodgbPPQjZHVqjmQ5m9nS%2Fm0IxhZRcfwMIxYu2nsSHWYWlcU%2BK5fl%2FzNiX0uHuxfkWMrQyviuX0Mu60w1U8O8Trw%2FfYlvc6Sid9sMi195HZWBXvxzji8R7mEq4Q60YGL2xMrUnuNl1AHQU9bfUwIvtNe7Cqd0NkfjQ3hMXOmNxAS52%2BfrfvU8BBWyUNhtqz708Bs40r9H6FA3FoybV54eQ%3D%3D
```
### Backends used
CONFIGURATION AND SESSIONS on PostrgreSQL DB
AUTH BACKEND : ActiveDiretory
### Possible fixes
The only workaround is to disable **Check SSO message signature** at the service provider level. Once disable Applications are authenticated as expected. But overtime it may not be secure !
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1982
Issue for new installation
2020-01-14T12:49:31Z
XIYI Zhu
Issue for new installation
Hello,
I am testing to install lemonldap 2.0.6 as new installation in CentOS7. I followed the instruction and it install. However, it doesn't start apache when I configure to use RDBI by following this instruction:
https://lemonldap-n...
Hello,
I am testing to install lemonldap 2.0.6 as new installation in CentOS7. I followed the instruction and it install. However, it doesn't start apache when I configure to use RDBI by following this instruction:
https://lemonldap-ng.org/documentation/2.0/sqlconfbackend
The database is the Mariadb 10.4.8 with following configuration:
```
[mysql]
# CLIENT #
port = 3306
socket = /var/lib/mysql/mysql.sock
[mysqld]
# GENERAL #
user = mysql
default-storage-engine = InnoDB
socket = /var/lib/mysql/mysql.sock
pid-file = /var/lib/mysql/mysqld.pid
# MyISAM #
# key-buffer-size = 32M
# myisam-recover = FORCE,BACKUP
# SAFETY #
max-allowed-packet = 256M
max-connect-errors = 1000000
skip-name-resolve
sql-mode = NO_ENGINE_SUBSTITUTION,NO_AUTO_CREATE_USER
sysdate-is-now = 1
innodb-strict-mode = 1
# DATA STORAGE #
datadir = /var/lib/mysql
# SERVER ID #
server-id = 1
# BINARY LOGGING #
log-bin
# CACHES AND LIMITS #
max-connections = 500
tmp-table-size = 32M
max-heap-table-size = 32M
query-cache-type = 0
query-cache-size = 0
thread-cache-size = 50
open-files-limit = 65535
table-definition-cache = 1024
table-open-cache = 2048
# INNODB #
innodb-flush-method = O_DIRECT
innodb-log-files-in-group = 2
innodb-log-file-size = 768M
innodb-flush-log-at-trx-commit = 1
innodb-file-per-table = 1
innodb-buffer-pool-size = 1536M
# LOGGING #
log-error = /var/lib/mysql/mysqld.log
slow-query-log = 1
slow-query-log-file = /var/lib/mysql/mysqld-slow.log
log-queries-not-using-indexes = OFF
long_query_time = 30
```
since it doesn't allow to do dash for the database name, it change it to lemonldap-ng.
Here is what I set in the /etc/lemonldap-ng/lemonldap-ng.ini
```
[configuration]
; confTimeout: maximum time to get configuration (default 10)
;confTimeout = 5
; GLOBAL CONFIGURATION ACCESS TYPE
; (File, REST, SOAP, RDBI/CDBI, LDAP, YAMLFile)
; Set here the parameters needed to access to LemonLDAP::NG configuration.
; You have to set "type" to one of the followings :
;
; * File/YAMLFile: you have to set 'dirName' parameter. Example:
;
; type = File ; or type = YAMLFile
type = File
dirName = /var/lib/lemonldap-ng/conf
;
; * RDBI/CDBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword'
; if needed. Example:
;
type = RDBI
; ;type = CDBI
dbiChain = DBI:MariaDB:database=lemonldap_ng;host=localhost
dbiUser = <username>
dbiPassword = <password>
dbiTable = lmConfig
```
The error is
```
[Tue Oct 22 16:34:31.605705 2019] [perl:error] [pid 3327] Lemonldap::NG::Handler::ApacheMP2::Main : unable to build configuration: Error: configStorage: type is not well formed.\nError: Unknown package Lemonldap::NG::Common::Conf::Backends::File\nRDBI\nFile.\nCompilation failed in require at /usr/share/perl5/vendor_perl/Lemonldap/NG/Handler/ApacheMP2.pm line 9.\nBEGIN failed--compilation aborted at /usr/share/perl5/vendor_perl/Lemonldap/NG/Handler/ApacheMP2.pm line 9.\nCompilation failed in require at (eval 2) line 2.\n
[Tue Oct 22 16:34:31.605768 2019] [perl:error] [pid 3327] Can't load Perl module Lemonldap::NG::Handler::ApacheMP2 for server <url>:0, exiting...
```
Did I miss to install something? I did yum install perl-DBD-MySQL
Thanks
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3002
managerPassword is incorrectly decoded when using Conf::LDAP
2023-09-08T02:07:47Z
Maxime Besson
managerPassword is incorrectly decoded when using Conf::LDAP
### Affected version
Version: 2.17.0
Platform: (Nginx/Apache/Node.js)
### Summary
* Configure LDAP as a conf backend and an auth backend
* set managerPassword=é
Password is incorrectly encoded when sent to LDAP server
related to #2...
### Affected version
Version: 2.17.0
Platform: (Nginx/Apache/Node.js)
### Summary
* Configure LDAP as a conf backend and an auth backend
* set managerPassword=é
Password is incorrectly encoded when sent to LDAP server
related to #2748
```
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2989
Bad parameter name : don't set oidcRPMetaDataOptionsRefreshToken when you wan...
2023-08-25T12:37:47Z
Yadd
Bad parameter name : don't set oidcRPMetaDataOptionsRefreshToken when you want to use refresh_token
Here is the strange code:
```perl
elsif ( $self->rpOptions->{$rp}->{oidcRPMetaDataOptionsRefreshToken} ) {
my $refreshTokenSession = $self->new...
Here is the strange code:
```perl
elsif ( $self->rpOptions->{$rp}->{oidcRPMetaDataOptionsRefreshToken} ) {
my $refreshTokenSession = $self->newRefreshToken(
$rp,
{
redirect_uri => $codeSession->data->{redirect_uri},
scope => $scope,
client_id => $client_id,
user_session_id => $codeSession->data->{user_session_id},
grant_type => "authorizationcode",
},
0,
);
```
The "0" disable the use of `oidcServiceOfflineSessionExpiration` _(or `oidcRPMetaDataOptionsOfflineSessionExpiration`)_ so `refresh_token` timeout is set to `$conf->{timeout}`.
@maxbes, @clement_oudot: is it normal or a bug ?
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2986
Delete sessions of a user through Rest API
2023-08-18T09:01:59Z
Kanthanathan S
Delete sessions of a user through Rest API
We need to understand if there is a way to terminate all the sessions of a given user through Rest API/SOAP API.
We have an ldap at the backend and we have a self service portal that allows users to change their passwords. As part of...
We need to understand if there is a way to terminate all the sessions of a given user through Rest API/SOAP API.
We have an ldap at the backend and we have a self service portal that allows users to change their passwords. As part of our compliance, once the password is changed/reset all users sessions needs to be invalidated. WE are trying to achieve this with API integration.
Please advice.
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2981
perl-lasso package
2023-08-17T00:26:27Z
Shane Treweek
perl-lasso package
just wondering I have installed lemonldap-ng on Nethserver(centos 7) running on Raspberry Pi I only need the perl-lasso package which I had access to one in the past that was compiled for arm32 but I know longer have access to the repo f...
just wondering I have installed lemonldap-ng on Nethserver(centos 7) running on Raspberry Pi I only need the perl-lasso package which I had access to one in the past that was compiled for arm32 but I know longer have access to the repo for it could you suggest anything (basically I just had to reinstall everything and my backup hdd was corrupted) if I had access to the .src.rpm I could compile it
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2977
lemonldap-ng-cli delKey locationRules failed
2023-12-25T17:55:55Z
Yadd
lemonldap-ng-cli delKey locationRules failed
From [GitHub #2](https://github.com/LemonLDAPNG/lemonldap-ng/issues/2)
> The `simpleHashKeys` rule does not contain `locationRules`.
>
> https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/v2.0/lemonldap-ng-manager/lib/Lemonldap/NG/...
From [GitHub #2](https://github.com/LemonLDAPNG/lemonldap-ng/issues/2)
> The `simpleHashKeys` rule does not contain `locationRules`.
>
> https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/v2.0/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Cli.pm#L261
>
```
$ /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 delKey locationRules manager.example.com
[Tue Jul 25 00:58:49 2023] [LLNG:320838] [info] Loading configuration 29 for process 320838
[Tue Jul 25 00:58:49 2023] [LLNG:320838] [info] CLI: Retrieve last conf.
[Tue Jul 25 00:58:49 2023] [LLNG:320838] [info] REST request to get configuration metadata (29)
locationRules is not a simple hash. Aborting at /usr/share/perl5/Lemonldap/NG/Manager/Cli.pm line 262.
```
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2930
migration u2f to webauthn => keys are no longer recognized
2023-05-19T07:42:10Z
Didier Testelin
migration u2f to webauthn => keys are no longer recognized
Version: lemonldap 2.16.2
https://hub.docker.com/r/coudot/lemonldap-ng/
I migrated u2f keys to webauthn.
The keys are no longer recognized.
Tests carried out:
1st trial
- webauthn configuration and U2F deactivation
- deletion of all se...
Version: lemonldap 2.16.2
https://hub.docker.com/r/coudot/lemonldap-ng/
I migrated u2f keys to webauthn.
The keys are no longer recognized.
Tests carried out:
1st trial
- webauthn configuration and U2F deactivation
- deletion of all sessions
- registration with username/password + double authentication Webauthn
- identification with username/password + Webauthn double authentication
=> no problem. Webauth works.
2nd test
- webauthn configuration and U2F deactivation
- restoration of old sessions under U2F
- launch of
lemonldap-ng-sessions secondfactors migrateu2f --all
- identification with username/password + Webauthn double authentication
=> error message stating that the key is not familiar. It is therefore not recognized.
Did I forget something for the migration?
THANKS.
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2927
Redirection loop on portal with oidc
2023-05-17T07:04:59Z
J-B V
Redirection loop on portal with oidc
### Concerned version
Version: 2.16.2
Platform: (Nginx)
### Summary
I'm trying to upgrade from lemonldap 2.0.13-2 to lemonldap 2.16.2 with the same configuration.
Everything is working fine except one of our oidc client: after auth, ...
### Concerned version
Version: 2.16.2
Platform: (Nginx)
### Summary
I'm trying to upgrade from lemonldap 2.0.13-2 to lemonldap 2.16.2 with the same configuration.
Everything is working fine except one of our oidc client: after auth, the web browser is going into a redirect loop on the portal instead of going to the redirect uri. The web browser display the "Redirection in progress" message and keep reloading the page.
The other OIDC client or CAS client are ok.
jsRedirect is set to 0.
There is no error in the browser console and the issue is the same with firefox v102 or Chrome v113.
The OS is a debian 10.13 for lemon 2.0.13-2 and a debian 12.0 for lemon 2.16.2
The issue was the same with version 2.16.1 last week.
The log with version 2.16.2 (redirect loop) show:
```
May 12 12:23:10 lemon2 LLNG[131]: [debug] Returned status: -2 (PE_REDIRECT)
May 12 12:23:10 lemon2 LLNG[131]: [debug] Skin returned: redirect
May 12 12:23:10 lemon2 LLNG[131]: [debug] Calling sendHtml with template redirect
```
With version 2.0.13-2 (ok, no loop) we have:
```
May 12 12:29:13 lemon LLNG[329]: [debug] Redirect user to https://biblio.toutapprendre.com/ws/authLyon.aspx?code=0291198
May 12 12:29:13 lemon LLNG[329]: [debug] Returned status: -2 (PE_REDIRECT)
May 12 12:29:13 lemon LLNG[329]: [debug] Calling autoredirect
```
Detailled log of the two version are below.
### Logs
#### Logs with version 2.16.2:
```
May 12 12:23:10 lemon2 LLNG[131]: [debug] OIDC request parameter client_id: mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF in hidden key client_id
May 12 12:23:10 lemon2 LLNG[131]: [debug] OIDC request parameter state: b0da98665f354e8390831b792a29a492
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store b0da98665f354e8390831b792a29a492 in hidden key state
May 12 12:23:10 lemon2 LLNG[131]: [debug] OIDC request parameter redirect_uri: https://biblio.toutapprendre.com/ws/auth>
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store https://biblio.toutapprendre.com/ws/authLyon.aspx in hidden key redirec>
May 12 12:23:10 lemon2 LLNG[131]: [debug] OIDC request parameter response_mode: form_post
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store form_post in hidden key response_mode
May 12 12:23:10 lemon2 LLNG[131]: [debug] Calling hook oidcGotRequest
May 12 12:23:10 lemon2 LLNG[131]: [debug] OIDC authorizationcode flow requested (response type: code)
May 12 12:23:10 lemon2 LLNG[131]: [debug] Request from client id mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF
May 12 12:23:10 lemon2 LLNG[131]: [debug] Client id mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF matches RP rp-toutapprendre
May 12 12:23:10 lemon2 LLNG[131]: [notice] User 27001000006666 (BML) is authorized to access to rp-toutapprendre
May 12 12:23:10 lemon2 LLNG[131]: [debug] [notice] User 27001000006666 (BML) is authorized to access to rp-toutapprendre
May 12 12:23:10 lemon2 LLNG[131]: [debug] Calling hook oidcResolveScope
May 12 12:23:10 lemon2 LLNG[131]: [debug] Resolved scopes: openid profile
May 12 12:23:10 lemon2 LLNG[131]: [debug] Consent is disabled for Relying Party rp-toutapprendre, user will not be prom>
May 12 12:23:10 lemon2 LLNG[131]: [debug] Calling hook oidcGenerateCode
May 12 12:23:10 lemon2 LLNG[131]: [debug] Generated code: 671c71aae51ec30a5e68c444e5d9e46d
May 12 12:23:10 lemon2 LLNG[131]: [debug] Delete all hidden values
May 12 12:23:10 lemon2 LLNG[131]: [debug] Processing autoPost
May 12 12:23:10 lemon2 LLNG[131]: [debug] Delete all hidden values
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store ItjPm152IqLR7wz9/R3f9uXiFydygQZAQJKzxrPPTkw=.empOZk1lalI3Uys2eDkrbXFDK3>
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store 671c71aae51ec30a5e68c444e5d9e46d in hidden key code
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store b0da98665f354e8390831b792a29a492 in hidden key state
May 12 12:23:10 lemon2 LLNG[131]: [debug] Returned status: -2 (PE_REDIRECT)
May 12 12:23:10 lemon2 LLNG[131]: [debug] Skin returned: redirect
May 12 12:23:10 lemon2 LLNG[131]: [debug] Calling sendHtml with template redirect
```
#### Log with version 2.0.13-2:
```
May 12 12:29:13 lemon LLNG[329]: [debug] OIDC request parameter client_id: mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF
May 12 12:29:13 lemon LLNG[329]: [debug] Store mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF in hidden key client_id
May 12 12:29:13 lemon LLNG[329]: [debug] OIDC request parameter state: dae988ae12e049c3ba7768a876b99c6c
May 12 12:29:13 lemon LLNG[329]: [debug] Store dae988ae12e049c3ba7768a876b99c6c in hidden key state
May 12 12:29:13 lemon LLNG[329]: [debug] OIDC request parameter redirect_uri: https://biblio.toutapprendre.com/ws/authLy
May 12 12:29:13 lemon LLNG[329]: [debug] Store https://biblio.toutapprendre.com/ws/authLyon.aspx in hidden key redirect_
May 12 12:29:13 lemon LLNG[329]: [debug] OIDC request parameter response_mode: form_post
May 12 12:29:13 lemon LLNG[329]: [debug] Store form_post in hidden key response_mode
May 12 12:29:13 lemon LLNG[329]: [debug] Calling hook oidcGotRequest
May 12 12:29:13 lemon LLNG[329]: [debug] OIDC authorizationcode flow requested (response type: code)
May 12 12:29:13 lemon LLNG[329]: [debug] Request from client id mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF
May 12 12:29:13 lemon LLNG[329]: [debug] Client id mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF matches RP rp-toutapprendre
May 12 12:29:13 lemon LLNG[329]: [notice] User 27001000006666 (BML) is authorized to access to rp-toutapprendre
May 12 12:29:13 lemon LLNG[329]: [debug] [notice] User 27001000006666 (BML) is authorized to access to rp-toutapprendre
May 12 12:29:13 lemon LLNG[329]: [debug] Calling hook oidcResolveScope
May 12 12:29:13 lemon LLNG[329]: [debug] Consent is disabled for Relying Party rp-toutapprendre, user will not be prompt
May 12 12:29:13 lemon LLNG[329]: [debug] Calling hook oidcGenerateCode
May 12 12:29:13 lemon LLNG[329]: [debug] Generated code: 0291198f419f55353795de14235da1ee
May 12 12:29:13 lemon LLNG[329]: [debug] Delete all hidden values
May 12 12:29:13 lemon LLNG[329]: [debug] Redirect user to https://biblio.toutapprendre.com/ws/authLyon.aspx?code=0291198
May 12 12:29:13 lemon LLNG[329]: [debug] Returned status: -2 (PE_REDIRECT)
May 12 12:29:13 lemon LLNG[329]: [debug] Calling autoredirect
May 12 12:29:13 lemon LLNG[329]: [debug] Building redirection to https://biblio.toutapprendre.com/ws/authLyon.aspx?code=
```
FAQ
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2891
Mini HowTo OIDC with a single page application
2023-07-06T15:35:05Z
Black Sousnenu
Mini HowTo OIDC with a single page application
Hi all,
We try to authenticate a single page application with OIDC, we did not find in the documentation how to do it.
Is it possible to create a mini how-to ?
Thanks
Regards
BS
Hi all,
We try to authenticate a single page application with OIDC, we did not find in the documentation how to do it.
Is it possible to create a mini how-to ?
Thanks
Regards
BS
In discussion
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2888
SAML IdP-initiated Single Logout
2023-03-07T18:07:58Z
XIAOJUN TIAN
SAML IdP-initiated Single Logout
This is not an issue but more like a help ticket.
I am writing my own SAML sp and using LLNG as IdP to test. My own sp just supports IdP-initiated logout and I am looking for something similar with [SimpleSAMLphp IdP-initiated logout](h...
This is not an issue but more like a help ticket.
I am writing my own SAML sp and using LLNG as IdP to test. My own sp just supports IdP-initiated logout and I am looking for something similar with [SimpleSAMLphp IdP-initiated logout](https://webcache.googleusercontent.com/search?q=cache:U9D_G3YnUT0J:https://simplesamlphp.org/docs/1.16/simplesamlphp-idp-more.html&cd=1&hl=en&ct=clnk&gl=ca) at the page bottom.
I can tell after reading the official documentation and issues that LLNG should support SAML IdP-initiated logout but the information is in fragments. Can anyone give ideas on how to trigger the IdP-initiated logout? Many thanks!
For now, the IdP ```<SingleLogoutService>``` metadata looks like this, and I am using HTTP-Redirect for single logout (the single login has already worked out in my local environment):
```
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://idp.example.com:8080/saml/singleLogoutSOAP" />
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://idp.example.com:8080/saml/singleLogout"
ResponseLocation="http://idp.example.com:8080/saml/singleLogoutReturn"
/>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://idp.example.com:8080/saml/singleLogout"
ResponseLocation="http://idp.example.com:8080/saml/singleLogoutReturn"
/>
```
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2856
Possibility to check minimal special characters even if no special character ...
2023-01-25T18:01:19Z
Clément OUDOT
Possibility to check minimal special characters even if no special character list configured
For now, we can't allow minimal special characters if no special character list is defined.
If no special character list is configured, we should check minimal special characters with all special characters.
For now, we can't allow minimal special characters if no special character list is defined.
If no special character list is configured, we should check minimal special characters with all special characters.
FAQ
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2813
libclass-xsaccessor-perl dependency is missing with fresh install
2022-10-25T19:07:42Z
Christophe Maudoux
chrmdx@gmail.com
libclass-xsaccessor-perl dependency is missing with fresh install
### Concerned version
Version: %2.0.15
Platform: All
### Summary
apt install libclass-xsaccessor-perl
### Logs
```
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] route renewcaptcha added
[Fri Oct 21 17:12:56 2022] [LLNG:2723314]...
### Concerned version
Version: %2.0.15
Platform: All
### Summary
apt install libclass-xsaccessor-perl
### Logs
```
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] route renewcaptcha added
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Plugin ::Captcha::SecurityImage initialized
Trace begun at (eval 13) line 1
main::__ANON__('Can\'t locate Class/XSAccessor.pm in @INC (you may need to install the Class::XSAccessor module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.32.1 /usr/local/share/perl/5.32.1 /usr/lib/x86_64-linux-gnu/perl5/5.32 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.32 /usr/share/perl/5.32 /usr/local/lib/site_perl) at /usr/share/perl5/Moo/_Utils.pm line 107, <DATA> line 960.^J') called at /usr/share/perl5/Moo/_Utils.pm line 107
eval {...} at /usr/share/perl5/Moo/_Utils.pm line 107
Moo::_Utils::_require('Class/XSAccessor.pm') called at /usr/share/perl5/Moo/_Utils.pm line 151
Moo::_Utils::_maybe_load_module('Class::XSAccessor') called at /usr/share/perl5/Method/Generate/Accessor.pm line 20
Method::Generate::Accessor::BEGIN at /usr/share/perl5/Method/Generate/Accessor.pm line 26
eval {...} at /usr/share/perl5/Method/Generate/Accessor.pm line 26
require Method/Generate/Accessor.pm at /usr/share/perl5/Moo/Role.pm line 59
Moo::Role::_accessor_maker_for('Moo::Role', 'Throwable') called at /usr/share/perl5/Moo/Role.pm line 86
Moo::Role::has('previous_exception', 'is', 'ro', 'default', 'CODE(0x55c9856fee30)') called at /usr/share/perl5/Throwable.pm line 42
require Throwable.pm at /usr/share/perl5/Moo/_Utils.pm line 107
eval {...} at /usr/share/perl5/Moo/_Utils.pm line 107
Moo::_Utils::_require('Throwable.pm') called at /usr/share/perl5/Moo/_Utils.pm line 125
Moo::_Utils::_load_module('Throwable') called at /usr/share/perl5/Moo/Role.pm line 303
Moo::Role::apply_roles_to_package('Moo::Role', 'Throwable::Error', 'Throwable', 'StackTrace::Auto') called at /usr/share/perl5/Moo.pm line 102
Moo::with('Throwable', 'StackTrace::Auto') called at /usr/share/perl5/Throwable/Error.pm line 5
require Throwable/Error.pm at /usr/share/perl5/Moo/_Utils.pm line 107
eval {...} at /usr/share/perl5/Moo/_Utils.pm line 107
Moo::_Utils::_require('Throwable/Error.pm') called at /usr/share/perl5/Moo/_Utils.pm line 125
Moo::_Utils::_load_module('Throwable::Error') called at /usr/share/perl5/Moo.pm line 146
Moo::_set_superclasses('Moo', 'Email::Sender::Failure', 'Throwable::Error') called at /usr/share/perl5/Moo.pm line 96
Moo::extends('Throwable::Error') called at /usr/share/perl5/Email/Sender/Failure.pm line 5
require Email/Sender/Failure.pm at /usr/share/perl5/Moo/_Utils.pm line 107
eval {...} at /usr/share/perl5/Moo/_Utils.pm line 107
Moo::_Utils::_require('Email/Sender/Failure.pm') called at /usr/share/perl5/Moo/_Utils.pm line 125
Moo::_Utils::_load_module('Email::Sender::Failure') called at /usr/share/perl5/Moo.pm line 146
Moo::_set_superclasses('Moo', 'Email::Sender::Failure::Temporary', 'Email::Sender::Failure') called at /usr/share/perl5/Moo.pm line 96
Moo::extends('Email::Sender::Failure') called at /usr/share/perl5/Email/Sender/Failure/Temporary.pm line 5
require Email/Sender/Failure/Temporary.pm at /usr/share/perl5/Email/Sender/Role/CommonSending.pm line 9
Email::Sender::Role::CommonSending::BEGIN at /usr/share/perl5/Method/Generate/Accessor.pm line 26
eval {...} at /usr/share/perl5/Method/Generate/Accessor.pm line 26
require Email/Sender/Role/CommonSending.pm at /usr/share/perl5/Moo/_Utils.pm line 107
eval {...} at /usr/share/perl5/Moo/_Utils.pm line 107
Moo::_Utils::_require('Email/Sender/Role/CommonSending.pm') called at /usr/share/perl5/Moo/_Utils.pm line 125
Moo::_Utils::_load_module('Email::Sender::Role::CommonSending') called at /usr/share/perl5/Moo/Role.pm line 303
Moo::Role::apply_roles_to_package('Moo::Role', 'Email::Sender::Transport', 'Email::Sender::Role::CommonSending') called at /usr/share/perl5/Moo/Role.pm line 106
Moo::Role::with('Email::Sender::Role::CommonSending') called at /usr/share/perl5/Email/Sender/Transport.pm line 30
require Email/Sender/Transport.pm at /usr/share/perl5/Email/Sender/Simple.pm line 23
Email::Sender::Simple::BEGIN at /usr/share/perl5/Method/Generate/Accessor.pm line 26
eval {...} at /usr/share/perl5/Method/Generate/Accessor.pm line 26
require Email/Sender/Simple.pm at /usr/share/perl5/Lemonldap/NG/Portal/Lib/SMTP.pm line 12
Lemonldap::NG::Portal::Lib::SMTP::BEGIN at /usr/share/perl5/Method/Generate/Accessor.pm line 26
eval {...} at /usr/share/perl5/Method/Generate/Accessor.pm line 26
require Lemonldap/NG/Portal/Lib/SMTP.pm at /usr/lib/x86_64-linux-gnu/perl5/5.32/Mouse/Util.pm line 295
eval {...} at /usr/lib/x86_64-linux-gnu/perl5/5.32/Mouse/Util.pm line 295
Mouse::Util::_try_load_one_class('Lemonldap::NG::Portal::Lib::SMTP') called at /usr/lib/x86_64-linux-gnu/perl5/5.32/Mouse/Util.pm line 303
Mouse::Util::load_class('Lemonldap::NG::Portal::Lib::SMTP') called at /usr/lib/x86_64-linux-gnu/perl5/5.32/Mouse/Meta/Class.pm line 58
Mouse::Meta::Class::superclasses('Mouse::Meta::Class=HASH(0x55c984e0bac0)', 'Lemonldap::NG::Portal::Lib::SMTP', 'Lemonldap::NG::Portal::Main::Plugin', 'Lemonldap::NG::Portal::Lib::_tokenRule') called at /usr/lib/x86_64-linux-gnu/perl5/5.32/Mouse.pm line 35
Mouse::extends('Lemonldap::NG::Portal::Lib::SMTP', 'Lemonldap::NG::Portal::Main::Plugin', 'Lemonldap::NG::Portal::Lib::_tokenRule') called at /usr/share/perl5/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm line 37
require Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm at (eval 119) line 1
eval 'require Lemonldap::NG::Portal::Plugins::MailPasswordReset' at /usr/share/perl5/Lemonldap/NG/Portal/Main/Init.pm line 583
Lemonldap::NG::Portal::Main::loadModule('Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)', '::Plugins::MailPasswordReset') called at /usr/share/perl5/Lemonldap/NG/Portal/Main/Init.pm line 477
Lemonldap::NG::Portal::Main::loadPlugin('Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)', '::Plugins::MailPasswordReset') called at /usr/share/perl5/Lemonldap/NG/Portal/Main/Init.pm line 373
Lemonldap::NG::Portal::Main::reloadConf('Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)', 'HASH(0x55c9841f5a28)') called at /usr/share/perl5/Lemonldap/NG/Handler/Main/Reload.pm line 82
Lemonldap::NG::Handler::Main::checkConf('Lemonldap::NG::Handler::PSGI::Main', 'Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)') called at /usr/share/perl5/Lemonldap/NG/Handler/Lib/PSGI.pm line 23
Lemonldap::NG::Handler::Lib::PSGI::init('Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)', 'HASH(0x55c984271628)') called at /usr/share/perl5/Lemonldap/NG/Handler/PSGI/Router.pm line 14
Lemonldap::NG::Handler::PSGI::Router::init('Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)', 'HASH(0x55c984271628)') called at /usr/share/perl5/Lemonldap/NG/Portal/Main/Init.pm line 140
Lemonldap::NG::Portal::Main::init('Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)', 'HASH(0x55c98309a6d8)') called at /usr/share/perl5/Lemonldap/NG/Common/PSGI.pm line 343
Lemonldap::NG::Common::PSGI::run('Lemonldap::NG::Portal::Main', 'HASH(0x55c98309a6d8)') called at /usr/share/lemonldap-ng/portal/htdocs/index.psgi line 3
require /usr/share/lemonldap-ng/portal/htdocs/index.psgi at /usr/share/lemonldap-ng/llng-server/llng-server.psgi line 52
Plack::Sandbox::_2fusr_2fshare_2flemonldap_2dng_2fllng_2dserver_2fllng_2dserver_2epsgi::__ANON__('HASH(0x55c982de2650)') called at /usr/share/lemonldap-ng/llng-server/llng-server.psgi line 66
Plack::Sandbox::_2fusr_2fshare_2flemonldap_2dng_2fllng_2dserver_2fllng_2dserver_2epsgi::__ANON__('HASH(0x55c982de2650)') called at /usr/share/perl5/Method/Generate/Accessor.pm line 26
eval {...} at /usr/share/perl5/Method/Generate/Accessor.pm line 26
Trace begun at (eval 13) line 1
main::__ANON__('Can\'t locate object method "tid" via package "threads" at /usr/share/perl/5.32/XSLoader.pm line 111, <DATA> line 960.^J') called at /usr/share/perl/5.32/XSLoader.pm line 111
eval {...} at /usr/share/perl/5.32/XSLoader.pm line 111
XSLoader::load('Net::SSLeay', 1.88) called at /usr/lib/x86_64-linux-gnu/perl5/5.32/Net/SSLeay.pm line 444
eval {...} at /usr/lib/x86_64-linux-gnu/perl5/5.32/Net/SSLeay.pm line 446
require Net/SSLeay.pm at /usr/share/perl5/IO/Socket/SSL.pm line 19
IO::Socket::SSL::BEGIN at /usr/lib/x86_64-linux-gnu/perl5/5.32/Net/SSLeay.pm line 0
eval {...} at /usr/lib/x86_64-linux-gnu/perl5/5.32/Net/SSLeay.pm line 0
require IO/Socket/SSL.pm at /usr/share/perl/5.32/Net/SMTP.pm line 26
eval {...} at /usr/share/perl/5.3[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Module Lemonldap::NG::Portal::Plugins::MailPasswordReset loaded
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Declaring unauth route
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Add POST route:
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] route resetpwd added
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Add GET route:
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] route resetpwd added
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Plugin ::Plugins::MailPasswordReset initialized
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Module Lemonldap::NG::Portal::Plugins::Notifications loaded
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Declaring unauth route
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Add POST route:
```
FAQ