sessions explorer is not protected by LemonLDAP
If I configure the manager domain to be self-protected (protection = manager in lemonldap-ng.ini, like explained in the doc), the manager domain is protected, but not the sessions explorer (anybody can access it, without authentication). From the comments in lemonldap-ng.ini, the sessions explorer should inherit protection from the manager, but it seems it's not the case.