lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2018-06-25T11:45:22Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1445Let's stop french manager doc translation2018-06-25T11:45:22ZYaddLet's stop french manager doc translationHi all,
I think we should stop french doc translation:
1. it needs a lot of job and we have no time to do it *(less than 30% translated today…)*
2. this doc isn't online
3. administrators of this type of software are used to reading Engl...Hi all,
I think we should stop french doc translation:
1. it needs a lot of job and we have no time to do it *(less than 30% translated today…)*
2. this doc isn't online
3. administrators of this type of software are used to reading English documentation
4. OmegaT isn't easy to use
5. I haven't found better software to translate plain HTML
@clement\_oudot, @maudoux : Please send your advice below2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1446No CDA redirection if already authenticated2018-06-11T12:05:13ZDejan SANADERNo CDA redirection if already authenticatedHello,
If I'm already authenticated on the main domain, I can't access a cross domain site.
If I authenticate through the cross domain site first, there is no such issue.
I've empirically pinpointed it to the following part (the CDA r...Hello,
If I'm already authenticated on the main domain, I can't access a cross domain site.
If I authenticate through the cross domain site first, there is no such issue.
I've empirically pinpointed it to the following part (the CDA redir block is not evaluated if authenticated) :
```diff
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
index e32d0c027..af3f23d04 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@@ -87,7 +87,8 @@ sub authenticatedRequest {
$req,
[
'importHandlerDatas', 'controlUrl',
- 'checkLogout', @{ $self->forAuthUser }
+ 'checkLogout', @{ $self->forAuthUser },
+ @{ $self->afterDatas },
]
);
}
```
I don't know if this change can cause some side effects, I've not witnessed any yet.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1448Full status for Nginx2018-06-13T04:16:09ZYaddFull status for Nginx### Summary
Nginx doesn't provide good "status" feature: status daemon isn't unique.### Summary
Nginx doesn't provide good "status" feature: status daemon isn't unique.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1452Mouse < 2.5.1 breaks ApacheMP2 handler2019-02-06T09:10:48ZPaul CurieMouse < 2.5.1 breaks ApacheMP2 handler### Concerned version
Version: 2.0.0~alpha3+20180613130533+1994+master+stretch+olab1
Platform: Apache
### Summary
After a fresh install of the lastest llng from gitlab ppa on debian 9 with apache2, when selecting test apps as user dw...### Concerned version
Version: 2.0.0~alpha3+20180613130533+1994+master+stretch+olab1
Platform: Apache
### Summary
After a fresh install of the lastest llng from gitlab ppa on debian 9 with apache2, when selecting test apps as user dwho result in the error "Error occurs on the server" (/lmerror/500)
the same happens with an ldap user.
### Logs
```
[Wed Jun 13 19:27:30.759733 2018] [perl:error] [pid 12524:tid 139842479556352] [client 192.168.56.1:36998] Can't use an undefined value as a subroutine reference at /usr/share/perl5/Lemonldap/NG/Handler/Main/Run.pm line 376.\n
[Wed Jun 13 19:27:30.889148 2018] [perl:error] [pid 12525:tid 139842298005248] [client 192.168.56.1:37004] No package name defined for metaclass at /usr/lib/x86_64-linux-gnu/perl5/5.24/Mouse/Meta/Class.pm line 269.\n, referer: http://auth.demo.local/
```
### Backends used
Files for config/sessions
backend demo & ldap tested2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1454Portal doesn't update app urls2018-06-18T16:35:46ZPaul CuriePortal doesn't update app urls### Concerned version
Version: 2.0.0~alpha3+20180614095215+2019+master+stretch+olab1
Platform: Apache
### Summary
Debian 9 / Apache2 mpm-prefork
login as ldap user, test app 2 is http://
go to manager, change test app 2 menu item u...### Concerned version
Version: 2.0.0~alpha3+20180614095215+2019+master+stretch+olab1
Platform: Apache
### Summary
Debian 9 / Apache2 mpm-prefork
login as ldap user, test app 2 is http://
go to manager, change test app 2 menu item url to https://, save, in manager the new value is here, in diff, it only show old value, no new value shown.
![Selection_155](/uploads/801e79c8f7e9771b25e83beb18bf9a92/Selection_155.png)
F5 or Ctrl+F5 on portal doesn't show new value for test app 2 url
logout/login doesn't show new value
Refresh my rights doesn't show new value
Restart apache2 service, new url is shown on portal
I can't reproduce this bug 100% of times, more like 99%, in a few cases the diff show the new value, but portal still doesn't show new url, once it did.
I tested on 1.9 with same environment/config, no need to restart apache2 to show new urls, it works 100% of times.
### Logs
llng debug log of saving the new value
```
[debug] Get session fd10b516ed150445a73bdcdebe4a70174c7dcc3241fa3aedc227bc513cb98d7b
[debug] manager.xps.local: Apply default rule
[debug] removing cookie
[debug] User fd-admin was granted to access to /manager.fcgi/confs/?cfgNum=27
[debug] User authenticated, calling handler()
[debug] Start routing confs
[notice] User fd-admin has stored conf 28
[debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[debug] Configuration 28 stored.
Get configuration from cache without verification.
[debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[Thu Jun 14 17:09:05.262461 2018] [perl:notice] [pid 17925] Request for configuration reload
[notice] Apply configuration for reload.xps.local: ok
[debug] Get session fd10b516ed150445a73bdcdebe4a70174c7dcc3241fa3aedc227bc513cb98d7b from Handler internal cache
[debug] manager.xps.local: Apply default rule
[debug] removing cookie
[debug] User fd-admin was granted to access to /manager.fcgi/confs/latest
[debug] User authenticated, calling handler()
[debug] Start routing confs
[debug] Search for cfgNum in conf
[debug] Cfgnum set to latest
[debug] Search for cfgAuthor in conf
[debug] Cfgnum set to 28
[debug] Search for cfgDate in conf
[debug] Cfgnum set to 28
[debug] Search for cfgAuthorIP in conf
[debug] Cfgnum set to 28
[debug] Search for cfgLog in conf
[debug] Cfgnum set to 28
[debug] Search for cfgVersion in conf
[debug] Cfgnum set to 28
[info] User fd-admin ask for configuration metadatas (28)
[debug] Get session fd10b516ed150445a73bdcdebe4a70174c7dcc3241fa3aedc227bc513cb98d7b from Handler internal cache
[debug] manager.xps.local: Apply default rule
[debug] removing cookie
[debug] User fd-admin was granted to access to /manager.fcgi/confs/28/portal
[debug] User authenticated, calling handler()
[debug] Start routing confs
[info] User fd-admin asks for key portal
[debug] Search for portal in conf
[debug] Cfgnum set to 28
[debug] Get session fd10b516ed150445a73bdcdebe4a70174c7dcc3241fa3aedc227bc513cb98d7b from Handler internal cache
[debug] manager.xps.local: Apply default rule
[debug] removing cookie
[debug] User fd-admin was granted to access to /manager.fcgi/confs/28/domain
[debug] User authenticated, calling handler()
[debug] Start routing confs
[info] User fd-admin asks for key domain
[debug] Search for domain in conf
[debug] Cfgnum set to 28
```
### Backends used
LDAP for auth/user/password
Files for config/sessions2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1458Local conf backend2018-06-19T19:06:59ZYaddLocal conf backend### Summary
Some admins wants to deploy configuration using lemonldap-ng.ini only. This backend just return an empty configuration.
Advanced use only !### Summary
Some admins wants to deploy configuration using lemonldap-ng.ini only. This backend just return an empty configuration.
Advanced use only !2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1460Warning in Main::Process2018-06-21T15:11:00ZClément OUDOTWarning in Main::Process```
Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/^Lemonldap::NG::Portal::Main=HASH(0x5611f4d93788)->conf->{ <-- HERE multiValuesSeparator}/ at /usr/share/perl5/Lemonldap/NG/Portal/Main/Pro...```
Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/^Lemonldap::NG::Portal::Main=HASH(0x5611f4d93788)->conf->{ <-- HERE multiValuesSeparator}/ at /usr/share/perl5/Lemonldap/NG/Portal/Main/Process.pm line 401.
```2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1461Remember Choice and other context settings before redirecting user to an exte...2018-10-17T11:02:11ZClément OUDOTRemember Choice and other context settings before redirecting user to an external serviceThis issue is a proposal to find a better way to keep the user context before redirection on an external service.
For the moment we have a lot of code in all authentications modules to add the Choice param to the redirect URL. For examp...This issue is a proposal to find a better way to keep the user context before redirection on an external service.
For the moment we have a lot of code in all authentications modules to add the Choice param to the redirect URL. For example in LinkedIn:
```perl
# Use authChoiceParam in redirect URL
if ( $req->param( $self->conf->{authChoiceParam} ) ) {
$callback_url .= ( $callback_url =~ /\?/ ? '&' : '?' );
$callback_url .= build_urlencoded( $self->conf->{authChoiceParam} =>
$req->param( $self->conf->{authChoiceParam} ) );
}
```
We have other parameters to keep before redirecting a user:
* Origin URL (if redirection on portal was done by Handler)
* Skin
I think we should have a single step in the code that will store these values in a local session and find a common way to restore them when user is back.
This can be applied at least to these authentication backends:
* CAS
* SAML
* OpenID/OpenID Connect
* Twitter
* Facebook
* LinkedIn
Using a cookie can be a good solution.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1468Enabling both Auth::SAML and Issuer::SAML breaks SLO2018-06-30T06:41:53ZYaddEnabling both Auth::SAML and Issuer::SAML breaks SLO# Version
Probably any version since 1.0.0
# Description
Just enable issuerDBSAMLActivation on SAML SP breaks SLO. (related to #1449)# Version
Probably any version since 1.0.0
# Description
Just enable issuerDBSAMLActivation on SAML SP breaks SLO. (related to #1449)2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1477SAML Common Domain Cookie2018-09-04T09:50:03ZClément OUDOTSAML Common Domain CookieThe SAML CDC feature seems not working
First, I tried to create the local CDC page (CDC writer URL), like this:
```
# vi /usr/share/lemonldap-ng/portal/htdocs/cdc.fcgi
```
```perl
#!/usr/bin/perl
use Plack::Handler::FCGI;
use Lemonldap...The SAML CDC feature seems not working
First, I tried to create the local CDC page (CDC writer URL), like this:
```
# vi /usr/share/lemonldap-ng/portal/htdocs/cdc.fcgi
```
```perl
#!/usr/bin/perl
use Plack::Handler::FCGI;
use Lemonldap::NG::Portal::CDC;
# Roll your own
my $server = Plack::Handler::FCGI->new();
$server->run( Lemonldap::NG::Portal::CDC->run( {} ) );
```
```
# chmod +x /usr/share/lemonldap-ng/portal/htdocs/cdc.fcgi
```
When accessing to https://auth.openid.club/cdc.fcgi, we have this error:
```
==> /var/log/apache2/error.log <==
[Wed Jul 18 09:21:21.548027 2018] [fcgid:warn] [pid 94631] (104)Connection reset by peer: [client 92.184.102.58:40262] mod_fcgid: error reading data from FastCGI server
[Wed Jul 18 09:21:21.548173 2018] [core:error] [pid 94631] [client 92.184.102.58:40262] End of script output before headers: cdc.fcgi
==> /var/log/apache2/other_vhosts_access.log <==
auth.openid.club:443 92.184.102.58 - - [18/Jul/2018:09:21:21 +0200] "GET /cdc.fcgi HTTP/1.1" 302 725 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
```
Then, when calling the CDC code from the Auth::SAML module, we have another error:
```
==> /var/log/apache2/error.log <==
[debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[debug] Get configuration from cache without verification.
[debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[info] No cookie found
[debug] Build URL https://auth.openid.club/
[debug] Redirect 92.184.102.58 to portal (url was /)
[debug] User not authenticated, Try in use, cancel redirection
[debug] Start routing default route
[debug] Processing restoreArgs
[debug] Processing controlUrl
[debug] Processing code ref
[debug] Processing code ref
[debug] Launching ::Issuer::SAML::storeEnv
[debug] Processing code ref
[debug] Launching ::Issuer::CAS::storeEnvAndCheckGateway
[debug] Processing code ref
[debug] Launching ::Issuer::OpenIDConnect::exportRequestParameters
[debug] Processing code ref
[debug] Launching ::Plugins::AutoSignin::check
[debug] Processing extractFormInfo
[debug] Will try to use Common Domain Cookie for IDP resolution
[Wed Jul 18 09:22:33.016415 2018] [fcgid:warn] [pid 94498] [client 92.184.102.58:40270] mod_fcgid: stderr: Can't locate object method "self_url" via package "Lemonldap::NG::Portal::Auth::SAML" at /usr/share/perl5/Lemonldap/NG/Portal/Auth/SAML.pm line 1418., referer: https://auth.openid.club/
==> /var/log/apache2/other_vhosts_access.log <==
auth.openid.club:443 92.184.102.58 - - [18/Jul/2018:09:22:33 +0200] "POST / HTTP/1.1" 500 3929 "https://auth.openid.club/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
```2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1487Get a link on totp request page to firstly register device2018-08-16T14:57:25ZJean-François VincentGet a link on totp request page to firstly register device### Summary
Get a way to register a device when usage of totp is active when the code request is displayed.
### Design proposition
A final user with a known acount in a ldap connect lemonldap for the first time
Then he fills his login...### Summary
Get a way to register a device when usage of totp is active when the code request is displayed.
### Design proposition
A final user with a known acount in a ldap connect lemonldap for the first time
Then he fills his login / password in the form,
If the credentials are correct, LemonLdap display a new form to fill the totp code.
The user clics on a link / button in the form to register his device and open the device registration page.
After registering his device, he go back to the totp code form to finish his login.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1488Be tolerant with whitespaces in ini file2018-08-12T20:33:28ZPaul CurieBe tolerant with whitespaces in ini file### Concerned version
Version: 2.0.0 beta1
Platform: Debian / Nginx 1.14
### Summary
When converting my config from files to pgsql, I can't.
### Logs
```
root@llng1-dev:~# /usr/share/lemonldap-ng/bin/convertConfig --current=/etc/le...### Concerned version
Version: 2.0.0 beta1
Platform: Debian / Nginx 1.14
### Summary
When converting my config from files to pgsql, I can't.
### Logs
```
root@llng1-dev:~# /usr/share/lemonldap-ng/bin/convertConfig --current=/etc/lemonldap-ng/old.ini --new=/etc/lemonldap-ng/lemonldap-ng.ini
Undefined subroutine &Lemonldap::NG::Common::Conf::Backends::CDBI ::prereq called at /usr/share/perl5/Lemonldap/NG/Common/Conf.pm line 409.
```
cat /etc/lemonldap-ng/old.ini
```
[all]
[configuration]
type = File
dirName = /var/lib/lemonldap-ng/conf
```
cat /etc/lemonldap-ng/lemonldap-ng.ini
```
type = CDBI
dbiChain = DBI:Pg:database=lemonldap;host=localhost
dbiUser = lemonldap
dbiPassword = password
dbiTable = lmconfig
;type=File
;dirName = /var/lib/lemonldap-ng/conf
```
psql is ok :
```
root@llng1-dev:~# psql -h localhost -d lemonldap -U lemonldap -W
Mot de passe pour l'utilisateur lemonldap :
psql (9.6.10)
Connexion SSL (protocole : TLSv1.2, chiffrement : ECDHE-RSA-AES256-GCM-SHA384, bits : 256, compression : désactivé)
Saisissez « help » pour l'aide.
lemonldap=> \q
```
### Backends used
Files/PGSQL
Thanks2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1490Be able to use DBD::MariaDB2018-11-26T13:22:13ZYaddBe able to use DBD::MariaDBDBD::MariaDB is a fork of DBD::mysql that manages better UTF-8. We must accept this DBD driver:
* in Apache::Session::Browseable
* in CDBI/RDBI
* in Lemonldap::NG::Common::Apache::SessionDBD::MariaDB is a fork of DBD::mysql that manages better UTF-8. We must accept this DBD driver:
* in Apache::Session::Browseable
* in CDBI/RDBI
* in Lemonldap::NG::Common::Apache::Session2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1492MongoDB session and configuration backend2018-08-24T04:45:53ZMathieu Lecompte-melançonMongoDB session and configuration backendAs we work well on from more then 1 month without any issue let me share with you, our MongoDB configuration that allow us to make an security update on every server without downtime and minimal impact...
So the main idea, is to keep ou...As we work well on from more then 1 month without any issue let me share with you, our MongoDB configuration that allow us to make an security update on every server without downtime and minimal impact...
So the main idea, is to keep our server(Nginx(LLNG) and MongoDB) up to date. We will skip the NGINX way that simply a VIP in conjunction of small app like HeartBeat. Concerning the MongoDB side, we have a ReplicaSet MongoDB Cluster (ex: 3 servers)
For configuration
````
type = MongoDB
dbName = llConfDB
collectionName = configuration
host = mongodb://lemonldap_1.test.com:27017,lemonldap_2.test.com:27017,lemonldap_3.test.com:27017
; authentication parameters
db_name = llConfDB
username = llng
password = ***Password***
connect_timeout_ms=3000
read_pref_mode = primaryPreferred
replica_set_name = rs0
w = 1
wtimeout = 3000
````
And for the session:
````
globalStorage = Apache::Session::MongoDB
globalStorageOptions = { 'collection' => 'sessions', 'connect_timeout' => '10000', 'db_name' => 'llConfDB', 'host' => 'mongodb://lemonldap_1.test.com:27017,lemonldap_2.test.com:27017,lemonldap_3.test.com:27017', 'ssl' => '0', 'dbName' => 'llConfDB', 'username' => 'llng', 'password' => '***Password***', 'connect_timeout_ms' => '3000', 'read_pref_mode' => 'primaryPreferred', 'replica_set_name' => 'rs0', 'w' => '1', 'wtimeout' => '3000' }
````
So with that configuration, we could lost or update any server at anytime without downtime...
We have a small impact when the master change on MongoServer, we got an error, 1 time, on every LLNG thread. Not sure if is a LLNG issue or in perl driver issue. But in term of HA it's totally acceptable...
Also it's appear the defaut version provided by RedHAt/Centos repo is 2 year old and some bug could crash LLNG after some week of intense usage... Be sure to run on a more up to date version like 2.0.1
At least a version over the 1.8.1 that solve this issue
> v1.8.1 2018-01-17 10:44:22-05:00 America/New_York
> [Bug fixes]
> - PERL-770 Repeated find_one queries sometime result in
MongoDB::ProtocolError on short network reads.
````
cpanm MongoDB
````
So can you add the minimum driver version requirement and also a sample of mongoDB replicaset user in docs
https://lemonldap-ng.org/documentation/2.0/mongodbsessionbackend2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1496Server error when LL::NG can't connect to LDAP directory2020-12-07T15:25:04ZClément OUDOTServer error when LL::NG can't connect to LDAP directoryWhen configuring LDAP authentication and LDAP server is not available, instead of an error on the portal, we get a 500 server error:
```
ep 3 18:11:28 cchum-epcc-refid-llng1-dev LLNG[11870]: Process 11870 calls jailInit
Sep 3 18:11:28 ...When configuring LDAP authentication and LDAP server is not available, instead of an error on the portal, we get a 500 server error:
```
ep 3 18:11:28 cchum-epcc-refid-llng1-dev LLNG[11870]: Process 11870 calls jailInit
Sep 3 18:11:28 cchum-epcc-refid-llng1-dev LLNG[11870]: Process 11870 calls portalInit
Sep 3 18:11:28 cchum-epcc-refid-llng1-dev LLNG[11870]: Process 11870 calls locationRulesInit
Sep 3 18:11:28 cchum-epcc-refid-llng1-dev LLNG[11870]: Process 11870 calls sessionStorageInit
Sep 3 18:11:28 cchum-epcc-refid-llng1-dev LLNG[11870]: Process 11870 calls headersInit
Sep 3 18:11:28 cchum-epcc-refid-llng1-dev LLNG[11870]: Process 11870 calls postUrlInit
Sep 3 18:11:28 cchum-epcc-refid-llng1-dev LLNG[11870]: Process 11870 calls aliasInit
Sep 3 18:11:28 cchum-epcc-refid-llng1-dev LLNG[11870]: Lemonldap::NG::Handler::Server::Main: configuration is up to date
Sep 3 18:11:28 cchum-epcc-refid-llng1-dev llng-fastcgi-server[11870]: FastCGI daemon started (pid 11872)
Sep 3 18:11:28 cchum-epcc-refid-llng1-dev systemd[1]: Started FastCGI server for Lemonldap::NG websso system.
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Module Lemonldap::NG::Portal::Main::Menu loaded
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Plugin ::Main::Menu initializated
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Module Lemonldap::NG::Portal::Auth::LDAP loaded
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Module Lemonldap::NG::Portal::Lib::OneTimeToken loaded
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Connection refused
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: LDAP error:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring unauth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add POST route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add PUT route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add DELETE route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring auth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add POST route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add PUT route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add DELETE route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring unauth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Route "*" redefined
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring unauth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add POST route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Route "*" redefined
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring auth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Route "*" redefined
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring auth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add POST route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Route "*" redefined
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring unauth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route psgi.js added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring auth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route psgi.js added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring unauth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route portal.css added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring auth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route portal.css added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring unauth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route : added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring auth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route : added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring unauth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route ping added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring auth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route ping added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring auth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route refresh added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring auth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route logout added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: User not authenticated, Try in use, cancel redirection
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Start routing default route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Processing controlUrl
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Processing extractFormInfo
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Returned error: 24
```2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1497Move "afterData" entry point before "buildCookie" and add "endAuth" entrypoint2018-09-05T13:43:59ZYaddMove "afterData" entry point before "buildCookie" and add "endAuth" entrypointNeeds also to modify notificationsNeeds also to modify notifications2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1500Possibility to override parameters in Choice modules2019-10-01T12:50:31ZAnthony ROUSSELPossibility to override parameters in Choice modules### Concerned version
Version: 1.9.17
Platform: Apache2,
### Summary
Hello
we want to try authentication choice with severals LDAP servers :
1. Active Directory for our internal users
2. OpenLDAP for "partner's users"
In managerUi,...### Concerned version
Version: 1.9.17
Platform: Apache2,
### Summary
Hello
we want to try authentication choice with severals LDAP servers :
1. Active Directory for our internal users
2. OpenLDAP for "partner's users"
In managerUi, when choosing Authmodule,usermodule,pwdmodule == Authentication Choice, I then specify "allowed modules":
- AuthAD / Active Directory / Active Directory / Active Directory / noUrl / noCondition
- AuthLDAP / LDAP / LDAP / LDAP / noUrl / noCondition
but I can only specify One LDAP configuration in "LDAP Parameters".
Am i doing it wrong or is this a "display bug" ?
I guess the problem would be the same with multiple LDAP
### Backends used
FileConf2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1504Upgrade to bootstrap 42018-11-24T11:22:33ZClément OUDOTUpgrade to bootstrap 4See http://upgrade-bootstrap.bootply.com/See http://upgrade-bootstrap.bootply.com/2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1513SAML replay protection is not replaying authentication2018-10-28T12:27:08ZClément OUDOTSAML replay protection is not replaying authenticationAs SAML SP, when we check replay protection, we should replay authentication if the check fails:
```
unless ( $self->replayProtection($assertion_responded) ) {
# Assertion was already consumed or is e...As SAML SP, when we check replay protection, we should replay authentication if the check fails:
```
unless ( $self->replayProtection($assertion_responded) ) {
# Assertion was already consumed or is expired
# Force authentication replay
$self->userLogger->error(
"Message $assertion_responded already used or expired, replay authentication"
);
delete $req->{urldc};
$req->mustRedirect(1);
$req->steps( [] );
return PE_OK;
}
```
But at this moment we did not set $req->user so we end with this error in Portal/Main/Process.pm
```
sub extractFormInfo {
my ( $self, $req ) = @_;
return PE_ERROR unless ( $self->_authentication );
my $ret = $self->_authentication->extractFormInfo($req);
if ( $ret == PE_OK and not( $req->user or $req->continue ) ) {
$self->logger->error(
'Authentication module succeed but has not set $req->user');
return PE_ERROR;
}
```
Should we not set "$req->continue" in our SAML code?2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1517Password backend not called with Choice2018-11-19T17:40:07ZClément OUDOTPassword backend not called with ChoiceI have a Choice configuration with LDAP/LDAP/LDAP configuration, but when trying to modify password, the LDAP directory is not called at all.
Here are the logs:
```
==> /var/log/apache2/error.log <==
[debug] Check configuration for Lemo...I have a Choice configuration with LDAP/LDAP/LDAP configuration, but when trying to modify password, the LDAP directory is not called at all.
Here are the logs:
```
==> /var/log/apache2/error.log <==
[debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[debug] Get configuration from cache without verification.
[debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[debug] Get session 0e7d87c9809be37657096372bd2af908
[debug] removing cookie
[debug] User coudot was granted to access to /
[debug] Start routing default route
[debug] Processing importHandlerData
[debug] Processing restoreArgs
[debug] Processing controlUrl
[debug] Processing checkLogout
[debug] Processing code ref
[debug] Launching ::Auth::Choice::_forAuthUser
[debug] Processing code ref
[debug] Launching ::UserDB::Choice::_forAuthUser
[debug] Processing code ref
[debug] Launching ::Password::Choice::_modifyPassword
[debug] Choice 2LDAP selected
[debug] Choice 2LDAP selected from pdata
[debug] Bad old password
[debug] Unbind and disconnect from ldap://localhost
[debug] Returned error: 39
[debug] Skin returned: error
[debug] Calling sendHtml with template error
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/error.tpl
[debug] Skin bootstrap selected from GET/POST parameter
[debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/error.tpl
[debug] Apply following CSP : form-action 'self';frame-ancestors 'none';
2.0.0YaddYadd