lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2018-06-19T08:24:07Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1247Support RSA SHA256 signature in SAML2018-06-19T08:24:07ZClément OUDOTSupport RSA SHA256 signature in SAMLWe use by default SHA1 signatures. We should use instead SHA256 but this should be a configuration for each provider.
See this thread on Lasso mailing list: http://listes.entrouvert.com/arc/lasso/2017-06/msg00000.htmlWe use by default SHA1 signatures. We should use instead SHA256 but this should be a configuration for each provider.
See this thread on Lasso mailing list: http://listes.entrouvert.com/arc/lasso/2017-06/msg00000.html2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1322Get user attributes in Auth module for external authentication2018-06-23T06:33:23ZClément OUDOTGet user attributes in Auth module for external authenticationWhen we use social login (Twitter/FB/LinkedIn/...), we need to get user attributes at authentication phase, to be able to map one of these to UserDB backend.
This is already done for LinkedIn, and must be generalized to other modules.When we use social login (Twitter/FB/LinkedIn/...), we need to get user attributes at authentication phase, to be able to map one of these to UserDB backend.
This is already done for LinkedIn, and must be generalized to other modules.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1388Auto-generation of parameters list in doc2018-03-13T17:48:49ZYaddAuto-generation of parameters list in docManager::Build::Attributes contains a "documentation" field for each parameter. It could be interesting to generate https://lemonldap-ng.org/documentation/2.0/parameterlist from itManager::Build::Attributes contains a "documentation" field for each parameter. It could be interesting to generate https://lemonldap-ng.org/documentation/2.0/parameterlist from it2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1400CLUSTER - Status page who check the working state of LLNG2018-05-17T04:31:32ZMathieu Lecompte-melançonCLUSTER - Status page who check the working state of LLNG### Summary
The idea is to tell Keepalived service that LLNG not working fine.
(EX: memory issue, or mongodb issue have generate an error 500) but nginx not fail-back even if there something wrong...
The idea is to add a HTTP_GET health...### Summary
The idea is to tell Keepalived service that LLNG not working fine.
(EX: memory issue, or mongodb issue have generate an error 500) but nginx not fail-back even if there something wrong...
The idea is to add a HTTP_GET healthcheck to told keepalived service to force a fail-over on the backup-node. That easy to do.
But to get it working on LLNG side we need a status page who will try to authenticate an (defined test user) and return a result like: Everthing seem to work! if not, another message. It's more like an unit test page who call on demand (every 30 seconde by keepalived service)
### Design proposition
auth.exemple.com/check_state
return a simple HTML page with the result.
Note: the result should not change between version to avoid failover when upgrade to a new version.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1418Sentry Logger (experimental)2018-05-26T01:36:41ZDave ConroySentry Logger (experimental)### Summary
Add Sentry Logging Capability to the core of LLNG
### Design proposition
Sentry is an open source exception tracker located at https://sentry.io that is useful for trapping errors or exceptions for a team as opposed to sif...### Summary
Add Sentry Logging Capability to the core of LLNG
### Design proposition
Sentry is an open source exception tracker located at https://sentry.io that is useful for trapping errors or exceptions for a team as opposed to sifting through logs. We've found it to be very useful on some production sites, and I was wondering the possibility of integrating the Perl Module into LLNG.
https://docs.sentry.io/clients/perl/2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1137Avoid using inline Javascript and CSS2018-05-18T05:17:09ZMathieu ParentAvoid using inline Javascript and CSSThis is #1125, cont.
To further protect the manager, inline JS and CSS should be removed.This is #1125, cont.
To further protect the manager, inline JS and CSS should be removed.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1140Add CSRF protection to login and password change forms2018-05-18T05:17:09ZMathieu ParentAdd CSRF protection to login and password change formsPlease add a token based CSRF protection to login form and password change forms (and maybe others).
Best practices requires that the token is linked to the form+session (and not usable on another form).Please add a token based CSRF protection to login form and password change forms (and maybe others).
Best practices requires that the token is linked to the form+session (and not usable on another form).2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/354Session Explorer: possibility to order sessions by date2018-05-18T05:17:19ZEmmanuel LesouefSession Explorer: possibility to order sessions by dateIs it possible to add in the session explorer, the possibility to order sessions by date and "not only" by IP, double IP, and users ?
Thanks very much.Is it possible to add in the session explorer, the possibility to order sessions by date and "not only" by IP, double IP, and users ?
Thanks very much.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/587Selecting language while connecting to LemonLDAP2018-05-18T05:17:31ZIheb KhemissiSelecting language while connecting to LemonLDAPHi,
First of all, thank you for your hard work.
During our migration process to LemonLDAP (while creating a new skin) I have encountered a problem concerning the ability to select a language (instead of the browser's language sent in t...Hi,
First of all, thank you for your hard work.
During our migration process to LemonLDAP (while creating a new skin) I have encountered a problem concerning the ability to select a language (instead of the browser's language sent in the HTTP header "Accept Languague").
Currently, during the connexion process, my app's users can select which language to choose regardless of the browser's language (which is used by default if the user hasn't choosen a diffrent one). Users can also specify a language in the query string (i.e. http://example.com?lang=fr).
So is there any way to do this with LemonLDAP's skins ? basically, what I want to do is to add some flags in the login page and if the user clicks the flag, I respond with the page translated in the selected language and I continue using the selected language.
I have thought of some solutions (but none of them is appealing enough) :
1) Updating the "Accept-Language" header by adding the value of the LANG param (extracted from the QUERY-STRING) using a lemonldap's custom function.
2) Updating the "Accept-Language" header or the environment variable "HTTP_ACCEPT_LANGUAGE" using a LL::NG Handler
3) Updating the "Accept-Language" header by prepending the value of the LANG param (extracted from the QUERY-STRING and transformed to correct format) using Apache's mods --> I don't know how to preprend the param's value to the header.
4) Creating a patch to the "extract_lang" method to accept other entries.
Should I use one of them or is there a better method ?
Thank you very much (and sorry for the lengthy mail),
Best regards,
Iheb2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/595Portal powered by FastCGI (using Plack)2018-12-21T10:26:30ZYaddPortal powered by FastCGI (using Plack)For performances _(and many bugs with ModPerl::Registry / Apache-2.4)_, all CGI are replaced by FastCGI using [Plack|https://metacpan.org/pod/Plack] like Manager-1.9. This allows also a better Nginx integration.For performances _(and many bugs with ModPerl::Registry / Apache-2.4)_, all CGI are replaced by FastCGI using [Plack|https://metacpan.org/pod/Plack] like Manager-1.9. This allows also a better Nginx integration.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/651Common::CGI::abort should return 500 as HTTP status code2018-05-18T05:17:34ZJean-Charles RogezCommon::CGI::abort should return 500 as HTTP status codeWhen an error occurs, LemonLDAP return a 200 status code instead of a 500 code.
This prevents load balancers to remove the defect services from their pools.
Patch attached.When an error occurs, LemonLDAP return a 200 status code instead of a 500 code.
This prevents load balancers to remove the defect services from their pools.
Patch attached.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/673Split conf/session/flags management from the Portal $self object2018-05-18T05:17:35ZClément OUDOTSplit conf/session/flags management from the Portal $self objectFor now, the Portal $self object is very big and carry all data (configuration, sessions, etc.). We have to split it.For now, the Portal $self object is very big and carry all data (configuration, sessions, etc.). We have to split it.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/713Request management to handle sessions2018-05-18T05:17:37ZFX DeltombeRequest management to handle sessionsCreating a session causes four request to session backend (at least for SQL session backend, but I guess it behave the same with any backend), one insert request and three update,
* the first one to add "_session_kind" => "SSO",
* the se...Creating a session causes four request to session backend (at least for SQL session backend, but I guess it behave the same with any backend), one insert request and three update,
* the first one to add "_session_kind" => "SSO",
* the second one to add session data
* the third one to add "updateTime" and "_issuerDB"
Till version 1.3, it was done with two requests, one insert and one update. And it could be done with one single request.
As same, logout causes three select requests to read user session, whereas a single request is enough.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/803AuthSSL : Ability to choose SSLvar or UserDB depending of the CA2018-05-18T05:17:41ZYaddAuthSSL : Ability to choose SSLvar or UserDB depending of the CAWhen using AuthSSL with multiple AC, it could be interesting to be able to choose UserDB backend (or simply SSLvar) depending on the CA that signed the user certificate.When using AuthSSL with multiple AC, it could be interesting to be able to choose UserDB backend (or simply SSLvar) depending on the CA that signed the user certificate.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/868Replace XML format by JSON for notifications2018-05-18T05:17:44ZYaddReplace XML format by JSON for notificationsUsing XML provides no benefit but consumes memory and cpu on the server sideUsing XML provides no benefit but consumes memory and cpu on the server side2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1033Translate mail subject - forgotten password2018-05-19T19:41:37ZJulian LayenTranslate mail subject - forgotten passwordHello,
I need to translate the mails about " forgotten password " in the manager unfortunately it is not possible to translate mail subjet in multiple languages. How I can do to change the subject for each language ?
I modified the fol...Hello,
I need to translate the mails about " forgotten password " in the manager unfortunately it is not possible to translate mail subjet in multiple languages. How I can do to change the subject for each language ?
I modified the following file to change the subject but it does not work well :
/usr/share/perl5/Lemonldap/NG/Portal/MailReset.pm
line 310 :
# TEST
# my $subject = $self->{mailConfirmSubject};
my $subject;
my $a = substr($ENV{HTTP_ACCEPT_LANGUAGE}, 0, 2);
if ( $a == "fr" ) {
$subject = "Espace PRO Zodiac : Demande de re-initialisation de mot de passe";
}
if ( $a == "en" ) {
$subject = "Zodiac Espace PRO : password modification request";
}
if ( $a ==" it" ) {
$subject = "Zodiac Area PRO: modifica della password richiesta";
}
if ( $a == "pt" ) {
$subject = "Espaço PRO Zodiac : pedido de alteração da contra-senha";
}
if ( $a =="es" ) {
$subject = "Zodiac Espacio PRO : solicitud de modificación de contraseña";
}
if ( $a == "nl" ) {
$subject = "Zodiac Espace PRO : Boekingsverzoek reset van het wachtwoord";
}
if ( $a == "de" ) {
$subject = "Zodiac Händlerbereich: Anfrage zur Passwortänderung";
}
$subject .= $a;
# TEST
2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1044Adapt FastCGI server to be able to use an event Plack engine2018-05-19T19:41:37ZYaddAdapt FastCGI server to be able to use an event Plack engineThe only thing to do seems to replace $_v handler variable by a $req property (to avoid confusing users), but it seems to be a little bit hard to do...The only thing to do seems to replace $_v handler variable by a $req property (to avoid confusing users), but it seems to be a little bit hard to do...2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1065Provide SSL options for AuthBasic2018-05-19T19:41:39ZJeremy KespiteProvide SSL options for AuthBasicRecent versions of libwww-perl, always verify SSL certificate.
If the portal uses https, AuthBasic is not working unless you provide certificate information
Previously, this was handled by
PerlSetEnv PERL_LWP_SSL_VERIFY_HOSTNAME 0
in a...Recent versions of libwww-perl, always verify SSL certificate.
If the portal uses https, AuthBasic is not working unless you provide certificate information
Previously, this was handled by
PerlSetEnv PERL_LWP_SSL_VERIFY_HOSTNAME 0
in a conf.d of apache
Now, this is not enough.
So could you provide soap option in Manager to specify the need to check ssl certificate?
Is no, the solution is to create a SOAP object with:
```
$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;
my $soapClient =
SOAP::Lite->proxy( $tsv->{portal}->(), default_headers => $soapHeaders, "ssl_opts" => [ SSL_verify_mode => 0 ] )
```
2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1118Manage unicode in session and configuration backends2018-05-19T19:41:41ZClément OUDOTManage unicode in session and configuration backendsWe need to have a clean solution in order to have unicode in our backends, without needed to convert encoding in our code.
For backends that are not compatible with UTF-8, an ASCII conversion must be done.We need to have a clean solution in order to have unicode in our backends, without needed to convert encoding in our code.
For backends that are not compatible with UTF-8, an ASCII conversion must be done.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1133Translation system for mails2018-05-19T19:41:42ZYaddTranslation system for mails2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1160Reorganize handler architecture2018-05-19T19:41:43ZYaddReorganize handler architectureHandler will be reorganized so:
* Only few base packages corresponding to platform : Apache, Nginx and other PSGI
* New "vhostType" option permits to choose in the manager between:
** Main
** AuthBasic
** ZimbraPreAuth
** ...
* Each bas...Handler will be reorganized so:
* Only few base packages corresponding to platform : Apache, Nginx and other PSGI
* New "vhostType" option permits to choose in the manager between:
** Main
** AuthBasic
** ZimbraPreAuth
** ...
* Each base package has its directory to store supported types (ApacheMP2/AuthBasic.pm for example)
* Type can be overloaded by an environment variable (to be able to change type in a Location): PerlSetVar for Apache, fastcgi_param for Nginx
Example:
* ApacheMP2 has just handler() method
* it looks at type and launch ApacheMP2::<Type>
* all ApacheMP2::<Type> inherits from ApacheMP2::Main and Lib::<Type>
* of course ApacheMP2::Main inherits from Main.pm2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1173Performance: minimize Apache::Session access2018-05-19T19:41:44ZYaddPerformance: minimize Apache::Session accessLemonldap::NG::Common::Session always untie %data. So getApacheSession() + session->update($info) ties 2 times %data.
This issue will give possibility to directly attach and update %data in getApacheSession().Lemonldap::NG::Common::Session always untie %data. So getApacheSession() + session->update($info) ties 2 times %data.
This issue will give possibility to directly attach and update %data in getApacheSession().2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1181Make Debian packages autopkgtestable2018-05-19T19:41:44ZClément OUDOTMake Debian packages autopkgtestableWork done on 1.9 in #1086
Needs to be adapted for 2.0Work done on 1.9 in #1086
Needs to be adapted for 2.02.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1183Rewrite CAS authentication module2018-05-19T19:41:44ZClément OUDOTRewrite CAS authentication moduleThe Perl-CAS module does not provide enough features (can't read attributes, use a local file to manager proxy tickets), we need to rewrite CAS client code and create a CAS UserDB module.The Perl-CAS module does not provide enough features (can't read attributes, use a local file to manager proxy tickets), we need to rewrite CAS client code and create a CAS UserDB module.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1201IPv6 support2018-05-19T19:41:45ZYaddIPv6 supportAdd some IPv6 support :
* in Safelib:
** *{{isInNet6($ipAddr, '2134::/16')}}*: return true if $ipAddr is in 2134::/16 network
* for Session Explorer:
** *{{isIpv6($ipAddr)}}*: check if $ipAddr is a IPv6 address
** some features to displa...Add some IPv6 support :
* in Safelib:
** *{{isInNet6($ipAddr, '2134::/16')}}*: return true if $ipAddr is in 2134::/16 network
* for Session Explorer:
** *{{isIpv6($ipAddr)}}*: check if $ipAddr is a IPv6 address
** some features to display IPv6 addresses2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1220Vietnamese translation2018-05-19T19:41:46ZYaddVietnamese translationVietnamese translation started on https://www.transifex.com/lemonldapng/lemonldapng/dashboard/Vietnamese translation started on https://www.transifex.com/lemonldapng/lemonldapng/dashboard/2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1222Arabic translation2018-05-19T19:41:47ZYaddArabic translationArabic translation started on https://www.transifex.com/lemonldapng/lemonldapng/dashboard/Arabic translation started on https://www.transifex.com/lemonldapng/lemonldapng/dashboard/2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1232Italian translation2018-05-19T19:41:47ZYaddItalian translationItalian translation (by Paola Penati).Italian translation (by Paola Penati).2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1267Allow custom regexp for vhost display2018-05-19T19:41:49ZMathieu ParentAllow custom regexp for vhost displayCurrently "Display application" has 3 possibilities : yes/no/auto (auto means use location rules).
We need a fourth possibility to have an application visible in the portal to a group while being accessible by a more broad group.
P...Currently "Display application" has 3 possibilities : yes/no/auto (auto means use location rules).
We need a fourth possibility to have an application visible in the portal to a group while being accessible by a more broad group.
Proposal : accept an expression like in location rules.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1302Move all HTML fragments into templates2018-05-19T19:41:51ZYaddMove all HTML fragments into templatesThe following files generate HTML fragment inside Perl code. The idea is to move HTML strings into template files.
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
* l...The following files generate HTML fragment inside Perl code. The idea is to move HTML strings into template files.
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Menu.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenID.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/History.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SingleSession.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenID/SREG.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1317Wildcard in virtualhost names2020-02-20T16:21:59ZFrédéric MASSOTWildcard in virtualhost namesHi,
The DNS zone and Apache with the vhost_alias module and the VirtualDocumentRoot directive handle addresses with a wildcard like: *.projects.domain.com
In Apache you can configure a virtual host with:
ServerAlias *.projects.dom...Hi,
The DNS zone and Apache with the vhost_alias module and the VirtualDocumentRoot directive handle addresses with a wildcard like: *.projects.domain.com
In Apache you can configure a virtual host with:
ServerAlias *.projects.domain.com
VirtualDocumentRoot "/var/www/projects/%1"
Unfortunately we can not protect these addresses with LemonLDAP, if we add an address with a wildcard in the manager we have the error:
exportedHeaders/*.projects.domain.com: Bad hostname
locationRules/*.projects.domain.com: Bad hostname
Can you add support for wildcard addresses in LemonLDAP, please?
Regards.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1427Alternative FastCGI-Client handler for Apache22018-05-22T16:44:40ZYaddAlternative FastCGI-Client handler for Apache2### Summary
Propose an alternative handler to be used to query a LLNG FastCGI server. It will permit to insert an Apache in a [LLNG SSOaaS infrastructure](https://lemonldap-ng.org/documentation/2.0/ssoaas)### Summary
Propose an alternative handler to be used to query a LLNG FastCGI server. It will permit to insert an Apache in a [LLNG SSOaaS infrastructure](https://lemonldap-ng.org/documentation/2.0/ssoaas)2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1428Provide better logs with Nginx2018-05-22T16:41:12ZYaddProvide better logs with Nginx### Summary
In 1.9.*, Nginx doesn't log user id in access.log for LLNG applications (portal and manager). This is fixed in %"2.0.0" (commit 5493626)### Summary
In 1.9.*, Nginx doesn't log user id in access.log for LLNG applications (portal and manager). This is fixed in %"2.0.0" (commit 5493626)2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1429Use cached configuration when configuration database isn't available2018-05-25T12:47:22ZYaddUse cached configuration when configuration database isn't available### Summary
LLNG caches configuration. If configuration backend isn't available, all LLNG services fails. The goal of this feature is to start LLNG with cached configuration. Of course an error has to be displayed.### Summary
LLNG caches configuration. If configuration backend isn't available, all LLNG services fails. The goal of this feature is to start LLNG with cached configuration. Of course an error has to be displayed.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1442Last logins not shown when second factors are enabled2018-06-13T21:12:12ZChristophe Maudouxchrmdx@gmail.comLast logins not shown when second factors are enabled### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
### Summary
I checked the "Check my last logins" box at portal authentication form.
I entered my TOTP and wasn't redirect to last logins page.
### Possible fixes...### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
### Summary
I checked the "Check my last logins" box at portal authentication form.
I entered my TOTP and wasn't redirect to last logins page.
### Possible fixes
Modify redirect rule2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1443Hide countdown block when stopped2018-06-07T18:56:14ZChristophe Maudouxchrmdx@gmail.comHide countdown block when stopped### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
### Summary
Hide the countdown block when "wait" button is clicked.
Take a look at screenshot in attachment
![last_logins](/uploads/f2694ecdc4291d356192d098ace2f...### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
### Summary
Hide the countdown block when "wait" button is clicked.
Take a look at screenshot in attachment
![last_logins](/uploads/f2694ecdc4291d356192d098ace2f049/last_logins.png)
### Possible fixes
Modify page js script2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1445Let's stop french manager doc translation2018-06-25T11:45:22ZYaddLet's stop french manager doc translationHi all,
I think we should stop french doc translation:
1. it needs a lot of job and we have no time to do it *(less than 30% translated today…)*
2. this doc isn't online
3. administrators of this type of software are used to reading Engl...Hi all,
I think we should stop french doc translation:
1. it needs a lot of job and we have no time to do it *(less than 30% translated today…)*
2. this doc isn't online
3. administrators of this type of software are used to reading English documentation
4. OmegaT isn't easy to use
5. I haven't found better software to translate plain HTML
@clement\_oudot, @maudoux : Please send your advice below2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1448Full status for Nginx2018-06-13T04:16:09ZYaddFull status for Nginx### Summary
Nginx doesn't provide good "status" feature: status daemon isn't unique.### Summary
Nginx doesn't provide good "status" feature: status daemon isn't unique.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1461Remember Choice and other context settings before redirecting user to an exte...2018-10-17T11:02:11ZClément OUDOTRemember Choice and other context settings before redirecting user to an external serviceThis issue is a proposal to find a better way to keep the user context before redirection on an external service.
For the moment we have a lot of code in all authentications modules to add the Choice param to the redirect URL. For examp...This issue is a proposal to find a better way to keep the user context before redirection on an external service.
For the moment we have a lot of code in all authentications modules to add the Choice param to the redirect URL. For example in LinkedIn:
```perl
# Use authChoiceParam in redirect URL
if ( $req->param( $self->conf->{authChoiceParam} ) ) {
$callback_url .= ( $callback_url =~ /\?/ ? '&' : '?' );
$callback_url .= build_urlencoded( $self->conf->{authChoiceParam} =>
$req->param( $self->conf->{authChoiceParam} ) );
}
```
We have other parameters to keep before redirecting a user:
* Origin URL (if redirection on portal was done by Handler)
* Skin
I think we should have a single step in the code that will store these values in a local session and find a common way to restore them when user is back.
This can be applied at least to these authentication backends:
* CAS
* SAML
* OpenID/OpenID Connect
* Twitter
* Facebook
* LinkedIn
Using a cookie can be a good solution.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1473Complex nodes not well displayed in manager2018-07-09T21:20:11ZChristophe Maudouxchrmdx@gmail.comComplex nodes not well displayed in manager### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
### Summary
Complex nodes are not well displayed in manager when editing conf.
An error is thrown by JS when nodes are multivalued
### Logs
See screen shot in at...### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
### Summary
Complex nodes are not well displayed in manager when editing conf.
An error is thrown by JS when nodes are multivalued
### Logs
See screen shot in attachment
### Same issues
Security, REST2F and SMTP sub trees
![complex_node](/uploads/2d5a803af04b6aa98288a7a7174440f6/complex_node.png)2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1488Be tolerant with whitespaces in ini file2018-08-12T20:33:28ZPaul CurieBe tolerant with whitespaces in ini file### Concerned version
Version: 2.0.0 beta1
Platform: Debian / Nginx 1.14
### Summary
When converting my config from files to pgsql, I can't.
### Logs
```
root@llng1-dev:~# /usr/share/lemonldap-ng/bin/convertConfig --current=/etc/le...### Concerned version
Version: 2.0.0 beta1
Platform: Debian / Nginx 1.14
### Summary
When converting my config from files to pgsql, I can't.
### Logs
```
root@llng1-dev:~# /usr/share/lemonldap-ng/bin/convertConfig --current=/etc/lemonldap-ng/old.ini --new=/etc/lemonldap-ng/lemonldap-ng.ini
Undefined subroutine &Lemonldap::NG::Common::Conf::Backends::CDBI ::prereq called at /usr/share/perl5/Lemonldap/NG/Common/Conf.pm line 409.
```
cat /etc/lemonldap-ng/old.ini
```
[all]
[configuration]
type = File
dirName = /var/lib/lemonldap-ng/conf
```
cat /etc/lemonldap-ng/lemonldap-ng.ini
```
type = CDBI
dbiChain = DBI:Pg:database=lemonldap;host=localhost
dbiUser = lemonldap
dbiPassword = password
dbiTable = lmconfig
;type=File
;dirName = /var/lib/lemonldap-ng/conf
```
psql is ok :
```
root@llng1-dev:~# psql -h localhost -d lemonldap -U lemonldap -W
Mot de passe pour l'utilisateur lemonldap :
psql (9.6.10)
Connexion SSL (protocole : TLSv1.2, chiffrement : ECDHE-RSA-AES256-GCM-SHA384, bits : 256, compression : désactivé)
Saisissez « help » pour l'aide.
lemonldap=> \q
```
### Backends used
Files/PGSQL
Thanks2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1490Be able to use DBD::MariaDB2018-11-26T13:22:13ZYaddBe able to use DBD::MariaDBDBD::MariaDB is a fork of DBD::mysql that manages better UTF-8. We must accept this DBD driver:
* in Apache::Session::Browseable
* in CDBI/RDBI
* in Lemonldap::NG::Common::Apache::SessionDBD::MariaDB is a fork of DBD::mysql that manages better UTF-8. We must accept this DBD driver:
* in Apache::Session::Browseable
* in CDBI/RDBI
* in Lemonldap::NG::Common::Apache::Session2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1499CSP prevents to submit OIDC consents form2018-10-30T19:33:07ZChristophe Maudouxchrmdx@gmail.comCSP prevents to submit OIDC consents form### Concerned version
Version: 2.0
Platform: Nginx
### Summary
CSP prevents OIDC consents to be accepted ou refused
### Logs
Calling sendHtml with template confirm
Starting HTML generation using /usr/share/lemonldap-ng/portal/temp...### Concerned version
Version: 2.0
Platform: Nginx
### Summary
CSP prevents OIDC consents to be accepted ou refused
### Logs
Calling sendHtml with template confirm
Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/confirm.tpl
Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/confirm.tpl
Apply following CSP : default-src *;img-src *;style-src *;font-src *;connect-src *;form-action 'self';frame-ancestors 'none';
Start routing oauth22.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1501Improve Login history module2018-11-06T20:35:05ZChristophe Maudouxchrmdx@gmail.comImprove Login history module### Concerned version
Version: 2.0
Platform: Apache
### Summary
Minor fixes todo
### Concerned version
Version: 2.0
Platform: Apache
### Summary
Minor fixes todo
2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1504Upgrade to bootstrap 42018-11-24T11:22:33ZClément OUDOTUpgrade to bootstrap 4See http://upgrade-bootstrap.bootply.com/See http://upgrade-bootstrap.bootply.com/2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1515Possibility to configure main logo on portal page2018-11-03T22:01:36ZClément OUDOTPossibility to configure main logo on portal page### Summary
We have a parameter for portal background, we could also have a parameter for the main logo, so it would be easier to adapt the default bootstrap skin.### Summary
We have a parameter for portal background, we could also have a parameter for the main logo, so it would be easier to adapt the default bootstrap skin.2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1522Notifications with checkbox does not work2018-10-16T20:09:22ZChristophe Maudouxchrmdx@gmail.comNotifications with checkbox does not work### Concerned version
Version: 2.0
Platform: Apache
### Summary
If I submit the form twice without ticking the checbox, session is always granted.
Notification is not deleted
### Backends used
Demo
TODO : Add a goToPortal button ...### Concerned version
Version: 2.0
Platform: Apache
### Summary
If I submit the form twice without ticking the checbox, session is always granted.
Notification is not deleted
### Backends used
Demo
TODO : Add a goToPortal button & Modify unit tests to replay issue2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1526Portal menu application and categorie logos not displayed2018-10-17T20:44:57ZChristophe Maudouxchrmdx@gmail.comPortal menu application and categorie logos not displayed### Concerned version
Version: 2.0
Platform: Apache
### Summary
Application and categorie icons are not displayed in Portal > Menu > Categories and appications > Logo
Cross-Origin Read Blocking (CORB) blocked cross-origin response <...### Concerned version
Version: 2.0
Platform: Apache
### Summary
Application and categorie icons are not displayed in Portal > Menu > Categories and appications > Logo
Cross-Origin Read Blocking (CORB) blocked cross-origin response <URL> with MIME type text/html.
### Possible fixes
Maybe CSP blocks download
![Capture_d_écran_2018-10-17_22-26-11](/uploads/1d9cbe861bd47f7634b98f5f7373cc6d/Capture_d_écran_2018-10-17_22-26-11.png)2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1542Provide sessions attributes in template2018-11-15T10:54:39ZClément OUDOTProvide sessions attributes in templateFor customization, we need to be able to display some user informations in portal. So it would be great to load as template parameters all sessions attributes, with a prefix in key, for example : 'session_'
So to display 'cn', we can ca...For customization, we need to be able to display some user informations in portal. So it would be great to load as template parameters all sessions attributes, with a prefix in key, for example : 'session_'
So to display 'cn', we can call this in template:
```html
<TMPL_VAR NAME="session_cn">
```2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1546Configuration comparator does not work2018-11-20T11:48:17ZChristophe Maudouxchrmdx@gmail.comConfiguration comparator does not work### Concerned version
Version: 2.0
### Summary
Seems config. comparator (diff.pm) dos not work if more than 3 sub levels keys are used.
Modified : General Parameters > Portal > Customization > Buttons on login page > Reset Password ...### Concerned version
Version: 2.0
### Summary
Seems config. comparator (diff.pm) dos not work if more than 3 sub levels keys are used.
Modified : General Parameters > Portal > Customization > Buttons on login page > Reset Password ....
Diff and "waiting for datas" always displayed
### Possible fixes
May be a recursive call issue...2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1550Error when enables "SSL, Custom " Auth modules with Choice2018-11-29T20:19:44ZChristophe Maudouxchrmdx@gmail.comError when enables "SSL, Custom " Auth modules with Choice### Concerned version
Version: 2.0
### Summary
Append SSL / LDAP / LDAP / / /
### Logs
[Wed Nov 21 20:37:46.066332 2018] [fcgid:warn] [pid 104980] [client 77.136.14.47:38540] mod_fcgid: stderr: Can't call method "conf" on an undefi...### Concerned version
Version: 2.0
### Summary
Append SSL / LDAP / LDAP / / /
### Logs
[Wed Nov 21 20:37:46.066332 2018] [fcgid:warn] [pid 104980] [client 77.136.14.47:38540] mod_fcgid: stderr: Can't call method "conf" on an undefined value at /usr/share/perl5/Lemonldap/NG/Portal/Auth/SSL.pm line 66.
[Wed Nov 21 20:45:16.196593 2018] [fcgid:warn] [pid 105473] [client 77.136.14.47:38642] mod_fcgid: stderr: Can't use an undefined value as a subroutine reference at /usr/share/perl5/Lemonldap/NG/Portal/Lib/Choice.pm line 236.2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.com