lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2018-05-18T05:17:19Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/354Session Explorer: possibility to order sessions by date2018-05-18T05:17:19ZEmmanuel LesouefSession Explorer: possibility to order sessions by dateIs it possible to add in the session explorer, the possibility to order sessions by date and "not only" by IP, double IP, and users ?
Thanks very much.Is it possible to add in the session explorer, the possibility to order sessions by date and "not only" by IP, double IP, and users ?
Thanks very much.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/587Selecting language while connecting to LemonLDAP2018-05-18T05:17:31ZIheb KhemissiSelecting language while connecting to LemonLDAPHi,
First of all, thank you for your hard work.
During our migration process to LemonLDAP (while creating a new skin) I have encountered a problem concerning the ability to select a language (instead of the browser's language sent in t...Hi,
First of all, thank you for your hard work.
During our migration process to LemonLDAP (while creating a new skin) I have encountered a problem concerning the ability to select a language (instead of the browser's language sent in the HTTP header "Accept Languague").
Currently, during the connexion process, my app's users can select which language to choose regardless of the browser's language (which is used by default if the user hasn't choosen a diffrent one). Users can also specify a language in the query string (i.e. http://example.com?lang=fr).
So is there any way to do this with LemonLDAP's skins ? basically, what I want to do is to add some flags in the login page and if the user clicks the flag, I respond with the page translated in the selected language and I continue using the selected language.
I have thought of some solutions (but none of them is appealing enough) :
1) Updating the "Accept-Language" header by adding the value of the LANG param (extracted from the QUERY-STRING) using a lemonldap's custom function.
2) Updating the "Accept-Language" header or the environment variable "HTTP_ACCEPT_LANGUAGE" using a LL::NG Handler
3) Updating the "Accept-Language" header by prepending the value of the LANG param (extracted from the QUERY-STRING and transformed to correct format) using Apache's mods --> I don't know how to preprend the param's value to the header.
4) Creating a patch to the "extract_lang" method to accept other entries.
Should I use one of them or is there a better method ?
Thank you very much (and sorry for the lengthy mail),
Best regards,
Iheb2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/595Portal powered by FastCGI (using Plack)2018-12-21T10:26:30ZYaddPortal powered by FastCGI (using Plack)For performances _(and many bugs with ModPerl::Registry / Apache-2.4)_, all CGI are replaced by FastCGI using [Plack|https://metacpan.org/pod/Plack] like Manager-1.9. This allows also a better Nginx integration.For performances _(and many bugs with ModPerl::Registry / Apache-2.4)_, all CGI are replaced by FastCGI using [Plack|https://metacpan.org/pod/Plack] like Manager-1.9. This allows also a better Nginx integration.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/651Common::CGI::abort should return 500 as HTTP status code2018-05-18T05:17:34ZJean-Charles RogezCommon::CGI::abort should return 500 as HTTP status codeWhen an error occurs, LemonLDAP return a 200 status code instead of a 500 code.
This prevents load balancers to remove the defect services from their pools.
Patch attached.When an error occurs, LemonLDAP return a 200 status code instead of a 500 code.
This prevents load balancers to remove the defect services from their pools.
Patch attached.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/673Split conf/session/flags management from the Portal $self object2018-05-18T05:17:35ZClément OUDOTSplit conf/session/flags management from the Portal $self objectFor now, the Portal $self object is very big and carry all data (configuration, sessions, etc.). We have to split it.For now, the Portal $self object is very big and carry all data (configuration, sessions, etc.). We have to split it.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/713Request management to handle sessions2018-05-18T05:17:37ZFX DeltombeRequest management to handle sessionsCreating a session causes four request to session backend (at least for SQL session backend, but I guess it behave the same with any backend), one insert request and three update,
* the first one to add "_session_kind" => "SSO",
* the se...Creating a session causes four request to session backend (at least for SQL session backend, but I guess it behave the same with any backend), one insert request and three update,
* the first one to add "_session_kind" => "SSO",
* the second one to add session data
* the third one to add "updateTime" and "_issuerDB"
Till version 1.3, it was done with two requests, one insert and one update. And it could be done with one single request.
As same, logout causes three select requests to read user session, whereas a single request is enough.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/803AuthSSL : Ability to choose SSLvar or UserDB depending of the CA2018-05-18T05:17:41ZYaddAuthSSL : Ability to choose SSLvar or UserDB depending of the CAWhen using AuthSSL with multiple AC, it could be interesting to be able to choose UserDB backend (or simply SSLvar) depending on the CA that signed the user certificate.When using AuthSSL with multiple AC, it could be interesting to be able to choose UserDB backend (or simply SSLvar) depending on the CA that signed the user certificate.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/868Replace XML format by JSON for notifications2018-05-18T05:17:44ZYaddReplace XML format by JSON for notificationsUsing XML provides no benefit but consumes memory and cpu on the server sideUsing XML provides no benefit but consumes memory and cpu on the server side2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1033Translate mail subject - forgotten password2018-05-19T19:41:37ZJulian LayenTranslate mail subject - forgotten passwordHello,
I need to translate the mails about " forgotten password " in the manager unfortunately it is not possible to translate mail subjet in multiple languages. How I can do to change the subject for each language ?
I modified the fol...Hello,
I need to translate the mails about " forgotten password " in the manager unfortunately it is not possible to translate mail subjet in multiple languages. How I can do to change the subject for each language ?
I modified the following file to change the subject but it does not work well :
/usr/share/perl5/Lemonldap/NG/Portal/MailReset.pm
line 310 :
# TEST
# my $subject = $self->{mailConfirmSubject};
my $subject;
my $a = substr($ENV{HTTP_ACCEPT_LANGUAGE}, 0, 2);
if ( $a == "fr" ) {
$subject = "Espace PRO Zodiac : Demande de re-initialisation de mot de passe";
}
if ( $a == "en" ) {
$subject = "Zodiac Espace PRO : password modification request";
}
if ( $a ==" it" ) {
$subject = "Zodiac Area PRO: modifica della password richiesta";
}
if ( $a == "pt" ) {
$subject = "Espaço PRO Zodiac : pedido de alteração da contra-senha";
}
if ( $a =="es" ) {
$subject = "Zodiac Espacio PRO : solicitud de modificación de contraseña";
}
if ( $a == "nl" ) {
$subject = "Zodiac Espace PRO : Boekingsverzoek reset van het wachtwoord";
}
if ( $a == "de" ) {
$subject = "Zodiac Händlerbereich: Anfrage zur Passwortänderung";
}
$subject .= $a;
# TEST
2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1044Adapt FastCGI server to be able to use an event Plack engine2018-05-19T19:41:37ZYaddAdapt FastCGI server to be able to use an event Plack engineThe only thing to do seems to replace $_v handler variable by a $req property (to avoid confusing users), but it seems to be a little bit hard to do...The only thing to do seems to replace $_v handler variable by a $req property (to avoid confusing users), but it seems to be a little bit hard to do...2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1065Provide SSL options for AuthBasic2018-05-19T19:41:39ZJeremy KespiteProvide SSL options for AuthBasicRecent versions of libwww-perl, always verify SSL certificate.
If the portal uses https, AuthBasic is not working unless you provide certificate information
Previously, this was handled by
PerlSetEnv PERL_LWP_SSL_VERIFY_HOSTNAME 0
in a...Recent versions of libwww-perl, always verify SSL certificate.
If the portal uses https, AuthBasic is not working unless you provide certificate information
Previously, this was handled by
PerlSetEnv PERL_LWP_SSL_VERIFY_HOSTNAME 0
in a conf.d of apache
Now, this is not enough.
So could you provide soap option in Manager to specify the need to check ssl certificate?
Is no, the solution is to create a SOAP object with:
```
$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;
my $soapClient =
SOAP::Lite->proxy( $tsv->{portal}->(), default_headers => $soapHeaders, "ssl_opts" => [ SSL_verify_mode => 0 ] )
```
2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1118Manage unicode in session and configuration backends2018-05-19T19:41:41ZClément OUDOTManage unicode in session and configuration backendsWe need to have a clean solution in order to have unicode in our backends, without needed to convert encoding in our code.
For backends that are not compatible with UTF-8, an ASCII conversion must be done.We need to have a clean solution in order to have unicode in our backends, without needed to convert encoding in our code.
For backends that are not compatible with UTF-8, an ASCII conversion must be done.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1133Translation system for mails2018-05-19T19:41:42ZYaddTranslation system for mails2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1137Avoid using inline Javascript and CSS2018-05-18T05:17:09ZMathieu ParentAvoid using inline Javascript and CSSThis is #1125, cont.
To further protect the manager, inline JS and CSS should be removed.This is #1125, cont.
To further protect the manager, inline JS and CSS should be removed.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1140Add CSRF protection to login and password change forms2018-05-18T05:17:09ZMathieu ParentAdd CSRF protection to login and password change formsPlease add a token based CSRF protection to login form and password change forms (and maybe others).
Best practices requires that the token is linked to the form+session (and not usable on another form).Please add a token based CSRF protection to login form and password change forms (and maybe others).
Best practices requires that the token is linked to the form+session (and not usable on another form).2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1160Reorganize handler architecture2018-05-19T19:41:43ZYaddReorganize handler architectureHandler will be reorganized so:
* Only few base packages corresponding to platform : Apache, Nginx and other PSGI
* New "vhostType" option permits to choose in the manager between:
** Main
** AuthBasic
** ZimbraPreAuth
** ...
* Each bas...Handler will be reorganized so:
* Only few base packages corresponding to platform : Apache, Nginx and other PSGI
* New "vhostType" option permits to choose in the manager between:
** Main
** AuthBasic
** ZimbraPreAuth
** ...
* Each base package has its directory to store supported types (ApacheMP2/AuthBasic.pm for example)
* Type can be overloaded by an environment variable (to be able to change type in a Location): PerlSetVar for Apache, fastcgi_param for Nginx
Example:
* ApacheMP2 has just handler() method
* it looks at type and launch ApacheMP2::<Type>
* all ApacheMP2::<Type> inherits from ApacheMP2::Main and Lib::<Type>
* of course ApacheMP2::Main inherits from Main.pm2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1173Performance: minimize Apache::Session access2018-05-19T19:41:44ZYaddPerformance: minimize Apache::Session accessLemonldap::NG::Common::Session always untie %data. So getApacheSession() + session->update($info) ties 2 times %data.
This issue will give possibility to directly attach and update %data in getApacheSession().Lemonldap::NG::Common::Session always untie %data. So getApacheSession() + session->update($info) ties 2 times %data.
This issue will give possibility to directly attach and update %data in getApacheSession().2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1181Make Debian packages autopkgtestable2018-05-19T19:41:44ZClément OUDOTMake Debian packages autopkgtestableWork done on 1.9 in #1086
Needs to be adapted for 2.0Work done on 1.9 in #1086
Needs to be adapted for 2.02.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1183Rewrite CAS authentication module2018-05-19T19:41:44ZClément OUDOTRewrite CAS authentication moduleThe Perl-CAS module does not provide enough features (can't read attributes, use a local file to manager proxy tickets), we need to rewrite CAS client code and create a CAS UserDB module.The Perl-CAS module does not provide enough features (can't read attributes, use a local file to manager proxy tickets), we need to rewrite CAS client code and create a CAS UserDB module.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1201IPv6 support2018-05-19T19:41:45ZYaddIPv6 supportAdd some IPv6 support :
* in Safelib:
** *{{isInNet6($ipAddr, '2134::/16')}}*: return true if $ipAddr is in 2134::/16 network
* for Session Explorer:
** *{{isIpv6($ipAddr)}}*: check if $ipAddr is a IPv6 address
** some features to displa...Add some IPv6 support :
* in Safelib:
** *{{isInNet6($ipAddr, '2134::/16')}}*: return true if $ipAddr is in 2134::/16 network
* for Session Explorer:
** *{{isIpv6($ipAddr)}}*: check if $ipAddr is a IPv6 address
** some features to display IPv6 addresses2.0.0YaddYadd