lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2020-02-20T16:21:59Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1317Wildcard in virtualhost names2020-02-20T16:21:59ZFrédéric MASSOTWildcard in virtualhost namesHi,
The DNS zone and Apache with the vhost_alias module and the VirtualDocumentRoot directive handle addresses with a wildcard like: *.projects.domain.com
In Apache you can configure a virtual host with:
ServerAlias *.projects.dom...Hi,
The DNS zone and Apache with the vhost_alias module and the VirtualDocumentRoot directive handle addresses with a wildcard like: *.projects.domain.com
In Apache you can configure a virtual host with:
ServerAlias *.projects.domain.com
VirtualDocumentRoot "/var/www/projects/%1"
Unfortunately we can not protect these addresses with LemonLDAP, if we add an address with a wildcard in the manager we have the error:
exportedHeaders/*.projects.domain.com: Bad hostname
locationRules/*.projects.domain.com: Bad hostname
Can you add support for wildcard addresses in LemonLDAP, please?
Regards.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/595Portal powered by FastCGI (using Plack)2018-12-21T10:26:30ZYaddPortal powered by FastCGI (using Plack)For performances _(and many bugs with ModPerl::Registry / Apache-2.4)_, all CGI are replaced by FastCGI using [Plack|https://metacpan.org/pod/Plack] like Manager-1.9. This allows also a better Nginx integration.For performances _(and many bugs with ModPerl::Registry / Apache-2.4)_, all CGI are replaced by FastCGI using [Plack|https://metacpan.org/pod/Plack] like Manager-1.9. This allows also a better Nginx integration.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1550Error when enables "SSL, Custom " Auth modules with Choice2018-11-29T20:19:44ZChristophe Maudouxchrmdx@gmail.comError when enables "SSL, Custom " Auth modules with Choice### Concerned version
Version: 2.0
### Summary
Append SSL / LDAP / LDAP / / /
### Logs
[Wed Nov 21 20:37:46.066332 2018] [fcgid:warn] [pid 104980] [client 77.136.14.47:38540] mod_fcgid: stderr: Can't call method "conf" on an undefi...### Concerned version
Version: 2.0
### Summary
Append SSL / LDAP / LDAP / / /
### Logs
[Wed Nov 21 20:37:46.066332 2018] [fcgid:warn] [pid 104980] [client 77.136.14.47:38540] mod_fcgid: stderr: Can't call method "conf" on an undefined value at /usr/share/perl5/Lemonldap/NG/Portal/Auth/SSL.pm line 66.
[Wed Nov 21 20:45:16.196593 2018] [fcgid:warn] [pid 105473] [client 77.136.14.47:38642] mod_fcgid: stderr: Can't use an undefined value as a subroutine reference at /usr/share/perl5/Lemonldap/NG/Portal/Lib/Choice.pm line 236.2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1490Be able to use DBD::MariaDB2018-11-26T13:22:13ZYaddBe able to use DBD::MariaDBDBD::MariaDB is a fork of DBD::mysql that manages better UTF-8. We must accept this DBD driver:
* in Apache::Session::Browseable
* in CDBI/RDBI
* in Lemonldap::NG::Common::Apache::SessionDBD::MariaDB is a fork of DBD::mysql that manages better UTF-8. We must accept this DBD driver:
* in Apache::Session::Browseable
* in CDBI/RDBI
* in Lemonldap::NG::Common::Apache::Session2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1504Upgrade to bootstrap 42018-11-24T11:22:33ZClément OUDOTUpgrade to bootstrap 4See http://upgrade-bootstrap.bootply.com/See http://upgrade-bootstrap.bootply.com/2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1546Configuration comparator does not work2018-11-20T11:48:17ZChristophe Maudouxchrmdx@gmail.comConfiguration comparator does not work### Concerned version
Version: 2.0
### Summary
Seems config. comparator (diff.pm) dos not work if more than 3 sub levels keys are used.
Modified : General Parameters > Portal > Customization > Buttons on login page > Reset Password ...### Concerned version
Version: 2.0
### Summary
Seems config. comparator (diff.pm) dos not work if more than 3 sub levels keys are used.
Modified : General Parameters > Portal > Customization > Buttons on login page > Reset Password ....
Diff and "waiting for datas" always displayed
### Possible fixes
May be a recursive call issue...2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1542Provide sessions attributes in template2018-11-15T10:54:39ZClément OUDOTProvide sessions attributes in templateFor customization, we need to be able to display some user informations in portal. So it would be great to load as template parameters all sessions attributes, with a prefix in key, for example : 'session_'
So to display 'cn', we can ca...For customization, we need to be able to display some user informations in portal. So it would be great to load as template parameters all sessions attributes, with a prefix in key, for example : 'session_'
So to display 'cn', we can call this in template:
```html
<TMPL_VAR NAME="session_cn">
```2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1501Improve Login history module2018-11-06T20:35:05ZChristophe Maudouxchrmdx@gmail.comImprove Login history module### Concerned version
Version: 2.0
Platform: Apache
### Summary
Minor fixes todo
### Concerned version
Version: 2.0
Platform: Apache
### Summary
Minor fixes todo
2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1515Possibility to configure main logo on portal page2018-11-03T22:01:36ZClément OUDOTPossibility to configure main logo on portal page### Summary
We have a parameter for portal background, we could also have a parameter for the main logo, so it would be easier to adapt the default bootstrap skin.### Summary
We have a parameter for portal background, we could also have a parameter for the main logo, so it would be easier to adapt the default bootstrap skin.2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1499CSP prevents to submit OIDC consents form2018-10-30T19:33:07ZChristophe Maudouxchrmdx@gmail.comCSP prevents to submit OIDC consents form### Concerned version
Version: 2.0
Platform: Nginx
### Summary
CSP prevents OIDC consents to be accepted ou refused
### Logs
Calling sendHtml with template confirm
Starting HTML generation using /usr/share/lemonldap-ng/portal/temp...### Concerned version
Version: 2.0
Platform: Nginx
### Summary
CSP prevents OIDC consents to be accepted ou refused
### Logs
Calling sendHtml with template confirm
Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/confirm.tpl
Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/confirm.tpl
Apply following CSP : default-src *;img-src *;style-src *;font-src *;connect-src *;form-action 'self';frame-ancestors 'none';
Start routing oauth22.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1526Portal menu application and categorie logos not displayed2018-10-17T20:44:57ZChristophe Maudouxchrmdx@gmail.comPortal menu application and categorie logos not displayed### Concerned version
Version: 2.0
Platform: Apache
### Summary
Application and categorie icons are not displayed in Portal > Menu > Categories and appications > Logo
Cross-Origin Read Blocking (CORB) blocked cross-origin response <...### Concerned version
Version: 2.0
Platform: Apache
### Summary
Application and categorie icons are not displayed in Portal > Menu > Categories and appications > Logo
Cross-Origin Read Blocking (CORB) blocked cross-origin response <URL> with MIME type text/html.
### Possible fixes
Maybe CSP blocks download
![Capture_d_écran_2018-10-17_22-26-11](/uploads/1d9cbe861bd47f7634b98f5f7373cc6d/Capture_d_écran_2018-10-17_22-26-11.png)2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1461Remember Choice and other context settings before redirecting user to an exte...2018-10-17T11:02:11ZClément OUDOTRemember Choice and other context settings before redirecting user to an external serviceThis issue is a proposal to find a better way to keep the user context before redirection on an external service.
For the moment we have a lot of code in all authentications modules to add the Choice param to the redirect URL. For examp...This issue is a proposal to find a better way to keep the user context before redirection on an external service.
For the moment we have a lot of code in all authentications modules to add the Choice param to the redirect URL. For example in LinkedIn:
```perl
# Use authChoiceParam in redirect URL
if ( $req->param( $self->conf->{authChoiceParam} ) ) {
$callback_url .= ( $callback_url =~ /\?/ ? '&' : '?' );
$callback_url .= build_urlencoded( $self->conf->{authChoiceParam} =>
$req->param( $self->conf->{authChoiceParam} ) );
}
```
We have other parameters to keep before redirecting a user:
* Origin URL (if redirection on portal was done by Handler)
* Skin
I think we should have a single step in the code that will store these values in a local session and find a common way to restore them when user is back.
This can be applied at least to these authentication backends:
* CAS
* SAML
* OpenID/OpenID Connect
* Twitter
* Facebook
* LinkedIn
Using a cookie can be a good solution.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1522Notifications with checkbox does not work2018-10-16T20:09:22ZChristophe Maudouxchrmdx@gmail.comNotifications with checkbox does not work### Concerned version
Version: 2.0
Platform: Apache
### Summary
If I submit the form twice without ticking the checbox, session is always granted.
Notification is not deleted
### Backends used
Demo
TODO : Add a goToPortal button ...### Concerned version
Version: 2.0
Platform: Apache
### Summary
If I submit the form twice without ticking the checbox, session is always granted.
Notification is not deleted
### Backends used
Demo
TODO : Add a goToPortal button & Modify unit tests to replay issue2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1488Be tolerant with whitespaces in ini file2018-08-12T20:33:28ZPaul CurieBe tolerant with whitespaces in ini file### Concerned version
Version: 2.0.0 beta1
Platform: Debian / Nginx 1.14
### Summary
When converting my config from files to pgsql, I can't.
### Logs
```
root@llng1-dev:~# /usr/share/lemonldap-ng/bin/convertConfig --current=/etc/le...### Concerned version
Version: 2.0.0 beta1
Platform: Debian / Nginx 1.14
### Summary
When converting my config from files to pgsql, I can't.
### Logs
```
root@llng1-dev:~# /usr/share/lemonldap-ng/bin/convertConfig --current=/etc/lemonldap-ng/old.ini --new=/etc/lemonldap-ng/lemonldap-ng.ini
Undefined subroutine &Lemonldap::NG::Common::Conf::Backends::CDBI ::prereq called at /usr/share/perl5/Lemonldap/NG/Common/Conf.pm line 409.
```
cat /etc/lemonldap-ng/old.ini
```
[all]
[configuration]
type = File
dirName = /var/lib/lemonldap-ng/conf
```
cat /etc/lemonldap-ng/lemonldap-ng.ini
```
type = CDBI
dbiChain = DBI:Pg:database=lemonldap;host=localhost
dbiUser = lemonldap
dbiPassword = password
dbiTable = lmconfig
;type=File
;dirName = /var/lib/lemonldap-ng/conf
```
psql is ok :
```
root@llng1-dev:~# psql -h localhost -d lemonldap -U lemonldap -W
Mot de passe pour l'utilisateur lemonldap :
psql (9.6.10)
Connexion SSL (protocole : TLSv1.2, chiffrement : ECDHE-RSA-AES256-GCM-SHA384, bits : 256, compression : désactivé)
Saisissez « help » pour l'aide.
lemonldap=> \q
```
### Backends used
Files/PGSQL
Thanks2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1473Complex nodes not well displayed in manager2018-07-09T21:20:11ZChristophe Maudouxchrmdx@gmail.comComplex nodes not well displayed in manager### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
### Summary
Complex nodes are not well displayed in manager when editing conf.
An error is thrown by JS when nodes are multivalued
### Logs
See screen shot in at...### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
### Summary
Complex nodes are not well displayed in manager when editing conf.
An error is thrown by JS when nodes are multivalued
### Logs
See screen shot in attachment
### Same issues
Security, REST2F and SMTP sub trees
![complex_node](/uploads/2d5a803af04b6aa98288a7a7174440f6/complex_node.png)2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1445Let's stop french manager doc translation2018-06-25T11:45:22ZYaddLet's stop french manager doc translationHi all,
I think we should stop french doc translation:
1. it needs a lot of job and we have no time to do it *(less than 30% translated today…)*
2. this doc isn't online
3. administrators of this type of software are used to reading Engl...Hi all,
I think we should stop french doc translation:
1. it needs a lot of job and we have no time to do it *(less than 30% translated today…)*
2. this doc isn't online
3. administrators of this type of software are used to reading English documentation
4. OmegaT isn't easy to use
5. I haven't found better software to translate plain HTML
@clement\_oudot, @maudoux : Please send your advice below2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1322Get user attributes in Auth module for external authentication2018-06-23T06:33:23ZClément OUDOTGet user attributes in Auth module for external authenticationWhen we use social login (Twitter/FB/LinkedIn/...), we need to get user attributes at authentication phase, to be able to map one of these to UserDB backend.
This is already done for LinkedIn, and must be generalized to other modules.When we use social login (Twitter/FB/LinkedIn/...), we need to get user attributes at authentication phase, to be able to map one of these to UserDB backend.
This is already done for LinkedIn, and must be generalized to other modules.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1247Support RSA SHA256 signature in SAML2018-06-19T08:24:07ZClément OUDOTSupport RSA SHA256 signature in SAMLWe use by default SHA1 signatures. We should use instead SHA256 but this should be a configuration for each provider.
See this thread on Lasso mailing list: http://listes.entrouvert.com/arc/lasso/2017-06/msg00000.htmlWe use by default SHA1 signatures. We should use instead SHA256 but this should be a configuration for each provider.
See this thread on Lasso mailing list: http://listes.entrouvert.com/arc/lasso/2017-06/msg00000.html2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1442Last logins not shown when second factors are enabled2018-06-13T21:12:12ZChristophe Maudouxchrmdx@gmail.comLast logins not shown when second factors are enabled### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
### Summary
I checked the "Check my last logins" box at portal authentication form.
I entered my TOTP and wasn't redirect to last logins page.
### Possible fixes...### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
### Summary
I checked the "Check my last logins" box at portal authentication form.
I entered my TOTP and wasn't redirect to last logins page.
### Possible fixes
Modify redirect rule2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1448Full status for Nginx2018-06-13T04:16:09ZYaddFull status for Nginx### Summary
Nginx doesn't provide good "status" feature: status daemon isn't unique.### Summary
Nginx doesn't provide good "status" feature: status daemon isn't unique.2.0.0YaddYadd