lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2018-11-08T21:58:18Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1539Option to enable / disable languages choice display2018-11-08T21:58:18ZChristophe Maudouxchrmdx@gmail.comOption to enable / disable languages choice displayManager booleanManager boolean2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1535Append Portal parameter to modify Handler Internal Cache2018-11-10T19:32:25ZChristophe Maudouxchrmdx@gmail.comAppend Portal parameter to modify Handler Internal Cache### Summary
Be able to modify handler Internal Cache from ini file to customize unit tests### Summary
Be able to modify handler Internal Cache from ini file to customize unit tests2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1512Option to choose which SAML attribute will be used as "user" key2018-10-02T15:21:03ZClément OUDOTOption to choose which SAML attribute will be used as "user" keyFor the moment, we use the NameID value as "user" key, which can be a problem to use it as pivot on another userDB.
We need an option to choose which SAML attribute will be used as "user" key.For the moment, we use the NameID value as "user" key, which can be a problem to use it as pivot on another userDB.
We need an option to choose which SAML attribute will be used as "user" key.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1503RENATER metadata download script2018-11-08T14:48:33ZClément OUDOTRENATER metadata download scriptWhen using SAML with RENATER (or eduGAIN), we need to download metadata of all registered partners and configure them inside LL:NG. Unless this, the WAYF (see #1478) is not working, as the selected partner is not registered.
Technical d...When using SAML with RENATER (or eduGAIN), we need to download metadata of all registered partners and configure them inside LL:NG. Unless this, the WAYF (see #1478) is not working, as the selected partner is not registered.
Technical details for script implementation: https://services.renater.fr/federation/technique/metadata2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1500Possibility to override parameters in Choice modules2019-10-01T12:50:31ZAnthony ROUSSELPossibility to override parameters in Choice modules### Concerned version
Version: 1.9.17
Platform: Apache2,
### Summary
Hello
we want to try authentication choice with severals LDAP servers :
1. Active Directory for our internal users
2. OpenLDAP for "partner's users"
In managerUi,...### Concerned version
Version: 1.9.17
Platform: Apache2,
### Summary
Hello
we want to try authentication choice with severals LDAP servers :
1. Active Directory for our internal users
2. OpenLDAP for "partner's users"
In managerUi, when choosing Authmodule,usermodule,pwdmodule == Authentication Choice, I then specify "allowed modules":
- AuthAD / Active Directory / Active Directory / Active Directory / noUrl / noCondition
- AuthLDAP / LDAP / LDAP / LDAP / noUrl / noCondition
but I can only specify One LDAP configuration in "LDAP Parameters".
Am i doing it wrong or is this a "display bug" ?
I guess the problem would be the same with multiple LDAP
### Backends used
FileConf2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1478SAML Discovery Protocol (WAYF)2018-11-20T21:50:57ZClément OUDOTSAML Discovery Protocol (WAYF)There is a discovery protocol in SAML different from the Common Domain Cookie specification: https://www.oasis-open.org/committees/download.php/28049/sstc-saml-idp-discovery-cs-01.pdf
This protocol is used for example by Renater WAYF: h...There is a discovery protocol in SAML different from the Common Domain Cookie specification: https://www.oasis-open.org/committees/download.php/28049/sstc-saml-idp-discovery-cs-01.pdf
This protocol is used for example by Renater WAYF: https://discovery.renater.fr/renater/WAYF
We need to support it in LemonLDAP::NG.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1458Local conf backend2018-06-19T19:06:59ZYaddLocal conf backend### Summary
Some admins wants to deploy configuration using lemonldap-ng.ini only. This backend just return an empty configuration.
Advanced use only !### Summary
Some admins wants to deploy configuration using lemonldap-ng.ini only. This backend just return an empty configuration.
Advanced use only !2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1438Build trunk debian repository (nightly build)2018-06-04T19:53:49ZClément OUDOTBuild trunk debian repository (nightly build)By Christian Bayle:
```
I attached a gitlab-ci file that should allow to autobuild debian/ubuntu repository for lemonldap
on stretch/bionic
On your project group, under the "Settings > CI/CD Pipelines", create a
secret variable called ...By Christian Bayle:
```
I attached a gitlab-ci file that should allow to autobuild debian/ubuntu repository for lemonldap
on stretch/bionic
On your project group, under the "Settings > CI/CD Pipelines", create a
secret variable called GPG_PRIVATE_KEY and copy/paste the private key
to sign your package in the value field.
Create a second secret variable called SIGN_USER, whose value will be
the user_ID of your private key.
commit, push and wait ...
You should then get a gitlab page at
http://lemonldap-ng.ow2.io/lemonldap-ng
With a debian/ubuntu repository
Complete explanations are here :
https://gitlab.com/Orange-OpenSource/gitlab-buildpkg-tools
example result here :
https://orange-opensource.gitlab.io/gitlab-buildpkg-tools/
```
[gitlab-ci.yml](/uploads/3e59071b262802fd9c521bd26df815d0/gitlab-ci.yml)2.0.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1427Alternative FastCGI-Client handler for Apache22018-05-22T16:44:40ZYaddAlternative FastCGI-Client handler for Apache2### Summary
Propose an alternative handler to be used to query a LLNG FastCGI server. It will permit to insert an Apache in a [LLNG SSOaaS infrastructure](https://lemonldap-ng.org/documentation/2.0/ssoaas)### Summary
Propose an alternative handler to be used to query a LLNG FastCGI server. It will permit to insert an Apache in a [LLNG SSOaaS infrastructure](https://lemonldap-ng.org/documentation/2.0/ssoaas)2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1419Dispatch logger2018-05-11T15:25:15ZYaddDispatch logger### Summary
Logger to dispatch logs in different loggers depending on log level### Summary
Logger to dispatch logs in different loggers depending on log level2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1399Yubikey as second factor2018-03-26T08:15:53ZYaddYubikey as second factor### Summary
Yubikey 2FA: Yubikey is proposed today as authentication backend. Classic usage for these keys is more a 2FA.### Summary
Yubikey 2FA: Yubikey is proposed today as authentication backend. Classic usage for these keys is more a 2FA.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1397Plack servers support2018-03-15T19:55:09ZYaddPlack servers support### Summary
Plack provides a family of [powerful web servers](http://plackperl.org/#servers). We simply have to build a Plack::Middleware::Auth::LemonldapNG module to support them
### Full example
```perl
#!/usr/bin/perl
use Data::Du...### Summary
Plack provides a family of [powerful web servers](http://plackperl.org/#servers). We simply have to build a Plack::Middleware::Auth::LemonldapNG module to support them
### Full example
```perl
#!/usr/bin/perl
use Data::Dumper;
use Plack::Builder;
# Test
my $testApp = sub {
my ($env) = @_;
return [
200,
[ 'Content-Type' => 'text/plain' ],
[ "Hello world\n\n" . Dumper($env) ],
];
};
my $test = builder {
enable "Auth::LemonldapNG";
$testApp;
};
use Lemonldap::NG::Portal::Main;
my $portal = builder {
enable "Plack::Middleware::Static",
path => '^/static/',
root => '/path/to/portal/htdocs/';
Lemonldap::NG::Portal::Main->run( {} );
};
use Lemonldap::NG::Manager;
my $manager = builder {
enable "Plack::Middleware::Static",
path => '^/static/',
root => '/path/to/manager/htdocs/';
enable "Plack::Middleware::Static",
path => '^/doc/',
root => '/path/to/parent/of/doc/';
enable "Plack::Middleware::Static",
path => '^/lib/',
root => '/path/to/doc/pages/documentation/current/';
enable "Plack::Middleware::Static",
path => '^/fr-doc/',
root => '/path/to/parent/of/fr-doc/link/';
Lemonldap::NG::Manager->run( {} );
};
builder {
mount 'http://test1.example.com/' => $test;
mount 'http://auth.example.com/' => $portal;
mount 'http://manager.example.com/' => $manager;
};
```2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1391Mixed TOTP/U2F second factor plugin2018-04-17T21:01:39ZYaddMixed TOTP/U2F second factor plugin### Summary
Like Gitlab, the idea is to have a 2F module that authorize to register an U2F key only if a TOTP has been registered. Auth process proposes the 2 options
### More
This cannot be done with TOTP and U2F plugins:
* during au...### Summary
Like Gitlab, the idea is to have a 2F module that authorize to register an U2F key only if a TOTP has been registered. Auth process proposes the 2 options
### More
This cannot be done with TOTP and U2F plugins:
* during auth, U2F will be enabled with TOTP input, user has just to touch is key or enter its code
* If TOTP is unregistered, U2F keys will also be removed2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1379Feature: External Second Factor over REST API2018-02-27T16:47:25ZMathieu Lecompte-melançonFeature: External Second Factor over REST APIIt's possible to allow a direct call to a REST API for the second factor.
https://lemonldap-ng.org/documentation/2.0/external2f
Currently we trying to make a bash file, who make a curl request inside to use with the External process fe...It's possible to allow a direct call to a REST API for the second factor.
https://lemonldap-ng.org/documentation/2.0/external2f
Currently we trying to make a bash file, who make a curl request inside to use with the External process feature.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1359TOTP plugin2020-04-03T09:08:16ZYaddTOTP pluginUsing [Auth::GoogleAuth](https://metacpan.org/pod/Auth::GoogleAuth), it seems easy to build a Google Authenticator plugin:
* a protected interface that can generate the base code for any user (used by admin)
* a second factor plugin th...Using [Auth::GoogleAuth](https://metacpan.org/pod/Auth::GoogleAuth), it seems easy to build a Google Authenticator plugin:
* a protected interface that can generate the base code for any user (used by admin)
* a second factor plugin that ask for TOTP code2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1330Menu rules for applications using SAML/CAS/OIDC2018-03-14T10:28:03ZYaddMenu rules for applications using SAML/CAS/OIDCMany applications use a federation protocol instead of an handler. This issue will provide capability to manage application visibility using service-provider-rules.Many applications use a federation protocol instead of an handler. This issue will provide capability to manage application visibility using service-provider-rules.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1318Auto-Signin based on $env rules2018-05-19T19:41:51ZMathieu Lecompte-melançonAuto-Signin based on $env rulesDue to some usage like display some webpage under TvScreen on wall for information process.
it would be good to Have some Auto-signin component base on IP for computer not drived by an user..
The idea, is a page in manager to defi...Due to some usage like display some webpage under TvScreen on wall for information process.
it would be good to Have some Auto-signin component base on IP for computer not drived by an user..
The idea, is a page in manager to define and assigne an IP to a user.
That way, if the ip who reach LLNG is in list it will use the user defined in the list and retrive data/session relativlye to teh user and auto-sign the portal. That way, as simple restart on wall computer, witch auti-start browser and webpage will display automatiquely the right content and not the login portal and that without any human action.
2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1212Propose SSL authentication by Ajax2018-11-21T19:17:21ZYaddPropose SSL authentication by AjaxTo be able to chain SSL with Combination, we could use an Ajax URL like in Kerberos auth moduleTo be able to chain SSL with Combination, we could use an Ajax URL like in Kerberos auth module2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1208YAML configuration backend2018-05-19T19:41:46ZYaddYAML configuration backendSeems easily to parse than JSON for some toolsSeems easily to parse than JSON for some tools2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1206TLS support for mails2018-05-19T19:41:45ZYaddTLS support for mailsAdd options in MIME::Lite to enable SSL or STARTTLSAdd options in MIME::Lite to enable SSL or STARTTLS2.0.0YaddYadd