Commit b372d1de authored by Xavier Guimard's avatar Xavier Guimard

Add cli_examples.html in doc

parent 7d33324e
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=45028167f2e261fa4a999f15ab580280" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=1ec7eb5b1665f9db3d769287145fdc46" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1523953719" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1524488100" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=45028167f2e261fa4a999f15ab580280" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=1ec7eb5b1665f9db3d769287145fdc46" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1523953719" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1524488100" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authkerberos</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authkerberos"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authkerberos.html"/>
......
This diff is collapsed.
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:configlocation</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,configlocation"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="configlocation.html"/>
......@@ -215,8 +215,7 @@ If a modification is done, the configuration is saved with a new configuration n
<!-- EDIT4 SECTION "Configuration text editor" [3237-4465] -->
<h2 class="sectionedit5" id="command_line_interface_cli">Command Line Interface (CLI)</h2>
<div class="level2">
<div class="notewarning">This an experimental tool that may evolve in next releases.
</div>
<p>
LemonLDAP::NG provide a script that allows one to edit configuration items in non interactive mode. This script is called <code>lemonldap-ng-cli</code> and is stored in the LemonLDAP::NG bin/ directory, for example /usr/share/lemonldap-ng/bin:
</p>
......@@ -270,9 +269,10 @@ Some examples:
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -cfgNum 10 get exportedHeaders/test1.example.com
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set notification 1
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -sep &#039;,&#039; get macros,_whatToTrace</pre>
<div class="notetip">See <a href="cli_examples.html" class="wikilink1" title="documentation:2.0:cli_examples">other examples</a>.
</div>
</div>
<!-- EDIT5 SECTION "Command Line Interface (CLI)" [4466-6288] -->
<!-- EDIT5 SECTION "Command Line Interface (CLI)" [4466-6260] -->
<h2 class="sectionedit6" id="apache">Apache</h2>
<div class="level2">
<div class="noteimportant">LemonLDAP::NG does not manage Apache configuration
......@@ -294,7 +294,7 @@ See <a href="configapache.html" class="wikilink1" title="documentation:2.0:confi
</p>
</div>
<!-- EDIT6 SECTION "Apache" [6289-6687] -->
<!-- EDIT6 SECTION "Apache" [6261-6659] -->
<h3 class="sectionedit7" id="portal">Portal</h3>
<div class="level3">
......@@ -368,7 +368,7 @@ In Portal virtual host, you will find several configuration parts:
&lt;/<span class="kw3">Location</span>&gt;</pre>
</div>
<!-- EDIT7 SECTION "Portal" [6688-8788] -->
<!-- EDIT7 SECTION "Portal" [6660-8760] -->
<h3 class="sectionedit8" id="manager1">Manager</h3>
<div class="level3">
......@@ -415,7 +415,7 @@ Configuration interface access is not protected by Apache but by LemonLDAP::NG i
</p>
</div>
<!-- EDIT8 SECTION "Manager" [8789-10339] -->
<!-- EDIT8 SECTION "Manager" [8761-10311] -->
<h3 class="sectionedit9" id="handler">Handler</h3>
<div class="level3">
<ul>
......@@ -468,7 +468,7 @@ Then, to protect a standard virtual host, the only configuration line to add is:
<pre class="code file apache">PerlHeaderParserHandler Lemonldap::NG::Handler</pre>
</div>
<!-- EDIT9 SECTION "Handler" [10340-11698] -->
<!-- EDIT9 SECTION "Handler" [10312-11670] -->
<h2 class="sectionedit10" id="nginx">Nginx</h2>
<div class="level2">
<div class="noteimportant">LemonLDAP::NG does not manage Nginx configuration
......@@ -491,7 +491,7 @@ See <a href="confignginx.html" class="wikilink1" title="documentation:2.0:config
<div class="notewarning"><a href="fastcgiserver.html" class="wikilink1" title="documentation:2.0:fastcgiserver">LL::NG FastCGI</a> server must be loaded separately.
</div>
</div>
<!-- EDIT10 SECTION "Nginx" [11699-12152] -->
<!-- EDIT10 SECTION "Nginx" [11671-12124] -->
<h3 class="sectionedit11" id="portal1">Portal</h3>
<div class="level3">
......@@ -563,7 +563,7 @@ In Portal virtual host, you will find several configuration parts:
}</pre>
</div>
<!-- EDIT11 SECTION "Portal" [12153-13944] -->
<!-- EDIT11 SECTION "Portal" [12125-13916] -->
<h3 class="sectionedit12" id="manager2">Manager</h3>
<div class="level3">
......@@ -597,7 +597,7 @@ By default, configuration interface access is not protected by Nginx but by Lemo
</p>
</div>
<!-- EDIT12 SECTION "Manager" [13945-14697] -->
<!-- EDIT12 SECTION "Manager" [13917-14669] -->
<h3 class="sectionedit13" id="handler1">Handler</h3>
<div class="level3">
......@@ -697,7 +697,7 @@ Then, to protect a standard virtual host, you must insert this (or create an inc
# Insert then your configuration (fastcgi_* or proxy_*)</pre>
</div>
<!-- EDIT13 SECTION "Handler" [14698-17784] -->
<!-- EDIT13 SECTION "Handler" [14670-17756] -->
<h2 class="sectionedit14" id="configuration_reload">Configuration reload</h2>
<div class="level2">
<div class="noteclassic">As Handlers keep configuration in cache, when configuration change, it should be updated in Handlers. An Apache restart will work, but LemonLDAP::NG offers the mean to reload them through an HTTP request. Configuration reload will then be effective in less than 10 minutes.
......@@ -717,7 +717,7 @@ The <code>reload</code> target is managed in Apache or Nginx configuration, insi
<div class="noteimportant">You must allow access to declared URLs to your Manager <abbr title="Internet Protocol">IP</abbr>.
</div>
</div>
<!-- EDIT14 SECTION "Configuration reload" [17785-18954] -->
<!-- EDIT14 SECTION "Configuration reload" [17757-18926] -->
<h2 class="sectionedit15" id="local_file">Local file</h2>
<div class="level2">
......@@ -751,6 +751,6 @@ For example, to override configured skin for portal:
<div class="notetip">You need to know the technical name of configuration parameter to do this. You can refer to <a href="parameterlist.html" class="wikilink1" title="documentation:2.0:parameterlist">parameter list</a> to find it.
</div>
</div>
<!-- EDIT15 SECTION "Local file" [18955-] --></div>
<!-- EDIT15 SECTION "Local file" [18927-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:devopshandler</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,devopshandler"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="devopshandler.html"/>
......@@ -111,7 +111,7 @@ Here is a simple Nginx configuration file. It looks like a standard LLNG nginx c
fastcgi_param X_ORIGINAL_URI $request_uri;
}
location /rules.json {
proxy_pass http://$vhost;
auth_request off;
allow 127.0.0.0/8;
deny all;
}
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:nodehandler</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,nodehandler"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="nodehandler.html"/>
......@@ -43,19 +43,149 @@
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#examples">Examples</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#use_it_as_fastcgi_server_application_protection_only">Use it as FastCGI server (application protection only)</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#fastcgi_server">FastCGI server</a></div></li>
<li class="level3"><div class="li"><a href="#nginx_configuration">Nginx configuration</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#use_it_to_protect_an_express_app">Use it to protect an express app</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="nodejs_handler">Node.js handler</h1>
<div class="level1">
<p>
Since version 2.0, an experimental Node.js handler is available on <a href="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler" class="urlextern" title="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler" rel="nofollow">GitHub</a>.
Since version 2.0, a beta Node.js handler is available on <a href="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler" class="urlextern" title="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler" rel="nofollow">GitHub</a>.
</p>
<p>
Documentation is available on GitHub.
Up-to-date documentation is available on GitHub.
</p>
</div>
<!-- EDIT1 SECTION "Node.js handler" [1-209] -->
<h2 class="sectionedit2" id="examples">Examples</h2>
<div class="level2">
<p>
<strong>Important things</strong>:
</p>
<ul>
<li class="level1"><div class="li"> Rules and headers must be written in javascript for these hosts <em>(example <code>$uid eq “dwho”</code> becomes <code>$uid === “dwho”</code>)</em></div>
</li>
<li class="level1"><div class="li"> Virtualhosts handled by node-lemonldap-ng-handler must be explicitly declared in you <code>lemonldap-ng.ini</code> file in <code>[node-handler]</code> section:</div>
</li>
</ul>
<pre class="code ini"><span class="re0"><span class="br0">&#91;</span>node-handler<span class="br0">&#93;</span></span>
&nbsp;
<span class="re1">nodeVhosts</span> <span class="sy0">=</span><span class="re2"> test.example.com, test2.example.com</span></pre>
</div>
<!-- EDIT2 SECTION "Examples" [210-613] -->
<h3 class="sectionedit3" id="use_it_as_fastcgi_server_application_protection_only">Use it as FastCGI server (application protection only)</h3>
<div class="level3">
</div>
<h4 id="fastcgi_server">FastCGI server</h4>
<div class="level4">
<dl class="file">
<dt><a href="_export/code/documentation/2.0/nodehandler/codeblock.1.code" title="Download Snippet" class="mediafile mf_js">server.js</a></dt>
<dd><pre class="code file javascript"><span class="kw1">var</span> handler <span class="sy0">=</span> require<span class="br0">&#40;</span><span class="st0">'node-lemonldap-ng-handler'</span><span class="br0">&#41;</span><span class="sy0">;</span>
&nbsp;
handler.<span class="me1">init</span><span class="br0">&#40;</span><span class="br0">&#123;</span>
configStorage<span class="sy0">:</span> <span class="br0">&#123;</span>
<span class="st0">&quot;confFile&quot;</span><span class="sy0">:</span> <span class="st0">&quot;/path/to/lemonldap-ng.ini&quot;</span>
<span class="br0">&#125;</span>
<span class="br0">&#125;</span><span class="br0">&#41;</span><span class="sy0">;</span>
&nbsp;
handler.<span class="me1">nginxServer</span><span class="br0">&#40;</span><span class="br0">&#123;</span>
<span class="st0">&quot;mode&quot;</span><span class="sy0">:</span> <span class="st0">&quot;fcgi&quot;</span><span class="sy0">,</span> <span class="co1">// or &quot;http&quot;, default: fcgi</span>
<span class="st0">&quot;port&quot;</span><span class="sy0">:</span> <span class="nu0">9090</span><span class="sy0">,</span> <span class="co1">// default value</span>
<span class="st0">&quot;ip&quot;</span><span class="sy0">:</span> <span class="st0">'localhost'</span> <span class="co1">// default value</span>
<span class="br0">&#125;</span><span class="br0">&#41;</span><span class="sy0">;</span></pre>
</dd></dl>
</div>
<h4 id="nginx_configuration">Nginx configuration</h4>
<div class="level4">
<dl class="file">
<dt><a href="_export/code/documentation/2.0/nodehandler/codeblock.2.code" title="Download Snippet" class="mediafile mf_conf">nginx.conf</a></dt>
<dd><pre class="code file nginx">server {
#...
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass localhost:9090;
&nbsp;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
&nbsp;
# Keep original hostname
fastcgi_param HOST $http_host;
&nbsp;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Client requests
location / {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
include conf/nginx-lua-headers.conf;
}
}</pre>
</dd></dl>
</div>
<!-- EDIT3 SECTION "Use it as FastCGI server (application protection only)" [614-1795] -->
<h3 class="sectionedit4" id="use_it_to_protect_an_express_app">Use it to protect an express app</h3>
<div class="level3">
<dl class="file">
<dt><a href="_export/code/documentation/2.0/nodehandler/codeblock.3.code" title="Download Snippet" class="mediafile mf_js">app.js</a></dt>
<dd><pre class="code file javascript"><span class="co1">// Variables</span>
<span class="kw1">var</span> express <span class="sy0">=</span> require<span class="br0">&#40;</span><span class="st0">'express'</span><span class="br0">&#41;</span><span class="sy0">;</span>
<span class="kw1">var</span> app <span class="sy0">=</span> express<span class="br0">&#40;</span><span class="br0">&#41;</span><span class="sy0">;</span>
<span class="kw1">var</span> handler <span class="sy0">=</span> require<span class="br0">&#40;</span><span class="st0">'node-lemonldap-ng-handler'</span><span class="br0">&#41;</span><span class="sy0">;</span>
&nbsp;
<span class="co1">// initialize handler (optional args)</span>
handler.<span class="me1">init</span><span class="br0">&#40;</span><span class="br0">&#123;</span>
configStorage<span class="sy0">:</span> <span class="br0">&#123;</span>
<span class="st0">&quot;confFile&quot;</span><span class="sy0">:</span><span class="st0">&quot;test/lemonldap-ng.ini&quot;</span>
<span class="br0">&#125;</span>
<span class="br0">&#125;</span><span class="br0">&#41;</span><span class="sy0">;</span>
&nbsp;
<span class="co1">// and load it</span>
app.<span class="me1">use</span><span class="br0">&#40;</span>handler.<span class="me1">run</span><span class="br0">&#41;</span><span class="sy0">;</span>
&nbsp;
<span class="co1">// Then simply use your express app</span>
app.<span class="kw1">get</span><span class="br0">&#40;</span><span class="st0">'/'</span><span class="sy0">,</span> <span class="kw1">function</span><span class="br0">&#40;</span>req<span class="sy0">,</span> res<span class="br0">&#41;</span> <span class="br0">&#123;</span>
<span class="kw1">return</span> res.<span class="me1">send</span><span class="br0">&#40;</span><span class="st0">'Hello '</span> <span class="sy0">+</span> req.<span class="me1">headers</span><span class="br0">&#91;</span><span class="st0">'Auth-User'</span><span class="br0">&#93;</span> <span class="sy0">+</span> <span class="st0">' !'</span><span class="br0">&#41;</span><span class="sy0">;</span>
<span class="br0">&#125;</span><span class="br0">&#41;</span><span class="sy0">;</span>
app.<span class="me1">listen</span><span class="br0">&#40;</span><span class="nu0">3000</span><span class="sy0">,</span> <span class="kw1">function</span><span class="br0">&#40;</span><span class="br0">&#41;</span> <span class="br0">&#123;</span>
<span class="kw1">return</span> console.<span class="me1">log</span><span class="br0">&#40;</span><span class="st0">'Example app listening on port 3000!'</span><span class="br0">&#41;</span><span class="sy0">;</span>
<span class="br0">&#125;</span><span class="br0">&#41;</span><span class="sy0">;</span></pre>
</dd></dl>
</div>
<!-- EDIT4 SECTION "Use it to protect an express app" [1796-] --></div>
</body>
</html>
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:psgi</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,psgi"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="psgi.html"/>
......@@ -61,14 +61,16 @@ LLNG is build on <a href="http://plackperl.org/" class="urlextern" title="http:/
</li>
<li class="level1"><div class="li"> uWSGI using <a href="http://uwsgi-docs.readthedocs.io/en/latest/Perl.html" class="urlextern" title="http://uwsgi-docs.readthedocs.io/en/latest/Perl.html" rel="nofollow">uWSGI PSGI plugin</a></div>
</li>
<li class="level1"><div class="li"> <strong>Alternative</strong>: <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:nodehandler">Node.js handler</a> can be used as FastCGI server, only for application protection</div>
</li>
</ul>
<p>
uWSGI may provide the highest performance.
uWSGI and <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:nodehandler">Node.js handler</a> may provide the highest performance.
</p>
</div>
<!-- EDIT1 SECTION "Advanced PSGI usage" [1-477] -->
<!-- EDIT1 SECTION "Advanced PSGI usage" [1-629] -->
<h2 class="sectionedit2" id="fastcgi_server_replacement">FastCGI server replacement</h2>
<div class="level2">
......@@ -98,7 +100,7 @@ See also <a href="highperfnginxhandler.html" class="wikilink1" title="documentat
</p>
</div>
<!-- EDIT2 SECTION "FastCGI server replacement" [478-1265] -->
<!-- EDIT2 SECTION "FastCGI server replacement" [630-1417] -->
<h3 class="sectionedit3" id="using_uwsgi">Using uWSGI</h3>
<div class="level3">
......@@ -112,6 +114,6 @@ You will find in LLNG Nginx configuration files some comments that explain how t
</p>
</div>
<!-- EDIT3 SECTION "Using uWSGI" [1266-] --></div>
<!-- EDIT3 SECTION "Using uWSGI" [1418-] --></div>
</body>
</html>
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=45028167f2e261fa4a999f15ab580280" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=1ec7eb5b1665f9db3d769287145fdc46" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1523953739" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1524488119" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -43,22 +43,42 @@
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<h1 class="sectionedit1" id="second_factors">Second factors</h1>
<ul class="toc">
<li class="level1"><div class="li"><a href="#providing_tokens_from_an_external_source">Providing tokens from an external source</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#u2f_tokens">U2F Tokens</a></div></li>
<li class="level2"><div class="li"><a href="#totp_tokens">TOTP Tokens</a></div></li>
<li class="level2"><div class="li"><a href="#yubikey_tokens">Yubikey Tokens</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#developper_corner">Developper corner</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="second_factors">Second Factors</h1>
<div class="level1">
<p>
Two-factor authentication <em>(also known as 2FA)</em> is a type (subset) of <a href="https://en.wikipedia.org/wiki/Multi-factor_authentication" class="urlextern" title="https://en.wikipedia.org/wiki/Multi-factor_authentication" rel="nofollow">multi-factor authentication</a>. It is a method of confirming a user&#039;s claimed identity by utilizing a combination of two different factors:
Two-Factor Authentication <em>(as known as 2FA)</em> is a kind (subset) of <a href="https://en.wikipedia.org/wiki/Multi-factor_authentication" class="urlextern" title="https://en.wikipedia.org/wiki/Multi-factor_authentication" rel="nofollow">multi-factor authentication</a>. It is a method to confirm a user&#039;s claimed identity by using a combination of two different factors :
</p>
<ol>
<li class="level1"><div class="li"> something they know <em>(password,…)</em>,</div>
<li class="level1"><div class="li"> something they know <em>(login / password, …)</em>,</div>
</li>
<li class="level1"><div class="li"> something they have <em>(U2F key, smartphone,…)</em>, or something they are <em>(biometrics)</em>.</div>
<li class="level1"><div class="li"> something they have <em>(U2F Key, smartphone, …) or </em> </div>
</li>
<li class="level1"><div class="li"> something they are <em>(biometrics like fingerprints, …)</em>.</div>
</li>
</ol>
<p>
Since 2.0, LLNG provides some second factor plugins that can be used to complement auth module for 2FA:
Since 2.0, LL-NG provides some second factor plugins that can be used to complete authentication module with 2FA :
</p>
<ul>
<li class="level1"><div class="li"> <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">U2F tokens</a></div>
......@@ -67,26 +87,60 @@ Since 2.0, LLNG provides some second factor plugins that can be used to compleme
</li>
<li class="level1"><div class="li"> <a href="utotp2f.html" class="wikilink1" title="documentation:2.0:utotp2f">U2F-or-TOTP</a> <em>(enable both U2F and TOTP)</em></div>
</li>
<li class="level1"><div class="li"> <a href="yubikey2f.html" class="wikilink1" title="documentation:2.0:yubikey2f">Yubikey tokens</a></div>
<li class="level1"><div class="li"> <a href="yubikey2f.html" class="wikilink1" title="documentation:2.0:yubikey2f">Yubikey tokens</a> <em> provide by Yubico</em> </div>
</li>
<li class="level1"><div class="li"> <a href="rest2f.html" class="wikilink1" title="documentation:2.0:rest2f">REST</a> <em>(to call an external command)</em></div>
<li class="level1"><div class="li"> <a href="rest2f.html" class="wikilink1" title="documentation:2.0:rest2f">REST</a> <em>(to call an external command)</em> </div>
</li>
<li class="level1"><div class="li"> <a href="external2f.html" class="wikilink1" title="documentation:2.0:external2f">External 2F</a> <em>(Remote REST app)</em></div>
<li class="level1"><div class="li"> <a href="external2f.html" class="wikilink1" title="documentation:2.0:external2f">External 2F</a> <em>(Remote REST app) </em> </div>
</li>
</ul>
</div>
<!-- EDIT1 SECTION "Second factors" [1-926] -->
<h2 class="sectionedit2" id="developer_corner">Developer corner</h2>
<!-- EDIT1 SECTION "Second Factors" [1-994] -->
<h2 class="sectionedit2" id="providing_tokens_from_an_external_source">Providing tokens from an external source</h2>
<div class="level2">
<p>
To develop a new 2FA plugin, read the <code>Lemonldap::NG::Portal::Main::SecondFactor (3pm)</code> manpage. Your 2F module must be a Perl class named <code>Lemonldap::NG::Portal::2F::<em>&lt;custom_name&gt;</em></code> To enable it, you can set <code>available2f</code> key in your <code>lemonldap-ng.ini</code> file:
If you don&#039;t want to use self-registration features for U2F, TOTP and so on, you can set tokens by yourself <em>(in your LDAP server for example)</em> and map it to <code>_2fDevices</code> attribute. <code>_2fDevices</code> is a JSON array that contains token descriptions :
</p>
<pre class="code json">[ {&quot;type&quot; : &quot;TOTP&quot;, &quot;name&quot; : &quot;MyTOTP&quot;, …}, {&lt;other_token&gt;}, …]</pre>
</div>
<!-- EDIT2 SECTION "Providing tokens from an external source" [995-1388] -->
<h3 class="sectionedit3" id="u2f_tokens">U2F Tokens</h3>
<div class="level3">
<pre class="code json">{&quot;name&quot; : &quot;MyU2FKey&quot; , &quot;type&quot; : &quot;U2F&quot; , &quot;_userKey&quot; : &quot;########&quot; , &quot;_keyHandle&quot;:&quot;########&quot; , &quot;epoch&quot;:&quot;1524078936&quot;}</pre>
</div>
<!-- EDIT3 SECTION "U2F Tokens" [1389-1546] -->
<h3 class="sectionedit4" id="totp_tokens">TOTP Tokens</h3>
<div class="level3">
<pre class="code json">{&quot;name&quot; : &quot;MyTOTP&quot; , &quot;type&quot; : &quot;TOTP&quot; , &quot;_secret&quot; : &quot;########&quot; , &quot;epoch&quot; : &quot;1523817955&quot;}</pre>
</div>
<!-- EDIT4 SECTION "TOTP Tokens" [1547-1679] -->
<h3 class="sectionedit5" id="yubikey_tokens">Yubikey Tokens</h3>
<div class="level3">
<pre class="code json">{&quot;name&quot; : &quot;MyYubikey&quot; , &quot;type&quot; : &quot;UBK&quot; , &quot;_yubikey&quot; : &quot;########&quot; , &quot;epoch&quot; : &quot;1523817715&quot;}</pre>
</div>
<!-- EDIT5 SECTION "Yubikey Tokens" [1680-1818] -->
<h2 class="sectionedit6" id="developper_corner">Developper corner</h2>
<div class="level2">
<p>
To developpe a new 2FA plugin, read <code>Lemonldap::NG::Portal::Main::SecondFactor (3pm)</code> manpage. Your 2F module must be a Perl class named <code>Lemonldap::NG::Portal::2F::<em>&lt;custom_name&gt;</em></code>. To enable it, set <code>available2F</code> key in your <code>lemonldap-ng.ini</code> file :
</p>
<pre class="code ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">available2F</span> <span class="sy0">=</span><span class="re2"> U2F,TOTP,&lt;custom_name&gt;</span></pre>
<p>
To enable manager Second Factor Administration Module, set <code>enabledModules</code> key in your <code>lemonldap-ng.ini</code> file :
</p>
<pre class="code ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">enabledModules</span> <span class="sy0">=</span><span class="re2"> conf, sessions, notifications, 2ndFA</span></pre>
</div>
<!-- EDIT2 SECTION "Developer corner" [927-] --></div>
<!-- EDIT6 SECTION "Developper corner" [1819-] --></div>
</body>
</html>
......@@ -443,19 +443,19 @@ Handlers are software control agents to install on your web servers <em>(Nginx,
<td class="col0"> <a href="cda.html" class="wikilink1" title="documentation:2.0:cda">CDA</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4"> For Cross Domain Authentication </td><td class="col5"></td>
</tr>
<tr class="row4 roweven">
<td class="col0"> <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps</a> <em>(SSOaaS)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4"> Allows application developers to define their rules within the application </td><td class="col5"></td>
<td class="col0"> <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps</a> <em>(SSOaaS)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"> </td><td class="col4"> Allows application developers to define their rules within the application </td><td class="col5"></td>
</tr>
<tr class="row5 rowodd">
<td class="col0"> <a href="securetoken.html" class="wikilink1" title="documentation:2.0:securetoken">Secure Token</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4"> Designed to secure dialog between a LLNG reverse-proxy and a remote app </td><td class="col5"></td>
</tr>
<tr class="row6 roweven">
<td class="col0"> <a href="servertoserver.html" class="wikilink1" title="documentation:2.0:servertoserver">Service Token</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> <em>(Server-to-Server)</em> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4"> Designed to permits underlying requests <em>(<abbr title="Application Programming Interface">API</abbr>-Based Infrastructure)</em> </td><td class="col5"></td>
<td class="col0"> <a href="servertoserver.html" class="wikilink1" title="documentation:2.0:servertoserver">Service Token</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> <em>(Server-to-Server)</em> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"> </td><td class="col4"> Designed to permits underlying requests <em>(<abbr title="Application Programming Interface">API</abbr>-Based Infrastructure)</em> </td><td class="col5"></td>
</tr>
<tr class="row7 rowodd">
<td class="col0"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra PreAuth</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT12 TABLE [5637-6483] -->
<!-- EDIT12 TABLE [5637-6493] -->
<p>
<em>(*): <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:nodehandler">Node.js handler</a> has not yet reached the same level of functionality.</em>
</p>
......@@ -465,7 +465,7 @@ Handlers are software control agents to install on your web servers <em>(Nginx,
</p>
</div>
<!-- EDIT11 SECTION "Handlers" [5399-6606] -->
<!-- EDIT11 SECTION "Handlers" [5399-6616] -->
<h3 class="sectionedit13" id="llng_databases">LLNG databases</h3>
<div class="level3">
......@@ -511,7 +511,7 @@ Handlers are software control agents to install on your web servers <em>(Nginx,
<td class="col0 centeralign"> <a href="restconfbackend.html" class="wikilink1" title="documentation:2.0:restconfbackend">REST</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 leftalign"> Proxy backend to be used in conjunction with another configuration backend. <br/><strong>Can be used to secure another backend</strong> for remote servers. </td>
</tr>
</table></div>
<!-- EDIT14 TABLE [6905-7887] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
<!-- EDIT14 TABLE [6915-7897] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
</div>
<p>
</div></div>
......@@ -566,13 +566,13 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
<strong>Can be used to secure another backend</strong> for remote servers. </td>
</tr>
</table></div>
<!-- EDIT15 TABLE [8752-10431] -->
<!-- EDIT15 TABLE [8762-10441] -->
<p>
</div></div>
</p>
</div>
<!-- EDIT13 SECTION "LLNG databases" [6607-10459] -->
<!-- EDIT13 SECTION "LLNG databases" [6617-10469] -->
<h2 class="sectionedit16" id="applications_protection">Applications protection</h2>
<div class="level2">
......@@ -601,7 +601,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT16 SECTION "Applications protection" [10460-10950] -->
<!-- EDIT16 SECTION "Applications protection" [10470-10960] -->
<h3 class="sectionedit17" id="well_known_compatible_applications">Well known compatible applications</h3>
<div class="level3">
<div class="noteclassic">Here is a list of well known applications that are compatible with <abbr title="LemonLDAP::NG">LL::NG</abbr>. A full list is available on <a href="applications.html" class="wikilink1" title="documentation:2.0:applications">vendor applications page</a>.
......@@ -699,7 +699,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT17 SECTION "Well known compatible applications" [10951-13164] -->
<!-- EDIT17 SECTION "Well known compatible applications" [10961-13174] -->
<h2 class="sectionedit18" id="advanced_features">Advanced features</h2>
<div class="level2">
......@@ -756,7 +756,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT18 SECTION "Advanced features" [13165-14306] -->
<!-- EDIT18 SECTION "Advanced features" [13175-14316] -->
<h2 class="sectionedit19" id="mini_howtos">Mini howtos</h2>
<div class="level2">
......@@ -766,6 +766,8 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</div><div class="col-md-11">
</p>
<ul>
<li class="level1"><div class="li"> <a href="cli_examples.html" class="wikilink1" title="documentation:2.0:cli_examples">Command Line Interface (lemonldap-ng-cli) examples</a></div>
</li>
<li class="level1"><div class="li"> <a href="managerprotection.html" class="wikilink1" title="documentation:2.0:managerprotection">Modify Manager protection</a></div>
</li>
<li class="level1"><div class="li"> <a href="mysqlminihowto.html" class="wikilink1" title="documentation:2.0:mysqlminihowto">Configuration and sessions in MySQL</a></div>
......@@ -787,7 +789,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT19 SECTION "Mini howtos" [14307-14976] -->
<!-- EDIT19 SECTION "Mini howtos" [14317-15058] -->
<h2 class="sectionedit20" id="exploitation">Exploitation</h2>
<div class="level2">
......@@ -820,7 +822,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT20 SECTION "Exploitation" [14977-15397] -->
<!-- EDIT20 SECTION "Exploitation" [15059-15479] -->
<h2 class="sectionedit21" id="bug_report">Bug report</h2>
<div class="level2">
......@@ -829,7 +831,7 @@ See <a href="bugreport.html" class="wikilink1" title="bugreport">How to report a
</p>
</div>
<!-- EDIT21 SECTION "Bug report" [15398-15462] -->
<!-- EDIT21 SECTION "Bug report" [15480-15544] -->
<h2 class="sectionedit22" id="developer_corner">Developer corner</h2>
<div class="level2">
......@@ -900,6 +902,6 @@ To translate this doc (Manager help):
</ul>
</div>
<!-- EDIT22 SECTION "Developer corner" [15463-] --></div>
<!-- EDIT22 SECTION "Developer corner" [15545-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:totp2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,totp2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="totp2f.html"/>
......@@ -68,7 +68,7 @@
<p>
LLNG can propose to users to register this kind of software to increase authentication level.
</p>
<div class="notetip">Note that it&#039;s a second factor, not an authentication module. Users are authenticated by both login form and TOTP.
<div class="notetip">Note that it&#039;s a second factor, not an authentication module. Users are authenticated both by login form and TOTP.
</div>
</div>
<!-- EDIT1 SECTION "TOTP 2nd Factor Authentication (U2F)" [1-633] -->
......@@ -81,7 +81,7 @@ In the manager (advanced parameters), you just have to enable it:
<ul>
<li class="level1"><div class="li"> TOTP ⇒ Activation: set it to “on”</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Self registration: set it to “on” if users are authorizated to generate themselves TOTP secret</div>
<li class="level1"><div class="li"> TOTP ⇒ Self registration: set it to “on” if users are authorized to generate themselves a TOTP secret</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Authentication level: you can overwrite here auth level for TOTP registered users. Leave it blank keeps auth level provided by first authentication module <em>(default: 2 for user/password based modules)</em>. <strong>It is recommended to set an higher value here if you want to give access to some apps only to users enrolled</strong></div>
</li>
......@@ -91,17 +91,17 @@ In the manager (advanced parameters), you just have to enable it:
</li>
<li class="level1"><div class="li"> TOTP ⇒ Range: number of additional intervals to test (default: 1)</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Digits: number of digit of codes (default: 6)</div>
<li class="level1"><div class="li"> TOTP ⇒ Digits: number of digit by codes (default: 6)</div>
</li>