<divclass="noteimportant">This function is not compliant with <ahref="safejail.html"class="wikilink1"title="documentation:2.0:safejail">Safe jail</a>, you will need to disable the jail to use it.
<divclass="notetip">Since version 2.0, this function is now compliant with <ahref="safejail.html"class="wikilink1"title="documentation:2.0:safejail">Safe jail</a>.
</div>
<p>
This function uses the secret key of LLNG configuration to crypt a data. This can be used to anonymize identifier given to the protected application.
...
...
@@ -370,6 +371,16 @@ This function uses the secret key of LLNG configuration to crypt a data. This ca
<preclass="code">encrypt($_whatToTrace)</pre>
</div>
<!-- EDIT12 SECTION "encrypt" [5754-] --></div>
<!-- EDIT12 SECTION "encrypt" [5754-6059] -->
<h3class="sectionedit13"id="token">token</h3>
<divclass="level3">
<p>
This function generates token used to <ahref="servertoserver.html"class="wikilink1"title="documentation:2.0:servertoserver">handle server webservice calls</a>.
<liclass="level1"><divclass="li"><strong>Lemonldap::NG::Common::Logger::Apache2</strong>: use Apache2 logging, levels are stored in Apache2 logs and the level is controlled by <code>LogLevel</code> Apache parameter</div>
</li>
<liclass="level1"><divclass="li"><strong>Lemonldap::NG::Common::Logger::Log4perl</strong>: use <code>Log4perl</code> framework to log <em>(inspired by Java Log4J)</em></div>
</li>
</ul>
<p>
See <ahref="http://httpd.apache.org/docs/current/mod/core.html#loglevel"class="urlextern"title="http://httpd.apache.org/docs/current/mod/core.html#loglevel"rel="nofollow">http://httpd.apache.org/docs/current/mod/core.html#loglevel</a> for more information.
Except for Apache2 and Log4Perl, log level is defined by <code>logLevel</code> parameter set in <code>lemonldap-ng.ini</code> file. Logger configurations are defined in lemonldap-ng.ini. Example:
To configure the user identifier in access log, go in Manager, <code>General Parameters</code>><code>Logging</code>><code>REMOTE_USER</code>.
You can also modify these values in each lemonldap-ng.ini section to have different values for portal, manager and handlers.
</p>
<p>
You can also hide sensitive values in logs (session content can be displayed in logs in debug loglevel). Go in Manager, <code>General Parameters</code>><code>Logging</code>><code>Hidden attributes</code> and set a list of attributes to hide (space separated).
LLNG provides also a username that can be used by webservers in their access log. To configure the user identifier in access log, go in Manager, <code>General Parameters</code>><code>Logging</code>><code>REMOTE_USER</code>.
<liclass="level1"><divclass="li"> Apache handlers use by default Apache2 logger. This logger can't be used for other LLNG components</div>
</li>
<liclass="level1"><divclass="li"> Except when launched by LLNG FastCGI server <em>(used by Nginx)</em>, Portal and Manager use Std logger by default</div>
</li>
<liclass="level1"><divclass="li"> All components lauched by LLNG FastCGI server use Syslog by default</div>
</li>
</ul>
<p>
LemonLDAP::NG can also use syslog (only for user actions).
<liclass="level1"><divclass="li"><strong>error</strong> is used for problems that must be reported to administrator and needs an action. In this case, some feature may not work</div>
</li>
<liclass="level1"><divclass="li"><strong>warn</strong> is used for problems that doesn't block LLNG features but should be solved</div>
</li>
<liclass="level1"><divclass="li"><strong>notice</strong> is used for actions that must be kept in logs</div>
</li>
<liclass="level1"><divclass="li"><strong>info</strong> display some technical information</div>
</li>
<liclass="level1"><divclass="li"><strong>debug</strong> produce a lot a debugging logs</div>
<h3class="sectionedit5"id="log_levels_for_user_actions">Log levels for user actions</h3>
<divclass="level3">
<ul>
<liclass="level1"><divclass="li"><strong>info</strong> for user actions</div>
<liclass="level1"><divclass="li"><strong>error</strong> is used to log bad user actions that looks malicious</div>
</li>
<liclass="level1"><divclass="li"><strong>notice</strong> for good authentications or external exchange (<abbrtitle="Security Assertion Markup Language">SAML</abbr>, OpenID,…)</div>
<liclass="level1"><divclass="li"><strong>warn</strong> is used to log some errors like “bad password”</div>
</li>
<liclass="level1"><divclass="li"><strong>warn</strong> for failed authentications</div>
<liclass="level1"><divclass="li"><strong>notice</strong> is used for actions that must be kept in logs for accounting (connections, logout)</div>
</li>
<liclass="level1"><divclass="li"><strong>info</strong> display some useful information like handler authorizations (at least 1 for each HTTP hit)</div>
The log level can be set with Apache <code>LogLevel</code> parameter. It can be configured globally, or inside a virtual host.
</p>
<p>
See <ahref="http://httpd.apache.org/docs/current/mod/core.html#loglevel"class="urlextern"title="http://httpd.apache.org/docs/current/mod/core.html#loglevel"rel="nofollow">http://httpd.apache.org/docs/current/mod/core.html#loglevel</a> for more information.
<spanclass="re1">userError</span><spanclass="sy0">=</span><spanclass="re2"> sub <spanclass="br0">{</span> my <spanclass="br0">(</span>$self, $message<spanclass="br0">)</span> = @_</span><spanclass="co0">; ... }</span>
<spanclass="re1">userNotice</span><spanclass="sy0">=</span><spanclass="re2"> sub <spanclass="br0">{</span> my <spanclass="br0">(</span>$self, $message<spanclass="br0">)</span> = @_</span><spanclass="co0">; ... }</span></pre>
<divclass="notetip">You need <ahref="http://fedoraproject.org/wiki/EPEL/"class="urlextern"title="http://fedoraproject.org/wiki/EPEL/"rel="nofollow">EPEL</a> repository. See how you can activate this repository: <ahref="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse"class="urlextern"title="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse"rel="nofollow">http://fedoraproject.org/wiki/EPEL/FAQ#howtouse</a>
</div>
...
...
@@ -304,6 +306,6 @@ For Nginx:
<divclass="noteimportant">As you need a recent version of Nginx, the best is to install <ahref="https://www.nginx.com/resources/wiki/start/topics/tutorials/install/#official-red-hat-centos-packages"class="urlextern"title="https://www.nginx.com/resources/wiki/start/topics/tutorials/install/#official-red-hat-centos-packages"rel="nofollow">Nginx official packages</a>.