Commit 84eeb262 authored by Xavier Guimard's avatar Xavier Guimard

Doc update

parent 4d72392c
......@@ -90,8 +90,8 @@ install: build
$(CURDIR)/debian/tmp$(LMSHAREDIR)/portal-skins/*/ -type f -name *.tpl)
# TODO: uncomment this for official releases
#test -n "$$LOCALBUILD" || ./scripts/minifierjs $$(find debian/tmp/ -name '*.js')
#test -n "$$LOCALBUILD" || ./scripts/minifiercss $$(find debian/tmp/ -name '*.css')
test -n "$$LOCALBUILD" || ./scripts/minifierjs $$(find debian/tmp/ -name '*.js')
test -n "$$LOCALBUILD" || ./scripts/minifiercss $$(find debian/tmp/ -name '*.css')
# Move perl scripts in /usr/share, links are created by *.postinst scripts
mkdir debian/tmp/usr/share/lemonldap-ng/manager debian/tmp/usr/share/lemonldap-ng/portal
......
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="using_lemonldapng_with_active-directory" id="using_lemonldapng_with_active-directory">Using Lemonldap::NG with Active-Directory</a></h1>
<div class="level1">
</div>
<!-- SECTION "Using Lemonldap::NG with Active-Directory" [1-57] -->
<h2><a name="using_active-directory_as_authentication_backend" id="using_active-directory_as_authentication_backend">Using Active-Directory as authentication backend</a></h2>
<div class="level2">
<p>
To use Active-Directory as <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> backend, you must change few things in the manager :
</p>
<ul>
<li class="level1"><div class="li"> Use “<acronym title="Lightweight Directory Access Protocol">LDAP</acronym>” as authentication and userDB backends,</div>
</li>
<li class="level1"><div class="li"> Configure authentication filter <em>(“General Parameters » Authentication modules » <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> parameters » Filters”)</em> with:</div>
</li>
</ul>
<pre class="code">
(&amp;(sAMAccountName=$user)(objectClass=person))
</pre>
<ul>
<li class="level1"><div class="li"> Export sAMAccountName in a variable declared in <a href="../../documentation/1.0/exportedvars.html" class="wikilink1" title="documentation:1.0:exportedvars">exported variables</a></div>
</li>
<li class="level1"><div class="li"> Change the user attribute to store in Apache logs <em>(“General Parameters » Logs » REMOTE_USER”)</em>: use the variable declared above</div>
</li>
</ul>
</div>
<!-- SECTION "Using Active-Directory as authentication backend" [58-670] -->
<h2><a name="using_kerberos" id="using_kerberos">Using Kerberos</a></h2>
<div class="level2">
<p>
Two steps here:
</p>
<ul>
<li class="level1"><div class="li"> Choose “Apache” as authentication module <em>(“General Parameters » Authentication modules » Authentication module”)</em></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/authapache.html" class="wikilink1" title="documentation:1.0:authapache">Configure the Apache server</a> that host the portal</div>
</li>
</ul>
</div>
<!-- SECTION "Using Kerberos" [671-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
......@@ -93,15 +93,15 @@ Applications listed bellow are known to be easy to integrate in <acronym title="
<div class="level4">
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> GRR </th><th class="col1 leftalign"> phpLDAPadmin </th>
<th class="col0 centeralign"> GRR </th><th class="col1 leftalign"> phpLDAPadmin </th><th class="col2 centeralign"> LinShare </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="../../documentation/1.0/applications/grr.html" class="media" title="documentation:1.0:applications:grr"><img src="../../../media/applications/grr_logo.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="../../documentation/1.0/applications/phpldapadmin.html" class="media" title="documentation:1.0:applications:phpldapadmin"><img src="../../../media/applications/phpldapadmin_logo.png" class="media" alt="" /></a> </td>
<td class="col0 centeralign"> <a href="../../documentation/1.0/applications/grr.html" class="media" title="documentation:1.0:applications:grr"><img src="../../../media/applications/grr_logo.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="../../documentation/1.0/applications/phpldapadmin.html" class="media" title="documentation:1.0:applications:phpldapadmin"><img src="../../../media/applications/phpldapadmin_logo.png" class="media" alt="" /></a> </td><td class="col2 centeralign"> <a href="http://www.linpki.org/projects/linshare/wiki/HttpHeaderSSOEN" class="media" title="http://www.linpki.org/projects/linshare/wiki/HttpHeaderSSOEN" rel="nofollow"><img src="../../../media/applications/linshare_logo.png" class="media" alt="" /></a> </td>
</tr>
</table>
</div>
<!-- SECTION "Wiki" [498-1216] -->
<!-- SECTION "Wiki" [498-1335] -->
<h2><a name="connectors" id="connectors">Connectors</a></h2>
<div class="level2">
<table class="inline">
......@@ -114,7 +114,7 @@ Applications listed bellow are known to be easy to integrate in <acronym title="
</table>
</div>
<!-- SECTION "Connectors" [1217-1477] -->
<!-- SECTION "Connectors" [1336-1596] -->
<h2><a name="saml_connectors" id="saml_connectors">SAML connectors</a></h2>
<div class="level2">
<table class="inline">
......@@ -127,4 +127,4 @@ Applications listed bellow are known to be easy to integrate in <acronym title="
</table>
</div>
<!-- SECTION "SAML connectors" [1478-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
<!-- SECTION "SAML connectors" [1597-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
......@@ -211,7 +211,7 @@ To add these attributes, go in Manager, <code>Variables</code> » <code>Exported
</p>
<p>
<p><div class="noteimportant">If you plan to forward user&#039;s password to OBM, then you have to keep the password in session: <code>General Parameters</code> » <code>Sessions</code> » <code>Store password in session</code>
<p><div class="noteimportant">If you plan to forward user&#039;s password to OBM, then you have to <a href="../../../documentation/1.0/passwordstore.html" class="wikilink1" title="documentation:1.0:passwordstore">keep the password in session</a>.
</div></p>
</p>
......
......@@ -44,7 +44,7 @@
</p>
<p>
<p><div class="notetip"><acronym title="LemonLDAP::NG">LL::NG</acronym> can also act as <a href="../../documentation/1.0/idpcas.html" class="wikilink2" title="documentation:1.0:idpcas" rel="nofollow">CAS server</a>, that allows to interconnect two <acronym title="LemonLDAP::NG">LL::NG</acronym> systems.
<p><div class="notetip"><acronym title="LemonLDAP::NG">LL::NG</acronym> can also act as <a href="../../documentation/1.0/idpcas.html" class="wikilink1" title="documentation:1.0:idpcas">CAS server</a>, that allows to interconnect two <acronym title="LemonLDAP::NG">LL::NG</acronym> systems.
</div></p>
</p>
......
......@@ -44,7 +44,7 @@ By default, only the configured authentication backend is available for users.
</p>
<p>
Contrary to <a href="../../documentation/1.0/authmulti.html" class="wikilink2" title="documentation:1.0:authmulti" rel="nofollow">multiple backend stacking</a>, backend choice will present all available authentication methods to users, who will choose the one they want.
Contrary to <a href="../../documentation/1.0/authmulti.html" class="wikilink1" title="documentation:1.0:authmulti">multiple backend stacking</a>, backend choice will present all available authentication methods to users, who will choose the one they want.
</p>
<p>
......
......@@ -58,8 +58,20 @@
This works with every <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> v2 or v3 server, including Active Directory.
</p>
<p>
<acronym title="LemonLDAP::NG">LL::NG</acronym> is compatible with <a href="https://opends.dev.java.net/public/standards/draft-behera-ldap-password-policy.txt" class="urlextern" title="https://opends.dev.java.net/public/standards/draft-behera-ldap-password-policy.txt" rel="nofollow">LDAP password policy</a>:
</p>
<ul>
<li class="level1"><div class="li"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> server can check password strength, and <acronym title="LemonLDAP::NG">LL::NG</acronym> portal will display correct errors (password too short, password in history, etc.)</div>
</li>
<li class="level1"><div class="li"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> sever can block brute-force attacks, and <acronym title="LemonLDAP::NG">LL::NG</acronym> will display that account is locked</div>
</li>
<li class="level1"><div class="li"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> server can force password change on first connection, and <acronym title="LemonLDAP::NG">LL::NG</acronym> portal will display a password change form before opening <acronym title="Single Sign On">SSO</acronym> session</div>
</li>
</ul>
</div>
<!-- SECTION "Presentation" [85-373] -->
<!-- SECTION "Presentation" [85-885] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
......@@ -69,7 +81,7 @@ In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modu
</p>
</div>
<!-- SECTION "Configuration" [374-538] -->
<!-- SECTION "Configuration" [886-1050] -->
<h3><a name="authentication_level" id="authentication_level">Authentication level</a></h3>
<div class="level3">
......@@ -95,7 +107,7 @@ As <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> is a lo
</p>
</div>
<!-- SECTION "Authentication level" [539-904] -->
<!-- SECTION "Authentication level" [1051-1416] -->
<h3><a name="connection" id="connection">Connection</a></h3>
<div class="level3">
<ul>
......@@ -126,7 +138,7 @@ As <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> is a lo
</ul>
</div>
<!-- SECTION "Connection" [905-2096] -->
<!-- SECTION "Connection" [1417-2608] -->
<h3><a name="filters" id="filters">Filters</a></h3>
<div class="level3">
......@@ -171,7 +183,7 @@ And this as mail filter:
</p>
</div>
<!-- SECTION "Filters" [2097-2741] -->
<!-- SECTION "Filters" [2609-3253] -->
<h3><a name="groups" id="groups">Groups</a></h3>
<div class="level3">
<ul>
......@@ -192,7 +204,7 @@ And this as mail filter:
</ul>
</div>
<!-- SECTION "Groups" [2742-3576] -->
<!-- SECTION "Groups" [3254-4088] -->
<h3><a name="password" id="password">Password</a></h3>
<div class="level3">
<ul>
......@@ -207,4 +219,4 @@ And this as mail filter:
</ul>
</div>
<!-- SECTION "Password" [3577-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
<!-- SECTION "Password" [4089-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="stack_multiple_backends_authmulti" id="stack_multiple_backends_authmulti">Stack multiple backends (AuthMulti)</a></h1>
<div class="level1">
<table class="inline">
<tr class="row0 roweven">
<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2"> </td>
</tr>
</table>
</div>
<!-- SECTION "Stack multiple backends (AuthMulti)" [1-109] -->
<h2><a name="presentation" id="presentation">Presentation</a></h2>
<div class="level2">
<p>
This backend allows to chain authentication method, for example to failback to <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> authentication if Remote authentication failed…
</p>
</div>
<!-- SECTION "Presentation" [110-270] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
<p>
You have to use “Multi” as authentication module. This scheme expect a parameter, which is the authentication chain.
</p>
<p>
For example:
</p>
<pre class="code">
Multi CAS;LDAP
</pre>
<p>
If <acronym title="Central Authentication Service">CAS</acronym> failed, <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> will be used.
</p>
<p>
You can also add a condition. Example:
</p>
<pre class="code">
Multi Remote $ENV{REMOTE_ADDR}=~/^192/;LDAP $ENV{REMOTE_ADDR}!~/^192/&#039;
</pre>
<p>
<p><div class="notetip">If Multi is used for authentication and user database, it will try to use the same module. Example, if you have “<acronym title="Database Interface">DBI</acronym>;<acronym title="Lightweight Directory Access Protocol">LDAP</acronym>” and <acronym title="Database Interface">DBI</acronym> failed for authentication, Multi will try first to call <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> as user database.
</div></p>
</p>
</div>
<!-- SECTION "Configuration" [271-849] -->
<h3><a name="advanced_configuration" id="advanced_configuration">Advanced configuration</a></h3>
<div class="level3">
<p>
The “Multi” system can :
</p>
<ul>
<li class="level1"><div class="li"> stack several times the same module with a different name</div>
</li>
<li class="level1"><div class="li"> overload any <acronym title="LemonLDAP::NG">LL::NG</acronym> parameter when a specific backend is used</div>
</li>
</ul>
<p>
<p><div class="notetip">Overloading is not available trough the manager
</div></p>
</p>
<p>
To stack several times the same module, use ”#name” with different names. Example:
</p>
<pre class="code">
Multi LDAP#Openldap; LDAP#ActiveDirectory
</pre>
<p>
Then you can have different parameters for each stored in a <acronym title="Practical Extraction and Report Language">Perl</acronym> hash entry named multi:
</p>
<pre class="code perl">multi <span class="sy0">=&gt;</span> <span class="br0">&#123;</span>
<span class="st_h">'LDAP#Openldap'</span> <span class="sy0">=&gt;</span> <span class="br0">&#123;</span>
ldapServer <span class="sy0">=&gt;</span> <span class="st_h">'ldap1.example.com'</span><span class="sy0">,</span>
LDAPFilter <span class="sy0">=&gt;</span> <span class="st_h">'(uid=$user)'</span><span class="sy0">,</span>
<span class="br0">&#125;</span><span class="sy0">,</span>
<span class="st_h">'LDAP#ActiveDirectory'</span> <span class="sy0">=&gt;</span> <span class="br0">&#123;</span>
ldapServer <span class="sy0">=&gt;</span> <span class="st_h">'ldaps://ad.example.com'</span><span class="sy0">,</span>
LDAPFilter <span class="sy0">=&gt;</span> <span class="st_h">'(&amp;(sAMAccountName=$user)(objectClass=person))'</span><span class="sy0">,</span>
<span class="br0">&#125;</span>
<span class="br0">&#125;</span><span class="sy0">,</span></pre>
<p>
This key must be stored directly in portal index.pl file or in lemonldap-ng.ini:
</p>
<ul>
<li class="level1"><div class="li"> for index.pl, set it in new():</div>
</li>
</ul>
<pre class="code perl"><span class="kw1">my</span> <span class="re0">$portal</span> <span class="sy0">=</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">SharedConf</span><span class="sy0">-&gt;</span><span class="me1">new</span><span class="br0">&#40;</span><span class="br0">&#123;</span>
multi <span class="sy0">=&gt;</span> <span class="br0">&#123;</span>
<span class="st_h">'LDAP#Openldap'</span> <span class="sy0">=&gt;</span> <span class="br0">&#123;</span>
ldapServer <span class="sy0">=&gt;</span> <span class="st_h">'ldap1.example.com'</span><span class="sy0">,</span>
LDAPFilter <span class="sy0">=&gt;</span> <span class="st_h">'(uid=$user)'</span><span class="sy0">,</span>
<span class="br0">&#125;</span><span class="sy0">,</span>
<span class="st_h">'LDAP#ActiveDirectory'</span> <span class="sy0">=&gt;</span> <span class="br0">&#123;</span>
ldapServer <span class="sy0">=&gt;</span> <span class="st_h">'ldaps://ad.example.com'</span><span class="sy0">,</span>
LDAPFilter <span class="sy0">=&gt;</span> <span class="st_h">'(&amp;(sAMAccountName=$user)(objectClass=person))'</span><span class="sy0">,</span>
<span class="br0">&#125;</span>
<span class="br0">&#125;</span><span class="sy0">,</span>
<span class="br0">&#125;</span><span class="br0">&#41;</span></pre>
<ul>
<li class="level1"><div class="li"> or to use lemonldap-ng.ini, install it (one line only) in [portal] section:</div>
</li>
</ul>
<pre class="code ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">multi</span> <span class="sy0">=</span><span class="re2"> <span class="br0">&#123;</span>'LDAP#Openldap'<span class="sy0">=</span>&gt;<span class="br0">&#123;</span>ldapServer<span class="sy0">=</span>&gt;'ldap1.example.com',LDAPFilter<span class="sy0">=</span>&gt;'<span class="br0">&#40;</span>uid<span class="sy0">=</span>$user<span class="br0">&#41;</span>'<span class="br0">&#125;</span>,'LDAP#ActiveDirectory'<span class="sy0">=</span>&gt;<span class="br0">&#123;</span>ldapServer<span class="sy0">=</span>&gt;'ldaps://ad.example.com',LDAPFilter<span class="sy0">=</span>&gt;'<span class="br0">&#40;</span>&amp;<span class="br0">&#40;</span>sAMAccountName<span class="sy0">=</span>$user<span class="br0">&#41;</span><span class="br0">&#40;</span>objectClass<span class="sy0">=</span>person<span class="br0">&#41;</span><span class="br0">&#41;</span>'<span class="br0">&#125;</span><span class="br0">&#125;</span></span></pre>
</div>
<!-- SECTION "Advanced configuration" [850-2416] -->
<h2><a name="known_problems" id="known_problems">Known problems</a></h2>
<div class="level2">
</div>
<!-- SECTION "Known problems" [2417-2444] -->
<h3><a name="authapache_authentication" id="authapache_authentication">AuthApache authentication</a></h3>
<div class="level3">
<p>
When using this module, <acronym title="LemonLDAP::NG">LL::NG</acronym> portal will be called only if Apache does not return “401 Authentication required”, but this is not the Apache behaviour: if the auth module fails, Apache returns 401. We&#039;re studying a future solution for this…
</p>
</div>
<!-- SECTION "AuthApache authentication" [2445-2726] -->
<h3><a name="ssl_authentication" id="ssl_authentication">SSL authentication</a></h3>
<div class="level3">
<p>
To chain <acronym title="Secure Sockets Layer">SSL</acronym>, you have to set “SSLRequire optional” in Apache configuration, else users will be authenticated by <acronym title="Secure Sockets Layer">SSL</acronym> only.
</p>
</div>
<!-- SECTION "SSL authentication" [2727-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
......@@ -44,7 +44,7 @@
</p>
<p>
<p><div class="notetip"><acronym title="LemonLDAP::NG">LL::NG</acronym> can also act as <a href="../../documentation/1.0/idpopenid.html" class="wikilink2" title="documentation:1.0:idpopenid" rel="nofollow">OpenID server</a>, that allows to interconnect two <acronym title="LemonLDAP::NG">LL::NG</acronym> systems.
<p><div class="notetip"><acronym title="LemonLDAP::NG">LL::NG</acronym> can also act as <a href="../../documentation/1.0/idpopenid.html" class="wikilink1" title="documentation:1.0:idpopenid">OpenID server</a>, that allows to interconnect two <acronym title="LemonLDAP::NG">LL::NG</acronym> systems.
</div></p>
</p>
......
......@@ -35,7 +35,7 @@
<p>
<p><div class="notetip">This module is a <acronym title="LemonLDAP::NG">LL::NG</acronym> specific identity federation protocol. You may rather use standards protocols like <a href="../../documentation/1.0/idpsaml.html" class="wikilink1" title="documentation:1.0:idpsaml">SAML</a>, <a href="../../documentation/1.0/idpopenid.html" class="wikilink1" title="documentation:1.0:idpopenid">OpenID</a> or <a href="../../documentation/1.0/idpcas.html" class="wikilink2" title="documentation:1.0:idpcas" rel="nofollow">CAS</a>.
<p><div class="notetip">This module is a <acronym title="LemonLDAP::NG">LL::NG</acronym> specific identity federation protocol. You may rather use standards protocols like <a href="../../documentation/1.0/idpsaml.html" class="wikilink1" title="documentation:1.0:idpsaml">SAML</a>, <a href="../../documentation/1.0/idpopenid.html" class="wikilink1" title="documentation:1.0:idpopenid">OpenID</a> or <a href="../../documentation/1.0/idpcas.html" class="wikilink1" title="documentation:1.0:idpcas">CAS</a>.
</div></p>
</p>
......
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="cross_domain_authentication" id="cross_domain_authentication">Cross Domain Authentication</a></h1>
<div class="level1">
</div>
<!-- SECTION "Cross Domain Authentication" [1-43] -->
<h2><a name="presentation" id="presentation">Presentation</a></h2>
<div class="level2">
<div class="plugin_include_content" id="plugin_include__documentation:presentation">
<div class="level3">
<p>
<p><div class="noteclassic">For security reason, a cookie provided for a domain cannot be sent to another domain. To extend <acronym title="Single Sign On">SSO</acronym> on several domains, a cross-domain mechanism is implemented in LemonLDAP::NG.
</div></p>
</p>
<ol>
<li class="level1"><div class="li"> User owns <a href="../../documentation/latest/ssocookie.html#sso_cookie" class="wikilink1" title="documentation:latest:ssocookie">SSO cookies</a> on the main domain (see <a href="../../documentation/presentation.html#login" class="wikilink1" title="documentation:presentation">Login kinematics</a>)</div>
</li>
<li class="level1"><div class="li"> User tries to access a protected application in a different domain</div>
</li>
<li class="level1"><div class="li"> Handler does not see <a href="../../documentation/latest/ssocookie.html#sso_cookie" class="wikilink1" title="documentation:latest:ssocookie">SSO cookies</a> (because it is not in main domain) and redirects user on Portal</div>
</li>
<li class="level1"><div class="li"> Portal recognizes the user with its <a href="../../documentation/latest/ssocookie.html#sso_cookie" class="wikilink1" title="documentation:latest:ssocookie">SSO cookies</a>, and see he is coming from a different domain</div>
</li>
<li class="level1"><div class="li"> Portal redirects user on protected application with his session ID as <acronym title="Uniform Resource Locator">URL</acronym> parameter</div>
</li>
<li class="level1"><div class="li"> Handler detects <acronym title="Uniform Resource Locator">URL</acronym> parameter and create a <a href="../../documentation/latest/ssocookie.html#sso_cookie" class="wikilink1" title="documentation:latest:ssocookie">SSO cookies</a> on its domain, with session ID as value</div>
</li>
</ol>
</div>
</div>
<div class="level2">
</div>
<!-- SECTION "Presentation" [44-138] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
<p>
Go in Manager, <code>General Parameters</code> » <code>Cookies</code> » <code>Multiple domains</code> and set to <code>On</code>.
</p>
<p>
To use this feature only locally, edit <code>lemonldap-ng.ini</code> in section [all]:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>all<span class="br0">&#93;</span></span>
<span class="re1">cda</span> <span class="sy0">=</span><span class="re2"> 1</span></pre>
</div>
<!-- SECTION "Configuration" [139-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
......@@ -47,7 +47,7 @@ LemonLDAP::NG configuration is stored in a backend (File, database, …), that a
<p>
Detailled configuration backends documentation is available <a href="../../documentation/1.0/start.html#configuration1" class="wikilink1" title="documentation:1.0:start">here</a>.
Detailled configuration backends documentation is available <a href="../../documentation/1.0/start.html#configuration_database" class="wikilink1" title="documentation:1.0:start">here</a>.
</div></p>
</p>
......@@ -72,7 +72,7 @@ For example, to configure the <code>File</code> configuration backend:
</p>
</div>
<!-- SECTION "Backends" [39-992] -->
<!-- SECTION "Backends" [39-1000] -->
<h2><a name="manager" id="manager">Manager</a></h2>
<div class="level2">
......@@ -165,7 +165,7 @@ Menu style preferences are stored in cookies (1 year duration). You can fix defa
</p>
</div>
<!-- SECTION "Manager" [993-3097] -->
<!-- SECTION "Manager" [1001-3105] -->
<h2><a name="apache" id="apache">Apache</a></h2>
<div class="level2">
......@@ -198,7 +198,7 @@ These files must be included in Apache configuration, either with <code>Include<
</p>
</div>
<!-- SECTION "Apache" [3098-3857] -->
<!-- SECTION "Apache" [3106-3865] -->
<h3><a name="portal" id="portal">Portal</a></h3>
<div class="level3">
......@@ -297,7 +297,7 @@ In Portal virtual host, you will find several configuration parts:
&lt;/Perl&gt;</pre>
</div>
<!-- SECTION "Portal" [3858-6291] -->
<!-- SECTION "Portal" [3866-6299] -->
<h3><a name="manager1" id="manager1">Manager</a></h3>
<div class="level3">
......@@ -328,7 +328,7 @@ Manager virtual host is used to serve configuration interface and local document
&lt;/<span class="kw3">Directory</span>&gt;</pre>
</div>
<!-- SECTION "Manager" [6292-6937] -->
<!-- SECTION "Manager" [6300-6945] -->
<h3><a name="handler" id="handler">Handler</a></h3>
<div class="level3">
<ul>
......@@ -382,7 +382,7 @@ Then, to protect a standard virutal host, the only configuration line to add is:
<pre class="code file apache">PerlHeaderParserHandler My::Package</pre>
</div>
<!-- SECTION "Handler" [6938-8153] -->
<!-- SECTION "Handler" [6946-8161] -->
<h2><a name="configuration_reload" id="configuration_reload">Configuration reload</a></h2>
<div class="level2">
......@@ -427,7 +427,7 @@ The <code>reload</code> target is managed in Apache configuration, inside a virt
</p>
</div>
<!-- SECTION "Configuration reload" [8154-9430] -->
<!-- SECTION "Configuration reload" [8162-9438] -->
<h2><a name="local_file" id="local_file">Local file</a></h2>
<div class="level2">
......@@ -467,7 +467,7 @@ For example, to override configured skin for portal:
</p>
</div>
<!-- SECTION "Local file" [9431-10288] -->
<!-- SECTION "Local file" [9439-10296] -->
<h2><a name="script_files" id="script_files">Script files</a></h2>
<div class="level2">
......@@ -482,7 +482,7 @@ LemonLDAP::NG allows to override any configuration parameter directly in script
</p>
</div>
<!-- SECTION "Script files" [10289-10677] -->
<!-- SECTION "Script files" [10297-10685] -->
<h3><a name="portal1" id="portal1">Portal</a></h3>
<div class="level3">
......@@ -497,7 +497,7 @@ For example, in portal/index.pl:
<span class="br0">&#41;</span><span class="sy0">;</span></pre>
</div>
<!-- SECTION "Portal" [10678-10848] -->
<!-- SECTION "Portal" [10686-10856] -->
<h3><a name="handler1" id="handler1">Handler</a></h3>
<div class="level3">
......@@ -512,4 +512,4 @@ For example, in handler/MyHandler.pm:
<span class="br0">&#41;</span><span class="sy0">;</span></pre>
</div>
<!-- SECTION "Handler" [10849-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
<!-- SECTION "Handler" [10857-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
......@@ -86,7 +86,7 @@ And a protected virtual host with LemonLDAP::NG as reverse proxy:
</p>
<p>
But this magic Apache configuration will let you transform the Auth-User <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> header in <code>REMOTE_USER</code> envronment variable:
But this magic Apache configuration will let you transform the Auth-User <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> header in <code>REMOTE_USER</code> environment variable:
</p>
<pre class="code file apache"><span class="kw1">SetEnvIfNoCase</span> Auth-<span class="kw1">User</span> <span class="st0">&quot;(.*)&quot;</span> REMOTE_USER=$<span class="nu0">1</span></pre>
......@@ -96,7 +96,7 @@ But this magic Apache configuration will let you transform the Auth-User <acrony
</p>
</div>
<!-- SECTION "Apache configuration" [198-1899] -->
<!-- SECTION "Apache configuration" [198-1900] -->
<h2><a name="lemonldapng_configuration" id="lemonldapng_configuration">LemonLDAP::NG configuration</a></h2>
<div class="level2">
......@@ -124,27 +124,27 @@ A virtual host contains:
</ul>
</div>
<!-- SECTION "LemonLDAP::NG configuration" [1900-2387] -->
<!-- SECTION "LemonLDAP::NG configuration" [1901-2388] -->
<h3><a name="access_rules_and_http_headers" id="access_rules_and_http_headers">Access rules and HTTP headers</a></h3>
<div class="level3">
<p>
See <strong><a href="../../documentation/1.0/writingrulesand_headers.html" class="wikilink1" title="documentation:1.0:writingrulesand_headers">Writing rules and headers</a></strong> to learn how to configure access control and <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> headers sent to application by Lemonldap::NG.
See <strong><a href="../../documentation/1.0/writingrulesand_headers.html" class="wikilink1" title="documentation:1.0:writingrulesand_headers">Writing rules and headers</a></strong> to learn how to configure access control and <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> headers sent to application by <acronym title="LemonLDAP::NG">LL::NG</acronym>.
</p>
</div>
<!-- SECTION "Access rules and HTTP headers" [2388-2587] -->
<!-- SECTION "Access rules and HTTP headers" [2389-2581] -->
<h3><a name="post_data" id="post_data">POST data</a></h3>
<div class="level3">
<p>
<img src="/lib/images/smileys/fixme.gif" class="middle" alt="FIXME" /> Add link to form replay page
See <strong><a href="../../documentation/1.0/formreplay.html" class="wikilink1" title="documentation:1.0:formreplay">Form replay</a></strong> to learn how to configure form replay to POST data on protected applications.
</p>
</div>
<!-- SECTION "POST data" [2588-2644] -->
<!-- SECTION "POST data" [2582-2716] -->
<h3><a name="options" id="options">Options</a></h3>
<div class="level3">
......@@ -165,4 +165,4 @@ These options are used to build redirection <acronym title="Uniform Resource Loc
</p>
</div>
<!-- SECTION "Options" [2645-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
<!-- SECTION "Options" [2717-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">