Documentation update

doc/pages/documentation/current/applications.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:applications</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="noindex,nofollow"/>
+<meta name="robots" content="index,follow"/>
 <meta name="keywords" content="documentation,2.0,applications"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="applications.html"/>
@@ -151,10 +151,16 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
 	<tr class="row1 rowodd">
 		<td class="col0 centeralign">  <a href="applications/grr.html" class="media" title="documentation:2.0:applications:grr"><img src="icons/kmultiple.png" class="media" alt="" /></a>  </td><td class="col1 centeralign">  <a href="applications/phpldapadmin.html" class="media" title="documentation:2.0:applications:phpldapadmin"><img src="icons/kmultiple.png" class="media" alt="" /></a>  </td><td class="col2 centeralign">  <a href="applications/limesurvey.html" class="media" title="documentation:2.0:applications:limesurvey"><img src="icons/kmultiple.png" class="media" title="LimeSurvey" alt="LimeSurvey" width="120" /></a>  </td><td class="col3 centeralign">  <a href="http://help.sap.com/saphelp_nw70/helpdata/en/d0/a3d940c2653126e10000000a1550b0/frameset.htm" class="media" title="http://help.sap.com/saphelp_nw70/helpdata/en/d0/a3d940c2653126e10000000a1550b0/frameset.htm"  rel="nofollow"><img src="icons/kmultiple.png" class="media" title="SAP" alt="SAP" /></a>  </td>
 	</tr>
+	<tr class="row2 roweven">
+		<th class="col0 centeralign">  FusionDirectory  </th><th class="col1"> </th><th class="col2"> </th><th class="col3"> </th>
+	</tr>
+	<tr class="row3 rowodd">
+		<td class="col0 centeralign">  <a href="applications/fusiondirectory.html" class="media" title="documentation:2.0:applications:fusiondirectory"><img src="icons/kmultiple.png" class="media" title="fusiondirectory-logo.jpg" alt="fusiondirectory-logo.jpg" width="120" /></a>  </td><td class="col1"> </td><td class="col2"> </td><td class="col3"> </td>
+	</tr>
 </table></div>
-<!-- EDIT12 TABLE [1252-1655] -->
+<!-- EDIT12 TABLE [1252-1777] -->
 </div>
-<!-- EDIT11 SECTION "Other" [1235-1656] -->
+<!-- EDIT11 SECTION "Other" [1235-1777] -->
 <h2 class="sectionedit13" id="frameworks">Frameworks</h2>
 <div class="level2">
 <div class="table sectionedit14"><table class="inline table table-bordered table-striped">
@@ -167,9 +173,9 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
 		<td class="col0 centeralign">  <a href="applications/spring.html" class="media" title="documentation:2.0:applications:spring"><img src="icons/kmultiple.png" class="media" alt="" /></a>  </td><td class="col1 centeralign">  <a href="applications/django.html" class="media" title="documentation:2.0:applications:django"><img src="icons/kmultiple.png" class="media" alt="" /></a>  </td>
 	</tr>
 </table></div>
-<!-- EDIT14 TABLE [1681-1848] -->
+<!-- EDIT14 TABLE [1802-1969] -->
 </div>
-<!-- EDIT13 SECTION "Frameworks" [1657-1849] -->
+<!-- EDIT13 SECTION "Frameworks" [1778-1970] -->
 <h2 class="sectionedit15" id="connectors">Connectors</h2>
 <div class="level2">
 <div class="table sectionedit16"><table class="inline table table-bordered table-striped">
@@ -190,9 +196,9 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
 <a href="http://fr.lutece.paris.fr" class="urlextern" title="http://fr.lutece.paris.fr"  rel="nofollow">Lutece</a>  </td><td class="col2"> </td>
 	</tr>
 </table></div>
-<!-- EDIT16 TABLE [1874-2365] -->
+<!-- EDIT16 TABLE [1995-2486] -->
 </div>
-<!-- EDIT15 SECTION "Connectors" [1850-2366] -->
+<!-- EDIT15 SECTION "Connectors" [1971-2487] -->
 <h2 class="sectionedit17" id="saml_connectors">SAML connectors</h2>
 <div class="level2">
 <div class="noteclassic">This requires to configure <abbr title="LemonLDAP::NG">LL::NG</abbr> as an <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML Identity Provider</a>.
@@ -212,8 +218,8 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
 		<td class="col0 centeralign">  <a href="applications/nextcloud.html" class="media" title="documentation:2.0:applications:nextcloud"><img src="icons/kmultiple.png" class="media" alt="" /></a>  </td><td class="col1 centeralign">  <a href="applications/adfs.html" class="media" title="documentation:2.0:applications:adfs"><img src="icons/kmultiple.png" class="media" alt="" /></a>  </td><td class="col2 leftalign">  </td><td class="col3 leftalign">  </td>
 	</tr>
 </table></div>
-<!-- EDIT18 TABLE [2486-3028] -->
+<!-- EDIT18 TABLE [2607-3149] -->
 </div>
-<!-- EDIT17 SECTION "SAML connectors" [2367-] --></div>
+<!-- EDIT17 SECTION "SAML connectors" [2488-] --></div>
 </body>
 </html>

doc/pages/documentation/current/applications/django.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:applications:django</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="index,follow"/>
+<meta name="robots" content="noindex,nofollow"/>
 <meta name="keywords" content="documentation,2.0,applications,django"/>
 <link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="django.html"/>
@@ -62,7 +62,7 @@
 <div class="level2">
 
 <p>
-The Django connector is available on GitHub: <a href="https://github.com/9h37/django-lemonldap" class="urlextern" title="https://github.com/9h37/django-lemonldap"  rel="nofollow">https://github.com/9h37/django-lemonldap</a>
+The Django connector is available on GitHub: <a href="https://github.com/rclsilver/django-lemonldap" class="urlextern" title="https://github.com/rclsilver/django-lemonldap"  rel="nofollow">https://github.com/rclsilver/django-lemonldap</a>
 </p>
 
 <p>

doc/pages/documentation/current/applications/fusiondirectory.html

+<!DOCTYPE html>
+<html lang="en" dir="ltr">
+<head>
+  <meta charset="utf-8" />
+  <title>documentation:2.0:applications:fusiondirectory</title>
+<meta name="generator" content="DokuWiki"/>
+<meta name="robots" content="index,follow"/>
+<meta name="keywords" content="documentation,2.0,applications,fusiondirectory"/>
+<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
+<link rel="start" href="fusiondirectory.html"/>
+<link rel="contents" href="fusiondirectory.html" title="Sitemap"/>
+<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
+<!-- //if:usedebianlibs
+  <link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
+//elsif:useexternallibs
+  <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
+//elsif:cssminified
+  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
+//else -->
+  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
+<!-- //endif -->
+<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:fusiondirectory","namespace":"documentation:2.0:applications"};
+/*!]]>*/</script>
+<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
+<!-- //if:usedebianlibs
+<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
+//elsif:useexternallibs
+<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
+//elsif:jsminified
+<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
+//else -->
+<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
+<!-- //endif -->
+<!-- //if:usedebianlibs
+  <script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
+//elsif:useexternallibs
+  <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
+//elsif:jsminified
+  <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
+//else -->
+  <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
+<!-- //endif -->
+</head>
+<body>
+<div class="dokuwiki export container">
+<!-- TOC START -->
+<div id="dw__toc">
+<h3 class="toggle">Table of Contents</h3>
+<div>
+
+<ul class="toc">
+<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
+<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
+<ul class="toc">
+<li class="level2"><div class="li"><a href="#fusiondirectory1">FusionDirectory</a></div></li>
+<li class="level2"><div class="li"><a href="#llng">LL::NG</a></div></li>
+</ul></li>
+</ul>
+</div>
+</div>
+<!-- TOC END -->
+
+<h1 class="sectionedit1" id="fusiondirectory">FusionDirectory</h1>
+<div class="level1">
+
+<p>
+<img src="fusiondirectory-logo.jpeg" class="mediacenter" alt="" />
+</p>
+
+</div>
+<!-- EDIT1 SECTION "FusionDirectory" [1-85] -->
+<h2 class="sectionedit2" id="presentation">Presentation</h2>
+<div class="level2">
+
+<p>
+<a href="https://www.fusiondirectory.org/" class="urlextern" title="https://www.fusiondirectory.org/"  rel="nofollow">FusionDirectory</a> provides a solution to daily management of data stored in an LDAP directory.
+</p>
+
+</div>
+<!-- EDIT2 SECTION "Presentation" [86-242] -->
+<h2 class="sectionedit3" id="configuration">Configuration</h2>
+<div class="level2">
+
+</div>
+<!-- EDIT3 SECTION "Configuration" [243-269] -->
+<h3 class="sectionedit4" id="fusiondirectory1">FusionDirectory</h3>
+<div class="level3">
+
+<p>
+Go in Configuration and in Login and Session panel. Set:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>HTTP Header authentication</strong>: Activate</div>
+</li>
+<li class="level1"><div class="li"> <strong>Header name</strong>: Auth-User</div>
+</li>
+</ul>
+
+<p>
+See also <a href="https://documentation.fusiondirectory.org/en/documentation/admin_installation/core_configuration#login-and-session" class="urlextern" title="https://documentation.fusiondirectory.org/en/documentation/admin_installation/core_configuration#login-and-session"  rel="nofollow">https://documentation.fusiondirectory.org/en/documentation/admin_installation/core_configuration#login-and-session</a>
+</p>
+
+</div>
+<!-- EDIT4 SECTION "FusionDirectory" [270-555] -->
+<h3 class="sectionedit5" id="llng">LL::NG</h3>
+<div class="level3">
+
+<p>
+Just set the <code>Auth-User</code> header with the attribute that carries the user login, for example <code>$uid</code>.
+</p>
+
+</div>
+<!-- EDIT5 SECTION "LL::NG" [556-] --></div>
+</body>
+</html>

doc/pages/documentation/current/applications/img/icons.png

@@ -90,7 +90,7 @@
         <form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
         
         <ul class="nav navbar-nav">
-                    <li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=761151e5c98aa11e440c41e32546ca38"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
+                    <li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=083d765a6c01244c897a27ed8b56cdd7"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
 
       </div>
 
@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
       
     </div><!-- /site -->
 
-    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1492102688" width="2" height="1" alt="" /></div>
+    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1504111293" width="2" height="1" alt="" /></div>
     <div id="screen__mode" class="no">
       <span class="visible-xs"></span>
       <span class="visible-sm"></span>

doc/pages/documentation/current/applications/img/loader.gif

@@ -90,7 +90,7 @@
         <form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
         
         <ul class="nav navbar-nav">
-                    <li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=761151e5c98aa11e440c41e32546ca38"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
+                    <li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=083d765a6c01244c897a27ed8b56cdd7"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
 
       </div>
 
@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
       
     </div><!-- /site -->
 
-    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1492102688" width="2" height="1" alt="" /></div>
+    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1504111293" width="2" height="1" alt="" /></div>
     <div id="screen__mode" class="no">
       <span class="visible-xs"></span>
       <span class="visible-sm"></span>

doc/pages/documentation/current/authapache.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:authapache</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="noindex,nofollow"/>
+<meta name="robots" content="index,follow"/>
 <meta name="keywords" content="documentation,2.0,authapache"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="authapache.html"/>

doc/pages/documentation/current/authcas.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:authcas</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="noindex,nofollow"/>
+<meta name="robots" content="index,follow"/>
 <meta name="keywords" content="documentation,2.0,authcas"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="authcas.html"/>

doc/pages/documentation/current/authcombination.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:authcombination</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="noindex,nofollow"/>
+<meta name="robots" content="index,follow"/>
 <meta name="keywords" content="documentation,2.0,authcombination"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="authcombination.html"/>

doc/pages/documentation/current/authdbi.html

@@ -302,8 +302,28 @@ List of columns to query to fill user session. See also <a href="exportedvars.ht
 <ul>
 <li class="level1"><div class="li"> <strong>Hash schema</strong>: SQL method for hashing password. Can be left blank for plain text passwords.</div>
 </li>
+<li class="level1"><div class="li"> <strong>Dynamic hash activation</strong>: Activate dynamic hashing. With dynamic hashing, the hash scheme is recovered from the user password in the database during authentication.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Supported non-salted schemes</strong>: List of whitespace separated hash schemes. Every hash scheme MUST match a non-salted hash function in the database. LemonLDAP::NG relies on this hashing function for computing user password hashes. These hashes MUST NOT be salted (no random data used in conjunction with the password).</div>
+</li>
+<li class="level1"><div class="li"> <strong>Supported salted schemes</strong>: List of whitespace separated salted hash schemes, of the form “<strong>s</strong>scheme”, where scheme MUST match a non-salted hash function in the database. LemonLDAP::NG relies on this hashing function for computing user password hashes. Salted and non-salted scheme lists are not necessarily equivalent. (for example: non-salted=“sha256” and salted=“ssha ssha512” is valid)</div>
+</li>
+<li class="level1"><div class="li"> <strong>Dynamic hash scheme for new passwords</strong>: LemonLDAP::NG is able to store new passwords in the database (while modifying or reinitializing the password). You can choose a salted or non salted dynamic hashed password. The value must be an element of “Supported non-salted schemes” or “Supported salted schemes”.</div>
+</li>
 </ul>
+<div class="noteimportant">The SQL function MUST have hexadecimal values as input AND output
+</div><div class="notetip">Here is an example for creating a postgreSQL SHA256 function.
+1. Install postgresql-contrib.
+2. Activate extension: <pre class="code">CREATE EXTENSION pgcrypto;</pre>
 
+<p>
+3. Create the hash function:
+</p>
+<pre class="code">CREATE OR REPLACE FUNCTION sha256(varchar) returns text AS $$
+SELECT encode(digest(decode($1, &#039;hex&#039;), &#039;sha256&#039;), &#039;hex&#039;)
+$$ LANGUAGE SQL STRICT IMMUTABLE;</pre>
+
+</div>
 </div>
 <!-- EDIT15 SECTION "Password" [3489-] --></div>
 </body>

doc/pages/documentation/current/authkerberos.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:authkerberos</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="noindex,nofollow"/>
+<meta name="robots" content="index,follow"/>
 <meta name="keywords" content="documentation,2.0,authkerberos"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="authkerberos.html"/>

doc/pages/documentation/current/authldap.html

@@ -158,7 +158,7 @@ List of attributes to query to fill user session. See also <a href="exportedvars
 </li>
 <li class="level2"><div class="li"> To use TLS, set <code>ldap+tls://server</code> and to use LDAPS, set <code>ldaps://server</code> instead of server name.</div>
 </li>
-<li class="level2"><div class="li"> If you use TLS, you can set any of the <a href="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod" class="urlextern" title="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod"  rel="nofollow">Net::LDAP</a> start_tls() sub like <code>ldap+tls://server/verify=none&amp;capath=/etc/ssl</code>. You can also use caFile and caPath parameters.</div>
+<li class="level2"><div class="li"> If you use TLS, you can set any of the <a href="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod" class="urlextern" title="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod"  rel="nofollow">Net::LDAP</a> start_tls() sub like <code>ldap+tls://server/verify=none&amp;capath=/etc/ssl</code>. You can also use cafile and capath parameters.</div>
 </li>
 </ul>
 </li>

doc/pages/documentation/current/authlinkedin.html

+<!DOCTYPE html>
+<html lang="en" dir="ltr">
+<head>
+  <meta charset="utf-8" />
+  <title>documentation:2.0:authlinkedin</title>
+<meta name="generator" content="DokuWiki"/>
+<meta name="robots" content="index,follow"/>
+<meta name="keywords" content="documentation,2.0,authlinkedin"/>
+<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
+<link rel="start" href="authlinkedin.html"/>
+<link rel="contents" href="authlinkedin.html" title="Sitemap"/>
+<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
+<!-- //if:usedebianlibs
+  <link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
+//elsif:useexternallibs
+  <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
+//elsif:cssminified
+  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
+//else -->
+  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
+<!-- //endif -->
+<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authlinkedin","namespace":"documentation:2.0"};
+/*!]]>*/</script>
+<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
+<!-- //if:usedebianlibs
+<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
+//elsif:useexternallibs
+<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
+//elsif:jsminified
+<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
+//else -->
+<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
+<!-- //endif -->
+<!-- //if:usedebianlibs
+  <script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
+//elsif:useexternallibs
+  <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
+//elsif:jsminified
+  <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
+//else -->
+  <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
+<!-- //endif -->
+</head>
+<body>
+<div class="dokuwiki export container">
+
+<h1 class="sectionedit1" id="linkedin">LinkedIn</h1>
+<div class="level1">
+<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
+	<thead>
+	<tr class="row0 roweven">
+		<th class="col0 centeralign">  Authentication  </th><th class="col1 centeralign">  Users  </th><th class="col2 centeralign">  Password  </th>
+	</tr>
+	</thead>
+	<tr class="row1 rowodd">
+		<td class="col0 centeralign">  ✔  </td><td class="col1 leftalign">  </td><td class="col2 leftalign">  </td>
+	</tr>
+</table></div>
+<!-- EDIT2 TABLE [25-84] -->
+</div>
+<!-- EDIT1 SECTION "LinkedIn" [1-85] -->
+<h2 class="sectionedit3" id="presentation">Presentation</h2>
+<div class="level2">
+
+<p>
+<a href="https://www.linkedin.com/" class="urlextern" title="https://www.linkedin.com/"  rel="nofollow">LinkedIn</a> is a professional social network. It uses <a href="http://en.wikipedia.org/wiki/OAuth2" class="urlextern" title="http://en.wikipedia.org/wiki/OAuth2"  rel="nofollow">OAuth2</a> protocol to allow applications to reuse its own authentication process (see <a href="https://developer.linkedin.com/docs/oauth2" class="urlextern" title="https://developer.linkedin.com/docs/oauth2"  rel="nofollow">https://developer.linkedin.com/docs/oauth2</a>).
+</p>
+
+<p>
+You need to register a new application on LinkedIn to get an application ID and a secret. See  <a href="https://www.linkedin.com/developer/apps/" class="urlextern" title="https://www.linkedin.com/developer/apps/"  rel="nofollow">https://www.linkedin.com/developer/apps/</a> on how to do that. 
+</p>
+
+</div>
+<!-- EDIT3 SECTION "Presentation" [86-526] -->
+<h2 class="sectionedit4" id="configuration">Configuration</h2>
+<div class="level2">
+
+<p>
+In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose LinkedIn for authentication module.
+</p>
+
+<p>
+Then, go in <code>LinkedIn parameters</code>:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module.</div>
+</li>
+<li class="level1"><div class="li"> <strong>Client ID</strong>: the application ID you get</div>
+</li>
+<li class="level1"><div class="li"> <strong>Client secret</strong>: the corresponding secret</div>
+</li>
+<li class="level1"><div class="li"> <strong>Searched fields</strong>: Fields requested on People endpoint</div>
+</li>
+<li class="level1"><div class="li"> <strong>Field containing user identifier</strong>: Field that will be used as main user identifier in <abbr title="LemonLDAP::NG">LL::NG</abbr></div>
+</li>
+<li class="level1"><div class="li"> <strong>Scope</strong>: OAuth 2.0 scopes</div>
+</li>
+</ul>
+<div class="notetip">Collected fields are stored in session in <code>linkedIn_</code> keys
+</div>
+</div>
+<!-- EDIT4 SECTION "Configuration" [527-] --></div>
+</body>
+</html>

doc/pages/documentation/current/authssl.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:authssl</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="noindex,nofollow"/>
+<meta name="robots" content="index,follow"/>
 <meta name="keywords" content="documentation,2.0,authssl"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="authssl.html"/>

doc/pages/documentation/current/configlocation.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:configlocation</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="index,follow"/>
+<meta name="robots" content="noindex,nofollow"/>
 <meta name="keywords" content="documentation,2.0,configlocation"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="configlocation.html"/>
@@ -281,7 +281,7 @@ Some examples:
 LemonLDAP::NG ships 3 Apache configuration files:
 </p>
 <ul>
-<li class="level1"><div class="li"> <strong>portal-apache2.conf</strong>: Portal virtual host, with SOAP and Issuer end points</div>
+<li class="level1"><div class="li"> <strong>portal-apache2.conf</strong>: Portal virtual host, with SOAP/REST end points</div>
 </li>
 <li class="level1"><div class="li"> <strong>manager-apache2.conf</strong>: Manager virtual host</div>
 </li>
@@ -292,10 +292,9 @@ LemonLDAP::NG ships 3 Apache configuration files:
 <p>
 See <a href="configapache.html" class="wikilink1" title="documentation:2.0:configapache">how to deploy them</a>.
 </p>
-<div class="notewarning">Mod Perl must be loaded before LemonLDAP::NG, so include configuration after the mod_perl <code>LoadModule</code> directive.
-</div>
+
 </div>
-<!-- EDIT6 SECTION "Apache" [6289-6831] -->
+<!-- EDIT6 SECTION "Apache" [6289-6687] -->
 <h3 class="sectionedit7" id="portal">Portal</h3>
 <div class="level3">
 
@@ -311,101 +310,65 @@ In Portal virtual host, you will find several configuration parts:
     <span class="co1"># DocumentRoot</span>
     <span class="kw1">DocumentRoot</span> /usr/local/lemonldap-ng/htdocs/portal/
     &lt;<span class="kw3">Directory</span> /usr/local/lemonldap-ng/htdocs/portal/&gt;
-        <span class="kw1">Order</span> <span class="kw1">allow</span>,<span class="kw1">deny</span>
-        <span class="kw1">Allow</span> from <span class="kw2">all</span>
-        <span class="kw1">Options</span> +ExecCGI
+        <span class="kw1">Require</span> <span class="kw2">all</span> granted
+        <span class="kw1">Options</span> +ExecCGI +<span class="kw2">FollowSymLinks</span>
     &lt;/<span class="kw3">Directory</span>&gt;
+    <span class="co1"># For performances, you can put static html files: simply put the HTML</span>
+    <span class="co1"># result (example: /oauth2/checksession.html) as static file. Then</span>
+    <span class="co1"># uncomment the following line.</span>
+    <span class="co1"># RewriteCond &quot;%{REQUEST_FILENAME}&quot; &quot;!\.html$&quot;</span>
+    <span class="kw1">RewriteCond</span> <span class="st0">&quot;%{REQUEST_FILENAME}&quot;</span> <span class="st0">&quot;!^/(?:(?:static|javascript|favicon).*|.*<span class="es0">\.</span>fcgi)$&quot;</span>
+    <span class="kw1">RewriteRule</span> <span class="st0">&quot;^/(.+)$&quot;</span> <span class="st0">&quot;/index.fcgi/$1&quot;</span> [PT]
 &nbsp;
-    <span class="co1"># Perl script</span>
-    &lt;<span class="kw3">Files</span> *.pl&gt;
-        <span class="kw1">SetHandler</span> perl-<span class="kw1">script</span>
-        PerlResponseHandler ModPerl::Registry
+    <span class="co1"># Note that Content-Security-Policy header is generated by portal itself</span>
+    &lt;<span class="kw3">Files</span> *.fcgi&gt;
+        <span class="kw1">SetHandler</span> fcgid-<span class="kw1">script</span>
+        <span class="co1">#CGIPassAuth on</span>
+        <span class="kw1">Options</span> +ExecCGI
     &lt;/<span class="kw3">Files</span>&gt;
 &nbsp;
-    <span class="co1"># Directory index</span>
+    <span class="co1"># Static files</span>
+    <span class="kw1">Alias</span> /static/ __PORTALSTATICDIR__/
+    &lt;<span class="kw3">Directory</span> __PORTALSTATICDIR__&gt;
+        <span class="kw1">Require</span> <span class="kw2">all</span> granted
+        <span class="kw1">Options</span> +<span class="kw2">FollowSymLinks</span>
+    &lt;/<span class="kw3">Directory</span>&gt;
+    &lt;<span class="kw3">Location</span> /static/&gt;
+        &lt;<span class="kw3">IfModule</span> mod_expires.c&gt;
+            <span class="kw1">ExpiresActive</span> <span class="kw2">On</span>
+            <span class="kw1">ExpiresDefault</span> <span class="st0">&quot;access plus 1 month&quot;</span>
+        &lt;/<span class="kw3">IfModule</span>&gt;
+    &lt;/<span class="kw3">Location</span>&gt;
+&nbsp;
     &lt;<span class="kw3">IfModule</span> mod_dir.c&gt;
-        <span class="kw1">DirectoryIndex</span> index.pl index.html
+        <span class="kw1">DirectoryIndex</span> index.fcgi index.html
     &lt;/<span class="kw3">IfModule</span>&gt;</pre>
 <ul>
-<li class="level1"><div class="li"> SOAP end points (inactivated by default):</div>
+<li class="level1"><div class="li"> REST/SOAP end points (inactivated by default):</div>
 </li>
 </ul>
-<pre class="code file apache">    <span class="co1"># SOAP functions for sessions management (disabled by default)</span>
-    &lt;<span class="kw3">Location</span> /index.pl/adminSessions&gt;
-        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
-        <span class="kw1">Deny</span> from <span class="kw2">all</span>
+<pre class="code file apache">    <span class="co1"># REST/SOAP functions for sessions management (disabled by default)</span>
+    &lt;<span class="kw3">Location</span> /index.fcgi/adminSessions&gt;
+        <span class="kw1">Require</span> <span class="kw2">all</span> denied
     &lt;/<span class="kw3">Location</span>&gt;
 &nbsp;
-    <span class="co1"># SOAP functions for sessions access (disabled by default)</span>
-    &lt;<span class="kw3">Location</span> /index.pl/sessions&gt;
-        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
-        <span class="kw1">Deny</span> from <span class="kw2">all</span>
+    <span class="co1"># REST/SOAP functions for sessions access (disabled by default)</span>
+    &lt;<span class="kw3">Location</span> /index.fcgi/sessions&gt;
+        <span class="kw1">Require</span> <span class="kw2">all</span> denied
     &lt;/<span class="kw3">Location</span>&gt;
 &nbsp;
-    <span class="co1"># SOAP functions for configuration access (disabled by default)</span>
-    &lt;<span class="kw3">Location</span> /index.pl/config&gt;
-        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
-        <span class="kw1">Deny</span> from <span class="kw2">all</span>
+    <span class="co1"># REST/SOAP functions for configuration access (disabled by default)</span>
+    &lt;<span class="kw3">Location</span> /index.fcgi/config&gt;
+        <span class="kw1">Require</span> <span class="kw2">all</span> denied
     &lt;/<span class="kw3">Location</span>&gt;
 &nbsp;
-    <span class="co1"># SOAP functions for notification insertion (disabled by default)</span>
-    &lt;<span class="kw3">Location</span> /index.pl/notification&gt;
-        <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
-        <span class="kw1">Deny</span> from <span class="kw2">all</span>
+    <span class="co1"># REST/SOAP functions for notification insertion (disabled by default)</span>
+    &lt;<span class="kw3">Location</span> /index.fcgi/notification&gt;
+        <span class="kw1">Require</span> <span class="kw2">all</span> denied
     &lt;/<span class="kw3">Location</span>&gt;</pre>
-<ul>
-<li class="level1"><div class="li"> Issuer rewrite rules (requires <code>mod_rewrite</code>):</div>
-</li>
-</ul>
-<pre class="code file apache">    <span class="co1"># SAML2 Issuer</span>
-    &lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
-        <span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
-        <span class="kw1">RewriteRule</span> ^/saml/metadata /metadata.pl
-        <span class="kw1">RewriteRule</span> ^/saml/.* /index.pl
-    &lt;/<span class="kw3">IfModule</span>&gt;
-&nbsp;
-    <span class="co1"># CAS Issuer</span>
-    &lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
-        <span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
-        <span class="kw1">RewriteRule</span> ^/cas/.* /index.pl
-    &lt;/<span class="kw3">IfModule</span>&gt;
-&nbsp;
-    <span class="co1"># OpenID Issuer</span>
-    &lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
-        <span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
-        <span class="kw1">RewriteRule</span> ^/openidserver/.* /index.pl
-    &lt;/<span class="kw3">IfModule</span>&gt;
-&nbsp;
-    <span class="co1"># OpenID Connect Issuer</span>
-    &lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
-        <span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
-        <span class="kw1">RewriteRule</span> ^/oauth2/.* /index.pl
-        <span class="kw1">RewriteRule</span> ^/.well-known/openid-configuration$ /openid-configuration.pl
-    &lt;/<span class="kw3">IfModule</span>&gt;
-&nbsp;
-    <span class="co1"># Get Issuer</span>
-    &lt;<span class="kw3">IfModule</span> mod_rewrite.c&gt;
-        <span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
-        <span class="kw1">RewriteRule</span> ^/get/.* /index.pl
-    &lt;/<span class="kw3">IfModule</span>&gt;</pre>
-<ul>
-<li class="level1"><div class="li"> Some Perl optimizations:</div>
-</li>
-</ul>
-<pre class="code file apache"><span class="co1"># Best performance under ModPerl::Registry</span>
-<span class="co1"># Uncomment this to increase performance of Portal</span>