<divclass="noteclassic">This requires to configure <abbrtitle="LemonLDAP::NG">LL::NG</abbr> as an <ahref="idpsaml.html"class="wikilink1"title="documentation:2.0:idpsaml">SAML Identity Provider</a>.
...
...
@@ -212,8 +218,8 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
The Django connector is available on GitHub: <ahref="https://github.com/9h37/django-lemonldap"class="urlextern"title="https://github.com/9h37/django-lemonldap"rel="nofollow">https://github.com/9h37/django-lemonldap</a>
The Django connector is available on GitHub: <ahref="https://github.com/rclsilver/django-lemonldap"class="urlextern"title="https://github.com/rclsilver/django-lemonldap"rel="nofollow">https://github.com/rclsilver/django-lemonldap</a>
<ahref="https://www.fusiondirectory.org/"class="urlextern"title="https://www.fusiondirectory.org/"rel="nofollow">FusionDirectory</a> provides a solution to daily management of data stored in an LDAP directory.
See also <ahref="https://documentation.fusiondirectory.org/en/documentation/admin_installation/core_configuration#login-and-session"class="urlextern"title="https://documentation.fusiondirectory.org/en/documentation/admin_installation/core_configuration#login-and-session"rel="nofollow">https://documentation.fusiondirectory.org/en/documentation/admin_installation/core_configuration#login-and-session</a>
@@ -302,8 +302,28 @@ List of columns to query to fill user session. See also <a href="exportedvars.ht
<ul>
<liclass="level1"><divclass="li"><strong>Hash schema</strong>: SQL method for hashing password. Can be left blank for plain text passwords.</div>
</li>
<liclass="level1"><divclass="li"><strong>Dynamic hash activation</strong>: Activate dynamic hashing. With dynamic hashing, the hash scheme is recovered from the user password in the database during authentication.</div>
</li>
<liclass="level1"><divclass="li"><strong>Supported non-salted schemes</strong>: List of whitespace separated hash schemes. Every hash scheme MUST match a non-salted hash function in the database. LemonLDAP::NG relies on this hashing function for computing user password hashes. These hashes MUST NOT be salted (no random data used in conjunction with the password).</div>
</li>
<liclass="level1"><divclass="li"><strong>Supported salted schemes</strong>: List of whitespace separated salted hash schemes, of the form “<strong>s</strong>scheme”, where scheme MUST match a non-salted hash function in the database. LemonLDAP::NG relies on this hashing function for computing user password hashes. Salted and non-salted scheme lists are not necessarily equivalent. (for example: non-salted=“sha256” and salted=“ssha ssha512” is valid)</div>
</li>
<liclass="level1"><divclass="li"><strong>Dynamic hash scheme for new passwords</strong>: LemonLDAP::NG is able to store new passwords in the database (while modifying or reinitializing the password). You can choose a salted or non salted dynamic hashed password. The value must be an element of “Supported non-salted schemes” or “Supported salted schemes”.</div>
</li>
</ul>
<divclass="noteimportant">The SQL function MUST have hexadecimal values as input AND output
</div><divclass="notetip">Here is an example for creating a postgreSQL SHA256 function.
@@ -158,7 +158,7 @@ List of attributes to query to fill user session. See also <a href="exportedvars
</li>
<liclass="level2"><divclass="li"> To use TLS, set <code>ldap+tls://server</code> and to use LDAPS, set <code>ldaps://server</code> instead of server name.</div>
</li>
<liclass="level2"><divclass="li"> If you use TLS, you can set any of the <ahref="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod"class="urlextern"title="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod"rel="nofollow">Net::LDAP</a> start_tls() sub like <code>ldap+tls://server/verify=none&capath=/etc/ssl</code>. You can also use caFile and caPath parameters.</div>
<liclass="level2"><divclass="li"> If you use TLS, you can set any of the <ahref="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod"class="urlextern"title="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod"rel="nofollow">Net::LDAP</a> start_tls() sub like <code>ldap+tls://server/verify=none&capath=/etc/ssl</code>. You can also use cafile and capath parameters.</div>
<ahref="https://www.linkedin.com/"class="urlextern"title="https://www.linkedin.com/"rel="nofollow">LinkedIn</a> is a professional social network. It uses <ahref="http://en.wikipedia.org/wiki/OAuth2"class="urlextern"title="http://en.wikipedia.org/wiki/OAuth2"rel="nofollow">OAuth2</a> protocol to allow applications to reuse its own authentication process (see <ahref="https://developer.linkedin.com/docs/oauth2"class="urlextern"title="https://developer.linkedin.com/docs/oauth2"rel="nofollow">https://developer.linkedin.com/docs/oauth2</a>).
</p>
<p>
You need to register a new application on LinkedIn to get an application ID and a secret. See <ahref="https://www.linkedin.com/developer/apps/"class="urlextern"title="https://www.linkedin.com/developer/apps/"rel="nofollow">https://www.linkedin.com/developer/apps/</a> on how to do that.
In Manager, go in <code>General Parameters</code>><code>Authentication modules</code> and choose LinkedIn for authentication module.
</p>
<p>
Then, go in <code>LinkedIn parameters</code>:
</p>
<ul>
<liclass="level1"><divclass="li"><strong>Authentication level</strong>: authentication level for this module.</div>
</li>
<liclass="level1"><divclass="li"><strong>Client ID</strong>: the application ID you get</div>
</li>
<liclass="level1"><divclass="li"><strong>Client secret</strong>: the corresponding secret</div>
</li>
<liclass="level1"><divclass="li"><strong>Searched fields</strong>: Fields requested on People endpoint</div>
</li>
<liclass="level1"><divclass="li"><strong>Field containing user identifier</strong>: Field that will be used as main user identifier in <abbrtitle="LemonLDAP::NG">LL::NG</abbr></div>