<divclass="noteclassic">This requires to configure <abbrtitle="LemonLDAP::NG">LL::NG</abbr> as an <ahref="idpsaml.html"class="wikilink1"title="documentation:2.0:idpsaml">SAML Identity Provider</a>.
...
...
@@ -212,8 +218,8 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
The Django connector is available on GitHub: <ahref="https://github.com/9h37/django-lemonldap"class="urlextern"title="https://github.com/9h37/django-lemonldap"rel="nofollow">https://github.com/9h37/django-lemonldap</a>
The Django connector is available on GitHub: <ahref="https://github.com/rclsilver/django-lemonldap"class="urlextern"title="https://github.com/rclsilver/django-lemonldap"rel="nofollow">https://github.com/rclsilver/django-lemonldap</a>
<ahref="https://www.fusiondirectory.org/"class="urlextern"title="https://www.fusiondirectory.org/"rel="nofollow">FusionDirectory</a> provides a solution to daily management of data stored in an LDAP directory.
See also <ahref="https://documentation.fusiondirectory.org/en/documentation/admin_installation/core_configuration#login-and-session"class="urlextern"title="https://documentation.fusiondirectory.org/en/documentation/admin_installation/core_configuration#login-and-session"rel="nofollow">https://documentation.fusiondirectory.org/en/documentation/admin_installation/core_configuration#login-and-session</a>
@@ -302,8 +302,28 @@ List of columns to query to fill user session. See also <a href="exportedvars.ht
<ul>
<liclass="level1"><divclass="li"><strong>Hash schema</strong>: SQL method for hashing password. Can be left blank for plain text passwords.</div>
</li>
<liclass="level1"><divclass="li"><strong>Dynamic hash activation</strong>: Activate dynamic hashing. With dynamic hashing, the hash scheme is recovered from the user password in the database during authentication.</div>
</li>
<liclass="level1"><divclass="li"><strong>Supported non-salted schemes</strong>: List of whitespace separated hash schemes. Every hash scheme MUST match a non-salted hash function in the database. LemonLDAP::NG relies on this hashing function for computing user password hashes. These hashes MUST NOT be salted (no random data used in conjunction with the password).</div>
</li>
<liclass="level1"><divclass="li"><strong>Supported salted schemes</strong>: List of whitespace separated salted hash schemes, of the form “<strong>s</strong>scheme”, where scheme MUST match a non-salted hash function in the database. LemonLDAP::NG relies on this hashing function for computing user password hashes. Salted and non-salted scheme lists are not necessarily equivalent. (for example: non-salted=“sha256” and salted=“ssha ssha512” is valid)</div>
</li>
<liclass="level1"><divclass="li"><strong>Dynamic hash scheme for new passwords</strong>: LemonLDAP::NG is able to store new passwords in the database (while modifying or reinitializing the password). You can choose a salted or non salted dynamic hashed password. The value must be an element of “Supported non-salted schemes” or “Supported salted schemes”.</div>
</li>
</ul>
<divclass="noteimportant">The SQL function MUST have hexadecimal values as input AND output
</div><divclass="notetip">Here is an example for creating a postgreSQL SHA256 function.
@@ -158,7 +158,7 @@ List of attributes to query to fill user session. See also <a href="exportedvars
</li>
<liclass="level2"><divclass="li"> To use TLS, set <code>ldap+tls://server</code> and to use LDAPS, set <code>ldaps://server</code> instead of server name.</div>
</li>
<liclass="level2"><divclass="li"> If you use TLS, you can set any of the <ahref="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod"class="urlextern"title="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod"rel="nofollow">Net::LDAP</a> start_tls() sub like <code>ldap+tls://server/verify=none&capath=/etc/ssl</code>. You can also use caFile and caPath parameters.</div>
<liclass="level2"><divclass="li"> If you use TLS, you can set any of the <ahref="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod"class="urlextern"title="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod"rel="nofollow">Net::LDAP</a> start_tls() sub like <code>ldap+tls://server/verify=none&capath=/etc/ssl</code>. You can also use cafile and capath parameters.</div>
<ahref="https://www.linkedin.com/"class="urlextern"title="https://www.linkedin.com/"rel="nofollow">LinkedIn</a> is a professional social network. It uses <ahref="http://en.wikipedia.org/wiki/OAuth2"class="urlextern"title="http://en.wikipedia.org/wiki/OAuth2"rel="nofollow">OAuth2</a> protocol to allow applications to reuse its own authentication process (see <ahref="https://developer.linkedin.com/docs/oauth2"class="urlextern"title="https://developer.linkedin.com/docs/oauth2"rel="nofollow">https://developer.linkedin.com/docs/oauth2</a>).
</p>
<p>
You need to register a new application on LinkedIn to get an application ID and a secret. See <ahref="https://www.linkedin.com/developer/apps/"class="urlextern"title="https://www.linkedin.com/developer/apps/"rel="nofollow">https://www.linkedin.com/developer/apps/</a> on how to do that.
In Manager, go in <code>General Parameters</code>><code>Authentication modules</code> and choose LinkedIn for authentication module.
</p>
<p>
Then, go in <code>LinkedIn parameters</code>:
</p>
<ul>
<liclass="level1"><divclass="li"><strong>Authentication level</strong>: authentication level for this module.</div>
</li>
<liclass="level1"><divclass="li"><strong>Client ID</strong>: the application ID you get</div>
</li>
<liclass="level1"><divclass="li"><strong>Client secret</strong>: the corresponding secret</div>
</li>
<liclass="level1"><divclass="li"><strong>Searched fields</strong>: Fields requested on People endpoint</div>
</li>
<liclass="level1"><divclass="li"><strong>Field containing user identifier</strong>: Field that will be used as main user identifier in <abbrtitle="LemonLDAP::NG">LL::NG</abbr></div>
</div><divclass="noteimportant">Rewrite rules must have been activated in <ahref="configlocation.html#portal"class="wikilink1"title="documentation:2.0:configlocation">Apache portal configuration</a> or in <ahref="configlocation.html#portal1"class="wikilink1"title="documentation:2.0:configlocation">Nginx portal configuration</a>.
</div><divclass="noteimportant">Rewrite rules must have been activated in <ahref="configlocation.html#portal"class="wikilink1"title="documentation:2.0:configlocation">Apache portal configuration</a> or in <ahref="configlocation.html#portal1"class="wikilink1"title="documentation:2.0:configlocation">Nginx portal configuration</a>.
</div>
<p>
Then go in <code>Options</code> to define:
...
...
@@ -136,7 +134,7 @@ Then go in <code>Options</code> to define:
<divclass="notetip">If <code>OpenID login</code> is not set, it uses <code>General Parameters</code> » <code>Logs</code> » <code>REMOTE_USER</code> data, which is set to <code>uid</code> by default
@@ -182,6 +180,6 @@ Each SREG attribute will be associated to a user session key. A session key can
<divclass="noteimportant">Note that <ahref="idpsaml.html"class="wikilink1"title="documentation:2.0:idpsaml">SAML</a> protocol is more secured than OpenID, so when your partners are known, prefer <ahref="idpsaml.html"class="wikilink1"title="documentation:2.0:idpsaml">SAML</a>.
<h3class="sectionedit12"id="change_default_dns_domain">Change default DNS domain</h3>
<divclass="level3">
<p>
By default, <abbrtitle="Domain Name System">DNS</abbr> domain is <code>example.com</code>. You can change it quick with a sed command. For example, we change it to <code>ow2.org</code>:
