Commit a38386f0 authored by Clément OUDOT's avatar Clément OUDOT

New doc

parent a2806253
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:activedirectoryminihowto</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,activedirectoryminihowto"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="activedirectoryminihowto.html"/>
<link rel="contents" href="activedirectoryminihowto.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css"/>
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:activedirectoryminihowto","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="using_lemonldapng_with_active-directory">Using LemonLDAP::NG with Active-Directory</h1>
<div class="level1">
</div>
<!-- EDIT1 SECTION "Using LemonLDAP::NG with Active-Directory" [1-57] -->
<h2 class="sectionedit2" id="authentication_with_loginpassword">Authentication with login/password</h2>
<div class="level2">
<p>
To use Active Directory as LDAP backend, you must change few things in the manager :
</p>
<ul>
<li class="level1"><div class="li"> Use “Active Directory” as authentication, userDB and passwordDBbackends,</div>
</li>
<li class="level1"><div class="li"> Export sAMAccountName in a variable declared in <a href="exportedvars.html" class="wikilink1" title="documentation:2.0:exportedvars">exported variables</a></div>
</li>
<li class="level1"><div class="li"> Change the user attribute to store in Apache logs <em>(“General Parameters » Logs » REMOTE_USER”)</em>: use the variable declared above</div>
</li>
</ul>
</div>
<!-- EDIT2 SECTION "Authentication with login/password" [58-494] -->
<h2 class="sectionedit3" id="authentication_with_kerberos">Authentication with Kerberos</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> Choose “Apache” as authentication module <em>(“General Parameters » Authentication modules » Authentication module”)</em></div>
</li>
<li class="level1"><div class="li"> <a href="authapache.html" class="wikilink1" title="documentation:2.0:authapache">Configure the Apache server</a> that host the portal to use the Apache Kerberos authentication module</div>
</li>
</ul>
</div>
<!-- EDIT3 SECTION "Authentication with Kerberos" [495-] --></div>
</body>
</html>
This diff is collapsed.
This diff is collapsed.
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:authbasic</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,authbasic"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authbasic.html"/>
<link rel="contents" href="authbasic.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:authbasic","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="http_basic_authentication">HTTP Basic Authentication</h1>
<div class="level1">
<p>
<a href="http_logo.png_documentation_2.0_applications_authbasic.html" class="media" title="applications:http_logo.png"><img src="http_logo.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "HTTP Basic Authentication" [1-77] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<div class="noteimportant">For now, this feature is only supported by Apache handler.
</div>
<p>
Extract from the <a href="http://en.wikipedia.org/wiki/Basic_access_authentication" class="urlextern" title="http://en.wikipedia.org/wiki/Basic_access_authentication" rel="nofollow">Wikipedia article</a>:
</p>
<p>
<blockquote>
In the context of an HTTP transaction, the basic access authentication is a method designed to allow a web browser, or other client program, to provide credentials – in the form of a user name and password – when making a request.
</p>
<p>
Before transmission, the username and password are encoded as a sequence of base-64 characters. For example, the user name Aladdin and password open sesame would be combined as Aladdin:open sesame – which is equivalent to QWxhZGRpbjpvcGVuIHNlc2FtZQ== when encoded in Base64. Little effort is required to translate the encoded string back into the user name and password, and many popular security tools will decode the strings “on the fly”.
</blockquote>
</p>
<p>
So HTTP Basic Autentication is managed trough an HTTP header (<code>Authorization</code>), that can be forged by <abbr title="LemonLDAP::NG">LL::NG</abbr>, with this precautions:
</p>
<ul>
<li class="level1"><div class="li"> Data should not contains accents or special characters, as HTTP protocol only allow <abbr title="American Standard Code for Information Interchange">ASCII</abbr> values in header (but depending on the HTTP server, you can use ISO encoded values)</div>
</li>
<li class="level1"><div class="li"> You need to forward the password, which can be the user main password (if <a href="../passwordstore.html" class="wikilink1" title="documentation:2.0:passwordstore">password is stored in session</a>, or any user attribute (if you keep secondary passwords in users database).</div>
</li>
</ul>
</div>
<!-- EDIT2 SECTION "Presentation" [78-1535] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
<p>
The Basic Authentication relies on a specific HTTP header, as described above. So you have just to declare this header for the virtual host in Manager.
</p>
<p>
For example, to forward login (<code>$uid</code>) and password (<code>$_password</code> if <a href="../passwordstore.html" class="wikilink1" title="documentation:2.0:passwordstore">password is stored in session</a>):
</p>
<pre class="code">Authorization =&gt; &quot;Basic &quot;.encode_base64(&quot;$uid:$_password&quot;)</pre>
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> provides a special function named <a href="../extendedfunctions.html#basic" class="wikilink1" title="documentation:2.0:extendedfunctions">basic</a> to build this header.
</p>
<p>
So the above example can also be written like this:
</p>
<pre class="code">Authorization =&gt; basic($uid,$_password)</pre>
<div class="notetip">The <code>basic</code> function will also force conversion from UTF-8 to ISO-8859-1, which should be accepted by most of HTTP servers.
</div>
</div>
<!-- EDIT3 SECTION "Configuration" [1536-] --></div>
</body>
</html>
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:bugzilla</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,bugzilla"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="bugzilla.html"/>
<link rel="contents" href="bugzilla.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:bugzilla","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#bugzilla_administration">Bugzilla administration</a></div></li>
<li class="level2"><div class="li"><a href="#bugzilla_virtual_host">Bugzilla virtual host</a></div></li>
<li class="level2"><div class="li"><a href="#bugzilla_virtual_host_in_manager">Bugzilla virtual host in Manager</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="bugzilla">Bugzilla</h1>
<div class="level1">
<p>
<a href="bugzilla_logo.png_documentation_2.0_applications_bugzilla.html" class="media" title="applications:bugzilla_logo.png"><img src="bugzilla_logo.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "Bugzilla" [1-64] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="http://www.bugzilla.org" class="urlextern" title="http://www.bugzilla.org" rel="nofollow">Bugzilla</a> is server software designed to help you manage software development.
</p>
<p>
Bugzilla can authenticate a user with HTTP headers, and auto-create its account with a few information:
</p>
<ul>
<li class="level1"><div class="li"> User ID</div>
</li>
<li class="level1"><div class="li"> Email</div>
</li>
<li class="level1"><div class="li"> Real name</div>
</li>
</ul>
</div>
<!-- EDIT2 SECTION "Presentation" [65-338] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [339-365] -->
<h3 class="sectionedit4" id="bugzilla_administration">Bugzilla administration</h3>
<div class="level3">
<p>
In Bugzilla administration interface, go in <code>Parameters</code> » <code>User authentication</code>
</p>
<p>
Then set:
</p>
<ul>
<li class="level1"><div class="li"> <strong>auth_env_id</strong>: HTTP_AUTH_USER</div>
</li>
<li class="level1"><div class="li"> <strong>auth_env_email</strong>: HTTP_AUTH_MAIL</div>
</li>
<li class="level1"><div class="li"> <strong>auth_env_realname</strong>: HTTP_AUTH_CN</div>
</li>
<li class="level1"><div class="li"> <strong>user_info_class</strong>: Env or Env,CGI</div>
</li>
</ul>
</div>
<!-- EDIT4 SECTION "Bugzilla administration" [366-653] -->
<h3 class="sectionedit5" id="bugzilla_virtual_host">Bugzilla virtual host</h3>
<div class="level3">
<p>
Configure Bugzilla virtual host like other <a href="../configvhost.html" class="wikilink1" title="documentation:2.0:configvhost">protected virtual host</a>.
</p>
<ul>
<li class="level1"><div class="li"> For Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> bugzilla.example.com
&nbsp;
PerlHeaderParserHandler Lemonldap::NG::Handler
&nbsp;
...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> For Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
listen 80;
server_name bugzilla.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Client requests
location / {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
...
&nbsp;
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}</pre>
</div>
<!-- EDIT5 SECTION "Bugzilla virtual host" [654-1913] -->
<h3 class="sectionedit6" id="bugzilla_virtual_host_in_manager">Bugzilla virtual host in Manager</h3>
<div class="level3">
<p>
Go to the Manager and <a href="../configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:2.0:configvhost">create a new virtual host</a> for Bugzilla.
</p>
<p>
Configure the <a href="../writingrulesand_headers.html#rules" class="wikilink1" title="documentation:2.0:writingrulesand_headers">access rules</a>.
</p>
<p>
Configure the following <a href="../writingrulesand_headers.html#headers" class="wikilink1" title="documentation:2.0:writingrulesand_headers">headers</a>.
</p>
<ul>
<li class="level1"><div class="li"> <strong>Auth-User</strong>: $uid</div>
</li>
<li class="level1"><div class="li"> <strong>Auth-Mail</strong>: $mail</div>
</li>
<li class="level1"><div class="li"> <strong>Auth-Cn</strong>: $cn</div>
</li>
</ul>
</div>
<!-- EDIT6 SECTION "Bugzilla virtual host in Manager" [1914-] --></div>
</body>
</html>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:bugzilla_logo.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<link type="text/css" rel="stylesheet" href="../bootswatch/3.3.4/flatly/bootstrap.min.css" />
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="bugzilla.html"/>
<link rel="contents" href="bugzilla.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<script type="text/javascript" src="../lib/tpl/bootstrap3/assets/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:bugzilla_logo.png </h1>
<div class="content">
<a href="bugzilla_logo.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="61" height="80" class="img_detail" alt="bugzilla_logo.png" title="bugzilla_logo.png" src="bugzilla_logo.f274c243263eb23ca6744a85c48196e8.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> bugzilla_logo.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2016/07/19 12:15</dd><dt>Filename:</dt><dd>bugzilla_logo.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>6KB</dd><dt>Width:</dt><dd>61</dd><dt>Height:</dt><dd>80</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="bugzilla.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:bugzilla [B]">Back to documentation:2.0:applications:bugzilla</a> </div>
</p>