Commit c1564eb3 authored by Xavier Guimard's avatar Xavier Guimard

Doc update

parent ccdcf6d7
......@@ -35,7 +35,7 @@
<p>
<p><div class="notetip">This module in a <acronym title="LemonLDAP::NG">LL::NG</acronym> specific identity federation protocol. You may rather use standards protocols like <a href="../../documentation/1.0/idpsaml.html" class="wikilink1" title="documentation:1.0:idpsaml">SAML</a>, <a href="../../documentation/1.0/idpopenid.html" class="wikilink2" title="documentation:1.0:idpopenid" rel="nofollow">OpenID</a> or <a href="../../documentation/1.0/idpcas.html" class="wikilink2" title="documentation:1.0:idpcas" rel="nofollow">CAS</a>.
<p><div class="notetip">This module is a <acronym title="LemonLDAP::NG">LL::NG</acronym> specific identity federation protocol. You may rather use standards protocols like <a href="../../documentation/1.0/idpsaml.html" class="wikilink1" title="documentation:1.0:idpsaml">SAML</a>, <a href="../../documentation/1.0/idpopenid.html" class="wikilink1" title="documentation:1.0:idpopenid">OpenID</a> or <a href="../../documentation/1.0/idpcas.html" class="wikilink2" title="documentation:1.0:idpcas" rel="nofollow">CAS</a>.
</div></p>
</p>
......
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="exported_variables" id="exported_variables">Exported variables</a></h1>
<div class="level1">
<p>
Exported variables are the variables available to <a href="../../documentation/1.0/writingrulesand_headers.html" class="wikilink1" title="documentation:1.0:writingrulesand_headers">write rules and headers</a>. They are extracted from the users database by the <a href="../../documentation/1.0/start.html#authentication_users_and_password_databases" class="wikilink1" title="documentation:1.0:start">users module</a>.
</p>
<p>
To create a variable, you&#039;ve just to map a user attributes in Lemonldap::NG using “Variables » Exported variables”. For each variable, The first field is the name which will be used in rules, macros or headers and the second field is the name of the user database field. Examples for <a href="../../documentation/1.0/authldap.html" class="wikilink1" title="documentation:1.0:authldap">LDAP</a>:
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Variable name </th><th class="col1 centeralign"> <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> attribute </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 centeralign"> uid </td><td class="col1 centeralign"> uid </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> number </td><td class="col1 centeralign"> employeeNumber </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> name </td><td class="col1 centeralign"> sn </td>
</tr>
</table>
<p>
<a href="/_detail/documentation/exportedvars.png?id=documentation%3A1.0%3Aexportedvars" class="media" title="documentation:exportedvars.png"><img src="../../../media/documentation/exportedvars.png" class="media" title="Exported variables in the manager" alt="Exported variables in the manager" width="500" /></a>
</p>
</div>
<!-- SECTION "Exported variables" [1-743] -->
<h2><a name="extend_variables_using_macros_and_groups" id="extend_variables_using_macros_and_groups">Extend variables using macros and groups</a></h2>
<div class="level2">
<div class="plugin_include_content" id="plugin_include__documentation:1.0:performances">
<div class="level3">
<p>
Macros and groups are calculated during authentication process by the portal:
</p>
<ul>
<li class="level1"><div class="li"> macros are used to extend (or rewrite) <span class="curid"><a href="../../documentation/1.0/exportedvars.html" class="wikilink1" title="documentation:1.0:exportedvars">exported variables</a></span>. A macro is stored as attributes: it can contain boolean results or any string</div>
</li>
<li class="level1"><div class="li"> groups are stored as space-separated strings in the special attribute “groups”: it contains the names of groups whose rules were returned true for the current user</div>
</li>
</ul>
<p>
Example for macros:
</p>
<pre class="code perl"><span class="co1"># boolean macro</span>
isAdmin <span class="sy0">-&gt;</span> <span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'foo'</span> <span class="kw1">or</span> <span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'bar'</span>
<span class="co1"># other macro </span>
displayName <span class="sy0">-&gt;</span> <span class="re0">$givenName</span><span class="sy0">.</span><span class="st0">&quot; &quot;</span><span class="sy0">.</span><span class="re0">$surName</span>
&nbsp;
<span class="co1"># Use a boolean macro in a rule</span>
<span class="sy0">^/</span>admin <span class="sy0">-&gt;</span> <span class="re0">$isAdmin</span>
<span class="co1"># Use a string macro in a HTTP header</span>
Display<span class="sy0">-</span>Name <span class="sy0">-&gt;</span> <span class="re0">$displayName</span></pre>
<p>
Example for groups:
</p>
<pre class="code perl"><span class="co1"># group</span>
admin <span class="sy0">-&gt;</span> <span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'foo'</span> <span class="kw1">or</span> <span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'bar'</span>
&nbsp;
<span class="co1"># Use a group in a rule</span>
<span class="sy0">^/</span>admin <span class="sy0">-&gt;</span> <span class="re0">$groups</span> <span class="sy0">=~</span> <span class="sy0">/</span><span class="re0">\badmin</span><span class="re0">\b</span><span class="sy0">/</span></pre>
</div>
</div>
<div class="level2">
</div>
<!-- SECTION "Extend variables using macros and groups" [744-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="openid_server" id="openid_server">OpenID server</a></h1>
<div class="level1">
</div>
<!-- SECTION "OpenID server" [1-29] -->
<h2><a name="presentation" id="presentation">Presentation</a></h2>
<div class="level2">
<p>
<acronym title="LemonLDAP::NG">LL::NG</acronym> can act as an OpenID 2.0 Server, that can allow to federate <acronym title="LemonLDAP::NG">LL::NG</acronym> with:
</p>
<ul>
<li class="level1"><div class="li"> Another <acronym title="LemonLDAP::NG">LL::NG</acronym> system configured with OpenID authentication</div>
</li>
<li class="level1"><div class="li"> Any OpenID consumer</div>
</li>
</ul>
<p>
<acronym title="LemonLDAP::NG">LL::NG</acronym> is compatible with the OpenID Authentication protocol <a href="http://openid.net/specs/openid-authentication-2_0.html" class="urlextern" title="http://openid.net/specs/openid-authentication-2_0.html" rel="nofollow">version 2.0</a> and <a href="http://openid.net/specs/openid-authentication-1_1.html" class="urlextern" title="http://openid.net/specs/openid-authentication-1_1.html" rel="nofollow">version 1.0</a>. It can be used just to share authentication or to share user&#039;s attributes following the <a href="http://openid.net/specs/openid-simple-registration-extension-1_0.html" class="urlextern" title="http://openid.net/specs/openid-simple-registration-extension-1_0.html" rel="nofollow">OpenID Simple Registration Extension 1.0 (SREG)</a> specification.
</p>
</div>
<!-- SECTION "Presentation" [30-658] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
<p>
In the manager, go in “General Parameters » Issuer modules » OpenID” and configure:
</p>
<ul>
<li class="level1"><div class="li"> Activation: set to On</div>
</li>
<li class="level1"><div class="li"> Path: keep ^/openidserver/ unless you have change Apache portal configuration file</div>
</li>
<li class="level1"><div class="li"> Use rule: a rule to allow user to use this module, set to 1 to always allow</div>
</li>
</ul>
<p>
<p><div class="notetip">
For example, to allow only users with a strong authentication level:
</p>
<pre class="code">
$authenticationLevel &gt; 2
</pre>
<p>
</div></p>
</p>
</div>
<!-- SECTION "Configuration" [659-1094] -->
<h2><a name="usage" id="usage">Usage</a></h2>
<div class="level2">
<p>
Users can share their authentication using [PORTAL]/openidserver/[OpenID attribute] where [PORTAL] is your portal url and [OpenID attribute] is the value of the attribute (or macro) used in “General Parameters » Issuer » OpenID » Options » OpenID identifier” (if not set, it use “General Parameters » Logs » REMOTE_USER” data, which is set to “uid” by default). Example:
</p>
<pre class="code">
http://auth.example.com/openidserver/foo.bar
</pre>
</div>
<!-- SECTION "Usage" [1095-1551] -->
<h2><a name="share_attributes_sreg" id="share_attributes_sreg">Share attributes (SREG)</a></h2>
<div class="level2">
<p>
<a href="http://openid.net/specs/openid-simple-registration-extension-1_0.html" class="urlextern" title="http://openid.net/specs/openid-simple-registration-extension-1_0.html" rel="nofollow">SREG</a> permit the share of 8 attributes:
</p>
<ul>
<li class="level1"><div class="li"> nickname</div>
</li>
<li class="level1"><div class="li"> email</div>
</li>
<li class="level1"><div class="li"> fullname</div>
</li>
<li class="level1"><div class="li"> date of birth</div>
</li>
<li class="level1"><div class="li"> gender</div>
</li>
<li class="level1"><div class="li"> postcode</div>
</li>
<li class="level1"><div class="li"> country</div>
</li>
<li class="level1"><div class="li"> language</div>
</li>
<li class="level1"><div class="li"> timezone</div>
</li>
</ul>
<p>
Using the manager, you can map each of those fields to an attribute (or a macro). If the OpenID consumer ask for data, users will be prompted to accept or not the data sharing.
</p>
</div>
<!-- SECTION "Share attributes (SREG)" [1552-1996] -->
<h2><a name="security" id="security">Security</a></h2>
<div class="level2">
<p>
<acronym title="LemonLDAP::NG">LL::NG</acronym> can be configured to restrict OpenID exchange using a white or a black list of domains.
</p>
<p>
If not set, the secret token is calculated using the general encryption key.
</p>
<p>
<p><div class="noteimportant">Note that <a href="../../documentation/1.0/idpsaml.html" class="wikilink1" title="documentation:1.0:idpsaml">SAML</a> protocol is more secured than OpenID, so when your partners are known, prefer <a href="../../documentation/1.0/idpsaml.html" class="wikilink1" title="documentation:1.0:idpsaml">SAML</a>.
</div></p>
</p>
</div>
<!-- SECTION "Security" [1997-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="configure_lemonldapng_to_use_ldap_as_main_database" id="configure_lemonldapng_to_use_ldap_as_main_database">Configure LemonLDAP::NG to use LDAP as main database</a></h1>
<div class="level1">
<p>
<acronym title="LemonLDAP::NG">LL::NG</acronym> use 2 internal databases to store its configuration and sessions.
</p>
</div>
<!-- SECTION "Configure LemonLDAP::NG to use LDAP as main database" [1-142] -->
<h2><a name="use_ldap_for_lemonldapng_configuration" id="use_ldap_for_lemonldapng_configuration">Use LDAP for Lemonldap::NG configuration</a></h2>
<div class="level2">
<p>
Steps:
</p>
<ul>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/ldapconfbackend.html" class="wikilink1" title="documentation:1.0:ldapconfbackend">Prepare the LDAP server and the LL::NG configuration file</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/changeconfbackend.html" class="wikilink1" title="documentation:1.0:changeconfbackend">Convert existing configuration</a></div>
</li>
<li class="level1"><div class="li"> Restart all your Apache servers</div>
</li>
</ul>
</div>
<!-- SECTION "Use LDAP for Lemonldap::NG configuration" [143-379] -->
<h2><a name="use_mysql_for_lemonldapng_sessions" id="use_mysql_for_lemonldapng_sessions">Use MySQL for Lemonldap::NG sessions</a></h2>
<div class="level2">
<p>
Steps:
</p>
<ul>
<li class="level1"><div class="li"> Follow <a href="../../documentation/1.0/ldapsessionbackend.html" class="wikilink1" title="documentation:1.0:ldapsessionbackend">SQL session backend</a> doc</div>
</li>
</ul>
</div>
<!-- SECTION "Use MySQL for Lemonldap::NG sessions" [380-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="configure_lemonldapng_to_use_mysql_as_main_database" id="configure_lemonldapng_to_use_mysql_as_main_database">Configure LemonLDAP::NG to use MySQL as main database</a></h1>
<div class="level1">
<p>
<acronym title="LemonLDAP::NG">LL::NG</acronym> use 2 internal databases to store its configuration and sessions.
</p>
</div>
<!-- SECTION "Configure LemonLDAP::NG to use MySQL as main database" [1-143] -->
<h2><a name="use_mysql_for_lemonldapng_configuration" id="use_mysql_for_lemonldapng_configuration">Use MySQL for Lemonldap::NG configuration</a></h2>
<div class="level2">
<p>
Steps:
</p>
<ul>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/sqlconfbackend.html" class="wikilink1" title="documentation:1.0:sqlconfbackend">Prepare the database and the LL::NG configuration file</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/changeconfbackend.html" class="wikilink1" title="documentation:1.0:changeconfbackend">Convert existing configuration</a></div>
</li>
<li class="level1"><div class="li"> Restart all your Apache servers</div>
</li>
</ul>
</div>
<!-- SECTION "Use MySQL for Lemonldap::NG configuration" [144-377] -->
<h2><a name="use_mysql_for_lemonldapng_sessions" id="use_mysql_for_lemonldapng_sessions">Use MySQL for Lemonldap::NG sessions</a></h2>
<div class="level2">
<p>
Steps:
</p>
<ul>
<li class="level1"><div class="li"> Choose one of the following:</div>
<ul>
<li class="level2"><div class="li"> <a href="../../documentation/1.0/browseablesessionbackend.html" class="wikilink1" title="documentation:1.0:browseablesessionbackend">Using Apache::Session::Browseable::MySQL</a> (recommended for best performances)</div>
</li>
<li class="level2"><div class="li"> <a href="../../documentation/1.0/sqlsessionbackend.html" class="wikilink1" title="documentation:1.0:sqlsessionbackend">Using Apache::Session::MySQL</a> <em>(if you choose this option, then read <a href="../../documentation/1.0/performances.html#apachesession_performances" class="wikilink1" title="documentation:1.0:performances">how to increase MySQL performances</a>)</em></div>
</li>
</ul>
</li>
</ul>
</div>
<!-- SECTION "Use MySQL for Lemonldap::NG sessions" [378-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
......@@ -50,7 +50,7 @@ Handlers check rights and calculate headers for each <acronym title="Hyper Text
Macros and groups are calculated during authentication process by the portal:
</p>
<ul>
<li class="level1"><div class="li"> macros are stored as attributes: it can contain boolean results or any string</div>
<li class="level1"><div class="li"> macros are used to extend (or rewrite) <a href="../../documentation/1.0/exportedvars.html" class="wikilink1" title="documentation:1.0:exportedvars">exported variables</a>. A macro is stored as attributes: it can contain boolean results or any string</div>
</li>
<li class="level1"><div class="li"> groups are stored as space-separated strings in the special attribute “groups”: it contains the names of groups whose rules were returned true for the current user</div>
</li>
......@@ -66,9 +66,9 @@ isAdmin <span class="sy0">-&gt;</span> <span class="re0">$uid</span> <span class
<span class="co1"># other macro </span>
displayName <span class="sy0">-&gt;</span> <span class="re0">$givenName</span><span class="sy0">.</span><span class="st0">&quot; &quot;</span><span class="sy0">.</span><span class="re0">$surName</span>
&nbsp;
<span class="co1"># rule</span>
<span class="co1"># Use a boolean macro in a rule</span>
<span class="sy0">^/</span>admin <span class="sy0">-&gt;</span> <span class="re0">$isAdmin</span>
<span class="co1"># header</span>
<span class="co1"># Use a string macro in a HTTP header</span>
Display<span class="sy0">-</span>Name <span class="sy0">-&gt;</span> <span class="re0">$displayName</span></pre>
<p>
......@@ -78,11 +78,11 @@ Example for groups:
<pre class="code perl"><span class="co1"># group</span>
admin <span class="sy0">-&gt;</span> <span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'foo'</span> <span class="kw1">or</span> <span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'bar'</span>
&nbsp;
<span class="co1"># rule</span>
<span class="co1"># Use a group in a rule</span>
<span class="sy0">^/</span>admin <span class="sy0">-&gt;</span> <span class="re0">$groups</span> <span class="sy0">=~</span> <span class="sy0">/</span><span class="re0">\badmin</span><span class="re0">\b</span><span class="sy0">/</span></pre>
</div>
<!-- SECTION "Macros and groups" [454-1161] -->
<!-- SECTION "Macros and groups" [454-1308] -->
<h3><a name="local_macros" id="local_macros">Local macros</a></h3>
<div class="level3">
......@@ -101,12 +101,12 @@ Display<span class="sy0">-</span>Name <span class="sy0">-&gt;</span> <span class
</p>
</div>
<!-- SECTION "Local macros" [1162-1819] -->
<!-- SECTION "Local macros" [1309-1966] -->
<h2><a name="portal_performances" id="portal_performances">Portal performances</a></h2>
<div class="level2">
</div>
<!-- SECTION "Portal performances" [1820-1852] -->
<!-- SECTION "Portal performances" [1967-1999] -->
<h3><a name="general_performances" id="general_performances">General performances</a></h3>
<div class="level3">
......@@ -121,7 +121,7 @@ The portal is the biggest component of Lemonldap::NG. It is recommended to use M
&lt;/<span class="kw3">Files</span>&gt;</pre>
</div>
<!-- SECTION "General performances" [1853-2196] -->
<!-- SECTION "General performances" [2000-2343] -->
<h3><a name="starting_performances" id="starting_performances">Starting performances</a></h3>
<div class="level3">
......@@ -141,7 +141,7 @@ To make the portal start faster when the server is relaunched, add those lines i
&lt;/Perl&gt;</pre>
</div>
<!-- SECTION "Starting performances" [2197-2772] -->
<!-- SECTION "Starting performances" [2344-2919] -->
<h3><a name="apachesession_performances" id="apachesession_performances">Apache::Session performances</a></h3>
<div class="level3">
......@@ -208,7 +208,7 @@ Note that Apache::Session::Browseable::MySQL doesn&#039;t use MySQL locks.
</p>
</div>
<!-- SECTION "Apache::Session performances" [2773-4687] -->
<!-- SECTION "Apache::Session performances" [2920-4834] -->
<h3><a name="ldap_performances" id="ldap_performances">LDAP performances</a></h3>
<div class="level3">
......@@ -258,4 +258,4 @@ ldapgroups -&gt; memberOf
</p>
</div>
<!-- SECTION "LDAP performances" [4688-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
<!-- SECTION "LDAP performances" [4835-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="configure_lemonldapng_to_use_soap_proxy_mechanism" id="configure_lemonldapng_to_use_soap_proxy_mechanism">Configure LemonLDAP::NG to use SOAP proxy mechanism</a></h1>
<div class="level1">
<p>
<acronym title="LemonLDAP::NG">LL::NG</acronym> use 2 internal databases to store its configuration and sessions. It can be configured to use <acronym title="Simple Object Access Protocol">SOAP</acronym> instead of direct access to those databases (for remote servers).
<p><div class="notetip">This mechanism can be used to secure access for remote servers that cross an unsecured network to access to <acronym title="LemonLDAP::NG">LL::NG</acronym> databases.
</div></p>
</p>
</div>
<!-- SECTION "Configure LemonLDAP::NG to use SOAP proxy mechanism" [1-383] -->
<h2><a name="use_soap_for_lemonldapng_configuration" id="use_soap_for_lemonldapng_configuration">Use SOAP for Lemonldap::NG configuration</a></h2>
<div class="level2">
<p>
Steps:
</p>
<ul>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/start.html#configuration1" class="wikilink1" title="documentation:1.0:start">Choose and configure your main configuration storage system</a></div>
</li>
<li class="level1"><div class="li"> Follow <a href="../../documentation/1.0/soapconfbackend.html" class="wikilink1" title="documentation:1.0:soapconfbackend">SOAP configuration backend</a> page</div>
</li>
<li class="level1"><div class="li"> Restart all your remote Apache servers</div>
</li>
</ul>
</div>
<!-- SECTION "Use SOAP for Lemonldap::NG configuration" [384-640] -->
<h2><a name="use_soap_for_lemonldapng_sessions" id="use_soap_for_lemonldapng_sessions">Use SOAP for Lemonldap::NG sessions</a></h2>
<div class="level2">
<p>
Steps:
</p>
<ul>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/start.html#sessions" class="wikilink1" title="documentation:1.0:start">Choose and configure your main sessions storage system</a></div>
</li>
<li class="level1"><div class="li"> Follow <a href="../../documentation/1.0/soapsessionbackend.html" class="wikilink1" title="documentation:1.0:soapsessionbackend">SOAP sessions backend</a> page</div>
</li>
</ul>
</div>
<!-- SECTION "Use SOAP for Lemonldap::NG sessions" [641-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
......@@ -168,23 +168,38 @@
<div style="width:100px;height:100px;float:left;">
<a href="/_detail/icons/utilities.png?id=documentation%3A1.0%3Astart" class="media" title="icons:utilities.png"><img src="../../../media/icons/utilities.png" class="media" alt="" /></a>
</div>
</p>
<p>
<acronym title="LemonLDAP::NG">LL::NG</acronym> needs a storage system to store its own configuration (managed by the manager). Choose one of the following:
</p>
<ul>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/changeconfbackend.html" class="wikilink1" title="documentation:1.0:changeconfbackend">Change configuration backend</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/fileconfbackend.html" class="wikilink1" title="documentation:1.0:fileconfbackend">File configuration backend</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/sqlconfbackend.html" class="wikilink1" title="documentation:1.0:sqlconfbackend">SQL configuration backend (called RDBI or CDBI)</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/ldapconfbackend.html" class="wikilink1" title="documentation:1.0:ldapconfbackend">LDAP configuration backend</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/soapconfbackend.html" class="wikilink1" title="documentation:1.0:soapconfbackend">SOAP configuration backend</a></div>
</li>
</ul>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Backend </th><th class="col1 centeralign"> Shareable </th><th class="col2 centeralign"> Comment </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="../../documentation/1.0/fileconfbackend.html" class="wikilink1" title="documentation:1.0:fileconfbackend">File configuration backend</a> </td><td class="col1"> </td><td class="col2 leftalign">Not shareable between servers except if used in conjunction with <a href="../../documentation/1.0/soapconfbackend.html" class="wikilink1" title="documentation:1.0:soapconfbackend">SOAP configuration backend</a> or with a shared file system (NFS,…). Selected by default during installation. </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <a href="../../documentation/1.0/sqlconfbackend.html" class="wikilink1" title="documentation:1.0:sqlconfbackend">SQL configuration backend (called RDBI or CDBI)</a> </td><td class="col1 centeralign"></td><td class="col2"> </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <a href="../../documentation/1.0/ldapconfbackend.html" class="wikilink1" title="documentation:1.0:ldapconfbackend">LDAP configuration backend</a> </td><td class="col1 centeralign"></td><td class="col2"> </td>
</tr>
<tr class="row4 roweven">
<td class="col0 centeralign"> <a href="../../documentation/1.0/soapconfbackend.html" class="wikilink1" title="documentation:1.0:soapconfbackend">SOAP configuration backend</a> </td><td class="col1 centeralign"></td><td class="col2 leftalign"> Proxy backend to be used in conjunction with another configuration backend. <br/><strong>Can be used to secure another backend</strong> for remote servers. </td>
</tr>
</table>
<p>
<p><div class="notetip">You can not start with an empty configuration, so read <a href="../../documentation/1.0/changeconfbackend.html" class="wikilink1" title="documentation:1.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
</div></p>
</p>
</div>
<!-- SECTION "Configuration" [1999-2414] -->
<!-- SECTION "Configuration" [1999-3096] -->
<h3><a name="sessions" id="sessions">Sessions</a></h3>
<div class="level3">
......@@ -227,7 +242,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</table>
</div>
<!-- SECTION "Sessions" [2415-4228] -->
<!-- SECTION "Sessions" [3097-4910] -->
<h3><a name="identity_provider" id="identity_provider">Identity provider</a></h3>
<div class="level3">
......@@ -241,14 +256,30 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
<ul>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/idpsaml.html" class="wikilink1" title="documentation:1.0:idpsaml">SAML / Shibboleth identity provider</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/idpopenid.html" class="wikilink2" title="documentation:1.0:idpopenid" rel="nofollow">OpenID identity provider</a></div>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/idpopenid.html" class="wikilink1" title="documentation:1.0:idpopenid">OpenID identity provider</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/idpcas.html" class="wikilink2" title="documentation:1.0:idpcas" rel="nofollow">CAS identity provider</a></div>
</li>
</ul>
<p>
<p><div class="notetip">Note that:
</p>
<ul>
<li class="level1"><div class="li"> All identity provider protocols can be used simultaneously</div>
</li>
<li class="level1"><div class="li"> Lemonldap::NG can be used as a proxy between those protocols (authentication configured with one protocol and issuer to another)</div>
</li>
</ul>
<p>
</div></p>
</p>
</div>
<!-- SECTION "Identity provider" [4229-4499] -->
<!-- SECTION "Identity provider" [4911-5407] -->
<h2><a name="applications_protection" id="applications_protection">Applications protection</a></h2>
<div class="level2">
......@@ -269,7 +300,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</ul>
</div>
<!-- SECTION "Applications protection" [4500-4815] -->
<!-- SECTION "Applications protection" [5408-5723] -->
<h2><a name="advanced_features" id="advanced_features">Advanced features</a></h2>
<div class="level2">
......@@ -296,22 +327,24 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- SECTION "Advanced features" [4816-5007] -->
<!-- SECTION "Advanced features" [5724-5915] -->
<h2><a name="mini_howto" id="mini_howto">Mini howto</a></h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/mysqlminihowto.html" class="wikilink2" title="documentation:1.0:mysqlminihowto" rel="nofollow">Configuration and sessions in MySQL</a></div>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/mysqlminihowto.html" class="wikilink1" title="documentation:1.0:mysqlminihowto">Configuration and sessions in MySQL</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/ldapminihowto.html" class="wikilink2" title="documentation:1.0:ldapminihowto" rel="nofollow">Configuration and sessions in LDAP</a></div>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/ldapminihowto.html" class="wikilink1" title="documentation:1.0:ldapminihowto">Configuration and sessions in LDAP</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/soapminihowto.html" class="wikilink2" title="documentation:1.0:soapminihowto" rel="nofollow">Configuration and sessions access by SOAP</a></div>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/soapminihowto.html" class="wikilink1" title="documentation:1.0:soapminihowto">Configuration and sessions access by SOAP</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/activedirectoryminihowto.html" class="wikilink2" title="documentation:1.0:activedirectoryminihowto" rel="nofollow">Integration in Active Directory (LDAP backend and Kerberos)</a></div>
</li>
<li class="level1"><div class="li"> <a href="../../documentation/1.0/federationproxy.html" class="wikilink2" title="documentation:1.0:federationproxy" rel="nofollow">Create a protocol proxy</a> <em>(<acronym title="Security Assertion Markup Language">SAML</acronym> to OpenID, <acronym title="Central Authentication Service">CAS</acronym>