Commit 81f749ec authored by Clément OUDOT's avatar Clément OUDOT

Doc update

parent 46808d3f
......@@ -228,6 +228,9 @@
<li><span class="wikilink"><a href=
"4.4-SOAP-session-backend.html">SOAP</a></span> (en)</li>
<li><span class="wikilink"><a href=
"4.4-Memcached-session-backend.html">Memcached</a></span> (en)</li>
<h4 class="heading-1-1-1"><span id=
......@@ -221,6 +221,9 @@
<li><span class="wikilink"><a href=
"4.4-SOAP-session-backend.html">SOAP</a></span> (en)</li>
<li><span class="wikilink"><a href=
"4.4-Memcached-session-backend.html">Memcached</a></span> (en)</li>
<h4 class="heading-1-1-1"><span id=
......@@ -248,10 +248,9 @@ $ sudo make install PARAM=VALUE PARAM=VALUE ...
(default: 2)</li>
<li><strong class="strong">VHOSTLISTEN</strong>: how listen parameter is
configured for virtual hosts in Apache (default: <strong class=
configured for virtual hosts in Apache (default: *:80)</li>
<li><strong class="strong">*WITHLA</strong>: install Liberty Alliance
<li><strong class="strong">WITHLA</strong>: install Liberty Alliance
portal (default: 0)</li>
......@@ -74,14 +74,14 @@
LemonLDAP::NG. It just need on directory where each files is a session.
Another directory can be used for the lock files.
<p class="paragraph"></p>This directory must be writeable by the apache
<p class="paragraph"></p>This directory must be writable by the apache
system user (www-data for Debian, apache for RHEL).
<h3 class="heading-1-1"><span id=
"HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG configuration</span></h3>
<p class="paragraph"></p>Go to the Manager and go in <strong class=
"strong">General Parameters</strong> &gt; *Session Storage*. Then change
"strong">General Parameters &gt; Session Storage</strong>. Then change
<strong class="strong">Apache::Session</strong> module to
"Apache::Session::File" and in <strong class=
"strong">Apache::Session</strong> parameters configure the following
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
<html xmlns="" lang="fr" xml:lang="fr">
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 7 December 2008), see" />
<title>Lemonldap::NG documentation:
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
padding: 10px;
background: #fff;
border: 2px #ccc solid;
text-decoration: none;
text-align: center;
margin: 5px 0 0 0;
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
} li{
list-style-type: square;
<div class="main-content">
<h2 class="heading-1"><span id="HMemcachedsessionbackend">Memcached
session backend</span></h2>
<p class="paragraph"></p>
<li><a href="#HPresentation">Presentation</a></li>
<li><a href="#HCaveats">Caveats</a></li>
<li><a href="#HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG
<h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3>
<p class="paragraph"></p>Memcached is distributed object caching system.
You can download it here: <span class="wikiexternallink"><a href=
<p class="paragraph"></p>By default, Memcached do not replicate data, so
you cannot do failover with Memcached. A patch is available here to have
replication in Memcached: <span class="wikiexternallink"><a href=
<p class="paragraph"></p>To use Memcached with LemonLDAP::NG, you have to
install Apache::Session::Memcached: <span class=
"wikiexternallink"><a href=""></a></span>.
<h3 class="heading-1-1"><span id="HCaveats">Caveats</span></h3>
<p class="paragraph"></p>Memcached will work with LemonLDAP::NG except for
these functionalities :
<ul class="star">
<li>Sessions explorer</li>
<li>Control on session uniqueness</li>
</ul>Indeed, Memcached does not provide any mean to get all sessions
(without knowning each ID of each session). This is mandatory to display
all sessions in Session Explorer, and to find a corresponding session when
testing session uniqueness.
<p class="paragraph"></p>To disable sessions explorer, you can forbid
access in apache configuration:
<p class="paragraph"></p>
<div class="code">
&lt;Location /;
Order deny, allow
Deny from all
<p class="paragraph"></p>To disable session uniqueness control, use
Manager or lemonldap-ng.ini, and edit these parameters:
<p class="paragraph"></p>
<div class="code">
singleSession = 0
singleIP = 0
singleUserByIP = 0
notifyOther = 0
<h3 class="heading-1-1"><span id=
"HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG configuration</span></h3>
<p class="paragraph"></p>Go to the Manager and go in <strong class=
"strong">General Parameters &gt; Session Storage</strong>. Then change
<strong class="strong">Apache::Session</strong> module to
"Apache::Session::Memcached" and in <strong class=
"strong">Apache::Session</strong> parameters configure the following
<ul class="star">
<li>Servers: list of Memcached servers, separated by spaces</li>
<p class="paragraph"></p>
<div class="code">
globalStorage = Apache::Session::Memcached
globalStorageOptions = { Servers =&gt; '', }
<p class="paragraph"></p>Other options are listed here: <span class=
"wikiexternallink"><a href=
<p class="footer"><a href="index.html">Index</a></p>
......@@ -80,7 +80,7 @@
<p class="paragraph"></p><strong class="strong">Remark</strong>: we advice
to create a specific user/password in MySQL for LemonLDAP::NG, with rights
on ist database.
on its database.
<h4 class="heading-1-1-1"><span id="HDatabasecreation">Database
creation</span></h4><br />
......@@ -363,6 +363,9 @@ $ openssl rsa -pubout -in private_key.pem -out public_key.pem
<li>Force authentication: set ForceAuthn flag in authentication
<li>Passive authentication: set IsPassive flag in authentication
<li>Allow proxied authentication: allow an authentication response to be
issued from another IDP that the one we register (proxy IDP). If you
disallow this, you should also disallow direct login form IDP, because
......@@ -387,6 +390,19 @@ $ openssl rsa -pubout -in private_key.pem -out public_key.pem
that if the IDP propose to close session earlier than the default
LemonLDAP::NG timeout, the session _utime will be modified so that
session is erased at the date indicated by the IDP.</li>
<li>Sign SSO message: sign SSO message</li>
<li>Check SSO message signature: check SSO message signature</li>
<li>Sign SLO message: sign SLO message</li>
<li>Check SLO message signature: check SLO message signature</li>
<li>Required authentication context: this context is set in
authentication request, and then checked in authentication response. If
authentication context in response is not the one requested, an error is
<h3 class="heading-1-1"><span id="HPartnerIDPconfiguration">Partner IDP
......@@ -200,6 +200,8 @@
<img src="error.png" alt="error.png" /> Refactor Portal/ and
Portal/<br />
<img src="error.png" alt="error.png" /> Use i18n in Session Explorer<br />
<img src="error.png" alt="error.png" /> Choose authentication mechanism on
login page<br />
<h3 class="heading-1-1"><span id="HNextversions28plannedwhenready29">Next
versions (planned&hellip; when ready)</span></h3><img src=
......@@ -71,6 +71,7 @@
<li><a href="4.3-SOAP-configuration-backend.html">4.3 SOAP configuration backend</a></li>
<li><a href="4.4-File-session-backend.html">4.4 File session backend</a></li>
<li><a href="4.4-LDAP-session-backend.html">4.4 LDAP session backend</a></li>
<li><a href="4.4-Memcached-session-backend.html">4.4 Memcached session backend</a></li>
<li><a href="4.4-MySQL-session-backend.html">4.4 MySQL session backend</a></li>
<li><a href="4.4-PostGreSQL-session-backend.html">4.4 PostGreSQL session backend</a></li>
<li><a href="4.4-SOAP-session-backend.html">4.4 SOAP session backend</a></li>
......@@ -46,6 +46,7 @@ my $docs = {
'' => '4.4-PostGreSQL-session-backend.html',
'' => '4.4-LDAP-session-backend.html',
'' => '4.4-SOAP-session-backend.html',
'' => '4.4-Memcached-session-backend.html',
# Authentication backends
'' => '4.5-LDAP-authentication-backend.html',
......@@ -237,6 +238,7 @@ while ( my ( $url, $file ) = each %$docs ) {
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment