Commit bb7fd068 authored by Clément Oudot's avatar Clément Oudot

Tag release 1.4.1

git-svn-id: svn://svn.forge.objectweb.org/svnroot/lemonldap/tags/lemonldap-ng_version_1_4_1@3520 1dbb9719-a921-0410-b57f-c3a383c2c641
parent bbf86847
......@@ -31,7 +31,7 @@ PROJECT_NAME = LemonLDAP::NG
# This could be handy for archiving the generated documentation or
# if some version control system is used.
PROJECT_NUMBER = 1.4.0
PROJECT_NUMBER = 1.4.1
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
# base path where the generated documentation will be put.
......
lemonldap-ng (1.4.1) stable; urgency=low
* [LEMONLDAP-719] - AuthBasic handler doesn't check password when using AuthMulti (SSL;LDAP)
* [LEMONLDAP-721] - Portal cipher object unavailable with useLocalConf = 1
* [LEMONLDAP-722] - Error on session explorer and notification explorer on CentOS
* [LEMONLDAP-723] - Error 500 on portal when mpm worker enabled on RHEL6.5
* [LEMONLDAP-725] - [Password reset] Reset pwd with pwdReset cause empty $groups
* [LEMONLDAP-727] - /status page not working since upgrade
* [LEMONLDAP-728] - Skirt header cleaning with unprotect
* [LEMONLDAP-730] - lmConfigEditor do not save conf with ldap backend
* [LEMONLDAP-731] - convertConfig fail to migrate conf to LDAP from File
* [LEMONLDAP-732] - Soap communication broken since upgrade
* [LEMONLDAP-734] - lemonldap-ng-cli not working with LDAP conf backend
* [LEMONLDAP-735] - IssuerDB modules do not work with Kerberos failback login script
* [LEMONLDAP-736] - Do not force default value in SMTPServer
* [LEMONLDAP-739] - dpkg error while installing fresh LemonLDAP::NG 1.4.0 on wheezy
* [LEMONLDAP-738] - Add a portal button on the Manager
* [LEMONLDAP-741] - Store errors in Common session module to display them in logs
* [LEMONLDAP-742] - Do not make lock calls when session found in cache
* [LEMONLDAP-737] - Possibilty to configure NotOnOrAfter and SessionNotOnOrAfter attributes in SAML messages
lemonldap-ng (1.4.0) stable; urgency=low
* [LEMONLDAP-663] - Connections to auth backends not closed on errors
......
lemonldap-ng (1.4.0-1) unstable; urgency=low
lemonldap-ng (1.4.1-1) unstable; urgency=low
* Local build
-- Xavier Guimard <x.guimard@free.fr> Sun, 03 Nov 2013 06:59:37 +0100
-- Xavier Guimard <x.guimard@free.fr> Fri, 25 Jul 2014 12:00:00 +0100
......@@ -291,19 +291,26 @@ You may want to use the <a href="../../documentation/1.4/authmulti.html" class="
</p>
<p>
This needs some hacking because the Apache Kerberos authentication module do not work if <code>require valid-user</code> is not set.
This needs some hacking because the Apache Kerberos authentication module do not work if <code>require valid-user</code> is not set. This requires to create a second virtual host (kerberos.example.com), which should be registered into the <acronym title="Domain Name System">DNS</acronym> system.
</p>
<p>
<p><div class="notetip">
We use here kerberos.example.com as primary portal <acronym title="Uniform Resource Locator">URL</acronym> and auth.example.com as failback portal <acronym title="Uniform Resource Locator">URL</acronym>. You can of course change these names if you need.
</div></p>
</p>
<p>
To achieve this, follow these steps:
</p>
<ul>
<li class="level1"><div class="li"> Create a symlink on portal/index.pl to define the kerberos authentication end point:</div>
<li class="level1"><div class="li"> In Apache portal configuration, copy the default virtualhost (auth.example.com) a paste it as a new one. This new one is standard and don&#039;t need to load the mod_auth_kerb module.</div>
</li>
<li class="level1"><div class="li"> Rename the first into kerberos.example.com:</div>
</li>
</ul>
<pre class="code">
ln -s /var/lib/lemonldap-ng/portal/index.pl /var/lib/lemonldap-ng/portal/kerberos.pl
</pre>
<pre class="code file apache"> <span class="kw1">ServerName</span> kerberos.example.com</pre>
<ul>
<li class="level1"><div class="li"> Create a redirection script, called login.pl:</div>
</li>
......@@ -314,17 +321,16 @@ vi /var/lib/lemonldap-ng/portal/login.pl
<pre class="code file perl"><span class="co1">#!/usr/bin/perl</span>
<span class="kw2">use</span> CGI <span class="st_h">':cgi-lib'</span><span class="sy0">;</span>
<span class="kw2">use</span> strict<span class="sy0">;</span>
<span class="kw2">use</span> MIME<span class="sy0">::</span><span class="me2">Base64</span><span class="sy0">;</span>
<span class="kw2">use</span> CGI<span class="sy0">::</span><span class="me2">Carp</span> <span class="st_h">'fatalsToBrowser'</span><span class="sy0">;</span>
<span class="kw1">my</span> <span class="re0">$uri</span> <span class="sy0">=</span> <span class="re0">$ENV</span><span class="br0">&#123;</span><span class="st0">&quot;REDIRECT_QUERY_STRING&quot;</span><span class="br0">&#125;</span><span class="sy0">;</span>
<a href="http://perldoc.perl.org/functions/print.html"><span class="kw3">print</span></a> CGI<span class="sy0">::</span><span class="me2">header</span><span class="br0">&#40;</span><span class="sy0">-</span>Refresh <span class="sy0">=&gt;</span> <span class="st_h">'0; URL=http://auth.example.com/?'</span><span class="sy0">.</span><span class="re0">$uri</span><span class="br0">&#41;</span><span class="sy0">;</span>
<span class="kw1">my</span> <span class="re0">$uri</span> <span class="sy0">=</span> <span class="re0">$ENV</span><span class="br0">&#123;</span><span class="st0">&quot;REQUEST_URI&quot;</span><span class="br0">&#125;</span><span class="sy0">;</span>
<a href="http://perldoc.perl.org/functions/print.html"><span class="kw3">print</span></a> CGI<span class="sy0">::</span><span class="me2">header</span><span class="br0">&#40;</span><span class="sy0">-</span>Refresh <span class="sy0">=&gt;</span> <span class="st_h">'0; URL=https://auth.example.com'</span><span class="sy0">.</span><span class="re0">$uri</span><span class="br0">&#41;</span><span class="sy0">;</span>
<a href="http://perldoc.perl.org/functions/exit.html"><span class="kw3">exit</span></a><span class="br0">&#40;</span>0<span class="br0">&#41;</span><span class="sy0">;</span></pre>
<ul>
<li class="level1"><div class="li"> Modify the Apache virtual host to separate the Kerberos Authentication module:</div>
<li class="level1"><div class="li"> Modify the virtual host to load Kerberos Authentication module on specific page:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *&gt;
<span class="kw1">ServerName</span> auth.example.com
<span class="kw1">ServerName</span> kerberos.example.com
&nbsp;
<span class="kw1">DocumentRoot</span> /var/lib/lemonldap-ng/portal/
&nbsp;
......@@ -335,7 +341,7 @@ vi /var/lib/lemonldap-ng/portal/login.pl
&lt;/<span class="kw3">Directory</span>&gt;
&nbsp;
<span class="kw1">ErrorDocument</span> 401 /login.pl
&lt;<span class="kw3">Location</span> /kerberos.pl&gt;
&lt;<span class="kw3">LocationMatch</span> /(index.pl|cas/*|saml/*|openidserver/*)&gt;
&lt;<span class="kw3">IfModule</span> auth_kerb_module&gt;
<span class="kw1">AuthType</span> Kerberos
KrbMethodNegotiate <span class="kw2">On</span>
......@@ -343,13 +349,14 @@ vi /var/lib/lemonldap-ng/portal/login.pl
KrbAuthRealms EXAMPLE.COM
Krb5KeyTab /etc/lemonldap-ng/auth.keytab
KrbVerifyKDC <span class="kw2">Off</span>
KrbServiceName HTTP/auth.example.com
KrbServiceName HTTP/kerberos.example.com
<span class="kw1">require</span> valid-<span class="kw1">user</span>
&lt;/<span class="kw3">IfModule</span>&gt;
&lt;/<span class="kw3">Location</span>&gt;
&lt;/<span class="kw3">LocationMatch</span>&gt;
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> Modify LemonLDAP::NG Portal <acronym title="Uniform Resource Locator">URL</acronym> trough Manager to: <a href="http://auth.example.com/kerberos.pl" class="urlextern" title="http://auth.example.com/kerberos.pl" rel="nofollow">http://auth.example.com/kerberos.pl</a></div>
<li class="level1"><div class="li"> Modify LemonLDAP::NG Portal <acronym title="Uniform Resource Locator">URL</acronym> trough Manager to: <a href="http://kerberos.example.com/" class="urlextern" title="http://kerberos.example.com/" rel="nofollow">http://kerberos.example.com/</a></div>
</li>
<li class="level1"><div class="li"> Configure Multiple authentication backend (for example: Apache;<acronym title="Lightweight Directory Access Protocol">LDAP</acronym>)</div>
</li>
......@@ -358,15 +365,15 @@ vi /var/lib/lemonldap-ng/portal/login.pl
</ul>
</div>
<!-- SECTION "Use Kerberos with Multiple authentication backend" [4635-6422] -->
<!-- SECTION "Use Kerberos with Multiple authentication backend" [4635-6846] -->
<h3><a name="time_to_test" id="time_to_test">Time to test</a></h3>
<div class="level3">
<p>
Configure <acronym title="Internet Explorer">IE</acronym> or Firefox to trust <code><a href="http://auth.example.com" class="urlextern" title="http://auth.example.com" rel="nofollow">http://auth.example.com</a></code>, and then it should work!
Configure <acronym title="Internet Explorer">IE</acronym> or Firefox to trust <code><a href="http://auth.example.com" class="urlextern" title="http://auth.example.com" rel="nofollow">http://auth.example.com</a></code> or <code><a href="http://kerberos.example.com" class="urlextern" title="http://kerberos.example.com" rel="nofollow">http://kerberos.example.com</a></code> , and then it should work!
</p>
</div>
<!-- SECTION "Time to test" [6423-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
<!-- SECTION "Time to test" [6847-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
......@@ -42,4 +42,4 @@ requires:
Net::CIDR::Lite: 0
SOAP::Lite: 0
Storable: 0
version: v1.4.0
version: v1.4.1
package Lemonldap::NG::Common;
our $VERSION = '1.4.0';
our $VERSION = '1.4.1';
use strict;
......
......@@ -34,7 +34,7 @@ requires:
Apache::Session::Generate::MD5: 0
CGI: 3.08
LWP: 0
Lemonldap::NG::Common: v1.4.0
Lemonldap::NG::Common: v1.4.1
Mouse: 0
URI: 0
version: v1.4.0
version: v1.4.1
......@@ -30,7 +30,7 @@ WriteMakefile(
PREREQ_PM => {
'Apache::Session::Generate::MD5' => 0,
'CGI' => 3.08,
'Lemonldap::NG::Common' => '1.4.0',
'Lemonldap::NG::Common' => '1.4.1',
'LWP' => 0,
'Mouse' => 0,
'URI' => 0,
......
......@@ -5,7 +5,7 @@
# Handler module
package Lemonldap::NG::Handler;
our $VERSION = '1.4.0';
our $VERSION = '1.4.1';
use Lemonldap::NG::Handler::SharedConf;
@ISA = qw(Lemonldap::NG::Handler::SharedConf);
......
......@@ -24,10 +24,10 @@ requires:
HTML::Template: 0
JSON: 0
LWP: 0
Lemonldap::NG::Common: v1.4.0
Lemonldap::NG::Handler: v1.4.0
Lemonldap::NG::Common: v1.4.1
Lemonldap::NG::Handler: v1.4.1
URI: 0
XML::LibXML: 0
XML::LibXSLT: 0
version: v1.4.0
version: v1.4.1
x_LWP::Protocol::https: 0
......@@ -17,8 +17,8 @@ WriteMakefile(
'Crypt::OpenSSL::RSA' => 0,
'HTML::Template' => 0,
'JSON' => 0,
'Lemonldap::NG::Common' => '1.4.0',
'Lemonldap::NG::Handler' => '1.4.0',
'Lemonldap::NG::Common' => '1.4.1',
'Lemonldap::NG::Handler' => '1.4.1',
'LWP' => 0,
'URI' => 0,
'XML::LibXSLT' => 0,
......
......@@ -37,7 +37,7 @@ recommends:
LWP: 0
LWP::Protocol::https: 0
Lasso: v2.3.0
Lemonldap::NG::Handler: v1.4.0
Lemonldap::NG::Handler: v1.4.1
MIME::Lite: 0
Net::Facebook::Oauth2: 0
Net::OpenID::Consumer: 0
......@@ -55,8 +55,8 @@ requires:
CGI: 3.08
Clone: 0
HTML::Template: 0
Lemonldap::NG::Common: v1.4.0
Lemonldap::NG::Common: v1.4.1
Net::LDAP: 0.38
Regexp::Assemble: 0
Unicode::String: 0
version: v1.4.0
version: v1.4.1
......@@ -14,7 +14,7 @@ WriteMakefile(
'Glib' => 0,
'HTTP::Message' => 0,
'Lasso' => '2.3.0',
'Lemonldap::NG::Handler' => '1.4.0',
'Lemonldap::NG::Handler' => '1.4.1',
'LWP' => 0,
'LWP::Protocol::https' => 0,
'MIME::Lite' => 0,
......@@ -51,7 +51,7 @@ WriteMakefile(
'CGI' => 3.08,
'Clone' => 0,
'HTML::Template' => 0,
'Lemonldap::NG::Common' => '1.4.0',
'Lemonldap::NG::Common' => '1.4.1',
'Net::LDAP' => 0.38,
'Regexp::Assemble' => 0,
'Unicode::String' => 0,
......
......@@ -5,7 +5,7 @@
# Alias for Lemonldap::NG::SharedConf
package Lemonldap::NG::Portal;
our $VERSION = '1.4.0';
our $VERSION = '1.4.1';
use Lemonldap::NG::Portal::SharedConf;
use base 'Lemonldap::NG::Portal::SharedConf';
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
......@@ -14,7 +14,7 @@
%define perl_vendorarch %(eval "`%{__perl} -V:installvendorarch`"; echo $installvendorarch)
%define real_name lemonldap-ng
%define real_version 1.4.0
%define real_version 1.4.1
%define cpan_common_version %{real_version}
%define cpan_handler_version %{real_version}
%define cpan_manager_version %{real_version}
......@@ -558,6 +558,8 @@ rm -rf %{buildroot}
# Changelog
#==============================================================================
%changelog
* Fri Jul 25 2014 Clement Oudot <clem.oudot@gmail.com> - 1.4.1-1
- Update to 1.4.1
* Fri Apr 18 2014 Clement Oudot <clem.oudot@gmail.com> - 1.4.0-1
- Update to 1.4.0
* Fri Mar 07 2014 Clement Oudot <clem.oudot@gmail.com> - 1.3.3-1
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment