Commit c9f496d7 authored by Xavier Guimard's avatar Xavier Guimard

Documentation update

parent 821c731f
......@@ -63,11 +63,6 @@
<h2 class="heading-1"><span id=
"HLemonLDAP3A3ANG">LemonLDAP::NG</span></h2>
<p class="paragraph"></p>
<div class="c1"><img src="logo_lemonldap-ng_400px.png" alt=
"logo_lemonldap-ng_400px.png" /></div>
<p class="paragraph"></p>Lemonldap::NG est un <span class=
"wikilink"><a href=
"2-FAQ-fr.html#HQu27estcequ27unWebSSO3F">Web-SSO</a></span> modulaire
......@@ -142,8 +137,10 @@
<p class="paragraph"></p>Lemonldap::NG est compos&eacute; de 3
&eacute;l&eacute;ments s'appuyant sur 3 bases de donn&eacute;es&nbsp;:
<p class="paragraph"></p><img src="lemonldap-ng-architecture.png" alt=
"lemonldap-ng-architecture.png" />
<p class="paragraph"></p>
<div class="c1"><img src="lemonldap-ng-architecture.png" alt=
"lemonldap-ng-architecture.png" /></div>
<p class="paragraph"></p>Composants de Lemonldap::NG :
......@@ -192,8 +189,10 @@
<h3 class="heading-1-1"><span id=
"HCinC3A9matique">Cin&eacute;matique</span></h3>
<p class="paragraph"></p><img src="lemonldap-ng-cinematique.png" alt=
"lemonldap-ng-cinematique.png" />
<p class="paragraph"></p>
<div class="c1"><img src="lemonldap-ng-cinematique.png" alt=
"lemonldap-ng-cinematique.png" /></div>
<p class="paragraph"></p>D&eacute;tail du fonctionnement :
......
......@@ -63,11 +63,6 @@
<h2 class="heading-1"><span id=
"HLemonLDAP3A3ANG">LemonLDAP::NG</span></h2>
<p class="paragraph"></p>
<div class="c1"><img src="logo_lemonldap-ng_400px.png" alt=
"logo_lemonldap-ng_400px.png" /></div>
<p class="paragraph"></p>Lemonldap::NG is a modular Web-SSO based on
Apache::Session modules. It simplifies the build of a protected area with
a few changes in the application. It manages both authentication and
......@@ -130,8 +125,10 @@
<p class="paragraph"></p>Lemonldap::NG est composed by 3 elements and 3
databases&nbsp;:
<p class="paragraph"></p><img src="lemonldap-ng-architecture.png" alt=
"lemonldap-ng-architecture.png" />
<p class="paragraph"></p>
<div class="c1"><img src="lemonldap-ng-architecture.png" alt=
"lemonldap-ng-architecture.png" /></div>
<p class="paragraph"></p>Lemonldap::NG components :
......@@ -166,8 +163,10 @@
<h3 class="heading-1-1"><span id="HKinematics">Kinematics</span></h3>
<p class="paragraph"></p><img src="lemonldap-ng-cinematique.png" alt=
"lemonldap-ng-cinematique.png" />
<p class="paragraph"></p>
<div class="c1"><img src="lemonldap-ng-cinematique.png" alt=
"lemonldap-ng-cinematique.png" /></div>
<p class="paragraph"></p>Detail of operations :
......
......@@ -251,9 +251,10 @@
par une simple connexion HTTP(S). Le serveur SOAP acc&egrave;de lui
&agrave; la configuration par un des syst&egrave;mes
pr&eacute;c&eacute;dents (File ou DBI). Pour plus d'informations, voir
la page <span class="wikilink"><a href=
"4.3-Configure-SOAP-fr.html">Utilisation des Web
Services</a></span>.</li>
la page <a class="wikicreatelink" href=
"/xwiki/bin/edit/NG/DocSOAP?parent=NG.FAQ"><span class=
"wikicreatelinktext">Utilisation des Web Services</span><span class=
"wikicreatelinkqm">?</span></a>.</li>
</ul>
<h4 class="heading-1-1-1"><span id=
......
......@@ -69,6 +69,8 @@
<ul>
<li><a href="#HMandatory">Mandatory</a></li>
<li><a href="#HResetPasswordbyMail">Reset Password by Mail</a></li>
<li><a href="#HExtras">Extras</a></li>
</ul>
</li>
......@@ -85,6 +87,10 @@
<li><a href="#HYUM">YUM</a></li>
</ul>
</li>
<li><a href=
"#HLinkbetweenLemonLDAP3A3ANGversionsandCPANmodulesversions">Link
between LemonLDAP::NG versions and CPAN modules versions</a></li>
</ul>
<h3 class="heading-1-1"><span id="HApache">Apache</span></h3>
......@@ -142,12 +148,25 @@
<li>XML::LibXSLT</li>
</ul>
<h4 class="heading-1-1-1"><span id="HResetPasswordbyMail">Reset Password
by Mail</span></h4>
<ul class="star">
<li>String::Random</li>
<li>MIME::Lite</li>
<li>Email::Date::Format</li>
</ul>
<h4 class="heading-1-1-1"><span id="HExtras">Extras</span></h4>
<ul class="star">
<li>Lasso</li>
<li>CAS</li>
<li>Test::POD</li>
</ul>
<h3 class="heading-1-1"><span id="HOther">Other</span></h3>
......@@ -161,12 +180,14 @@
"HInstalldependenciesonyoursystem">Install dependencies on your
system</span></h3>
<h4 class="heading-1-1-1"><span id="HAPTGET">APT-GET</span></h4><br />
<br />
<h4 class="heading-1-1-1"><span id="HAPTGET">APT-GET</span></h4>
<p class="paragraph"></p>
<div class="code">
<pre>
# apt-get install apache2 libapache2-mod-perl2 libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl libsoap-lite-perl libhtml-template-perl libregexp-assemble-perl libjs-jquery libxml-libxml-perl libcrypt-rijndael-perl libio-string-perl libxml-libxslt-perl
# apt-get install libstring-random-perl libemail-date-format-perl libmime-lite-perl
</pre>
</div>
......@@ -185,6 +206,54 @@
# yum install httpd mod_perl perl-Apache-Session perl-LDAP perl-XML-SAX perl-XML-NamespaceSupport perl-HTML-Template perl-Regexp-Assemble perl-Error perl-IPC-ShareLite perl-Cache-Cache perl-FreezeThaw perl-XML-Simple perl-version perl-CGI-Session perl-DBD-Pg perl-XML-LibXML-Common perl-BSD-Resource perl-XML-LibXML perl-Crypt-Rijndael perl-IO-<span class="java-object">String</span> perl-XML-LibXSLT
</pre>
</div>
<h3 class="heading-1-1"><span id=
"HLinkbetweenLemonLDAP3A3ANGversionsandCPANmodulesversions">Link between
LemonLDAP::NG versions and CPAN modules versions</span></h3><br />
<br />
All lemonLDAP::NG Perl modules are published on <span class=
"wikiexternallink"><a href=
"http://search.cpan.org/~guimard/">CPAN</a></span>. Here is the
correspondance between LemonLDAP::NG version and CPAN versions:<br />
<br />
<table class="wiki-table" cellpadding="0" cellspacing="0" border="0">
<tr>
<th>LemonLDAP::NG</th>
<th>Common</th>
<th>Handler</th>
<th>Manager</th>
<th>Portal</th>
</tr>
<tr class="table-odd">
<td>0.9.3</td>
<td>0.91</td>
<td>0.90</td>
<td>0.87</td>
<td>0.86</td>
</tr>
<tr class="table-even">
<td>0.9.4</td>
<td>0.92</td>
<td>0.91</td>
<td>0.88</td>
<td>0.87</td>
</tr>
</table>
</div>
<p class="footer"><a href="index.html">Index</a></p>
......
......@@ -132,28 +132,97 @@ $ tar zxvf lemonldap-ng-*.tar.gz
First check and install the <span class="wikilink"><a href=
"3.1-Install-prerequesites.html">prerequisites</a></span>.<br />
<br />
If you just want to install a handler or a portal or a manager:<br />
For full install:<br />
<br />
<div class="code">
<pre>
$ cd lemonldap-ng-*/Lemonldap-NG-(Portal|Handler|Manager|Common)
$ perl Makefile.PL &amp;&amp; make &amp;&amp; make test
$ cd lemonldap-ng-*
$ make &amp;&amp; make test
$ sudo make install
</pre>
</div>
<p class="paragraph"></p>Else for full modules install:
<p class="paragraph"></p>You can choose other Makefile targets:
<p class="paragraph"></p>
<ul class="star">
<li>Perl libraries install :
<ul class="star">
<li>install_libs (all Perl libraries)</li>
<li>install_portal_libs</li>
<li>install_manager_libs</li>
<li>install_handler_libs</li>
</ul>
</li>
<li>Binaries install :
<ul class="star">
<li>install_bin (/usr/local/lemonldap-ng/bin)</li>
</ul>
</li>
<li>Web sites install :
<ul class="star">
<li>install_site (all sites including install_doc_site)</li>
<li>install_portal_site (/usr/local/lemonldap-ng/htdocs/portal)</li>
<li>install_manager_site
(/usr/local/lemonldap-ng/htdocs/manager)</li>
<li>install_handler_site (/usr/local/lemonldap-ng/handler)</li>
</ul>
</li>
<li>Documentation install :
<ul class="star">
<li>install_doc_site (/usr/local/lemonldap-ng/htdocs/doc)</li>
<li>install_examples_site (/usr/local/lemonldap-ng/examples)</li>
</ul>
</li>
</ul>You can also pass parameters to the make install command, with this
syntax:
<div class="code">
<pre>
$ cd lemonldap-ng-*
$ make &amp;&amp; make test
$ sudo make install
$ sudo make install PARAM=VALUE PARAM=VALUE ...
</pre>
</div>
</div><br />
<br />
Available parameters are:
<ul class="star">
<li>ERASECONFIG: set to 0 if you want to keep your configuration files
(default: 1)</li>
<li>DESTDIR: only for packaging, install the product in a jailroot
(default: "")</li>
<li>PREFIX: installation directory (default: /usr/local)</li>
<li>CRONDIR: Cronfile directory (default:
$PREFIX/etc/lemonldap-ng/cron.d)</li>
<li>APACHEUSER: user running Apache</li>
<li>APACHEGROUP: group running Apache</li>
<li>DNSDOMAIN: Main DNS domain (default: example.com)</li>
<li>LDAPHOST: LDAP server (default: localhost)</li>
<li>LDAPPORT: LDAP port (default: 389)</li>
<li>LDAPSUFFIX: LDAP suffix (default: dc=example,dc=com)</li>
</ul>
</div>
<p class="footer"><a href="index.html">Index</a></p>
......
......@@ -98,7 +98,7 @@
<li>lemonldap-ng-conf: contains default configuration (DNS domain:
example.com)</li>
<li>lemonldap-ng-test: containts sampel CGI test page</li>
<li>lemonldap-ng-test: contains sample CGI test page</li>
<li>lemonldap-ng-handler: contains Apache Handler implementation
(agent)</li>
......
......@@ -56,9 +56,8 @@
<body>
<div class="main-content">
<h2 class="heading-1"><span id=
"HUseofMySQLforsessionsand2Forconfigurationstorage">Use of MySQL for
sessions and/or configuration storage</span></h2>
<h2 class="heading-1"><span id="HUseofMySQLforconfigurationstorage">Use of
MySQL for configuration storage</span></h2>
<p class="paragraph"></p>
......@@ -70,8 +69,6 @@
<li><a href="#HDatabasecreation">Database creation</a></li>
<li><a href="#HConfigurationtable">Configuration table</a></li>
<li><a href="#HSessiontable">Session table</a></li>
</ul>
</li>
......@@ -80,11 +77,11 @@
configuration</a>
<ul>
<li><a href="#HSetconfigStorageforLemonLDAP3A3ANGmodules">Set
configStorage for LemonLDAP::NG modules</a></li>
<li><a href="#HDefaultconfiguration">Default configuration</a></li>
<li><a href="#HSetApache3A3ASessionbackend">Set Apache::Session
backend</a></li>
<li><a href=
"#HOverrideconfigStorageforLemonLDAP3A3ANGmodules">Override
configStorage for LemonLDAP::NG modules</a></li>
</ul>
</li>
</ul>
......@@ -99,12 +96,12 @@
<h4 class="heading-1-1-1"><span id="HDatabasecreation">Database
creation</span></h4><br />
<br />
For example, create the database "lemonldapng" :<br />
For example, create the database "lemonldap-ng" :<br />
<br />
<div class="code">
<pre>
# mysqladmin create lemonldapng
# mysqladmin create lemonldap-ng
</pre>
</div>
......@@ -142,48 +139,34 @@ CREATE TABLE lmConfig (
</pre>
</div>
<h4 class="heading-1-1-1"><span id="HSessiontable">Session
table</span></h4>
<h3 class="heading-1-1"><span id=
"HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG configuration</span></h3>
<p class="paragraph"></p>The choice of Apache::Session::* module is free.
See Apache::Session::Store::* or Apache::Session::* to know how to
configure the module.
<h4 class="heading-1-1-1"><span id="HDefaultconfiguration">Default
configuration</span></h4>
<p class="paragraph"></p>If you want to use Apache::Session::MySQL, you
can create the database like this:
<p class="paragraph"></p>You can set this directly in <strong class=
"strong">storage.conf</strong>:
<p class="paragraph"></p>
<div class="code">
<pre>
CREATE TABLE sessions (
id <span class="java-object">char</span>(32),
a_session text
);
type = DBI
dbiChain = DBI:mysql:database=lemonldap-ng;host=1.2.3.4
dbiUser = lemonldap
dbiPassword = password
dbiTable = lmConfig
</pre>
</div>
<h3 class="heading-1-1"><span id=
"HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG configuration</span></h3>
<h4 class="heading-1-1-1"><span id=
"HSetconfigStorageforLemonLDAP3A3ANGmodules">Set configStorage for
LemonLDAP::NG modules</span></h4>
<p class="paragraph"></p>By default, configStorage use the "File" backend,
like:
<div class="code">
<pre>
configStorage =&gt; {
type =&gt; <span class="java-quote">"File"</span>,
dirName =&gt; <span class="java-quote">"/etc/lemonldap-ng/conf/"</span>,
},
</pre>
</div>
"HOverrideconfigStorageforLemonLDAP3A3ANGmodules">Override configStorage
for LemonLDAP::NG modules</span></h4>
<p class="paragraph"></p>You have to replace it with MySQL parameters, for
example:
<p class="paragraph"></p>Edit for example <strong class=
"strong">portal/index.pl</strong> or <strong class=
"strong">handler/MyHandler.pm</strong>:
<div class="code">
<pre>
......@@ -197,48 +180,7 @@ configStorage =&gt; {
</pre>
</div>
<h4 class="heading-1-1-1"><span id="HSetApache3A3ASessionbackend">Set
Apache::Session backend</span></h4>
<p class="paragraph"></p>Go to the Manager and go in <strong class=
"strong">General Parameters &gt; Session Storage</strong>. Then change
<strong class="strong">Apache::Session module</strong> to
"Apache::Session::MySQL" and in <strong class="strong">Apache::Session
parameters</strong> configure the following options:
<ul class="star">
<li>DataSource (for example:
DBI:mysql:database=lemonldapng;host=127.0.0.1)</li>
<li>UserName</li>
<li>Password</li>
<li>TableName</li>
<li>LockDataSource</li>
<li>LockUserName</li>
<li>LockPassword</li>
</ul>You can also set the session module in perl scripts:
<div class="code">
<pre>
globalStorage =&gt; <span class="java-quote">"Apache::Session::MySQL"</span>,
globalStorageOptions =&gt; {
DataSource =&gt; <span class=
"java-quote">"dbi:mysql:database=lemonldapng;host=127.0.0.1"</span>,
UserName =&gt; <span class="java-quote">"db_user"</span>,
Password =&gt; <span class="java-quote">"db_password"</span>,
TableName =&gt; <span class="java-quote">"sessions"</span>,
LockDataSource =&gt; <span class=
"java-quote">"dbi:mysql:database=lemonldapng;host=127.0.0.1"</span>,
LockUserName =&gt; <span class="java-quote">"db_user"</span>,
LockPassword =&gt; <span class="java-quote">"db_password"</span>,
},
</pre>
</div>
<p class="paragraph"></p>
</div>
<p class="footer"><a href="index.html">Index</a></p>
......
......@@ -66,61 +66,70 @@
<li><a href="#HUsergroups">User groups</a></li>
<li><a href="#HVirtualhosts">Virtual hosts</a></li>
<li><a href="#HTogofurther">To go further</a></li>
</ul>Connect to the manager with your browser (for example <span class=
"nobr"><a href=
"http://manager.example.com">http://manager.example.com</a></span>) to
start configure your WebSSO.
<p class="paragraph"></p>You have to set at least some parameters:
<p class="paragraph"></p>You can now configure a default installation,
with an LDAP directory.
<h3 class="heading-1-1"><span id="HGeneralparameters">General
parameters</span></h3>
<ul class="star">
<li>Authentication parameters -&gt; portal URL to access to the
authentication portal.</li>
<li>Authentication parameters:
<li>Domain: the cookie domain. All protected VirtualHosts have to be
under it.</li>
<ul class="star">
<li>portal: URL to access to the authentication portal.</li>
<li>LDAP parameters -&gt; LDAP Server.</li>
<li>domain: the cookie domain. All protected VirtualHosts have to be
under it (or you have to use <span class="wikilink"><a href=
"/xwiki/bin/view/NG/CDA">Cross Domain
Authentication</a></span>).</li>
</ul>
</li>
<li>LDAP parameters -&gt; LDAP Accout and password: required only if
anonymous binds are not accepted.</li>
<li>LDAP parameters:
<li>Session Storage -&gt; Apache::Session module: how to store user
sessions. You can use all module that inherit from Apache::Session like
Apache::Session::MySQL.</li>
<ul class="star">
<li>ldapServer: LDAP Server.</li>
<li>Session Storage -&gt; Apache::Session Module parameters: see
Apache::Session::&lt;Choosen module&gt;.</li>
<li>managerDn and managerPassword: required only if anonymous binds
are not accepted.</li>
</ul>
</li>
</ul>
<h3 class="heading-1-1"><span id="HUsergroups">User groups</span></h3>
<p class="paragraph"></p>Use the "New Group" button to add your first
group. On the left, set the keyword which will be used later and set on
the right the corresponding rule. You can use :
<ul class="star">
<li>an LDAP filter (it will be tested with the user uid)</li>
</ul>or
<ul class="star">
<li>a Perl condition enclosed with {}. All variables declared in
"General parameters -&gt; LDAP attributes" can be used with a "$". For
example: MyGroup / { $uid eq "foo" or $uid eq "bar" }</li>
</ul>
<h3 class="heading-1-1"><span id="HVirtualhosts">Virtual hosts</span></h3>
<p class="paragraph"></p>You have to create a virtual host for each Apache
host (virtual or real) protected by Lemonldap::NG even if just a
sub-directory is protected. Else, user who want to access to the protected
area will be rejected with a "500 Internal Server Error" message and the
apache logs will explain the problem.
<p class="paragraph"></p>Each virtual host has 2 groups of parameters:
the right the corresponding rule. You can use a Perl condition enclosed
with {}. All variables declared in "General parameters -&gt; exported
attributes" can be used with a "$".
<p class="paragraph"></p>For example:
<div class="code">
<pre>
MyGroup =&gt; { $uid eq <span class=
"java-quote">"foo"</span> or $uid eq <span class="java-quote">"bar"</span> }
</pre>
</div>
<h3 class="heading-1-1"><span id="HVirtualhosts">Virtual
hosts</span></h3><br />
<br />
You have to create a virtual host for each Apache host (virtual or real)
protected by LemonLDAP::NG even if just a sub-directory is protected.
Else, user who want to access to the protected area will be rejected with
a "500 Internal Server Error" message and the apache logs will explain the
problem.<br />
<br />
Each virtual host has 2 groups of parameters:
<ul class="star">
<li>Headers: the headers added to the apache request. Default: Auth-User
......@@ -132,11 +141,22 @@
<li>default: the default rule</li>
<li>personalized rules: association of a Perl regular expression and
a condition. For example: ^/restricted.*$ / $groups =~
/bMyGroupb/</li>
a condition.</li>
</ul>
</li>
</ul>
</ul>For example:
<div class="code">
<pre>
^/restricted.*$ =&gt; $groups =~ /\bMyGroup\b/
</pre>
</div>
<h3 class="heading-1-1"><span id="HTogofurther">To go
further</span></h3><br />
<br />
See the <span class="wikilink"><a href=
"4.1-Configuration-parameter-list.html">full parameters list</a></span>.
</div>
<p class="footer"><a href="index.html">Index</a></p>
......
......@@ -128,21 +128,25 @@
},
modules =&gt; {
appslist =&gt; 1,
password =&gt; 1,
logout =&gt; 1,
password =&gt; USER_CAN_CHANGE_PASSWORD,
logout =&gt; DISPLAY_LOGOUT,
},
# CUSTOM FUNCTION : <span class=
"java-keyword">if</span> you want to create customFunctions in rules, declare them here
#customFunctions =&gt; 'function1 function2',
}