difference between v1.9 and 2 lemonldap-ng.ini
=v1 and +=v2@@ -11,6 +11,9 @@
; Section “configuration” is used to load global configuration and set cache
; (replace old storage.conf file)
;
not Present in v1; Section “apply” is read by Manager to reload handlers
not Present in v1; (replace old apply.conf file)
not Present in v1;
; Other section are only read by the specific LemonLDAP::NG component
;==============================================================================
=v1 and +=v2@@ -18,9 +21,6 @@
; CUSTOM FUNCTION
; If you want to create customFunctions in rules, declare them here:
not Present in v2;require = Package
not Present in v2; Prevent Portal to crash if Perl module is not found
not Present in v2;requireDontDie = 1
;customFunctions = function1 function2
;customFunctions = Package::func1 Package::func2
=v1 and +=v2@@ -34,105 +34,26 @@
; Warning: this can allow malicious code in custom functions or rules
;useSafeJail = 0
not Present in v2; LOGGING
not Present in v2;
not Present in v2; 1 - Defined logging level
not Present in v2; Set here one of error, warn, notice, info or debug
not Present in v2-logLevel = warn
not Present in v2; Note that this has no effect for Apache2 logging: Apache LogLevel is used
not Present in v2; instead
not Present in v2;
not Present in v2; 2 - Change logger
not Present in v2;
not Present in v2; By default, logging is set to:
not Present in v2; - Lemonldap::Common::Logger::Apache2 for ApacheMP2 handlers
not Present in v2; - Lemonldap::Common::Logger::Syslog for FastCGI (Nginx)
not Present in v2; - Lemonldap::Common::Logger::Std for PSGI applications (manager,
not Present in v2; portal,…) when they are not
not Present in v2; launched by FastCGI server
not Present in v2; Other loggers availables:
not Present in v2; - Lemonldap::Common::Logger::Log4perl to use Log4perl
not Present in v2;
not Present in v2; “Std” is redirected to the web server logs for Apache. For Nginx, only if
not Present in v2; request failed
not Present in v2;
not Present in v2; You can overload this in this section (for all) or in another section if
not Present in v2; you want to change logger for a specified app.
not Present in v2;
not Present in v2; LLNG uses 2 loggers: 1 for technical logs (logger), 1 for user actions
not Present in v2; (userLogger). “userLogger” uses the same class as “logger” if not set.
not Present in v2;logger = Lemonldap::Common::Logger::Syslog
not Present in v2;userLogger = Lemonldap::Common::Logger::Log4perl
not Present in v2;
not Present in v2; 2.1 - Using Syslog
not Present in v2;
not Present in v2; For Syslog logging, you can also overwrite facilities. Default values:
not Present in v2;logger = Lemonldap::Common::Logger::Syslog
not Present in v2;syslogFacility = daemon
not Present in v2;syslogOptions = cons,pid,ndelay
not Present in v2;userSyslogFacility = auth
not Present in v2;userSyslogOptions = cons,pid,ndelay
not Present in v2;
not Present in v2; 2.2 - Using Log4perl
not Present in v2;
not Present in v2; If you want to use Log4perl, you can set these parameters. Here are default
not Present in v2; values:
not Present in v2;logger = Lemonldap::Common::Logger::Log4perl
not Present in v2;log4perlConfFile = /etc/log4perl.conf
not Present in v2;log4perlLogger = LLNG
not Present in v2;log4perlUserLogger = LLNG.user
not Present in v2;
not Present in v2; Here, Log4perl configuration is read from /etc/log4perl.conf. The “LLNG”
not Present in v2; value points to the logger class. Example:
not Present in v2; log4perl.logger.LLNG = WARN, File1
not Present in v2; log4perl.logger.LLNG.user = INFO, File2
not Present in v2; …
not Present in v2; CONFIGURATION CHECK
not Present in v2;
not Present in v2; LLNG verify configuration at server start. If you use “reload” mechanism,
not Present in v2; local cache will be updated. Configuration is checked locally every
not Present in v2; 10 minutes by each LLNG component. You can change this value using
not Present in v2; checkTime
(time in seconds).
not Present in v2; To increase performances, you should comment this parameter and rely on cache.
not Present in v2-checkTime = 1
[configuration]
not Present in v2; confTimeout: maximum time to get configuration (default 10)
not Present in v2;confTimeout = 5
; GLOBAL CONFIGURATION ACCESS TYPE
not Present in v2; (File, REST, SOAP, CDBI/RDBI, LDAP, YAMLFile)
not Present in v1; (File, SOAP, RDBI/CDBI, LDAP)
; Set here the parameters needed to access to LemonLDAP::NG configuration.
; You have to set “type” to one of the followings :
;
not Present in v2; * File/YAMLFile: you have to set ‘dirName’ parameter. Example:
not Present in v2;
not Present in v2; type = File ; or type = YAMLFile
not Present in v1; * File: you have to set ‘dirName’ parameter. Example:
not Present in v1;
not Present in v1; type = File
; dirName = /var/lib/lemonldap-ng/conf
not Present in v2; ; Optimize JSON for readability instead of performance
not Present in v2; prettyPrint = 1
not Present in v2;
not Present in v2; * CDBI/RDBI : you have to set ‘dbiChain’ (required) and ‘dbiUser’ and ‘dbiPassword’
not Present in v1;
not Present in v1; * RDBI/CDBI : you have to set ‘dbiChain’ (required) and ‘dbiUser’ and ‘dbiPassword’
; if needed. Example:
;
not Present in v2; type = CDBI
not Present in v2; ;type = RDBI
not Present in v2; dbiChain = DBI:MariaDB:database=lemonldap-ng;host=1.2.3.4
not Present in v1; type = RDBI
not Present in v1; ;type = CDBI
not Present in v1; dbiChain = DBI:mysql:database=lemonldap-ng;host=1.2.3.4
; dbiUser = lemonldap
; dbiPassword = password
not Present in v2;
not Present in v2; * REST: REST configuration access is a sort of proxy: the portal is
not Present in v2; configured to use the real session storage type (DBI or File for
not Present in v2; example).
not Present in v2; You have to set ‘baseUrl’ parameter. Example:
not Present in v2;
not Present in v2; type = REST
not Present in v2; baseUrl = https://auth.example.com/config
not Present in v2; proxyOptions = { timeout => 5 }
not Present in v2; User = lemonldap
not Present in v2; Password = mypassword
;
; * SOAP: SOAP configuration access is a sort of proxy: the portal is
; configured to use the real session storage type (DBI or File for
=v1 and +=v2@@ -140,7 +61,7 @@
; You have to set ‘proxy’ parameter. Example:
;
; type = SOAP
not Present in v2; proxy = https://auth.example.com/config
not Present in v1; proxy = https://auth.example.com/index.pl/config
; proxyOptions = { timeout => 5 }
; User = lemonldap
; Password = mypassword
=v1 and +=v2@@ -158,8 +79,6 @@
type=File
dirName=/var/lib/lemonldap-ng/conf
not Present in v2; Optimize for readability instead of performance
not Present in v2-prettyPrint = 1
; LOCAL CACHE CONFIGURATION
;
=v1 and +=v2@@ -171,35 +90,27 @@
; ‘namespace’ => ‘lemonldap-ng-config’,
; ‘default_expires_in’ => 600,
; ‘directory_umask’ => ‘007’,
not Present in v2; ‘cache_root’ => ‘CACHEDIR’,
not Present in v2; ‘cache_depth’ => 3,
not Present in v1; ‘cache_root’ => ‘/tmp’,
not Present in v1; ‘cache_depth’ => 0,
; }
localStorage=Cache::FileCache
localStorageOptions={
‘namespace’ => ‘lemonldap-ng-config’,
‘default_expires_in’ => 600,
‘directory_umask’ => ‘007’,
not Present in v2- ‘cache_root’ => ‘CACHEDIR’,
not Present in v2- ‘cache_depth’ => 3,
not Present in v1+ ‘cache_root’ => ‘/tmp’,
not Present in v1+ ‘cache_depth’ => 0,
}
[portal]
not Present in v1; PERFORMANCES
not Present in v1; By setting useLocalConf, Portal will use only local cached configuration
not Present in v1; To refresh it, you must have an handler on the same server or you have to
not Present in v1; restart your server. This increase performances
not Present in v1;useLocalConf = 1
+
; PORTAL CUSTOMIZATION
not Present in v2; I - Required parameters
not Present in v2; staticPrefix: relative (or URL) location of static HTML components
not Present in v2-staticPrefix = PORTALSTATICDIR
not Present in v2; location of HTML templates directory
not Present in v2-templateDir = PORTALTEMPLATESDIR
not Present in v2; languages: available languages for portal interface
not Present in v2-languages = en, fr, vi, it, ar, de, fi, tr, pl, zh_TW, es
not Present in v2; II - Optional parameters (overwrite configuration)
; Name of the skin
;portalSkin = pastel
; Modules displayed
=v1 and +=v2@@ -218,20 +129,19 @@
; Override error codes
;error_0 = You are well authenticated!
; Custom template parameters
not Present in v2; For example to use <TMPL_VAR NAME=“myparam”>
not Present in v1; For example to use <TMPL_VAR NAME=“myparam”>
;tpl_myparam = test
not Present in v2; COMBINATION FORMS
not Present in v2; If you want to fix forms to display, you can use this;
not Present in v2;combinationForms = standardform, yubikeyform
not Present in v1; LOG
not Present in v1; By default, all is logged in Apache file. To log user actions by
not Present in v1; syslog, just set syslog facility here:
;syslog = auth
; SOAP FUNCTIONS
; Remove comment to activate SOAP Functions getCookies(user,pwd) and
; error(language, code)
;Soap = 1
; Note that getAttibutes() will be activated but on a different URI
not Present in v2; (http://auth.example.com/sessions)
not Present in v1; (http://auth.example.com/index.pl/sessions)
; You can also restrict attributes and macros exported by getAttributes
;exportedAttr = uid mail
=v1 and +=v2@@ -288,11 +198,11 @@
; Use it to be able to notify messages during authentication
;notification = 1
; Note that the SOAP function newNotification will be activated on
not Present in v2; http://auth.example.com/notification
not Present in v2; If you want to hide this, just protect “/index.fcgi/notification” in
not Present in v1; http://auth.example.com/index.pl/notification
not Present in v1; If you want to hide this, just protect “/index.pl/notification” in
; your Apache configuration file
; XSS protection bypass
not Present in v2; By default, the portal refuses redirections that come from sites not
not Present in v1; By default, the portal refuse redirections that comes from sites not
; registered in the configuration (manager) except for those coming
; from trusted domains. By default, trustedDomains contains the domain
; declared in the manager. You can set trustedDomains to empty value so
=v1 and +=v2@@ -305,21 +215,6 @@
; Set to 0 to disable error on XSS attack detection
;checkXSS = 0
not Present in v2; pdata cookie domain
not Present in v2; pdata cookie could not be sent with cross domains AJAX request
not Present in v2; Null is default value
not Present in v2;pdataDomain = example.com
not Present in v2; CUSTOM PLUGINS
not Present in v2; If you want to add custom plugins, set list here (comma separated)
not Present in v2; Read Lemonldap::Portal::Main::Plugin(3pm) man page.
not Present in v2;customPlugins = ::My::Package1, ::My::Package2
not Present in v2; To avoid bad/expired OTT if “authssl” and “auth” are served by different Load Balancers
not Present in v2; you can override OTT configuration to store Upgrade or Issuer OTT into global storage
not Present in v2;forceGlobalStorageUpgradeOTT = 1
not Present in v2;forceGlobalStorageIssuerOTT = 1
[handler]
; Handler cache configuration
=v1 and +=v2@@ -329,7 +224,7 @@
; ‘namespace’ => ‘lemonldap-ng-sessions’,
; ‘default_expires_in’ => 600,
; ‘directory_umask’ => ‘007’,
not Present in v2; ‘cache_root’ => ‘CACHEDIR’,
not Present in v1; ‘cache_root’ => ‘/tmp’,
; ‘cache_depth’ => 3,
; }
=v1 and +=v2@@ -347,10 +242,6 @@
;useRedirectOnForbidden = 1
; Hide LemonLDAP::NG Handler in Apache Server Signature
;hideSignature = 1
not Present in v2; Set ServiceToken timeout
not Present in v2;handlerServiceTokenTTL = 30
not Present in v2; Set Impersonation/ContextSwitching prefix
not Present in v2; impersonationPrefix = real_
useRedirectOnError = 1
; Zimbra Handler parameters
=v1 and +=v2@@ -374,39 +265,21 @@
; * none : no protection
protection = manager
not Present in v1; logLevel. Set here one of error, warn, notice, info or debug
not Present in v1+logLevel = warn
+
; staticPrefix: relative (or URL) location of static HTML components
staticPrefix = MANAGERSTATICDIR
;
not Present in v2; instanceName: Display current LLNG instance into Manager
not Present in v2;instanceName = Demo
; location of HTML templates directory
templateDir = MANAGERTEMPLATESDIR
; languages: available languages for manager interface
not Present in v2-languages = en, fr, it, vi, ar, tr, pl, zh_TW, es
not Present in v1+languages = fr, en
; Manager modules enabled
; Set here the list of modules you want to see in manager interface
; The first will be used as default module displayed
not Present in v2;enabledModules = conf, sessions, notifications, 2ndFA, viewer
not Present in v2-enabledModules = conf, sessions, notifications, 2ndFA
not Present in v2; To avoid restricted users to edit configuration, defaulModule MUST be different than ‘conf’
not Present in v2; ‘conf’ is set by default
not Present in v2;defaultModule = viewer
not Present in v2; Viewer module allows us to edit configuration in read-only mode
not Present in v2; Options can be set with specific rules like this :
not Present in v2;viewerAllowBrowser = $uid eq ‘dwho’
not Present in v2;viewerAllowDiff = $uid ne ‘dwho’
not Present in v2;
not Present in v2; Viewer options - Default values
not Present in v2;viewerHiddenKeys = samlIDPMetaDataNodes samlSPMetaDataNodes managerPassword ManagerDn globalStorageOptions persistentStorageOptions
not Present in v2;viewerAllowBrowser = 0
not Present in v2;viewerAllowDiff = 0
not Present in v2;[node-handler]
not Present in v2;
not Present in v2;This section is for node-lemonldap-ng-handler
not Present in v2;nodeVhosts = test3.example.com, test4.example.com
not Present in v1+enabledModules = conf, sessions, notifications
+