Documentation for LemonLDAP::NG 1.3
Installation
Configuration
First steps
Portal
Authentication, users and password databases
Backend | Authentication | Users | Password |
---|---|---|---|
Active Directory | ✔ | ✔ | |
Apache (Kerberos, NTLM, OTP, ...) | ✔ | ||
Backend choice by users | ✔ | ✔ | ✔ |
BrowserID (Mozilla Persona) | ✔ | ||
CAS | ✔ | ||
Databases (DBI) | ✔ | ✔ | ✔ |
Demonstration | ✔ | ✔ | ✔ |
✔ | ✔ | ||
✔ | ✔ | ||
LDAP | ✔ | ✔ | ✔ |
Null | ✔ | ✔ | ✔ |
OpenID | ✔ | ✔ | |
Proxy LL::NG | ✔ | ✔ | |
Radius | ✔ | ||
Remote LL::NG | ✔ | ✔ | |
SAML 2.0 / Shibboleth | ✔ | ✔ | |
Slave | ✔ | ✔ | |
SSL | ✔ | ||
Stack multiple backends | ✔ | ✔ | |
✔ | |||
WebID | ✔ | ✔ | |
Yubikey | ✔ |
Configuration database
LL::NG needs a storage system to store its own configuration (managed by the manager). Choose one of the following:
Backend | Shareable | Comment |
---|---|---|
File configuration backend | Not shareable between servers except if used in conjunction with SOAP configuration backend or with a shared file system (NFS,…). Selected by default during installation. | |
JSON File configuration backend | Not shareable between servers except if used in conjunction with SOAP configuration backend or with a shared file system (NFS,…). | |
SQL configuration backend (called RDBI or CDBI) | ✔ | |
LDAP configuration backend | ✔ | |
SOAP configuration backend | ✔ | Proxy backend to be used in conjunction with another configuration backend. Can be used to secure another backend for remote servers. |
You can not start with an empty configuration, so read how to change configuration backend to convert your existing configuration into another one.
Sessions database
Sessions are stored using Apache::Session modules family. All Apache::Session style modules are useable except for some features.
Backend | Shareable | Session explorer | Session restrictions | Session expiration | Comment |
---|---|---|---|---|---|
File | ✔ | ✔ | ✔ | Not shareable between servers except if used in conjunction with SOAP session backend or with a shared file system (NFS,…). Selected by default during installation. | |
SQL | ✔ | ✔ | ✔ | ✔ | Unoptimized for session explorer and single session features. |
LDAP | ✔ | ✔ | ✔ | ✔ | |
Memcached | ✔ | Must be secured by network access control. | |||
NoSQL (Redis) | ✔ | ✔ | ✔ | ✔ | The faster. Must be secured by network access control. |
Browseable (SQL, Redis or LDAP) | ✔ | ✔ | ✔ | ✔ | Optimized for session explorer and single session features. |
SOAP | ✔ | ✔ | ✔ | ✔ | Proxy backend to be used in conjunction with another session backend. Can be used to secure another backend for remote servers. |
Identity provider
- All identity provider protocols can be used simultaneously
Applications protection
Advanced features
Mini howtos
- Create a protocol proxy (SAML to OpenID, CAS to SAML ,…)