Authentication | Users | Password |
---|---|---|
✔ | ✔ |
Google proposes to allow applications to reuse its own authentication process using OpenID protocol (it means, if your are connected to Google, other applications can trust Google and let you in).
In Manager, go in General Parameters
> Authentication modules
and choose Google for authentication module. This will use email as login name (for accounting, session explorer,...). If you want to access to other datas, you have to use Google in General Parameters
> Authentication modules > User module
. Then in exported variables, you can ask only for :
Use the name you want but this values in the value field. If you want to require that a field is set, add "!" before the key name :
See also exported variables configuration.
A Google Migration workaround is available since LemonLDAP::NG 1.4.4. It provides a specific and lightweight OpenID Connect module that will replace the current Google module.
To use it, edit lemonldap-ng.ini (this is not available trough Manager) and configure:
[portal] authentication = GoogleMigration googleClientId = XXXX googleClientSecret = XXXX
You need to register your LemonLDAP::NG application to Google in order to obtain the Client ID and the Client Secret, see https://developers.google.com/
You also need to register to Google the redirect URI. You have to set your portal URL with the googlecb=1 GET parameter, for example:
http://auth.example.com/?googlecb=1