Table of Contents

Documentation for LemonLDAP::NG 1.9

Main changes

Version 1.9 of LL::NG brings the following main changes:

You must read upgrade from 1.4 to 1.9 documentation page before installing it.

Installation

Before installation

Installation

After installation

Configuration

First steps

Portal

Authentication, users and password databases

Official Backends Authentication Users Password
Active Directory
Apache (Kerberos, NTLM, OTP, ...)
BrowserID (Mozilla Persona)
CAS
Databases (DBI)
Demonstration
Facebook
Kerberos (available with version ≥ 1.9.14)
LDAP
LinkedIn
Null
OpenID Connect
Proxy LL::NG
Radius
SAML 2.0 / Shibboleth
Slave
SSL
Twitter
WebID
Yubikey
Combo Backends Authentication Users Password
Choice by users
Multiple backends stack
Obsolete Backends Authentication Users Password
Google
OpenID
Remote LL::NG

Configuration database

LL::NG needs a storage system to store its own configuration (managed by the manager). Choose one of the following:

Backend Shareable Comment
File (JSON) Not shareable between servers except if used in conjunction with SOAP or with a shared file system (NFS,...). Selected by default during installation.
SQL (RDBI/CDBI)
LDAP
MongoDB
SOAP Proxy backend to be used in conjunction with another configuration backend.
Can be used to secure another backend for remote servers.
You can not start with an empty configuration, so read how to change configuration backend to convert your existing configuration into another one.

Sessions database

Sessions are stored using Apache::Session modules family. All Apache::Session style modules are useable except for some features.

Backend Shareable Session explorer Session restrictions Session expiration Comment
File Not shareable between servers except if used in conjunction with SOAP session backend or with a shared file system (NFS,...). Selected by default during installation.
SQL Unoptimized for session explorer and single session features.
LDAP
Redis The faster. Must be secured by network access control.
MongoDB Must be secured by network access control.
Browseable (SQL, Redis or LDAP) Optimized for session explorer and single session features.
SOAP Proxy backend to be used in conjunction with another session backend.
Can be used to secure another backend for remote servers.

Identity provider

Applications protection

Well known compatible applications

Here is a list of well known applications that are compatible with LL::NG. A full list is available on vendor applications page.

ADFS

Alfresco

Bugzilla

Dokuwiki

Drupal

FusionDirectory

Gitlab

GLPI

Liferay

Mediawiki

NextCloud

simpleSAMLphp

Wordpress

Xwiki

Zimbra

Advanced features

Mini howtos

Exploitation