Viewer module

This module can be useful to allow certain users to edit WebSSO configuration in Read Only mode.


Parameters are set in lemonldap-ng.ini file, section [manager]:

enabledModules = conf, sessions, notifications, 2ndFA, viewer

defaultModule = viewer

viewerHiddenKeys = samlIDPMetaDataNodes samlSPMetaDataNodes managerPassword ManagerDn globalStorageOptions persistentStorageOptions
viewerAllowBrowser = $groups =~ /\bsu\b/
viewerAllowDiff = $groups =~ /\bsu\b/
  • Parameters:

    • enabledModules: list of modules to enable

    • defaultModule: module displayed by default route (|psgi)

    • viewerHiddenKeys: keys not displayed by Viewer

    • viewerAllowBrowser: allow to browse other configurations

    • viewerAllowDiff: enable “difference with previous” link


You have to set access rules to allow/deny users to access modules.

In Manager: * Declare a Virtual Host : * Set an access rule for each enabled module :

  1. Configuration : ^/(.*?.(fcgi|psgi)/)?(manager.html|confs) = $uid eq ‘dwho’

  2. Notifications : ^/(.*?.(fcgi|psgi)/)?notifications = $uid eq ‘dwho’

  3. Sessions : ^/(.*?.(fcgi|psgi)/)?sessions = $uid eq ‘dwho’

  4. Viewer : ^/(.*?.(fcgi|psgi)/)?view = $uid =~ /b(?:dwho|rtyler)b/

  5. Default : $uid =~ /b(?:dwho|rtyler)b/


To avoid that Read-Only users can access to configuration module by using default route, keep in mind to set ‘defaultModule’ option