Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
documentation:2.1:checkuser [2020/02/24 17:34]
cmaudoux [Usage]
documentation:2.1:checkuser [2020/02/28 23:24] (current)
cmaudoux
Line 11: Line 11:
     * **Identities use rule**: Rule to define which profiles can be displayed (by example: ''​!$anonymous''​)     * **Identities use rule**: Rule to define which profiles can be displayed (by example: ''​!$anonymous''​)
     * **Hidden attributes**:​ Attributes not displayed     * **Hidden attributes**:​ Attributes not displayed
-    * **Attributes used for searching sessions**: User's attributes used for searching sessions in Data Base if ''​whatToTrace''​ fails. Useful to look for sessions by mail or givenName. Let it blank to search by ''​whatToTrace''​ only. +    * **Attributes used for searching sessions**: User's attributes used for searching sessions in backend ​if ''​whatToTrace''​ fails. Useful to look for sessions by mail or givenName. Let it blank to search by ''​whatToTrace''​ only. 
-    * **Display ​persistent session**: Display ​persistent session attributes+    * **Display ​empty headers**: Display ​ALL headers appended by LemonLDAP::​NG including empty ones.
     * **Display empty value**: Display ALL attributes even empty ones     * **Display empty value**: Display ALL attributes even empty ones
 +    * **Display persistent session**: Display persistent session attributes
  
 <note info> <note info>
Line 20: Line 21:
 Search attributes => ''​mail uid givenName''​ Search attributes => ''​mail uid givenName''​
  
-If ''​whatToTrace''​ fails, sessions are searched by ''​mail'',​ next ''​uid''​ if no sessions are found and so on...+If ''​whatToTrace''​ fails, sessions are searched by ''​mail'',​ next ''​uid''​ if none session is found and so on...
 </​note>​ </​note>​
  
-To modify persistent sessions attributes ('​_loginHistory _2fDevices notification_'​ by default) edit ''​lemonldap-ng.ini''​ in section [portal]: +<note info
-<file ini+Keep in mind that Nginx HTTP proxy module gets rid of empty headers. If the value of a header field is an empty string then this field will not be passed to a proxied server. To avoid misunderstanding,​ it might be useful to not display empty headers. 
-[portal] +</note>
-persistentSessionAttributes = _loginHistory _2fDevices notification_ +
-</file>+
  
 <note important>​ <note important>​
 Be careful to not display secret attributes. Be careful to not display secret attributes.
  
-checkUser plugin hidden attributes are concatenation of +checkUser plugin hidden attributes are concatenation of ''​checkUserHiddenAttributes''​ and ''​hiddenAttributes''​.
- +
-''​checkUserHiddenAttributes''​ and ''​hiddenAttributes''​. +
 You just have to append checkUser specific attributes. You just have to append checkUser specific attributes.
 </​note>​ </​note>​
Line 41: Line 37:
 <note warning> <note warning>
 This plugin displays ALL user session attributes except the hidden ones. This plugin displays ALL user session attributes except the hidden ones.
- 
  
 You have to restrict access to specific users (administrators,​ DevOps, power users and so on...) ​ You have to restrict access to specific users (administrators,​ DevOps, power users and so on...) ​
- 
- 
 by setting an access rule like other VirtualHosts. by setting an access rule like other VirtualHosts.
  
Line 51: Line 44:
  
 </​note>​ </​note>​
 +
 +To modify persistent sessions attributes ('​_loginHistory _2fDevices notification_'​ by default), edit ''​lemonldap-ng.ini''​ in [portal] section:
 +<file ini>
 +[portal]
 +persistentSessionAttributes = _loginHistory _2fDevices notification_
 +</​file>​
 ===== Usage ===== ===== Usage =====
  
Line 56: Line 55:
  
 <note important>​ <note important>​
-with federated authentication,​ checkUser plugin works only if a session can be found in backend.+With federated authentication,​ checkUser plugin works only if a session can be found in backend.
 </​note>​ </​note>​