This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:2.1:cli_examples [2019/06/28 10:58]
coudot [Categories and applications in menu]
documentation:2.1:cli_examples [2020/04/23 16:33] (current)
Line 3: Line 3:
 This page shows some examples of LL::NG Command Line Interface. See [[configlocation#​command_line_interface_cli|how to use the command]]. This page shows some examples of LL::NG Command Line Interface. See [[configlocation#​command_line_interface_cli|how to use the command]].
 +<note important>​On Debian, the command is located in ''/​usr/​share/​lemonldap-ng/​bin''​ and on CentOS in ''/​usr/​libexec/​lemonldap-ng/​bin''​. Adapt the path for the system you are using.</​note>​
 ===== Save/​restore configuration ===== ===== Save/​restore configuration =====
Line 16: Line 17:
 /​usr/​share/​lemonldap-ng/​bin/​lemonldap-ng-cli restore - <​config.json /​usr/​share/​lemonldap-ng/​bin/​lemonldap-ng-cli restore - <​config.json
 </​code>​ </​code>​
 +Rollback (restore previous configuration):​
 +<code shell>
 +/​usr/​share/​lemonldap-ng/​bin/​lemonldap-ng-cli rollback
 ===== Configure HTTPS ===== ===== Configure HTTPS =====
Line 198: Line 206:
 </​code>​ </​code>​
-===== Configure ​SAML Identity Provider =====+===== Configure ​CAS Identity Provider =====
-You can then generate a private key and a self-signed certificate with these commands;+You just have to enable the CAS server feature, ​and you can set the access control policy (see [[idpcas#​configuring_the_cas_service|CAS service options]]):
 <​code>​ <​code>​
-openssl req -new -newkey rsa:​4096 ​-keyout saml.key ​-nodes  -out saml.pem -x509 -days 3650+/​usr/​share/​lemonldap-ng/​bin/​lemonldap-ng-cli -yes 1 \ 
 +    set \ 
 +        issuerDBCASActivation 1 \ 
 +        casAccessControlPolicy error
 </​code>​ </​code>​
-Import them in configuration:​+===== Register a CAS application ===== 
 +This is only required if your access control policy is not ''​none''​. 
 +In this example we have: 
 +  * App configuration ​key: testapp 
 +  * App service URL: https://​testapp.example.com/​ 
 +  * App exported attributemail and cn 
 <​code>​ <​code>​
 /​usr/​share/​lemonldap-ng/​bin/​lemonldap-ng-cli -yes 1 \ /​usr/​share/​lemonldap-ng/​bin/​lemonldap-ng-cli -yes 1 \
-    ​set +    ​addKey ​
-        ​samlServicePrivateKeySig "`cat saml.key`" ​+        ​casAppMetaDataExportedVars/​testapp mail mail 
-        ​samlServicePublicKeySig "`cat saml.pem`"+        ​casAppMetaDataExportedVars/​testapp cn cn 
 +        casAppMetaDataOptions/​testapp casAppMetaDataOptionsService '​https://​testapp.example.com/'
 </​code>​ </​code>​
-Activate the SAML Issuer:+===== Configure ​SAML Identity Provider ===== 
 +You can then generate a private key and a self-signed certificate with these commands; 
 +openssl req -new -newkey rsa:4096 -keyout saml.key -nodes ​ -out saml.pem -x509 -days 3650 
 +Import them in configuration and activate the SAML issuer
 <​code>​ <​code>​
 /​usr/​share/​lemonldap-ng/​bin/​lemonldap-ng-cli -yes 1 \ /​usr/​share/​lemonldap-ng/​bin/​lemonldap-ng-cli -yes 1 \
     set \     set \
 +        samlServicePrivateKeySig "`cat saml.key`"​ \
 +        samlServicePublicKeySig "`cat saml.pem`"​ \
         issuerDBSAMLActivation 1         issuerDBSAMLActivation 1
 </​code>​ </​code>​