Parameter list

Click on a column header to sort table. The attribute key name can be used directly in lemonldap-ng.ini or in Perl scripts to override configuration parameters (see configuration location).

<sortable 1>

Key name Documentation Portal Handler Manager ini file only
ADPwdExpireWarning AD password expire warning
ADPwdMaxAge AD password max age
AuthLDAPFilter LDAP filter for auth search
LDAPFilter Default LDAP filter
SMTPAuthPass Password to use to send mails
SMTPAuthUser Login to use to send mails
SMTPPort Fix SMTP port
SMTPServer SMTP Server
SMTPTLS TLS protocol to use with SMTP
SMTPTLSOpts TLS/SSL options for SMTP
SSLAuthnLevel SSL authentication level
activeTimer Enable timers on portal pages
apacheAuthnLevel Apache authentication level
applicationList Applications list
authChoiceModules Hash list of Choice strings
authChoiceParam Applications list
authentication Authentication module
autoSigninRules List of auto signin rules
available2F Available second factor modules
available2FSelfRegistration Available self-registration modules for second factor
bruteForceProtection Enable brute force attack protection
bruteForceProtectionMaxAge Brute force attack protection → Max age between last and first allowed failed login
bruteForceProtectionMaxFailed Brute force attack protection → Max allowed failed login
bruteForceProtectionTempo Brute force attack protection → Tempo before try again
captcha_login_enabled Captcha on login page
captcha_mail_enabled Captcha on password reset page
captcha_register_enabled Captcha on account creation page
captcha_size Captcha size
casAccessControlPolicy CAS access control policy
casAppMetaDataOptions Root of CAS app options [1]
casAttr Pivot attribute for CAS
casAttributes CAS exported attributes
casAuthnLevel CAS authentication level
casSrvMetaDataOptions Root of CAS server options [1]
casStorage Apache::Session module to store CAS user data
casStorageOptions Apache::Session module parameters
cda Enable Cross Domain Authentication
cfgAuthor Name of the author of the current configuration
cfgAuthorIP Uploader IP address of the current configuration
cfgDate Timestamp of the current configuration
cfgLog Configuration update log
cfgNum Enable Cross Domain Authentication
cfgVersion Version of LLNG which build configuration
checkState Enable CheckState plugin
checkStateSecret Secret token for CheckState plugin
checkTime Timeout to check new configuration in local cache
checkXSS Check XSS
combModules Combination module description
combination Combination rule
configStorage Configuration storage
confirmFormMethod HTTP method for confirm page form
cookieExpiration Cookie expiration
cookieName Name of the main cookie
cspConnect Authorized Ajax destination for Content-Security-Policy
cspDefault Default value for Content-Security-Policy
cspFont Font source for Content-Security-Policy
cspFormAction Form action destination for Content-Security-Policy
cspImg Image source for Content-Security-Policy
cspScript Javascript source for Content-Security-Policy
cspStyle Style source for Content-Security-Policy
customAddParams Custom additional parameters
customAuth Custom auth module
customFunctions List of custom functions
customPassword Custom password module
customRegister Custom register module
customUserDB Custom user DB module
dbiAuthnLevel DBI authentication level
dbiExportedVars DBI exported variables
demoExportedVars Demo exported variables
domain DNS domain
exportedAttr List of attributes to export by SOAP or REST servers
exportedVars Main exported variables
ext2FSendCommand Send command of External second factor
ext2FValidateCommand Validation command of External second factor
ext2fActivation External second factor activation
ext2fAuthnLevel Authentication level for users authentified by External second factor
ext2fLogo Custom logo for External 2F
facebookAuthnLevel Facebook authentication level
facebookExportedVars Facebook exported variables
failedLoginNumber Number of failures stored in login history
formTimeout Token timeout for forms
globalStorage Session backend module
globalStorageOptions Session backend module options
grantSessionRules Rules to grant sessions
groups Groups
groupsBeforeMacros Compute groups before macros, so that a macro may refer to $groups or $hGroups
handlerInternalCache Handler internal cache timeout
hiddenAttributes Name of attributes to hide in logs
hideOldPassword Hide old password in portal
httpOnly Enable httpOnly flag in cookie
https Use HTTPS for redirection from portal
infoFormMethod HTTP method for info page form
issuerDBCASActivation CAS server activation
issuerDBCASPath CAS server request path
issuerDBCASRule CAS server rule
issuerDBGetActivation Get issuer activation
issuerDBGetParameters List of virtualHosts with their get parameters
issuerDBGetPath Get issuer request path
issuerDBGetRule Get issuer rule
issuerDBOpenIDActivation OpenID server activation
issuerDBOpenIDConnectActivation OpenID Connect server activation
issuerDBOpenIDConnectPath OpenID Connect server request path
issuerDBOpenIDConnectRule OpenID Connect server rule
issuerDBOpenIDPath OpenID server request path
issuerDBOpenIDRule OpenID server rule
issuerDBSAMLActivation SAML IDP activation
issuerDBSAMLPath SAML IDP request path
issuerDBSAMLRule SAML IDP rule
jsRedirect Use javascript for redirections
key Secret key
krbAuthnLevel Null authentication level
krbByJs Launch Kerberos authentication by Ajax
krbKeytab Kerberos keytab
krbRemoveDomain Remove domain in Kerberos username
ldapAllowResetExpiredPassword Allow a user to reset his expired password
ldapAuthnLevel LDAP authentication level
ldapBase LDAP search base
ldapExportedVars LDAP exported variables
ldapGroupAttributeName LDAP attribute name for member in groups
ldapGroupAttributeNameGroup LDAP attribute name in group entry referenced as member in groups
ldapGroupAttributeNameSearch LDAP attributes to search in groups
ldapGroupAttributeNameUser LDAP attribute name in user entry referenced as member in groups
ldapGroupObjectClass LDAP object class of groups
ldapGroupRecursive LDAP recursive search in groups
ldapPasswordResetAttribute LDAP password reset attribute
ldapPasswordResetAttributeValue LDAP password reset value
ldapPort LDAP port
ldapPwdEnc LDAP password encoding
ldapSearchDeref "deref" param of Net::LDAP::search()
ldapServer LDAP server (host or URI)
ldapTimeout LDAP connection timeout
ldapUsePasswordResetAttribute LDAP store reset flag in an attribute
ldapVersion LDAP protocol version
linkedInAuthnLevel LinkedIn authentication level
localSessionStorage Local sessions cache module
localSessionStorageOptions Sessions cache module options
localStorage Local cache
localStorageOptions Local cache parameters
log4perlConfFile Log4Perl logger configuration file
logLevel Log level, must be set in .ini
logger technical logger
loginHistoryEnabled Enable login history
logoutServices Send logout trough GET request to these services
lwpOpts Options given to LWP::UserAgent
lwpSslOpts SSL options given to LWP::UserAgent
macros Macros
mailBody Custom mail body
mailCharset Mail charset
mailConfirmBody Custom confirm mail body
mailConfirmSubject Mail subject for reset confirmation
mailFrom Sender email
mailLDAPFilter LDAP filter for mail search
mailOnPasswordChange Send a mail when password is changed
mailReplyTo Reply-To address
mailSessionKey Session parameter where mail is stored
mailSubject Mail subject for new password email
mailTimeout Mail session timeout
mailUrl URL of password reset page
maintenance Maintenance mode for all virtual hosts
managerDn LDAP manager DN
managerPassword LDAP manager Password
max2FDevices Maximum registered 2F devices
max2FDevicesNameLength Maximum 2F devices name length
multiValuesSeparator Separator for multiple values
mySessionAuthorizedRWKeys Alterable session keys by user itself
nginxCustomHandlers Custom Nginx handler (deprecated)
noAjaxHook Avoid replacing 302 by 401 for Ajax responses
notification Notification activation
notificationServer Notification server activation
notificationStorage Notification backend
notificationStorageOptions Notification backend options
notificationWildcard Notification string to match all users
notificationXSLTfile Custom XSLT document for notifications
notifyDeleted Show deleted sessions in portal
notifyOther Show other sessions in portal
nullAuthnLevel Null authentication level
oidcAuthnLevel OpenID Connect authentication level
oidcOPMetaDataOptions [1]
oidcRPCallbackGetParam OpenID Connect Callback GET URLparameter
oidcRPMetaDataOptions [1]
oidcRPStateTimeout OpenID Connect Timeout of state sessions
oidcServiceAllowAuthorizationCodeFlow OpenID Connect allow authorization code flow
oidcServiceAllowDynamicRegistration OpenID Connect allow dynamic client registration
oidcServiceAllowHybridFlow OpenID Connect allow hybrid flow
oidcServiceAllowImplicitFlow OpenID Connect allow implicit flow
oidcServiceKeyIdSig OpenID Connect Signature Key ID
oidcServiceMetaDataAuthnContext OpenID Connect Authentication Context Class Ref
oidcServiceMetaDataAuthorizeURI OpenID Connect authorizaton endpoint
oidcServiceMetaDataBackChannelURI OpenID Connect Front-Channel logout endpoint
oidcServiceMetaDataCheckSessionURI OpenID Connect check session iframe
oidcServiceMetaDataEndSessionURI OpenID Connect end session endpoint
oidcServiceMetaDataFrontChannelURI OpenID Connect Front-Channel logout endpoint
oidcServiceMetaDataJWKSURI OpenID Connect JWKS endpoint
oidcServiceMetaDataRegistrationURI OpenID Connect registration endpoint
oidcServiceMetaDataTokenURI OpenID Connect token endpoint
oidcServiceMetaDataUserInfoURI OpenID Connect user info endpoint
oidcStorage Apache::Session module to store OIDC user data
oidcStorageOptions Apache::Session module parameters
oldNotifFormat Use old XML format for notifications
openIdAuthnLevel OpenID authentication level
openIdExportedVars OpenID exported variables
openIdSreg_email OpenID SREG email session parameter
openIdSreg_fullname OpenID SREG fullname session parameter
openIdSreg_nickname OpenID SREG nickname session parameter
openIdSreg_timezone OpenID SREG timezone session parameter
pamAuthnLevel PAM authentication level
pamService PAM service
passwordDB Password module
passwordResetAllowedRetries Maximum number of retries to reset password
persistentStorage Storage module for persistent sessions
persistentStorageOptions Options for persistent sessions storage module
port Force port in redirection
portal Portal URL
portalAntiFrame Avoid portal to be displayed inside frames
portalCheckLogins Display login history checkbox in portal
portalDisplayAppslist Display applications tab in portal
portalDisplayChangePassword Display password tab in portal
portalDisplayLoginHistory Display login history tab in portal
portalDisplayLogout Display logout tab in portal
portalDisplayOidcConsents Display OIDC consent tab in portal
portalDisplayRegister Display register button in portal
portalDisplayResetPassword Display reset password button in portal
portalErrorOnExpiredSession Show error if session is expired
portalErrorOnMailNotFound Show error if mail is not found in password reset process
portalForceAuthn Enable force to authenticate when displaying portal
portalForceAuthnInterval Maximum interval in seconds since last authentication to force reauthentication
portalMainLogo Portal main logo path
portalOpenLinkInNewWindow Open applications in new windows
portalPingInterval Interval in ms between portal Ajax pings
portalRequireOldPassword Old password is required to change the password
portalSkin Name of portal skin
portalSkinBackground Background image of portal skin
portalSkinRules Rules to choose portal skin
portalStatus Enable portal status
portalUserAttr Session parameter to display connected user in portal
protection Manager protection method
proxyAuthnLevel Proxy authentication level
proxyUseSoap Use SOAP instead of REST
radiusAuthnLevel Radius authentication level
randomPasswordRegexp Regular expression to create a random password
redirectFormMethod HTTP method for redirect page form
registerConfirmSubject Mail subject for register confirmation
registerDB Register module
registerDoneSubject Mail subject when register is done
registerTimeout Register session timeout
registerUrl URL of register page
reloadTimeout Configuration reload timeout
reloadUrls URL to call on reload
remoteGlobalStorage Remote session backend
remoteGlobalStorageOptions Apache::Session module parameters
requireToken Enable token for forms
rest2fActivation REST second factor activation
rest2fAuthnLevel Authentication level for users authentified by REST second factor
rest2fInitArgs Args for REST 2F init
rest2fInitUrl REST 2F init URL
rest2fLogo Custom logo for REST 2F
rest2fVerifyArgs Args for REST 2F init
rest2fVerifyUrl REST 2F init URL
restConfigServer Enable REST config server
restSessionServer Enable REST session server
samlAttributeAuthorityDescriptorAttributeServiceSOAP SAML Attribute Authority SOAP
samlAuthnContextMapKerberos SAML authn context kerberos level
samlAuthnContextMapPassword SAML authn context password level
samlAuthnContextMapPasswordProtectedTransport SAML authn context password protected transport level
samlAuthnContextMapTLSClient SAML authn context TLS client level
samlCommonDomainCookieActivation SAML CDC activation
samlDiscoveryProtocolActivation SAML Discovery Protocol activation
samlDiscoveryProtocolIsPassive SAML Discovery Protocol Is Passive
samlDiscoveryProtocolPolicy SAML Discovery Protocol Policy
samlDiscoveryProtocolURL SAML Discovery Protocol EndPoint URL
samlEntityID SAML service entityID
samlIDPMetaDataOptions [1]
samlIDPSSODescriptorArtifactResolutionServiceArtifact SAML IDP artifact resolution service
samlIDPSSODescriptorSingleLogoutServiceHTTPPost SAML IDP SLO HTTP POST
samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect SAML IDP SLO HTTP Redirect
samlIDPSSODescriptorSingleLogoutServiceSOAP SAML IDP SLO SOAP
samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact SAML IDP SSO HTTP Artifact
samlIDPSSODescriptorSingleSignOnServiceHTTPPost SAML IDP SSO HTTP POST
samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect SAML IDP SSO HTTP Redirect
samlIDPSSODescriptorWantAuthnRequestsSigned SAML IDP want authn request signed
samlIdPResolveCookie SAML IDP resolution cookie
samlMetadataForceUTF8 SAML force metadata UTF8 conversion
samlNameIDFormatMapEmail SAML session parameter for NameID email
samlNameIDFormatMapKerberos SAML session parameter for NameID kerberos
samlNameIDFormatMapWindows SAML session parameter for NameID windows
samlNameIDFormatMapX509 SAML session parameter for NameID x509
samlOrganizationDisplayName SAML service organization display name
samlOrganizationName SAML service organization name
samlOrganizationURL SAML service organization URL
samlRelayStateTimeout SAML timeout of relay state
samlSPMetaDataOptions [1]
samlSPSSODescriptorArtifactResolutionServiceArtifact SAML SP artifact resolution service
samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact SAML SP ACS HTTP artifact
samlSPSSODescriptorAssertionConsumerServiceHTTPPost SAML SP ACS HTTP POST
samlSPSSODescriptorAuthnRequestsSigned SAML SP AuthnRequestsSigned
samlSPSSODescriptorSingleLogoutServiceHTTPPost SAML SP SLO HTTP POST
samlSPSSODescriptorSingleLogoutServiceHTTPRedirect SAML SP SLO HTTP Redirect
samlSPSSODescriptorSingleLogoutServiceSOAP SAML SP SLO SOAP
samlSPSSODescriptorWantAssertionsSigned SAML SP WantAssertionsSigned
samlServicePrivateKeyEnc SAML encryption private key
samlServicePrivateKeySig SAML signature private key
samlServicePrivateKeySigPwd SAML signature private key password
samlServicePublicKeyEnc SAML encryption public key
samlServicePublicKeySig SAML signature public key
samlServiceUseCertificateInResponse Use certificate instead of public key in SAML responses
samlStorage Apache::Session module to store SAML user data
samlStorageOptions Apache::Session module parameters
samlUseQueryStringSpecific SAML use specific method for query_string
secureTokenAllowOnError Secure Token allow requests in error
secureTokenAttribute Secure Token attribute
secureTokenExpiration Secure Token expiration
secureTokenHeader Secure Token header
secureTokenMemcachedServers Secure Token Memcached servers
securedCookie Cookie securisation method
sentryDsn Sentry logger DSN
sessionDataToRemember Data to remember in login history
sfEngine Second factor engine
sfRequired Second factor required
showLanguages Display langs icons
singleIP Allow only one IP address per user
singleSession Allow only one session per user
singleUserByIP Allow only one user per IP address
skipRenewConfirmation Avoid asking confirmation when an Issuer asks to renew auth
slaveAuthnLevel Slave authentication level
slaveExportedVars Slave exported variables
soapConfigServer Enable SOAP config server
soapSessionServer Enable SOAP session server
sslByAjax Use Ajax request for SSL
sslHost URL for SSL Ajax request
staticPrefix Prefix of static files for HTML templates
status Status daemon activation
stayConnected Enable StayConnected plugin
storePassword Store password in session
successLoginNumber Number of success stored in login history
syslogFacility Syslog logger technical facility
timeout Session timeout on server side
timeoutActivity Session activity timeout on server side
timeoutActivityInterval Update session timeout interval on server side
tokenUseGlobalStorage Enable global token storage
totp2fActivation TOTP activation
totp2fAuthnLevel Authentication level for users authentified by password+TOTP
totp2fDigits Number of digits for TOTP code
totp2fDisplayExistingSecret Display existing TOTP secret in registration form
totp2fInterval TOTP interval
totp2fIssuer TOTP Issuer
totp2fRange TOTP range (number of interval to test)
totp2fSelfRegistration TOTP self registration activation
totp2fUserCanChangeKey Authorize users to change existing TOTP secret
totp2fUserCanRemoveKey Authorize users to remove existing TOTP secret
trustedDomains Trusted domains
twitterAuthnLevel Twitter authentication level
u2fActivation U2F activation
u2fAuthnLevel Authentication level for users authentified by password+U2F
u2fSelfRegistration U2F self registration activation
u2fUserCanRemoveKey Authorize users to remove existing U2F key
upgradeSession Upgrade session activation
useRedirectOnError Use 302 redirect code for error (500)
useRedirectOnForbidden Use 302 redirect code for forbidden (403)
useSafeJail Activate Safe jail
userControl Regular expression to validate login
userDB User module
userLogger User actions logger
userSyslogFacility Syslog logger user-actions facility
utotp2fActivation UTOTP activation (mixed U2F/TOTP module)
utotp2fAuthnLevel Authentication level for users authentified by password+(U2F or TOTP)
vhostOptions [1]
webIDAuthnLevel WebID authentication level
webIDExportedVars WebID exported variables
whatToTrace Session parameter used to fill REMOTE_USER
wsdlServer Enable /portal.wsdl server
yubikey2fActivation Yubikey second factor activation
yubikey2fAuthnLevel Authentication level for users authentified by Yubikey second factor
yubikey2fClientID Yubico client ID
yubikey2fNonce Yubico nonce
yubikey2fPublicIDSize Yubikey public ID size
yubikey2fSecretKey Yubico secret key
yubikey2fSelfRegistration Yubikey self registration activation
yubikey2fUrl Yubico server
yubikey2fUserCanRemoveKey Authorize users to remove existing Yubikey
zimbraAccountKey Zimbra account session key
zimbraBy Zimbra account type
zimbraPreAuthKey Zimbra preauthentication key
zimbraSsoUrl Zimbra local SSO URL pattern
zimbraUrl Zimbra preauthentication URL


[1]: complex nodes

Full name Key name Configuration backend
Directory dirName File
DBI connection string dbiChain CDBI / RDBI
DBI user dbiUser
DBI password dbiPassword
DBI table name dbiTable
Storage directory dirName File / YAML
LDAP server ldapServer LDAP
LDAP port ldapPort
LDAP base ldapConfBase
LDAP bind dn ldapBindDN
LDAP bind password ldapBindPassword
LDAP ObjectClass ldapObjectClass
LDAP ID attribute ldapAttributeId
LDAP content attribute ldapAttributeContent
Certificate authorities file caFile
Certificate authorities directory caPath
MongoDB database dbName MongoDB
MongoDB collection collectionName
REST base URL baseUrl REST
REST realm realm
REST user user
REST password password
SOAP server location (URL) proxy SOAP
LWP::UserAgent parameters proxyOptions
SOAP user User
SOAP password Password