Portal customization

The portal is the visible part of LemonLDAP::NG, all user interactions are displayed on it.

You can change the default Main Logo in Manager: General Parameters > Portal > Customization > Main Logo.

A blank value disables Main Logo display.

- Logo files must be stored in lemonldap-ng-portal/site/htdocs/static/my/path directory

- Logo file path must be like my/path/logo.png

- Main logo is included in Portal templates AND mail body

You can disabled languages choice in Manager: General Parameters > Portal > Customization > Show languages choice.

Option enabled by default.

If languages choice is disabled, Portal displays accepted languages by your browser (EN by default).

You can define a custom CSS file, for example custom.css, which will be loaded after default CSS files. This file needs to be created in the static repository (/usr/share/lemonldap-ng/portal/htdocs/static/boostrap/css).

Then set this value in Custom CSS parameter : bootstrap/css/custom.css.

Sample CSS file, to remove white background of main logo:

#header img {
  background-color: transparent;

LemonLDAP::NG is shipped with bootstrap skin.

But you can make your own. See Skin customization below.

You can change the default skin in Manager: General Parameters > Portal > Customization > Default skin.

Select the Custom skin, then set the name of the skin you want to use in the input below.

Go in General Parameters > Portal > Customization > Skin background. You can define a background by selecting one of the available image. Use None to use the default skin background configuration.

To set your own background, copy your file in /usr/share/lemonldap-ng/portal/htdocs/skins/common/backgrounds/ and register it in /etc/lemonldap-ng/lemonldap-ng.ini:

portalSkinBackground = file.png

You can also use lemonldap-ng-cli:

/usr/share/lemonldap-ng/bin/lemonldap-ng-cli set portalSkinBackground file.png

You might want to display different skin depending on the URL that was called before being redirected to the portal, or the IP address of the user.

To achieve this, you can create a rule in the Manager: select General Parameters > Portal > Customization > Skin display rules on click on "New key". Then fill the two fields;

  • Rule: a Perl expression (you can use %ENV hash to get environment variables, or $_url to get URL called before redirection, or $ipAddr to use user IP address). If the rule evaluation is true, the corresponding skin is applied.
  • Skin: the name of the skin to use.

A skin is composed of different files:

  • .tpl: Perl HTML::Template files, for HTML content
  • .css: CSS (styles)
  • .js: Javascript
  • images and other media files

A skin will often refer to the common skin, which is not a real skin, but shared skin objects (like scripts, images and CSS).

If you modify directly the skin files, your modifications will certainly be erased on the next upgrade. The best is to create your own skin, based on an existing skin.

Here we explain how to create a new skin, named myskin, from the bootstrap skin.

First copy static content:

cd /usr/share/lemonldap-ng/portal/htdocs/static
mkdir myskin
cd myskin/
cp -a ../bootstrap/js/ .
cp -a ../bootstrap/css/ .
mkdir images

Then create symbolic links on template files, as you might not want to rewrite all HTML code (else, do as you want).

cd /usr/share/lemonldap-ng/portal/templates/
mkdir myskin
cd myskin/

We include some template files that can be customized:

  • customhead.tpl : HTML header markups (like CSS, js inclusion)
  • customheader.tpl : HTML code in the header
  • customfooter.tpm : HTML code in the footer
  • customLoginHeader.tpl : HTML code int the login header
  • customLoginFooter.tpl : HTML code int the login footer

To use custom files, copy them into your skin folder:

cp ../bootstrap/custom* .

Then you can add your media to myskin/images, you will be able to use them in HTML template with this code:

<img src="<TMPL_VAR NAME="STATIC_PREFIX">myskin/images/logo.png" class="mx-auto d-block" />

To change CSS, two options:

  • Edit myksin/css/styles.css and myskin/css/styles.min.css
  • Create a new CSS file, for example myskin/css/myskin.css and load it in customhead.tpl:
<link href="<TMPL_VAR NAME="STATIC_PREFIX">myskin/css/myskin.css" rel="stylesheet" type="text/css" />

Put then all custom HTML code in the custom template files.

To configure your new skin in Manager, select the custom skin, and enter your skin name in the configuration field. For example with lemonldap-ng-cli:

/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set portalSkin 'myskin' portalSkinBackground ''

Messages are defined in source code. If they really do not please you, override them! You just need to know the ID of the message (look at Portal/

There are two methods to do this:

  • Use lemonldap-ng.ini:
# Custom error messages
error_0 = Big brother is watching you, authenticated user
# Custom standard messages
msg_lastLogins = Your last connections

You can also define messages in several languages or disable message boxes by using the bareword _hide_ :

error_en_0        = Big brother is watching you, authenticated user
error_fr_0        = Souriez vous êtes surveillés !
msg_fr_lastLogins = Dernières connexions
error_9           = _hide_
  • Create a lang file in custom skin:

If you have a custom skin, then you can create a lang file in templates/<your skin> similar to the default lang files provided in htdocs/static/languages/.

For example templates/myskin/en.json:

"PE9":"Please authenticate!"

You can also create a file called all.json to override messages in all languages.

If you modify the menu template to add some tabs, you should add the new tabs in `customMenuTabs` parameter in lemonldap-ng.ini:

customMenuTabs = test, test2

This will allow one to display the tab directly with this URL:

Template parameters are defined in source code. If you need to add a template parameter for your customization, then add to lemonldap-ng.ini:

# Custom template parameters
tpl_myparam = world

Then you will be able to use it in your template like this:

Hello <TMPL_VAR NAME="myparam">!

All session variables are also available in templates, with the prefix session_:

Hello <TMPL_VAR NAME="session_cn">!

You can also display environment variables, with the prefix env_:


This node allows one to enable/disable buttons on the login page:

  • Check last logins: displays a checkbox on login form, allowing user to check his login history right after opening session
  • Reset password: display a link to reset your password page (for password based authentication backends). Number of allowed retries can be set (3 times by default)
  • Register: display a link to register page (for password based authentication backends)
  • Require old password: used only in the password changing module of the menu, will check the old password before updating it
  • Hide old password: used only if the password need to be reset by the user (LDAP password policy), will hide the old password input
  • Send mail on password change: send a mail if the password is changed from the Menu, or from forced password reset (LDAP password policy)
  • Minimal size: leave 0 to bypass the check
  • Minimal lower characters: leave 0 to bypass the check
  • Minimal upper characters: leave 0 to bypass the check
  • Minimal digit characters: leave 0 to bypass the check
  • Minimal special characters: leave 0 to bypass the check
  • Allowed special characters: set blanck to forbid special characters (_ is not a special character)
  • Display policy in password form: enable this to display an information message about password policy constraints
  • User attribute: which session attribute will be used to display Connected as in the menu
  • New window: open menu links in new window
  • Anti iframe protection: Set X-Frame-Options and CSP frame-ancestors headers (see Browser compatibility)
  • Ping interval: Number of milliseconds between each ping (Ajax request) on the portal menu. Set to 0 to dismiss checks.
  • Show error on expired session: Display the error "Session expired", which stops the authentication process. This is enabled by default but can be disabled to prevent transparent authentication (like SSL or Kerberos) to be stopped.
  • Show error on mail not found: Display error if provided mail is not found in password reset by mail process. Disabled by default to prevent mail enumeration from this page.