Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:latest:authcombination [2019/02/05 13:49]
paucur [Rule chain]
documentation:latest:authcombination [2019/06/18 20:24] (current)
Line 32: Line 32:
 | DB2 | DBI | User DB only | dbiAuthChain => "​mysql:​..."​ | | DB2 | DBI | User DB only | dbiAuthChain => "​mysql:​..."​ |
  
-Usually, you can't declare two modules of the same type if they don't have the same parameters. For example, usually you can't declare a MySQL DBI and a PostgreSQL DBI, because there is no extra field for PostgreSQL parameters. Now with Combination,​ you can declare some overloaded parameters. For example, if DBI is configured to use PostgreSQL but DB2 is a MySQL DB, you can override the "​dbiChain"​ parameter.+Usually, you can't declare two modules of the same type if they don't have the same parameters. For example, usually you can't declare a MySQL DBI and a PostgreSQL DBI, because there is no extra field for PostgreSQL parameters. Now with Combination,​ you can declare some overloaded parameters.
  
 +For example, if DBI is configured to use PostgreSQL but DB2 is a MySQL DB, you can override the "​dbiChain"​ parameter.
 +
 +You can also override a complex key like ldapExportedVars,​ by setting a JSON value:
 +<code javascript>​
 +{"​cn"​ => "​cn",​ "​uid"​ => "​sAMAccounName",​ "​mail"​ => "​mail"​}
 +</​code>​
 +
 +<note important>​If your JSON is corrupted, LLNG will use it as string and just report a warning in logs.</​note>​
 ==== Rule chain ==== ==== Rule chain ====
  
Line 127: Line 135:
  
 To chain SSL, you have to set "​SSLRequire optional"​ in Apache configuration,​ else users will be authenticated by SSL only. To chain SSL, you have to set "​SSLRequire optional"​ in Apache configuration,​ else users will be authenticated by SSL only.
 +
 +===== Migrating from Multi =====
 +
 +Old [[documentation:​1.9:​authmulti|Multiple backends stack]] implemented only `if` and `or` keywords. Examples:
 +
 +^  Multi expressions ​ ^  Combination ​ ^
 +|  ''​LDAP;​DBI'' ​ |  ''​[myLDAP] or [myDBI]'' ​ |
 +|  ''​DBI $ENV{REMOTE_ADDR}=~/​^192/;​LDAP $ENV{REMOTE_ADDR}!~/​^192/'' ​ |  ''​if $env->​{REMOTE_ADDR} then [myDBI] else [myLDAP]'' ​ |