Installation on Red Hat/CentOS

Attention

LemonLDAP::NG requires at least Red Hat/CentOS 7

List of pacakges

LemonLDAP::NG provides packages for RHEL (and derivatives) 7/8/9:

  • lemonldap-ng: metapackage, contains no file but dependencies on other packages

  • lemonldap-ng-doc: contains HTML documentation and project docs (README, etc.)

  • lemonldap-ng-conf: contains default configuration (DNS domain: example.com)

  • lemonldap-ng-test: contains sample CGI test page

  • lemonldap-ng-handler: contains Apache Handler implementation (agent)

  • lemonldap-ng-manager: contains administration interface and session explorer

  • lemonldap-ng-portal: contains authentication portal and menu

  • lemonldap-ng-fastcgi-server: FastCGI server needed to use Nginx

  • lemonldap-ng-nginx: contains Nginx configuration and dependencies

  • lemonldap-ng-uwsgi-app: contains Uwsgi application

  • lemonldap-ng-selinux: contains the SELinux policy for httpd

  • perl-Lemonldap-NG-Common: CPAN - Shared modules

  • perl-Lemonldap-NG-Handler: CPAN - Handler modules

  • perl-Lemonldap-NG-Manager: CPAN - Manager modules

  • perl-Lemonldap-NG-Portal: CPAN - Portal modules

  • perl-Lemonldap-NG-SSOaaS-Apache-Client: SSOaaS client module

Danger

The package lemonldap-ng-nginx requires the Nginx community package. If you use OpenResty or Nginx plus, you must ignore this dependency. To do this, download the package and install it with:

rpm --nodeps -i lemonldap-ng-nginx*.rpm

Prerequisites

LemonLDAP::NG has dependencies which are not in base RHEL repositories.

You need to enable EPEL repositories before installing.

On RHEL8 and derivatives, you also also need to enable the PowerTools repository in /etc/yum.repos.d.

On OracleLinux, the corresponding repo is called Oracle Linux 8 CodeReady Builder.

Get the packages

YUM repository

You can add this YUM repository to get recent packages:

vi /etc/yum.repos.d/lemonldap-ng.repo

[lemonldap-ng]
name=LemonLDAP::NG packages
baseurl=https://lemonldap-ng.org/redhat/stable/$releasever/noarch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OW2

Tip

Replace stable by 2.0 to avoid upgrade to next major version

You may also need some extras packages for SAML, available here:

[lemonldap-ng-extras]
name=LemonLDAP::NG extra packages
baseurl=https://lemonldap-ng.org/redhat/extras/$releasever
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OW2

Run this to update packages cache:

yum update

Manual download

RPMs are available on the Download page.

Package GPG signature

Get the RPM signing key onto your LemonLDAP::NG server:

curl https://lemonldap-ng.org/_media/rpm-gpg-key-ow2 > /etc/pki/rpm-gpg/RPM-GPG-KEY-OW2

Install packages

With YUM

If the packages are stored in a yum repository:

yum install lemonldap-ng

# If you use SELinux
yum install lemonldap-ng lemonldap-ng-selinux

You can also use yum on local RPMs file:

yum localinstall lemonldap-ng-* perl-Lemonldap-NG-*

With RPM

You have then to install all the downloaded packages:

yum install lemonldap-ng-* perl-Lemonldap-NG-*

Tip

You can choose to install only one component by choosing the package lemonldap-ng-portal, lemonldap-ng-handler or lemonldap-ng-manager.

Install the package lemonldap-ng-conf on all server which contains one of those packages.

First configuration steps

Change default DNS domain

By default, DNS domain is example.com. You can change it quick with a sed command. For example, we change it to ow2.org:

sed -i 's/example\.com/ow2.org/g' /etc/lemonldap-ng/* /var/lib/lemonldap-ng/conf/lmConf-1.json /etc/nginx/conf.d/* /etc/httpd/conf.d/*

Upgrade

If you upgraded LemonLDAP::NG, check all upgrade notes.

DNS

Configure your DNS server to resolve names with your server IP:

  • auth.<your domain>: main portal, must be public

  • manager.<your domain>: manager, only for adminsitrators

  • test1.<your domain>, test2.<your domain>: sample applications

Follow the next steps

File location

  • Configuration is in /etc/lemonldap-ng

  • LemonLDAP::NG configuration (edited by the Manager) is in /var/lib/lemonldap-ng/conf/

  • All Perl modules are in the /usr/share/perl5/vendor_perl directory

  • All Perl scripts/pages are in /var/lib/lemonldap-ng/

  • All static content (examples, CSS, images, etc.) is in /usr/share/lemonldap-ng/

  • Administration scripts are in /usr/libexec/lemonldap-ng/bin

Build your packages

If you need it, you can rebuild RPMs:

  • Install rpm-build package

  • Install all build dependencies (see BuildRequires in lemonldap-ng.spec )

  • Put LemonLDAP::NG tarball in %_topdir/SOURCES

  • Edit ~/.rpmmacros and set your build parameters:

%_topdir /home/user/build
%dist .el7
%rhel 7

  • Go to %_topdir

  • Build:

rpmbuild -ta SOURCES/lemonldap-ng-VERSION.tar.gz