Viewer module

This module can be useful to allow certain users to edit WebSSO configuration in Read Only mode.

Configuration

Parameters are set in lemonldap-ng.ini file, section [manager]:

[manager]
enabledModules = conf, sessions, notifications, 2ndFA, viewer

defaultModule = viewer

viewerHiddenKeys = samlIDPMetaDataNodes samlSPMetaDataNodes managerPassword ManagerDn globalStorageOptions persistentStorageOptions
viewerAllowBrowser = $groups =~ /\bsu\b/
viewerAllowDiff = $groups =~ /\bsu\b/
  • Parameters:
    • enabledModules: list of modules to enable
    • defaultModule: module displayed by default route (http://manager.example.com/manager.(fcgi|psgi)
    • viewerHiddenKeys: keys not displayed by Viewer
    • viewerAllowBrowser: allow to browse other configurations
    • viewerAllowDiff: enable “difference with previous” link

Danger

You have to set access rules to allow/deny users to access modules.

In Manager: * Declare a Virtual Host : manager.example.com * Set an access rule for each enabled module :

  1. Configuration : ^/(.*?.(fcgi|psgi)/)?(manager.html|confs|$) = $uid eq ‘dwho’
  2. Notifications : ^/(.*?.(fcgi|psgi)/)?notifications = $uid eq ‘dwho’
  3. Sessions : ^/(.*?.(fcgi|psgi)/)?sessions = $uid eq ‘dwho’
  4. Viewer : ^/(.*?.(fcgi|psgi)/)?viewer = $uid =~ /b(?:dwho|rtyler)b/
  5. Default : $uid =~ /b(?:dwho|rtyler)b/

Attention

To avoid that Read-Only users can access to configuration module by using default route, keep in mind to set ‘defaultModule’ option