Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
documentation:quickstart [2018/05/17 15:25] xguimard [Apache] |
documentation:quickstart [2019/04/26 15:41] (current) coudot |
||
---|---|---|---|
Line 3: | Line 3: | ||
<note important> | <note important> | ||
This tutorial will guide you into a minimal installation and configuration procedure. You need some prerequisites: | This tutorial will guide you into a minimal installation and configuration procedure. You need some prerequisites: | ||
- | * A computer with a GNU/Linux or recent UNIX system | + | * A computer with a GNU/Linux recent distribution (Debian, Ubuntu, CentOS, RHEL, ...) with root privileges |
- | * A web browser launched from the computer (to access localhost) | + | * A web browser |
+ | * The possibility to update your local ''hosts'' file, or an easy access to your DNS server | ||
* A cup of coffee (or tea, we are open minded) | * A cup of coffee (or tea, we are open minded) | ||
</note> | </note> | ||
Line 10: | Line 11: | ||
===== Installation ===== | ===== Installation ===== | ||
- | You can install Lemonldap::NG using [[:download|packages]] (rpm or deb) or by hand as described below. | + | You should install Lemonldap::NG using packages, but you can also install it from [[:documentation::latest:installtarball|the tarball]]. |
- | LemonLDAP::NG is written in Perl and requires a lot of Perl dependencies. [[:documentation:latest:prereq|You must install them first]]. | + | ==== Debian / Ubuntu ==== |
- | + | ||
- | Get the tarball on [[:download|download page]] and follow next steps (or install using [[:documentation:latest:installrpm|RPM]] or [[:documentation:latest:installdeb|Debian]] packages): | + | |
- | + | ||
- | ==== Extract ==== | + | |
<code> | <code> | ||
- | tar zxvf lemonldap-ng-*.tar.gz | + | apt install apt-transport-https |
- | cd lemonldap-ng-* | + | wget -O - https://lemonldap-ng.org/_media/rpm-gpg-key-ow2 | apt-key add - |
+ | echo "deb https://lemonldap-ng.org/deb stable main" > /etc/apt/sources.list.d/lemonldap-ng.list | ||
+ | apt update | ||
+ | apt install lemonldap-ng | ||
</code> | </code> | ||
- | ==== Build ==== | + | ==== CentOS / RHEL ==== |
<code> | <code> | ||
- | make | + | curl https://lemonldap-ng.org/_media/rpm-gpg-key-ow2 > /etc/pki/rpm-gpg/RPM-GPG-KEY-OW2 |
- | make test | + | echo "[lemonldap-ng] |
+ | name=LemonLDAP::NG packages | ||
+ | baseurl=https://lemonldap-ng.org/redhat/stable/$releasever/noarch | ||
+ | enabled=1 | ||
+ | gpgcheck=1 | ||
+ | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OW2" > /etc/yum.repos.d/lemonldap-ng.repo | ||
+ | yum update | ||
+ | yum install lemonldap-ng | ||
</code> | </code> | ||
- | ==== Install ==== | + | ===== SSO domain configuration ===== |
+ | The defaut SSO domain is ''example.com''. You can keep it for your tests or change it, for example for ''mydomain.com'': | ||
<code> | <code> | ||
- | sudo make install | + | sed -i 's/example\.com/mydomain.com/g' /etc/lemonldap-ng/* /var/lib/lemonldap-ng/conf/lmConf-1.json |
+ | sed -i 's/example\.com/mydomain.com/g' /etc/nginx/conf.d/* | ||
+ | sed -i 's/example\.com/mydomain.com/g' /etc/httpd/conf.d/* | ||
+ | sed -i 's/example\.com/mydomain.com/g' /etc/apache2/sites-available/* | ||
</code> | </code> | ||
- | ===== Configuration ===== | + | In order to be able to test, update your DNS or your local ''hosts'' file to map this names to the SSO server IP: |
+ | * auth.mydomain.com | ||
+ | * manager.mydomain.com | ||
+ | * test1.mydomain.com | ||
+ | * test2.mydomain.com | ||
- | ==== System ==== | + | For example on your local computer: |
- | + | ||
- | Update your /etc/hosts to map SSO URLs to localhost: | + | |
<code> | <code> | ||
- | sudo make postconf | + | echo "192.168.1.30 auth.mydomain.com manager.mydomain.com test1.mydomain.com test2.mydomain.com" >> /etc/hosts |
</code> | </code> | ||
- | ==== Apache ==== | + | ===== Run ===== |
- | Include LemonLDAP::NG configuration in your main Apache configuration: | + | Since LemonLDAP::NG 1.2, the [[:documentation:latest:authdemo|demonstration backend]] is configured by default. |
- | + | ||
- | <file apache> | + | |
- | include /usr/local/lemonldap-ng/etc/portal-apache2.conf | + | |
- | include /usr/local/lemonldap-ng/etc/handler-apache2.conf | + | |
- | include /usr/local/lemonldap-ng/etc/manager-apache2.conf | + | |
- | include /usr/local/lemonldap-ng/etc/test-apache2.conf | + | |
- | </file> | + | |
- | + | ||
- | Restart Apache: | + | |
- | <code> | + | |
- | sudo apachectl configtest | + | |
- | sudo apachectl restart | + | |
- | </code> | + | |
- | + | ||
- | ==== Nginx ==== | + | |
- | + | ||
- | Include LemonLDAP::NG configuration in your Nginx configuration | + | |
- | + | ||
- | <file nginx> | + | |
- | include /usr/local/lemonldap-ng/etc/portal-nginx.conf; | + | |
- | include /usr/local/lemonldap-ng/etc/handler-nginx.conf; | + | |
- | include /usr/local/lemonldap-ng/etc/manager-nginx.conf; | + | |
- | include /usr/local/lemonldap-ng/etc/test-nginx.conf; | + | |
- | </file> | + | |
- | + | ||
- | Restart Nginx: | + | |
- | <code> | + | |
- | sudo nginx -t | + | |
- | sudo service nginx restart | + | |
- | </code> | + | |
- | ===== Run ===== | + | |
- | Since LemonLDAP::NG 1.2, the [[:documentation:latest:authdemo|demonstration backend]] is configured by default. Demonstration backend has hard coded user accounts: | + | Demonstration backend has hard coded user accounts: |
^ Login ^ Password ^ Role ^ | ^ Login ^ Password ^ Role ^ | ||
Line 90: | Line 72: | ||
==== Open SSO session ==== | ==== Open SSO session ==== | ||
- | Go on http://auth.example.com and log with one of the demonstration account. | + | Go on http://auth.mydomain.com and log with one of the demonstration account. |
==== Access protected application ==== | ==== Access protected application ==== | ||
- | Try http://test1.example.com or http://test2.example.com | + | Try http://test1.mydomain.com or http://test2.mydomain.com |
==== Edit configuration ==== | ==== Edit configuration ==== | ||
- | Log with the dwho account and go on http://manager.example.com | + | Log with the dwho account and go on http://manager.mydomain.com |