3,054
edits
Changes
Jump to navigation
Jump to search
mLine 6:
Line 6: − + + + Line 23:
Line 25: − + − + + + + + + Line 37:
Line 44: − + − − db yum_repositories set epel repository \ − Name 'Extra Packages for Enterprise Linux 5' \ − MirrorList 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=i386' \ − status disabled GPGCheck yes \ − GPGKey http://download.fedora.redhat.com/pub/epel/RPM-GPG-KEY-EPEL − signal-event yum-modify − + Line 54:
Line 54: − Line 63:
Line 62: − + Line 83:
Line 82: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 88:
Line 121: − + Line 95:
Line 128: − + + + + + + + + +
no edit summary
[http://www.firewall-services.com Firewall Services]<br>
[http://www.firewall-services.com Firewall Services]<br>
mailto:daniel@firewall-services.com
mailto:daniel@firewall-services.com
===Version===
{{#smeversion: smeserver-lemonldap-ng }}
[[Version::contrib9|fws]][[Has SME9::true| ]]
=== Description ===
=== Description ===
=== Requirement ===
=== Requirement ===
LemonLDAP-NG has been developped and tested only on SMEServer 8b6. It'll will probably won't work with earlier releases, and won't be adapted to work on SME7.
LemonLDAP-NG has been developped and tested only on SMEServer 8/9, and won't be adapted to work on SME7.
=== Installation ===
You also need latest updates from the smeupdates-testing repository
yum --enablerepo=smeupdates-testing update
signal-event post-upgrade
signal-event reboot
=== Installation 8.x and 9.x===
Configure Firewall-Services's repository:
Configure Firewall-Services's repository:
signal-event yum-modify
signal-event yum-modify
Configure the EPEL repository
Configure the [[Epel]] and [[Dag]] repositories (choose the correct repository according to Your Sme version - 8 or 9).
*install the rpms
*install the rpms
yum --enablerepo=fws --enablerepo=epel install smeserver-lemonldap-ng
yum --enablerepo=fws --enablerepo=epel --enablerepo=dag install smeserver-lemonldap-ng
* Now, appply the needed configuration:
* Now, appply the needed configuration:
signal-event webapps-update
signal-event webapps-update
db configuration set UnsavedChanges no
db configuration set UnsavedChanges no
=== Configuration ===
=== Configuration ===
* auth.domain.tld: this domain is the authentication portal
* auth.domain.tld: this domain is the authentication portal
Those domains will work out-of-the-box from the internal network if you use your SME Server as DNS, else, you'll need to add thos two hostname to your DNS Server. You also need to add those hostnames on your external DNS server if you wawnt the portal to work from the outside.
Those domains will work out-of-the-box from the internal network if you use your SME Server as DNS, else, you'll need to add those two hostnames in your DNS Server. You also need to add those hostnames in your external DNS server if you want the portal to work from the outside.
Most of the configuration of LemonLDAP::NG is available from https://sso-manager.domain.tld/. You'll need to login using the admin credentials of your server to access this page.
Most of the configuration of LemonLDAP::NG is available from https://sso-manager.domain.tld/. You'll need to login using the admin credentials of your server to access this page.
=== Domain Name change ===
=== Domain Name change ===
When you first install this contrib, the main domain name is used in the default LemonLDAP configuration. If you later change the main domain name, you'll need to adapt LemonLDAP configuration manually (using https://sso-manager.domain.tld/)
When you first install this contrib, the main domain name is used in the default LemonLDAP configuration. If you later change the main domain name, you'll need to adapt LemonLDAP configuration manually (using https://sso-manager.domain.tld/)
=== How-to protect applications ===
Here's quick guide on how to protect an web application with LemonLDAP::NG on SME Server:
* First, you can install your application (for example in /opt/myapp)
* Now, you need to create a custom template to make this application available from the web. LemonLDAP::NG uses VirtualHosts to protect different applications, so it's recommended to not create alias on the primary domain in your custom-template. A dedicated virtualhost will be created later to access the application. Here's a example of custom-template:
# MyApp configuration
<Directory /opt/myapp>
AllowOverride None
SSLRequireSSL on
AddType application/x-httpd-php .php
php_admin_value open_basedir /opt/myapp:/tmp
order deny,allow
deny from all
allow from {"$localAccess $externalSSLAccess";}
Satisfy all
</Directory>
Ok, now the application is ready to be served, but is not accessible yet (because there's no alias to make this application accessible).
* Create a domain for this application
db domains set myapp.domain.tld domain Content Primary \
Description 'My App' DocumentRoot /opt/myapp Authentication LemonLDAP \
Nameservers internet TemplatePath WebAppVirtualHost
signal-event domain-create myapp.domain.tld
{{Note box|Instead of '''LemonLDAP''' you can also use '''LemonLDAPBasic''' as Authentication type. LemonLDAPBasic will still use LemonLDAP::NG to handle authentication and authorization, but will use a basic HTTP auth scheme, it's usefull in some situation, like being able to connect native mobile application for example (but of course, you won't have the benefit of the SSO with a basic auth)}}
It's important to set TemplatePath to WebAppVirtualHost. Those templates are provided by smeserver-webapps-common package (automatically installed, as it's need by LemonLDAP). Those templates make it easy to protect any virtualhost by LemonLDAP::NG
* Ok, now your application is available from this addresse https://myapp.domain.tld/ but you'll get a access denied if you try to access it now. The last step is to declare myapp.domain.tld in LemonLDAP::NG. This is done using the configuration manager (https://sso-manager.domain.tld). You can then set the access rules you want. You can read the project documentation for this part, especially this page [http://lemonldap-ng.org/documentation/latest/writingrulesand_headers]
=== Troubleshoot ===
=== Troubleshoot ===
=== Backup and Restore ===
=== Backup and Restore ===
You should backup the directory /var/lib/lemonldap, which is where configuration and sessions are stored
You should backup the directory /var/lib/lemonldap/conf and /var/lib/lemonldap-ng/notifications/ which is where configuration and notifications are stored
=== Uninstall ===
=== Uninstall ===
=== Source ===
=== Source ===
The source for this contrib can be found in Firewall-Services's [http://repo.firewall-services.com/centos/5/SRPMS/ repository].
The source for this contrib can be found in Firewall-Services's [http://gitweb.firewall-services.com/?p=smeserver-lemonldap-ng;a=summary repository].
=== Bugs ===
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]
and select the smeserver-lemonldap-ng component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-lemonldap-ng|title=this link.}}
Below is an overview of the current issues for this contrib:{{#bugzilla:columns=id,product,version,status,summary|sort=id|order=desc|component=smeserver-lemonldap-ng |noresultsmessage=No open bugs found.}}
----
----
[[Category:Contrib]]
[[Category:Contrib]]
[[Category: Webapps]]