Changes

Changes

1,023 bytes added , 19:07, 16 June 2022

no edit summary

Line 6: Line 6:

[http://www.firewall-services.com Firewall Services]<br>

mailto:daniel@firewall-services.com

−

===Version===

[[Version::contrib9|fws]][[Has SME9::true| ]]

=== Description ===

Line 23: Line 25:

=== Requirement ===

−

LemonLDAP-NG has been developped and tested only on SMEServer ~~8b6. It'll will probably won't work with earlier releases~~, and won't be adapted to work on SME7.

LemonLDAP-NG has been developped and tested only on SMEServer 8/9, and won't be adapted to work on SME7.

You also need latest updates from the smeupdates-testing repository

Line 30: Line 32:

signal-event reboot

−

=== Installation ===

=== Installation 8.x and 9.x===

Configure Firewall-Services's repository:

Line 42: Line 44:

signal-event yum-modify

−

Configure the ~~EPEL~~ repository

Configure the [[Epel]] and [[Dag]] repositories (choose the correct repository according to Your Sme version - 8 or 9).

−

~~db yum_repositories set epel repository \~~

−

~~Name 'Extra Packages for Enterprise Linux 5' \~~

−

~~MirrorList 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel~~-~~5&arch=i386' \~~

−

~~status disabled GPGCheck yes \~~

−

~~GPGKey http://download.fedora.redhat~~.~~com/pub/epel/RPM-GPG-KEY-EPEL~~

−

~~signal-event yum-modify~~

*install the rpms

−

yum --enablerepo=fws --enablerepo=epel install smeserver-lemonldap-ng

yum --enablerepo=fws --enablerepo=epel --enablerepo=dag install smeserver-lemonldap-ng

* Now, appply the needed configuration:

Line 59: Line 54:

signal-event webapps-update

db configuration set UnsavedChanges no

−

=== Configuration ===

Line 93: Line 87:

* First, you can install your application (for example in /opt/myapp)

−

* Now, you need to create a custom template to make this application available from the web. LemonLDAP::NG uses VirtualHosts to protect different ~~application~~, so it's ~~recommanded~~ to not create alias on the primary domain in your custom-template. A dedicated virtualhost will be created later to access the application. Here's a example of custom-template:

* Now, you need to create a custom template to make this application available from the web. LemonLDAP::NG uses VirtualHosts to protect different applications, so it's recommended to not create alias on the primary domain in your custom-template. A dedicated virtualhost will be created later to access the application. Here's a example of custom-template:

# MyApp configuration

−

AllowOverride None

SSLRequireSSL on

Line 113: Line 107:

db domains set myapp.domain.tld domain Content Primary \

−

Description 'My App' DocumentRoot /opt/myapp LemonLDAP ~~enabled~~ \

Description 'My App' DocumentRoot /opt/myapp Authentication LemonLDAP \

Nameservers internet TemplatePath WebAppVirtualHost

signal-event domain-create myapp.domain.tld

{{Note box|Instead of '''LemonLDAP''' you can also use '''LemonLDAPBasic''' as Authentication type. LemonLDAPBasic will still use LemonLDAP::NG to handle authentication and authorization, but will use a basic HTTP auth scheme, it's usefull in some situation, like being able to connect native mobile application for example (but of course, you won't have the benefit of the SSO with a basic auth)}}

It's important to set TemplatePath to WebAppVirtualHost. Those templates are provided by smeserver-webapps-common package (automatically installed, as it's need by LemonLDAP). Those templates make it easy to protect any virtualhost by LemonLDAP::NG

−

* Ok, now your application is available from this addresse https://myapp.domain.tld/ but you'll get a access denied if you try to access it now. The last ~~steop~~ is to declare myapp.domain.tld in LemonLDAP::NG. This is done using the configuration manager (https://sso-manager.domain.tld). You can then set the access rules you want.

* Ok, now your application is available from this addresse https://myapp.domain.tld/ but you'll get a access denied if you try to access it now. The last step is to declare myapp.domain.tld in LemonLDAP::NG. This is done using the configuration manager (https://sso-manager.domain.tld). You can then set the access rules you want. You can read the project documentation for this part, especially this page [http://lemonldap-ng.org/documentation/latest/writingrulesand_headers]

=== Troubleshoot ===

Line 125: Line 121:

=== Backup and Restore ===

−

You should backup the directory /var/lib/lemonldap, which is where configuration and ~~sessions~~ are stored

You should backup the directory /var/lib/lemonldap/conf and /var/lib/lemonldap-ng/notifications/ which is where configuration and notifications are stored

=== Uninstall ===

Line 132: Line 128:

=== Source ===

−

The source for this contrib can be found in Firewall-Services's [http://~~repo~~.firewall-services.com/~~centos~~/5/~~SRPMS~~/ ~~repository~~].

The source for this contrib can be found in Firewall-Services's [http://gitweb.firewall-services.com/?p=smeserver-lemonldap-ng;a=summary repository].

=== Bugs ===

Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]

and select the smeserver-lemonldap-ng component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-lemonldap-ng|title=this link.}}

Below is an overview of the current issues for this contrib:{{#bugzilla:columns=id,product,version,status,summary|sort=id|order=desc|component=smeserver-lemonldap-ng |noresultsmessage=No open bugs found.}}

----

[[Category:Contrib]]

[[Category: Webapps]]

Gieres

3,054

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/15349...41210"

LemonLDAP-NG (view source)

Revision as of 19:07, 16 June 2022

Navigation menu

Search