@ -199,14 +199,14 @@ For each attribute, you can set:
<h5id="general_options">General options</h5>
<divclass="level5">
<ul>
<liclass="level1"><divclass="li"><strong>Resolution Rule</strong>: rule that will be applied to preselect an IDP for a user. You have access to all environment variable, like user <abbrtitle="Internet Protocol">IP</abbr> address.</div>
<liclass="level1"><divclass="li"><strong>Resolution Rule</strong>: rule that will be applied to preselect an IDP for a user. You have access to all environment variable<em>(like user <abbrtitle="Internet Protocol">IP</abbr> address)</em> and all session keys.</div>
</li>
</ul>
<p>
For example, to preselect this IDP for users coming from 129.168.0.0/16 network:
For example, to preselect this IDP for users coming from 129.168.0.0/16 network and member of “admin” group:
<!-- EDIT3 TABLE [877-1222] --><divclass="noteimportant"><em>WHATTOTRACE</em> must be replaced by the attribute or macro configured in the What To Trace parameter (REMOTE_USER)
<!-- EDIT3 TABLE [877-1168] -->
<p>
See Apache::Session::Browseable::* man page to see how use indexes.
</p>
<divclass="noteimportant"><em>WHATTOTRACE</em> must be replaced by the attribute or macro configured in the What To Trace parameter (REMOTE_USER). By default: <strong>_whatToTrace</strong>
</div><divclass="notetip">It is advised to use separate session backends for standard sessions, <abbrtitle="Security Assertion Markup Language">SAML</abbr> sessions and <abbrtitle="Central Authentication Service">CAS</abbr> sessions, in order to manage index separately.
</div><divclass="noteclassic">Documentation below explains how set index on ipAddr and _whatToTrace. Adapt it to configure the index you need.
Database must be prepared exactly like in <ahref="sqlsessionbackend.html#prepare_the_database"class="wikilink1"title="documentation:2.0:sqlsessionbackend">SQL session backend</a> except that a field must be added for each data to index.
id <spanclass="kw1">CHAR</span><spanclass="br0">(</span><spanclass="nu0">32</span><spanclass="br0">)</span><spanclass="kw1">NOT</span><spanclass="kw1">NULL</span><spanclass="kw1">PRIMARY</span><spanclass="kw1">KEY</span><spanclass="sy0">,</span>
<divclass="noteimportant">Change char(32) by char(64) if you use the now recommended SHA256 hash algorithm. See <ahref="documentation/latest/sessions.html"class="wikilink1"title="documentation:latest:sessions">Sessions</a> for more details
id <spanclass="kw1">VARCHAR</span><spanclass="br0">(</span><spanclass="nu0">64</span><spanclass="br0">)</span><spanclass="kw1">NOT</span><spanclass="kw1">NULL</span><spanclass="kw1">PRIMARY</span><spanclass="kw1">KEY</span><spanclass="sy0">,</span>
<divclass="noteimportant">For Session Explorer and one-off sessions, it is recommended to use BTREE or any index method that indexes partial content.
</div>
<p>
“id” fieds is set to <code>varchar(64)</code> (instead of char(32)) to use the now recommended SHA256 hash algorithm. See <ahref="documentation/latest/sessions.html"class="wikilink1"title="documentation:latest:sessions">Sessions</a> for more details.
</p>
<divclass="notetip">With new Apache::Session::Browseable::<strong>PgHstore</strong> and <strong>PgJSON</strong>, you don't need to declare indexes in <code>CREATE TABLE</code> since “json” and “hstore” type are browseable. You should anyway add some indexes <em>(see manpage)</em>.
@ -90,7 +90,7 @@ You can define exported variables for each module in the module configuration it
<divclass="notetip">You can define environment variables in <code>Exported variables</code>, this allows one to populate user session with some environment values. Environment variables will not be queried in users database.
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [35-1270] -->
<!-- EDIT2 SECTION "Presentation" [35-1271] -->
<h2class="sectionedit4"id="extend_variables_using_macros_and_groups">Extend variables using macros and groups</h2>
<divclass="level2">
@ -104,6 +104,8 @@ Macros and groups are calculated during authentication process by the portal:
<ul>
<liclass="level1"><divclass="li"> macros are used to extend (or rewrite) <spanclass="curid"><ahref="exportedvars.html"class="wikilink1"title="documentation:2.0:exportedvars">exported variables</a></span>. A macro is stored as attributes: it can contain boolean results or any string</div>
</li>
<liclass="level1"><divclass="li"> macros can also be used to import environment variables <em>(these variables are in CGI format)</em>. Example: <code>$ENV{HTTP_COOKIE}</code></div>
</li>
<liclass="level1"><divclass="li"> groups are stored as space-separated strings in the special attribute “groups”: it contains the names of groups whose rules were returned true for the current user</div>
</li>
<liclass="level1"><divclass="li"> You can also get groups in <code>$hGroups</code> which is a Hash Reference of this form:</div>
<liclass="level1"><divclass="li"> The <ahref="http://perldoc.perl.org/MIME/Base64.html"class="urlextern"title="http://perldoc.perl.org/MIME/Base64.html"rel="nofollow">encode_base64</a> subroutine</div>
</li>
<liclass="level1"><divclass="li"> Environment variables, in some cases (through %ENV). <em>(NB: with Apache handlers it is generally empty, so unusable for rules/headers)</em></div>
</li>
<liclass="level1"><divclass="li"><ahref="#request_information"title="documentation:2.0:extendedfunctions ↵"class="wikilink1">Information about current request</a></div>
@ -139,40 +138,13 @@ Inside this jail, you can access to:
<divclass="notetip">To know more about the jail, check <ahref="http://perldoc.perl.org/Safe.html"class="urlextern"title="http://perldoc.perl.org/Safe.html"rel="nofollow">Safe module documentation</a>.
<divclass="noteimportant">This function is not compliant with <ahref="safejail.html"class="wikilink1"title="documentation:2.0:safejail">Safe jail</a>, you will need to disable the jail to use it.
<divclass="noteimportant">This function is not compliant with <ahref="safejail.html"class="wikilink1"title="documentation:2.0:safejail">Safe jail</a>, you will need to disable the jail to use it.
<divclass="noteimportant">This function is not compliant with <ahref="safejail.html"class="wikilink1"title="documentation:2.0:safejail">Safe jail</a>, you will need to disable the jail to use it.
<divclass="notetip">Since version 2.0, this function is now compliant with <ahref="safejail.html"class="wikilink1"title="documentation:2.0:safejail">Safe jail</a>.
</div>
@ -378,8 +350,8 @@ This function uses the secret key of LLNG configuration to crypt a data. This ca
<preclass="code">encrypt($_whatToTrace)</pre>
</div>
<!-- EDIT12 SECTION "encrypt" [5833-6138] -->
<h3class="sectionedit13"id="token">token</h3>
<!-- EDIT11 SECTION "encrypt" [5371-5676] -->
<h3class="sectionedit12"id="token">token</h3>
<divclass="level3">
<p>
@ -388,8 +360,8 @@ This function generates token used to <a href="servertoserver.html" class="wikil
@ -128,6 +129,8 @@ Macros and groups are calculated during authentication process by the portal:
<ul>
<liclass="level1"><divclass="li"> macros are used to extend (or rewrite) <ahref="exportedvars.html"class="wikilink1"title="documentation:2.0:exportedvars">exported variables</a>. A macro is stored as attributes: it can contain boolean results or any string</div>
</li>
<liclass="level1"><divclass="li"> macros can also be used to import environment variables <em>(these variables are in CGI format)</em>. Example: <code>$ENV{HTTP_COOKIE}</code></div>
</li>
<liclass="level1"><divclass="li"> groups are stored as space-separated strings in the special attribute “groups”: it contains the names of groups whose rules were returned true for the current user</div>
</li>
<liclass="level1"><divclass="li"> You can also get groups in <code>$hGroups</code> which is a Hash Reference of this form:</div>
</div><divclass="noteimportant">Macros and groups are computed in alphanumeric order, that is, in the order they are displayed in the manager. For example, macro “macro1” will be computed before macro “macro2”: so, expression of macro2 may involve value of macro1. As same for groups: a group rule may involve another, previously computed group.
</div>
</div>
<!-- EDIT4 SECTION "Macros and groups" [987-2949] -->
<!-- EDIT4 SECTION "Macros and groups" [987-3081] -->
@ -232,7 +235,8 @@ Lemonldap::NG handlers use a local cache to store sessions (for 10 minutes). So
<liclass="level1"><divclass="li"> Since MySQL does not have always transaction feature, Apache::Session::MySQL has been designed to use MySQL locks. Since MySQL performances are very bad using this, if you want to store sessions in a MySQL database, prefer one of the following</div>
</li>
</ol>
<divclass="notetip">Since 1.9.6, LLNG portal and handler check if session is valid at each access, so purgeCentralCache cron no longer needs to be launched every 10 minutes: one or two times per day is enough.
</div>
</div>
<h4id="replace_mysql_by_apachesessionflex">Replace MySQL by Apache::Session::Flex</h4>
@ -256,9 +260,9 @@ Password -> ...</pre>
<divclass="level4">
<p>
<ahref="https://metacpan.org/module/Apache::Session::Browseable"class="urlextern"title="https://metacpan.org/module/Apache::Session::Browseable"rel="nofollow">Apache::Session::Browseable</a> is a wrapper for other Apache::Session modules that add the capability to manage indexes. To use it (with MySQL for example), choose “Apache::Session::Browseable::MySQL” as “Apache::Session module” and use the following parameters:
<ahref="https://metacpan.org/module/Apache::Session::Browseable"class="urlextern"title="https://metacpan.org/module/Apache::Session::Browseable"rel="nofollow">Apache::Session::Browseable</a> is a wrapper for other Apache::Session modules that add the capability to manage indexes. Prefer versions ≥ 1.2.5 to have better performances in DB cleaning. To use it (with PostgreSQL for example), choose “Apache::Session::Browseable::Postgres” as “Apache::Session module” and use the following parameters:
Note that Apache::Session::Browseable::MySQL doesn't use MySQL locks.
</p>
<divclass="notetip">A <ahref="https://metacpan.org/module/Apache::Session::Browseable::Redis"class="urlextern"title="https://metacpan.org/module/Apache::Session::Browseable::Redis"rel="nofollow">Apache::Session::Browseable::Redis</a> has been created, it is the faster (except for session explorer, defeated by Apache::Session::Browseable::<ahref="https://metacpan.org/module/Apache::Session::Browseable"class="urlextern"title="https://metacpan.org/module/Apache::Session::Browseable"rel="nofollow">DBI</a>/<ahref="https://metacpan.org/module/Apache::Session::Browseable::LDAP"class="urlextern"title="https://metacpan.org/module/Apache::Session::Browseable::LDAP"rel="nofollow">LDAP</a> ≥ 1.0)
</div><divclass="noteimportant">Some Apache::Session module are not fully usable by Lemonldap::NG such as Apache::Session::Memcached since this modules do not offer capability to browse sessions. They does not allow one to use sessions explorer neither manage one-off sessions.
<p>
Look at <ahref="browseablesessionbackend.html"class="wikilink1"title="documentation:2.0:browseablesessionbackend">Browseable session backend</a> to known which index to choose.
</p>
<divclass="noteimportant">Some Apache::Session module are not fully usable by Lemonldap::NG such as Apache::Session::Memcached since these modules do not offer capability to browse sessions. They does not allow one to use sessions explorer neither manage one-off sessions.
</div>
</div>
<h4id="performance_test">Performance test</h4>
<divclass="level4">
<divclass="notetip">A <ahref="https://metacpan.org/module/Apache::Session::Browseable::Redis"class="urlextern"title="https://metacpan.org/module/Apache::Session::Browseable::Redis"rel="nofollow">Apache::Session::Browseable::Redis</a> has been created, it is the faster (except for session explorer, defeated by Apache::Session::Browseable::<ahref="https://metacpan.org/module/Apache::Session::Browseable"class="urlextern"title="https://metacpan.org/module/Apache::Session::Browseable"rel="nofollow">DBI</a>/<ahref="https://metacpan.org/module/Apache::Session::Browseable::LDAP"class="urlextern"title="https://metacpan.org/module/Apache::Session::Browseable::LDAP"rel="nofollow">LDAP</a>])
</div>
<p>
This test isn't a “only-backend” test but embed some LLNG methods, so real differences between engines are mitigate here.
<em><strong>(*) :</strong> “purge” test is done with Apache::Session::Browseable-1.2.5 and LLG-2.0. Earlier results are not so good.</em>
</p>
<p>
Analysis:
</p>
<ul>
<liclass="level1"><divclass="li"> LDAP servers are “write-once-read-many”, so write performances are very bad. Don't use this on heavy load if “Session activity timeout” is enabled <em>(if set, handler “write” sessions)</em></div>
</li>
<liclass="level1"><divclass="li"> MySQL/MariaDB is better to read than to write. Prefer PostgreSQL if you use “Session activity timeout”</div>
</li>
<liclass="level1"><divclass="li"> Logged tables decrease a lot insert performances with PostgreSQL, so use unlogged tables for sessions except for persistent sessions</div>
</li>
<liclass="level1"><divclass="li"> Redis is the best for main usage</div>
</li>
<liclass="level1"><divclass="li"> Browseable::Postgres/PgHstore/PgJSON are the best SQL solutions on average</div>
id <spanclass="kw1">CHAR</span><spanclass="br0">(</span><spanclass="nu0">32</span><spanclass="br0">)</span><spanclass="kw1">NOT</span><spanclass="kw1">NULL</span><spanclass="kw1">PRIMARY</span><spanclass="kw1">KEY</span><spanclass="sy0">,</span>
a_session text
<spanclass="br0">)</span>;</pre>
<divclass="noteimportant">Change char(32) by char(64) if you use the now recommended SHA256 hash algorithm. See <ahref="documentation/latest/sessions.html"class="wikilink1"title="documentation:latest:sessions">Sessions</a> for more details
<divclass="noteimportant">Change <code>char(32)</code> by <code>varchar(64)</code> if you use the now recommended SHA256 hash algorithm. See <ahref="documentation/latest/sessions.html"class="wikilink1"title="documentation:latest:sessions">Sessions</a> for more details
</div><divclass="notetip">You can change table name <code>sessions</code> to whatever you want, just adapt the parameter <code>TableName</code> in module options.
<preclass="code">Mot de passe pour l'utilisateur lemonldap-ng :
[...]
lemonldap-ng=> create table sessions ( id char(32) not null primary key, a_session text );
lemonldap-ng=> create unlogged table sessions ( id char(32) not null primary key, a_session text );
lemonldap-ng=> q</pre>
<divclass="noteimportant">Change char(32) by char(64) if you use the now recommended SHA256 hash algorithm. See <ahref="documentation/latest/sessions.html"class="wikilink1"title="documentation:latest:sessions">Sessions</a> for more details
<divclass="noteimportant">Change <code>char(32)</code> by <code>varchar(64)</code> if you use the now recommended SHA256 hash algorithm. See <ahref="documentation/latest/sessions.html"class="wikilink1"title="documentation:latest:sessions">Sessions</a> for more details
</div>
</div>
<!-- EDIT3 SECTION "Prepare the database" [488-2206] -->
<!-- EDIT3 SECTION "Prepare the database" [488-2237] -->
<h3class="sectionedit4"id="manager">Manager</h3>
<divclass="level3">
@ -184,10 +184,10 @@ Go in the Manager and set the session module (for example <a href="http://search
<tdclass="col0 centeralign"><strong>Commit</strong></td><tdclass="col1"> Required for PostgreSQL </td><tdclass="col2"> 1 </td>
</tr>
<trclass="row6 roweven">
<tdclass="col0 centeralign"><strong>TableName</strong></td><tdclass="col1"> Name of the table </td><tdclass="col2"> sessions </td>
<tdclass="col0 centeralign"><strong>TableName</strong></td><tdclass="col1"><em>(Optional)</em>Name of the table </td><tdclass="col2"> sessions </td>
</tr>
</table></div>
<!-- EDIT5 TABLE [2535-2929] -->
<!-- EDIT5 TABLE [2566-2975] -->
<p>
You must read the man page corresponding to your database (<ahref="http://search.cpan.org/perldoc?Apache::Session::MySQL"class="urlextern"title="http://search.cpan.org/perldoc?Apache::Session::MySQL"rel="nofollow">Apache::Session::MySQL</a>, …) to learn more about parameters. You must also install the database connector (<ahref="http://search.cpan.org/perldoc?DBD::Oracle"class="urlextern"title="http://search.cpan.org/perldoc?DBD::Oracle"rel="nofollow">DBD::Oracle</a>, <ahref="http://search.cpan.org/perldoc?DBD::Pg"class="urlextern"title="http://search.cpan.org/perldoc?DBD::Pg"rel="nofollow">DBD::Pg</a>,…)
</p>
@ -206,7 +206,7 @@ If you choose to use MySQL, read <a href="performances.html#apachesession_perfor
<seg>Les données suivantes concernant la requête courante sont disponibles via les fonctions :</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>To use custom files, delete links and copy them into your skin folder:</seg>
@ -2614,14 +2606,6 @@ make debian-packages</seg>
<seg>msmith@badwolf.org</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>To use it (with MySQL for example), choose “Apache::Session::Browseable::MySQL” as “Apache::Session module” and use the following parameters:</seg>
<seg>Pour l'utiliser (avec MySQL par exemple), choisissez “Apache::Session::Browseable::MySQL” comme “Module Apache::Session” et utilisez les paramètres suivants :</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>In the <endpoint>, change <connector-id> value to alfrescoHeader and change the <userHeader> value to Auth-User:</seg>
@ -6586,20 +6570,6 @@ cda = 1</seg>
<seg>Aller dans le Manager et créer un fournisseur OpenID-Connect.</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>Mot de passe pour l'utilisateur lemonldap-ng :
[...]
lemonldap-ng=> create table sessions ( id char(32) not null primary key, a_session text );
<seg>method : la méthode de la requête (GET, POST, etc…)</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>Search base: DN of groups branch.</seg>
@ -20202,14 +20100,6 @@ Le nouveau rôle est-il un super-utilisateur ?</seg>
<seg>Configurer l'hôte virtuel LimeSurvey comme n'importe quel autre hôte virtuel protégé.</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>Some Apache::Session module are not fully usable by Lemonldap::NG such as Apache::Session::Memcached since this modules do not offer capability to browse sessions.</seg>
<seg>Certains modules Apache::Session ne sont pas utilisables par Lemonldap::NG tel Apache::Session::Memcached, car ce module n'offre pas de dispositif de parcours des sessions</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>a2ensite manager-apache2.conf
@ -20802,14 +20692,6 @@ notification = 1</seg>
<seg>Il est également possible de créer ces macros pour gérer le compte administrateur OBM (Variables » Macros):</seg>
<seg>You have to run this command on Active Directory:</seg>
@ -22608,14 +22482,6 @@ tpl_myparam = world</seg>
<seg>À la réception de la requête, le contexte d'authentification réel est traduit en un niveau d'authentification interne (voir comment configurer la translation), utilisable pour accorder ou non la création de session.</seg>
<seg>WHATTOTRACE doit être remplacé par l'attribut ou la macro configurée dans le paramètre indiquant le champ utilisateur à stocker dans les journaux (REMOTE_USER)</seg>
<seg>Les données suivantes concernant la requête courante sont disponibles via les fonctions :</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>To use custom files, delete links and copy them into your skin folder:</seg>
@ -2614,14 +2606,6 @@ make debian-packages</seg>
<seg>msmith@badwolf.org</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>To use it (with MySQL for example), choose “Apache::Session::Browseable::MySQL” as “Apache::Session module” and use the following parameters:</seg>
<seg>Pour l'utiliser (avec MySQL par exemple), choisissez “Apache::Session::Browseable::MySQL” comme “Module Apache::Session” et utilisez les paramètres suivants :</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>In the <bpt i='1' x='1'><c1></bpt><endpoint><ept i='1'></c1></ept>, change <bpt i='2' x='2'><c2></bpt><connector-id><ept i='2'></c2></ept> value to <bpt i='3' x='3'><c3></bpt>alfrescoHeader<ept i='3'></c3></ept> and change the <bpt i='4' x='4'><c4></bpt><userHeader><ept i='4'></c4></ept> value to <bpt i='5' x='5'><c5></bpt>Auth-User<ept i='5'></c5></ept>:</seg>
<seg>Mot de passe pour l'utilisateur lemonldap-ng :
[...]
lemonldap-ng=> create table sessions ( id char(32) not null primary key, a_session text );
lemonldap-ng=> q</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>Extra claims definition</seg>
@ -7480,14 +7450,6 @@ lemonldap-ng=> q</seg>
<seg>L'ajouter à trustedDomains (ou mettre <bpt i='0' x='0'><c0></bpt>*<ept i='0'></c0></ept> dans trustedDomains pour tout accepter).</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>header_in(“Your-Request-Header”): any request header</seg>
<seg>header_in(“Your-Request-Header”) : n'importe quel en-tête de la requête</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>The common domain is used by <bpt i='0' x='0'><a0></bpt>SAML SP<ept i='0'></a0></ept> to find an Identity Provider for the user, and by <bpt i='1' x='1'><a1></bpt>SAML IDP<ept i='1'></a1></ept> to register itself in user's IDP list.</seg>
@ -8526,14 +8488,6 @@ lemonldap-ng=> q</seg>
<seg><bpt i='0' x='0'><s0></bpt>Signature des messages <bpt i='1' x='1'><a1></bpt>SSO<ept i='1'></a1></ept><ept i='0'></s0></ept> : signe les messages <bpt i='2' x='2'><a2></bpt>SSO<ept i='2'></a2></ept></seg>
<seg>Toutes les variables d'environnement sont disponibles, telle l'adresse <bpt i='1' x='1'><a1></bpt>IP<ept i='1'></a1></ept> de l'utilisateur.</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>Single Sign On cookie, domain and portal URL</seg>
<seg>method : la méthode de la requête (GET, POST, etc…)</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg><bpt i='0' x='0'><s0></bpt>Search base<ept i='0'></s0></ept>: <bpt i='1' x='1'><a1></bpt>DN<ept i='1'></a1></ept> of groups branch.</seg>
@ -20202,14 +20100,6 @@ Le nouveau rôle est-il un super-utilisateur ?</seg>
<seg>Configurer l'hôte virtuel LimeSurvey comme n'importe quel autre <bpt i='0' x='0'><a0></bpt>hôte virtuel protégé<ept i='0'></a0></ept>.</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>Some Apache::Session module are not fully usable by Lemonldap::NG such as Apache::Session::Memcached since this modules do not offer capability to browse sessions.</seg>
<seg>Certains modules Apache::Session ne sont pas utilisables par Lemonldap::NG tel Apache::Session::Memcached, car ce module n'offre pas de dispositif de parcours des sessions</seg>
<seg>Il est également possible de créer ces macros pour gérer le compte administrateur OBM (<bpt i='0' x='0'><c0></bpt>Variables<ept i='0'></c0></ept> » <bpt i='1' x='1'><c1></bpt>Macros<ept i='1'></c1></ept>):</seg>
<seg>À la réception de la requête, le contexte d'authentification réel est traduit en un niveau d'authentification interne (voir <bpt i='1' x='1'><a1></bpt>comment configurer la translation<ept i='1'></a1></ept>), utilisable pour accorder ou non la création de session.</seg>
<seg><bpt i='0' x='0'><a0></bpt>LL::NG<ept i='0'></a0></ept> Portal can be used under a <bpt i='1' x='1'><a1></bpt>FastCGI system<ept i='1'></a1></ept> very easily.</seg>
<seg>Authentification ou fourniture d'identité <bpt i='0' x='0'><a0></bpt>SAML<ept i='0'></a0></ept></seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg><bpt i='0' x='0'><s0></bpt><bpt i='1' x='1'><a1></bpt>SSO<ept i='1'></a1></ept> binding<ept i='0'></s0></ept>: force binding to use for <bpt i='2' x='2'><a2></bpt>SSO<ept i='2'></a2></ept> (http-redirect, http-post, etc.)</seg>
<seg>Il est préférable d'utiliser des bases de sessions séparées pour les sessions standard, <bpt i='0' x='0'><a0></bpt>SAML<ept i='0'></a0></ept> et <bpt i='1' x='1'><a1></bpt>CAS<ept i='1'></a1></ept> afin de gérer séparemment les index.</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg><bpt i='0' x='0'><e0></bpt>WHATTOTRACE<ept i='0'></e0></ept> must be replaced by the attribute or macro configured in the What To Trace parameter (REMOTE_USER)</seg>
<seg><bpt i='0' x='0'><e0></bpt>WHATTOTRACE<ept i='0'></e0></ept> doit être remplacé par l'attribut ou la macro configurée dans le paramètre indiquant le champ utilisateur à stocker dans les journaux (REMOTE_USER)</seg>
<seg>Please always try to find another solution to protect your application with <bpt i='0' x='0'><a0></bpt>LL::NG<ept i='0'></a0></ept>.</seg>
<seg>Cette documentation est construite autour de MySQL.</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>Django</seg>
@ -31992,22 +31810,6 @@ maxretry = 3</seg>
<seg>Pour activer le composant d'authentification <bpt i='0' x='0'><a0></bpt>LL::NG<ept i='0'></a0></ept>, aller dans <bpt i='1' x='1'><c1></bpt>/etc/obm/obm_conf.inc<ept i='1'></c1></ept>:</seg>
<seg>Les données suivantes concernant la requête courante sont disponibles via les fonctions :</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>To use custom files, delete links and copy them into your skin folder:</seg>
@ -2614,14 +2606,6 @@ make debian-packages</seg>
<seg>msmith@badwolf.org</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>To use it (with MySQL for example), choose “Apache::Session::Browseable::MySQL” as “Apache::Session module” and use the following parameters:</seg>
<seg>Pour l'utiliser (avec MySQL par exemple), choisissez “Apache::Session::Browseable::MySQL” comme “Module Apache::Session” et utilisez les paramètres suivants :</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>In the <c1><endpoint></c1>, change <c2><connector-id></c2> value to <c3>alfrescoHeader</c3> and change the <c4><userHeader></c4> value to <c5>Auth-User</c5>:</seg>
<seg>header_in(“Your-Request-Header”) : n'importe quel en-tête de la requête</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>The common domain is used by <a0>SAML SP</a0> to find an Identity Provider for the user, and by <a1>SAML IDP</a1> to register itself in user's IDP list.</seg>
@ -8526,14 +8488,6 @@ lemonldap-ng=> q</seg>
<seg><s0>Signature des messages <a1>SSO</a1></s0> : signe les messages <a2>SSO</a2></seg>
<seg>method : la méthode de la requête (GET, POST, etc…)</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg><s0>Search base</s0>: <a1>DN</a1> of groups branch.</seg>
@ -20202,14 +20100,6 @@ Le nouveau rôle est-il un super-utilisateur ?</seg>
<seg>Configurer l'hôte virtuel LimeSurvey comme n'importe quel autre <a0>hôte virtuel protégé</a0>.</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>Some Apache::Session module are not fully usable by Lemonldap::NG such as Apache::Session::Memcached since this modules do not offer capability to browse sessions.</seg>
<seg>Certains modules Apache::Session ne sont pas utilisables par Lemonldap::NG tel Apache::Session::Memcached, car ce module n'offre pas de dispositif de parcours des sessions</seg>
<seg>Il est également possible de créer ces macros pour gérer le compte administrateur OBM (<c0>Variables</c0> » <c1>Macros</c1>):</seg>
<seg>À la réception de la requête, le contexte d'authentification réel est traduit en un niveau d'authentification interne (voir <a1>comment configurer la translation</a1>), utilisable pour accorder ou non la création de session.</seg>
<seg>Il est préférable d'utiliser des bases de sessions séparées pour les sessions standard, <a0>SAML</a0> et <a1>CAS</a1> afin de gérer séparemment les index.</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg><e0>WHATTOTRACE</e0> must be replaced by the attribute or macro configured in the What To Trace parameter (REMOTE_USER)</seg>
<seg><e0>WHATTOTRACE</e0> doit être remplacé par l'attribut ou la macro configurée dans le paramètre indiquant le champ utilisateur à stocker dans les journaux (REMOTE_USER)</seg>
@ -201,14 +201,16 @@ Pour chaque attribut, on peut indiquer :
<h5id="general_options">Options générales</h5>
<divclass="level5">
<ul>
<liclass="level1"><divclass="li"><strong>Règle de résolution</strong> : règle à appliquer pour pré-sélectionner cet IDP. Toutes les variables d'environnement sont disponibles, telle l'adresse<abbrtitle="Internet Protocol">IP</abbr>de l'utilisateur.</div>
<liclass="level1"><divclass="li"><strong>Règle de résolution</strong> : règle à appliquer pour pré-sélectionner cet IDP. You have access to all environment variable <em>(like user<abbrtitle="Internet Protocol">IP</abbr>address)</em> and all session keys.</div>
</li>
</ul>
<p>
Par exemple, pour pré-sélectionner cet IDP pour les utilisateurs provenant dui réseau 129.168.0.0/16 :
For example, to preselect this IDP for users coming from 129.168.0.0/16 network and member of “admin” group:
<tdclass="col0 leftalign"> Réinitialisation de mots-de-passe </td><tdclass="col1 centeralign"> user </td>
</tr>
</table></div><!-- EDIT3 TABLE [877-1222] -->
<divclass="noteimportant"><em>WHATTOTRACE</em>doit être remplacé par l'attribut ou la macro configurée dans le paramètre indiquant le champ utilisateur à stocker dans les journaux (REMOTE_USER)
</table></div><!-- EDIT3 TABLE [877-1168] -->
<p>
See Apache::Session::Browseable::* man page to see how use indexes.
</p>
<divclass="noteimportant"><em>WHATTOTRACE</em>must be replaced by the attribute or macro configured in the What To Trace parameter (REMOTE_USER). By default: <strong>_whatToTrace</strong>
</div><divclass="notetip">Il est préférable d'utiliser des bases de sessions séparées pour les sessions standard, <abbrtitle="Security Assertion Markup Language">SAML</abbr> et <abbrtitle="Central Authentication Service">CAS</abbr> afin de gérer séparemment les index.
</div><divclass="noteclassic">La documentation ci-dessous explique comment fixer les index à ipAddr et _whatToTrace. À adapter pour configurer les index voulus.
<h3class="sectionedit7"id="prepare_database">Préparer la base de données</h3>
<divclass="level3">
@ -157,17 +157,32 @@ Il suffira juste d'ajouter le paramètre <code>Index</code> dans <code>Paramètr
<p>
La base de donnée doit être préparée exactement comme celle du <ahref="sqlsessionbackend.html#prepare_the_database"class="wikilink1"title="documentation:2.0:sqlsessionbackend">backend de session SQL</a> si ce n'est qu'un champ doit être ajouté pour chaque donnée à indexer.
id <spanclass="kw1">CHAR</span><spanclass="br0">(</span><spanclass="nu0">32</span><spanclass="br0">)</span><spanclass="kw1">NOT</span><spanclass="kw1">NULL</span><spanclass="kw1">PRIMARY</span><spanclass="kw1">KEY</span><spanclass="sy0">,</span>
<divclass="noteimportant">Changer char(32) en char(64) pour utiliser l'algorithme de hashage SHA256 (recommandé). Voir <ahref="documentation/latest/sessions.html"class="wikilink1"title="documentation:latest:sessions">Sessions</a> pour plus de détails
id <spanclass="kw1">VARCHAR</span><spanclass="br0">(</span><spanclass="nu0">64</span><spanclass="br0">)</span><spanclass="kw1">NOT</span><spanclass="kw1">NULL</span><spanclass="kw1">PRIMARY</span><spanclass="kw1">KEY</span><spanclass="sy0">,</span>
<divclass="noteimportant">For Session Explorer and one-off sessions, it is recommended to use BTREE or any index method that indexes partial content.
</div>
<p>
“id” fieds is set to <code>varchar(64)</code> (instead of char(32)) to use the now recommended SHA256 hash algorithm. See <ahref="documentation/latest/sessions.html"class="wikilink1"title="documentation:latest:sessions">Sessions</a> for more details.
</p>
<divclass="notetip">With new Apache::Session::Browseable::<strong>PgHstore</strong> and <strong>PgJSON</strong>, you don't need to declare indexes in <code>CREATE TABLE</code> since “json” and “hstore” type are browseable. You should anyway add some indexes <em>(see manpage)</em>.
@ -185,7 +200,7 @@ Aller dans le manager et mettre le module de session (<a href="http://search.cpa
</tr>
</thead>
<trclass="row2 roweven">
<tdclass="col0 centeralign"><strong>DataSource</strong></td><tdclass="col1"> La chaîne <ahref="http://search.cpan.org/perldoc?DBI"class="urlextern"title="http://search.cpan.org/perldoc?DBI"rel="nofollow">DBI</a></td><tdclass="col2"> dbi:mysql:dbname=sessions </td>
<tdclass="col0 centeralign"><strong>DataSource</strong></td><tdclass="col1"> La chaîne <ahref="http://search.cpan.org/perldoc?DBI"class="urlextern"title="http://search.cpan.org/perldoc?DBI"rel="nofollow">DBI</a></td><tdclass="col2"> dbi:Pg:database=sessions </td>
</tr>
<trclass="row3 rowodd">
<tdclass="col0 centeralign"><strong>UserName</strong></td><tdclass="col1"> Le login de la base de données </td><tdclass="col2"> lemonldapng </td>
@ -194,16 +209,16 @@ Aller dans le manager et mettre le module de session (<a href="http://search.cpa
<tdclass="col0 centeralign"><strong>Mot-de-passe</strong></td><tdclass="col1"> Le mot de passe de la base de données </td><tdclass="col2"> mysuperpassword </td>
</tr>
<trclass="row5 rowodd">
<tdclass="col0 centeralign"><strong>Index</strong></td><tdclass="col1"> Index </td><tdclass="col2"> _whatToTrace ipAddr </td>
<tdclass="col0 centeralign"><strong>Index</strong></td><tdclass="col1"> Index </td><tdclass="col2"> _whatToTrace ipAddr _session_kind _utime </td>
</tr>
</table></div><!-- EDIT9 TABLE [3135-3466] -->
</table></div><!-- EDIT9 TABLE [3808-4159] -->
<divclass="notetip">Apache::Session::Browseable::MySQL n'utilise pas les locks pour conserver les performances.
<p>
Pour les bases de données telles PostgreSQL, ne pas oublier d'ajouter “Commit” avec une valeur de 1
@ -272,7 +287,7 @@ Restreindre l'accès réseau au backend.
On peut utiliser différent login/mot-de-passe pour les serveurs en surchargeant les paramètres <code>globalStorage</code> et <code>globalStorageOptions</code> dans le fichier lemonldap-ng.ini.
@ -90,7 +90,7 @@ On peut définir des variables exportées pour chaque module dans sa propre conf
</p>
<divclass="notetip">You can define environment variables in <code>Exported variables</code>, this allows one to populate user session with some environment values. Les variables d'environnement ne seront pas demandées à la base de données utilisateurs.
<h2class="sectionedit4"id="extend_variables_using_macros_and_groups">Étendre les variables en utilisant les macros et groups</h2>
<divclass="level2">
@ -105,6 +105,8 @@ Les macros et les groupes sont calculées pendant le processus d'authentificatio
<ul>
<liclass="level1"><divclass="li"> Les macros sont utilisées pour étendre (ou réécrire) les <spanclass="curid"><ahref="exportedvars.html"class="wikilink1"title="documentation:2.0:exportedvars">variables exportées</a></span>. Une macro est stockée comme un attribut : elle peut contenir le résultat d'un calcul booléen ou n'importe quelle chaîne de caractères</div>
</li>
<liclass="level1"><divclass="li"> macros can also be used to import environment variables <em>(these variables are in CGI format)</em>. Example: <code>$ENV{HTTP_COOKIE}</code></div>
</li>
<liclass="level1"><divclass="li"> les groupes sont stockées en chaîne de caractères séparées par des espaces dans l'attribut spécial “groups” : il contient les noms des groupes dont la règle à retournée une valeur non nulle pour l'utilisateur courant</div>
</li>
<liclass="level1"><divclass="li"> On peut également définir des groupes dans <code>$hGroups</code> qui est une référence à une table de hashage de la forme :</div>
<liclass="level1"><divclass="li"> Fonction <ahref="http://perldoc.perl.org/MIME/Base64.html"class="urlextern"title="http://perldoc.perl.org/MIME/Base64.html"rel="nofollow">encode_base64</a></div>
</li>
<liclass="level1"><divclass="li"> Environment variables, in some cases (through %ENV). <em>(NB: with Apache handlers it is generally empty, so unusable for rules/headers)</em></div>
</li>
<liclass="level1"><divclass="li"><ahref="#request_information"title="documentation:2.0:extendedfunctions ↵"class="wikilink1">Information about current request</a></div>
@ -139,41 +138,14 @@ Dans cette cage, on peut accéder aux éléments suivants :
</ul>
<divclass="notetip">Pour en savoir plus sur la cage, consulter la <ahref="http://perldoc.perl.org/Safe.html"class="urlextern"title="http://perldoc.perl.org/Safe.html"rel="nofollow">documentation du module Safe</a>.
<divclass="noteimportant">Cette fonction n'est pas compatible avec la <ahref="safejail.html"class="wikilink1"title="documentation:2.0:safejail">cage saine</a>, il faut désactiver la mise en cage.
<divclass="noteimportant">Cette fonction n'est pas compatible avec la <ahref="safejail.html"class="wikilink1"title="documentation:2.0:safejail">cage saine</a>, il faut désactiver la mise en cage.
<divclass="noteimportant">Cette fonction n'est pas compatible avec la <ahref="safejail.html"class="wikilink1"title="documentation:2.0:safejail">cage saine</a>, il faut désactiver la mise en cage.
<divclass="notetip">Since version 2.0, this function is now compliant with <ahref="safejail.html"class="wikilink1"title="documentation:2.0:safejail">Safe jail</a>.
@ -381,9 +353,9 @@ This function uses the secret key of LLNG configuration to crypt a data. This ca
@ -133,6 +134,8 @@ Les macros et les groupes sont calculées pendant le processus d'authentificatio
<ul>
<liclass="level1"><divclass="li"> les macros sont utilisées pour étendre (ou réécrire) les <ahref="exportedvars.html"class="wikilink1"title="documentation:2.0:exportedvars">variables exportées</a>. Une macro est stockée comme un attribut : elle peut contenir le résultat d'un calcul booléen ou n'importe quelle chaîne de caractères</div>
</li>
<liclass="level1"><divclass="li"> macros can also be used to import environment variables <em>(these variables are in CGI format)</em>. Example: <code>$ENV{HTTP_COOKIE}</code></div>
</li>
<liclass="level1"><divclass="li"> les groupes sont stockées en chaîne de caractères séparées par des espaces dans l'attribut spécial “groups” : il contient les noms des groupes dont la règle à retournée une valeur non nulle pour l'utilisateur courant</div>
</li>
<liclass="level1"><divclass="li"> On peut également définir des groupes dans <code>$hGroups</code> qui est une référence à une table de hashage de la forme :</div>
<divclass="noteclassic">Noter que les groupes sont calculés après les macros, donc une règle de groupe peut utiliser une valeur issue d'une macro.
</div><divclass="noteimportant">Les macros et groupes sont calculés dans l'ordre alpha-numerique, c'est à dire dans l'ordre d'affichage dans le manager. Par exemple, la macro “macro1” sear calculée avant la macro “macro2” : donc l'expression de macro2 peut utiliser la valeur $macro1. De même pour les groupes : une règle de groupe peut en utiliser une autre calculée précédemment.
</div>
</div><!-- EDIT4 SECTION "Macros and groups" [987-2949] -->
</div><!-- EDIT4 SECTION "Macros and groups" [987-3081] -->
@ -225,7 +228,7 @@ By default it uses local storage to store its tokens. If you have more than 1 po
<divclass="notetip">En environnement de production et pour de meilleures performances réseau, utiliser les versions compactées des librairies javascript et css : utiliser <code>make install <strong>PROD=yes</strong></code>. Ceci est fait par défaut avec les paquets RPM/DEB.
@ -239,7 +242,9 @@ Les agents (handlers) Lemonldap::NG utilisent un cache local pour stocker les se
<liclass="level1"><divclass="li"> Comme MySQL ne dispose pas toujours de dispositif de transaction, Apache::Session::MySQL a été conçu en utilisant les verrous MySQL. Ceci dégrade fortement les performances de MySQL, si vous voulez stocker les sessions dans une base de données MySQL, utilisez l'une des solutions suivantes</div>
</li>
</ol>
<divclass="notetip">Since 1.9.6, LLNG portal and handler check if session is valid at each access, so purgeCentralCache cron no longer needs to be launched every 10 minutes: one or two times per day is enough.
</div>
</div>
<h4id="replace_mysql_by_apachesessionflex">Remplacer MySQL par Apache::Session::Flex</h4>
@ -263,9 +268,9 @@ Password -> ...</pre>
<divclass="level4">
<p>
<ahref="https://metacpan.org/module/Apache::Session::Browseable"class="urlextern"title="https://metacpan.org/module/Apache::Session::Browseable"rel="nofollow">Apache::Session::Browseable</a> est une surcouche d'autres modules Apache::Session qui ajoute des capacités d'indexation. Pour l'utiliser (avec MySQL par exemple), choisissez “Apache::Session::Browseable::MySQL” comme “Module Apache::Session” et utilisez les paramètres suivants :
<ahref="https://metacpan.org/module/Apache::Session::Browseable"class="urlextern"title="https://metacpan.org/module/Apache::Session::Browseable"rel="nofollow">Apache::Session::Browseable</a> est une surcouche d'autres modules Apache::Session qui ajoute des capacités d'indexation. Prefer versions ≥ 1.2.5 to have better performances in DB cleaning. To use it (with PostgreSQL for example), choose “Apache::Session::Browseable::Postgres” as “Apache::Session module” and use the following parameters:
Notez que Apache::Session::Browseable::MySQL n'utilise pas les verrous MySQL.
</p>
<divclass="notetip">A <ahref="https://metacpan.org/module/Apache::Session::Browseable::Redis"class="urlextern"title="https://metacpan.org/module/Apache::Session::Browseable::Redis"rel="nofollow">Apache::Session::Browseable::Redis</a> has been created, it is the faster (except for session explorer, defeated by Apache::Session::Browseable::<ahref="https://metacpan.org/module/Apache::Session::Browseable"class="urlextern"title="https://metacpan.org/module/Apache::Session::Browseable"rel="nofollow">DBI</a>/<ahref="https://metacpan.org/module/Apache::Session::Browseable::LDAP"class="urlextern"title="https://metacpan.org/module/Apache::Session::Browseable::LDAP"rel="nofollow">LDAP</a> ≥ 1.0)
</div><divclass="noteimportant">Certains modules Apache::Session ne sont pas utilisables par Lemonldap::NG tel Apache::Session::Memcached, car ce module n'offre pas de dispositif de parcours des sessions They does not allow one to use sessions explorer neither manage one-off sessions.
<p>
Look at <ahref="browseablesessionbackend.html"class="wikilink1"title="documentation:2.0:browseablesessionbackend">Browseable session backend</a> to known which index to choose.
</p>
<divclass="noteimportant">Some Apache::Session module are not fully usable by Lemonldap::NG such as Apache::Session::Memcached since these modules do not offer capability to browse sessions. They does not allow one to use sessions explorer neither manage one-off sessions.
</div>
</div>
<h4id="performance_test">Performance test</h4>
<divclass="level4">
<divclass="notetip">A <ahref="https://metacpan.org/module/Apache::Session::Browseable::Redis"class="urlextern"title="https://metacpan.org/module/Apache::Session::Browseable::Redis"rel="nofollow">Apache::Session::Browseable::Redis</a> has been created, it is the faster (except for session explorer, defeated by Apache::Session::Browseable::<ahref="https://metacpan.org/module/Apache::Session::Browseable"class="urlextern"title="https://metacpan.org/module/Apache::Session::Browseable"rel="nofollow">DBI</a>/<ahref="https://metacpan.org/module/Apache::Session::Browseable::LDAP"class="urlextern"title="https://metacpan.org/module/Apache::Session::Browseable::LDAP"rel="nofollow">LDAP</a>])
<em><strong>(*) :</strong> “purge” test is done with Apache::Session::Browseable-1.2.5 and LLG-2.0. Earlier results are not so good.</em>
</p>
<p>
Analysis:
</p>
<ul>
<liclass="level1"><divclass="li"> LDAP servers are “write-once-read-many”, so write performances are very bad. Don't use this on heavy load if “Session activity timeout” is enabled <em>(if set, handler “write” sessions)</em></div>
</li>
<liclass="level1"><divclass="li"> MySQL/MariaDB is better to read than to write. Prefer PostgreSQL if you use “Session activity timeout”</div>
</li>
<liclass="level1"><divclass="li"> Logged tables decrease a lot insert performances with PostgreSQL, so use unlogged tables for sessions except for persistent sessions</div>
</li>
<liclass="level1"><divclass="li"> Redis is the best for main usage</div>
</li>
<liclass="level1"><divclass="li"> Browseable::Postgres/PgHstore/PgJSON are the best SQL solutions on average</div>
id <spanclass="kw1">CHAR</span><spanclass="br0">(</span><spanclass="nu0">32</span><spanclass="br0">)</span><spanclass="kw1">NOT</span><spanclass="kw1">NULL</span><spanclass="kw1">PRIMARY</span><spanclass="kw1">KEY</span><spanclass="sy0">,</span>
a_session text
<spanclass="br0">)</span>;</pre>
<divclass="noteimportant">Changer char(32) en char(64) pour utiliser l'algorithme de hashage SHA256 (recommandé). Voir <ahref="documentation/latest/sessions.html"class="wikilink1"title="documentation:latest:sessions">Sessions</a> pour plus de détails
<divclass="noteimportant">Change <code>char(32)</code> by <code>varchar(64)</code> if you use the now recommended SHA256 hash algorithm. See <ahref="documentation/latest/sessions.html"class="wikilink1"title="documentation:latest:sessions">Sessions</a> for more details
</div><divclass="notetip">You can change table name <code>sessions</code> to whatever you want, just adapt the parameter <code>TableName</code> in module options.
<preclass="code">Mot de passe pour l'utilisateur lemonldap-ng :
[...]
lemonldap-ng=> create table sessions ( id char(32) not null primary key, a_session text );
lemonldap-ng=> create unlogged table sessions ( id char(32) not null primary key, a_session text );
lemonldap-ng=> q</pre>
<divclass="noteimportant">Changer char(32) en char(64) pour utiliser l'algorithme de hashage SHA256 (recommandé). Voir <ahref="documentation/latest/sessions.html"class="wikilink1"title="documentation:latest:sessions">Sessions</a> pour plus de détails
<divclass="noteimportant">Change <code>char(32)</code> by <code>varchar(64)</code> if you use the now recommended SHA256 hash algorithm. See <ahref="documentation/latest/sessions.html"class="wikilink1"title="documentation:latest:sessions">Sessions</a> for more details
</div>
</div><!-- EDIT3 SECTION "Prepare the database" [488-2206] -->
</div><!-- EDIT3 SECTION "Prepare the database" [488-2237] -->
<h3class="sectionedit4"id="manager">Manager</h3>
<divclass="level3">
@ -190,9 +192,9 @@ Aller dans le Manager et choisir le module de session (par exemple <a href="http
<tdclass="col0 centeralign"><strong>Commit</strong></td><tdclass="col1"> Requis pour PostgreSQL </td><tdclass="col2"> 1 </td>
</tr>
<trclass="row6 roweven">
<tdclass="col0 centeralign"><strong>TableName</strong></td><tdclass="col1"> Name of the table </td><tdclass="col2"> sessions </td>
<tdclass="col0 centeralign"><strong>TableName</strong></td><tdclass="col1"><em>(Optional)</em> Name of the table </td><tdclass="col2"> sessions </td>
</tr>
</table></div><!-- EDIT5 TABLE [2535-2929] -->
</table></div><!-- EDIT5 TABLE [2566-2975] -->
<p>
Il faut consulter la page de manuel correspondant à la base de données (<ahref="http://search.cpan.org/perldoc?Apache::Session::MySQL"class="urlextern"title="http://search.cpan.org/perldoc?Apache::Session::MySQL"rel="nofollow">Apache::Session::MySQL</a>, …) pour connaître les paramètres. Il faut également installer le connecteur à la base de données (<ahref="http://search.cpan.org/perldoc?DBD::Oracle"class="urlextern"title="http://search.cpan.org/perldoc?DBD::Oracle"rel="nofollow">DBD::Oracle</a>, <ahref="http://search.cpan.org/perldoc?DBD::Pg"class="urlextern"title="http://search.cpan.org/perldoc?DBD::Pg"rel="nofollow">DBD::Pg</a>,…)
@ -211,7 +213,7 @@ Il faut consulter la page de manuel correspondant à la base de données (<a hre
Si MySQL est choisi, lire <ahref="performances.html#apachesession_performances"class="wikilink1"title="documentation:2.0:performances">comment augmenter les performances de MySQL</a>.
@ -224,7 +226,7 @@ Restreindre l'accès réseau à la base de données.
On peut utiliser différent login/mot-de-passe pour les serveurs en surchargeant les paramètres <code>globalStorage</code> et <code>globalStorageOptions</code> dans le fichier lemonldap-ng.ini.
Xavier Guimard
8 years ago
