worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity
LemonLDAP::NG Web SSO
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10599 Commits
107 Branches
123 Tags
109 MiB
 
 
 
 
 
Tag: Branch: Tree: b6c78511db
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b6c78511db'
${ noResults }
lemonldap-ng/doc/sources/admin/ldapsessionbackend.rst

70 lines
2.8 KiB
Raw Blame History

LDAP session backend
====================
An Apache session module was created by LL::NG team to store sessions in
an LDAP directory.
.. attention::
This module is not part of LL::NG distribution, and can
be found on CPAN:
`Apache::Session::LDAP <http://search.cpan.org/dist/Apache-Session-LDAP/>`__.
.. tip::
This module is also available on
`GitHub <https://github.com/coudot/apache-session-ldap>`__.
Sessions will be stored as LDAP entries, like this:
::
dn: cn=6fb7c4a170a04668771f03b0a4747f46,ou=sessions,dc=example,dc=com
objectClass: applicationProcess
cn: 6fb7c4a170a04668771f03b0a4747f46
description: [Base64 serialized data]
Setup
-----
Go in the Manager and set the LDAP session module
(`Apache::Session::LDAP <http://search.cpan.org/dist/Apache-Session-LDAP/>`__)
in ``General parameters`` » ``Sessions`` » ``Session storage`` »
``Apache::Session module`` and add the following parameters (case
sensitive):
======================== ================================= ===============================
Required parameters
------------------------------------------------------------------------------------------
Name Comment Example
======================== ================================= ===============================
**ldapServer** URI of the server ldap://localhost
**ldapConfBase** DN of sessions branch ou=sessions,dc=example,dc=com
**ldapBindDN** Connection login cn=admin,dc=example,dc=password
**ldapBindPassword** Connection password secret
======================== ================================= ===============================
======================== ================================= ===============================
Optional parameters
------------------------------------------------------------------------------------------
Name Comment Default value
======================== ================================= ===============================
**ldapObjectClass** Objectclass of the entry applicationProcess
**ldapAttributeId** Attribute storing session ID cn
**ldapAttributeContent** Attribute storing session content description
**ldapVerify** Perform certificate validation require (use none to disable)
**ldapCAFile** Path of CA file bundle (system CA bundle)
**ldapCAPath** Perform CA directory (system CA bundle)
======================== ================================= ===============================
Security
--------
Restrict network access to the LDAP directory, and add specific ACL to
session branch.
You can also use different user/password for your servers by overriding
parameters ``globalStorage`` and ``globalStorageOptions`` in
lemonldap-ng.ini file.