eole-lemonldap/README.md

# eole-lemonldap

LemonLDAP::NG EOLE integration

## Howto

### Repository configuration

* Add the lemonldap-ng deb respository we need the last version of LemonLDAP.

GenConfig -> Mode Expert -> Dépôts tiers -> Libellé du dépôt

#### LemonLDAP::NG repository
 
* deb     https://lemonldap-ng.org/deb 1.9 main
* deb-src https://lemonldap-ng.org/deb 1.9 main
* Key URL : https://lemonldap-ng.org/_media/rpm-gpg-key-ow2 

#### Cadoles Repository
* deb [ arch=all  ] https://vulcain.cadoles.com 2.6.2-dev main
* Key URL : https://vulcain.cadoles.com/cadoles.gpg

### Install packages

apt update
apt install eole-lemonldap

### Configure LemonLDAP in GenConfig

* Enable lemonldap in "Services" tab

Gen_Config -> Services ->  Activer LemonLDAP::NG -> "Oui"

* Fill LemonLDAP configuration

#### Nginx Web case

By default NGINX is configured to serve "web" application, in this case the lemonLDAP::NG application will
not be served properly, so we need to disable this function

GenConfig -> Services -> Activer la publication d’applications web par Nginx -> "Non'

#### Configuration DNS
* GenConfig -> Lemonldap -> Nom DNS du manager LemonLDAP-NG
* GenConfig -> Lemonldap -> Nom DNS du service d'authentification LemonLDAP-NG

#### Configuration LDAP
* GenConfig -> Lemonldap -> Protocole LDAP à utiliser
* GenConfig -> Lemonldap -> Adresse du Serveur LDAP utilisé par LemonLDAP::NG
* GenConfig -> Lemonldap -> Port d'écoute du LDAP utilisé par LemonLDAP::NG
* GenConfig -> Lemonldap -> Base DN des utilisateurs dans l'annuaire
* GenConfig -> Lemonldap -> Utilisateur de connection à l'annuaire (DN ex: cn=reader,o=gouv,c=fr)
* GenConfig -> Lemonldap -> Mot de passe de l'utilisateur de connection à l'annuaire (file like /root/.reader or the clear password)

#### Configuration CAS

Add your CAS attributes mapping ( uid = uid and mail = mail are created by default)

* GenConfig -> Lemonldap -> Nom de l'attribut CAS
* GenConfig -> Lemonldap -> Attribut LDAP équivalent

### SSL issues

If you use "autosign" certificates you need to add the "manager" and "auth" service names to the alternative names.
You also need to include "reload" service name (available in GenConfig -> Mode Expert -> Lemonldap -> Nom DNS du service Reload de LemonLDAP-NG)

* GenConfig -> Mode Expert -> Certificats ssl -> Nom Alternatif de la machine (SubjectAltName)

If you use "manual" certificates make sure this names are covered by your SSL Certificate

If you use "letsencrypt" mode you also need to add this names to the let'sencrypt request:

* GenConfig -> Mode Expert -> Certificat ssl -> Nom de domaines supplémentaires
-												Initial commit

											
										
										
											2018-03-02 09:12:54 +01:00
+								# eole-lemonldap
-												Updating README Howto

											
										
										
											2018-03-16 10:35:13 +01:00
+								LemonLDAP::NG EOLE integration
-												First commit

											
										
										
											2018-03-02 15:44:00 +01:00
 								## Howto
-												Updating README Howto

											
										
										
											2018-03-16 10:35:13 +01:00
+								### Repository configuration
-												First commit

											
										
										
											2018-03-02 15:44:00 +01:00
+								* Add the lemonldap-ng deb respository we need the last version of LemonLDAP.
-												Updating README Howto

											
										
										
											2018-03-16 10:35:13 +01:00
+								GenConfig -> Mode Expert -> Dépôts tiers -> Libellé du dépôt
-												First commit

											
										
										
											2018-03-02 15:44:00 +01:00
-												Updating README Howto

											
										
										
											2018-03-16 10:35:13 +01:00
+								#### LemonLDAP::NG repository
-												Mettre à jour 'README.md'

											
										
										
											2018-03-06 10:39:29 +01:00
-												Update README

											
										
										
											2019-07-11 09:44:49 +02:00
+								* deb     https://lemonldap-ng.org/deb 1.9 main
 								* deb-src https://lemonldap-ng.org/deb 1.9 main
-												Mettre à jour 'README.md'

											
										
										
											2018-03-06 10:39:29 +01:00
+								* Key URL : https://lemonldap-ng.org/_media/rpm-gpg-key-ow2
-												First commit

											
										
										
											2018-03-02 15:44:00 +01:00
-												Updating README Howto

											
										
										
											2018-03-16 10:35:13 +01:00
+								#### Cadoles Repository
 								* deb [ arch=all  ] https://vulcain.cadoles.com 2.6.2-dev main
 								* Key URL : https://vulcain.cadoles.com/cadoles.gpg
 								### Install packages
 								apt update
 								apt install eole-lemonldap
 								### Configure LemonLDAP in GenConfig
 								* Enable lemonldap in "Services" tab
 								Gen_Config -> Services ->  Activer LemonLDAP::NG -> "Oui"
 								* Fill LemonLDAP configuration
-												Updating NGINX configuration

We don't need to setup server_names_hash_bucket_size if
it's present in standard eole configuration

											
										
										
											2018-03-19 14:35:00 +01:00
+								#### Nginx Web case
 								By default NGINX is configured to serve "web" application, in this case the lemonLDAP::NG application will
 								not be served properly, so we need to disable this function
 								GenConfig -> Services -> Activer la publication d’applications web par Nginx -> "Non'
-												Updating README Howto

											
										
										
											2018-03-16 10:35:13 +01:00
+								#### Configuration DNS
-												Formating README

											
										
										
											2018-03-16 10:37:12 +01:00
+								* GenConfig -> Lemonldap -> Nom DNS du manager LemonLDAP-NG
 								* GenConfig -> Lemonldap -> Nom DNS du service d'authentification LemonLDAP-NG
-												Updating README Howto

											
										
										
											2018-03-16 10:35:13 +01:00
 								#### Configuration LDAP
-												Formating README

											
										
										
											2018-03-16 10:37:12 +01:00
+								* GenConfig -> Lemonldap -> Protocole LDAP à utiliser
 								* GenConfig -> Lemonldap -> Adresse du Serveur LDAP utilisé par LemonLDAP::NG
 								* GenConfig -> Lemonldap -> Port d'écoute du LDAP utilisé par LemonLDAP::NG
 								* GenConfig -> Lemonldap -> Base DN des utilisateurs dans l'annuaire
 								* GenConfig -> Lemonldap -> Utilisateur de connection à l'annuaire (DN ex: cn=reader,o=gouv,c=fr)
-												Managing usage of a password file for the LDAP reader user

											
										
										
											2018-03-16 10:47:03 +01:00
+								* GenConfig -> Lemonldap -> Mot de passe de l'utilisateur de connection à l'annuaire (file like /root/.reader or the clear password)
-												Updating README Howto

											
										
										
											2018-03-16 10:35:13 +01:00
 								#### Configuration CAS
-												Managing usage of a password file for the LDAP reader user

											
										
										
											2018-03-16 10:47:03 +01:00
+								Add your CAS attributes mapping ( uid = uid and mail = mail are created by default)
-												Updating README Howto

											
										
										
											2018-03-16 10:35:13 +01:00
-												Formating README

											
										
										
											2018-03-16 10:37:12 +01:00
+								* GenConfig -> Lemonldap -> Nom de l'attribut CAS
 								* GenConfig -> Lemonldap -> Attribut LDAP équivalent
-												Updating README Howto

											
										
										
											2018-03-16 10:35:13 +01:00
 								### SSL issues
 								If you use "autosign" certificates you need to add the "manager" and "auth" service names to the alternative names.
 								You also need to include "reload" service name (available in GenConfig -> Mode Expert -> Lemonldap -> Nom DNS du service Reload de LemonLDAP-NG)
-												Formating README

											
										
										
											2018-03-16 10:37:12 +01:00
+								* GenConfig -> Mode Expert -> Certificats ssl -> Nom Alternatif de la machine (SubjectAltName)
-												Updating README Howto

											
										
										
											2018-03-16 10:35:13 +01:00
 								If you use "manual" certificates make sure this names are covered by your SSL Certificate
 								If you use "letsencrypt" mode you also need to add this names to the let'sencrypt request:
-												Formating README

											
										
										
											2018-03-16 10:37:12 +01:00
+								* GenConfig -> Mode Expert -> Certificat ssl -> Nom de domaines supplémentaires