1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="browseable_session_backend" id="browseable_session_backend">Browseable session backend</a></h1>
<div class="level1">
<p>
Browseable session backend (<a href="http://search.cpan.org/perldoc?Apache::Session::Browseable" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Browseable" rel="nofollow">Apache::Session::Browseable</a>) works exactly like Apache::Session::* corresponding module but add indexes that increase <a href="../../documentation/features.html#session_explorer" class="wikilink1" title="documentation:features">session explorer</a> and <a href="../../documentation/features.html#session_restrictions" class="wikilink1" title="documentation:features">session restrictions</a> performances.
</p>
<p>
If you use features like <acronym title="Security Assertion Markup Language">SAML</acronym> (authentication and issuer), <acronym title="Central Authentication Service">CAS</acronym> (issuer) and password reset self-service, you also need to index some fields.
</p>
<p>
The following table list fields to index depending on the feature you want to increase performance:
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign"> Feature </th><th class="col1 centeralign"> Fields to index </th>
</tr>
<tr class="row1 rowodd">
<td class="col0"> Session explorer </td><td class="col1 centeralign"> ipAddr <em>WHATTOTRACE</em> _httpSessionType ipAddr </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> Session restrictions </td><td class="col1 centeralign"> ipAddr <em>WHATTOTRACE</em> </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 rightalign"> <acronym title="Security Assertion Markup Language">SAML</acronym> authentication and issuer </td><td class="col1 centeralign"> _saml_id ProxyID _nameID _assert_id _art_id _session_id </td>
</tr>
<tr class="row4 roweven">
<td class="col0 centeralign"> <acronym title="Central Authentication Service">CAS</acronym> issuer </td><td class="col1 centeralign"> _cas_id </td>
</tr>
<tr class="row5 rowodd">
<td class="col0 centeralign"> Password reset </td><td class="col1 centeralign"> user </td>
</tr>
</table>
<p>
<p><div class="noteimportant"><em>WHATTOTRACE</em> must be replaced by the attribute or macro configured in the What To Trace parameter (REMOTE_USER)
</div></p>
</p>
<p>
<p><div class="notetip">It is advised to use separate session backends for standard sessions, <acronym title="Security Assertion Markup Language">SAML</acronym> sessions and <acronym title="Central Authentication Service">CAS</acronym> sessions, in order to manage index separately.
</div></p>
</p>
<p>
<p><div class="noteclassic">Documentation below explains how set index on ipAddr and _whatToTrace; Adapt it to configure the index you need.
</div></p>
</p>
</div>
<!-- SECTION "Browseable session backend" [1-1379] -->
<h2><a name="setup" id="setup">Setup</a></h2>
<div class="level2">
</div>
<!-- SECTION "Setup" [1380-1398] -->
<h3><a name="prepare_database" id="prepare_database">Prepare database</a></h3>
<div class="level3">
<p>
Using Redis, you just have to prepare Redis database. See <a href="../../documentation/1.3/nosqlsessionbackend.html" class="wikilink1" title="documentation:1.3:nosqlsessionbackend">Redis session backend</a>.
</p>
<p>
<em class="u">Exemple with MySQL</em>:
</p>
<p>
Database must be prepared exactly like in <a href="../../documentation/1.3/sqlsessionbackend.html#prepare_the_database" class="wikilink1" title="documentation:1.3:sqlsessionbackend">SQL session backend</a> except that a field must be added for each data to index.
</p>
<pre class="code file sql"><span class="kw1">CREATE</span> <span class="kw1">TABLE</span> sessions <span class="br0">(</span>
id char<span class="br0">(</span>32<span class="br0">)</span> <span class="kw1">NOT</span> <span class="kw1">NULL</span> <span class="kw1">PRIMARY</span> <span class="kw1">KEY</span><span class="sy0">,</span>
a_session blob<span class="sy0">,</span>
_whatToTrace varchar<span class="br0">(</span>255<span class="br0">)</span><span class="sy0">,</span>
ipAddr varchar<span class="br0">(</span>15<span class="br0">)</span><span class="sy0">,</span>
<span class="kw1">KEY</span> _whatToTrace <span class="br0">(</span>_whatToTrace<span class="br0">)</span><span class="sy0">,</span>
<span class="kw1">KEY</span> ipAddr <span class="br0">(</span>ipAddr<span class="br0">)</span>
<span class="br0">)</span>;</pre>
</div>
<!-- SECTION "Prepare database" [1399-1946] -->
<h3><a name="manager" id="manager">Manager</a></h3>
<div class="level3">
<p>
Using Redis, you just have to add the “Index” parameter in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> :
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign" colspan="3"> Required parameters </th>
</tr>
<tr class="row1 rowodd">
<th class="col0 centeralign"> Name </th><th class="col1 centeralign"> Comment </th><th class="col2 centeralign"> Example </th>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <strong>server</strong> </td><td class="col1"> Redis server </td><td class="col2"> 127.0.0.1:6379 </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr </td>
</tr>
</table>
<p>
<em class="u">Example with MySQL</em>:
</p>
<p>
Go in the Manager and set the session module (<a href="http://search.cpan.org/perldoc?Apache::Session::Browseable::MySQL" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Browseable::MySQL" rel="nofollow">Apache::Session::Browseable::MySQL</a> for MySQL) in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
</p>
<table class="inline">
<tr class="row0 roweven">
<th class="col0 centeralign" colspan="3"> Required parameters </th>
</tr>
<tr class="row1 rowodd">
<th class="col0 centeralign"> Name </th><th class="col1 centeralign"> Comment </th><th class="col2 centeralign"> Example </th>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <strong>DataSource</strong> </td><td class="col1"> The <a href="http://search.cpan.org/perldoc?DBI" class="urlextern" title="http://search.cpan.org/perldoc?DBI" rel="nofollow">DBI</a> string </td><td class="col2"> dbi:mysql:dbname=sessions </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <strong>UserName</strong> </td><td class="col1"> The database username </td><td class="col2"> lemonldapng </td>
</tr>
<tr class="row4 roweven">
<td class="col0 centeralign"> <strong>Password</strong> </td><td class="col1"> The database password </td><td class="col2"> mysuperpassword </td>
</tr>
<tr class="row5 rowodd">
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr </td>
</tr>
</table>
<p>
<p><div class="notetip">Apache::Session::Browseable::MySQL doesn't use locks so performances are keeped.
</p>
<p>
For databases like PostgreSQL, don't forget to add “Commit” with a value of 1
</div></p>
</p>
</div>
<!-- SECTION "Manager" [1947-3124] -->
<h2><a name="security" id="security">Security</a></h2>
<div class="level2">
<p>
Restrict network access to the database.
</p>
<p>
You can also use different user/password for your servers by overriding parameters <code>globalStorage</code> and <code>globalStorageOptions</code> in lemonldap-ng.ini file.
</p>
</div>
<!-- SECTION "Security" [3125-] --></div><!-- closes <div class="dokuwiki export">-->
|
