1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
|
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:1.9:browseablesessionbackend</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,1.9,browseablesessionbackend"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="browseablesessionbackend.html"/>
<link rel="contents" href="browseablesessionbackend.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:1.9';var JSINFO = {"id":"documentation:1.9:browseablesessionbackend","namespace":"documentation:1.9"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#browseable_nosql">Browseable NoSQL</a></div></li>
<li class="level1"><div class="li"><a href="#browseable_sql">Browseable SQL</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#prepare_database">Prepare database</a></div></li>
<li class="level2"><div class="li"><a href="#manager">Manager</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#browseable_ldap">Browseable LDAP</a></div></li>
<li class="level1"><div class="li"><a href="#security">Security</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="browseable_session_backend">Browseable session backend</h1>
<div class="level1">
</div>
<!-- EDIT1 SECTION "Browseable session backend" [1-42] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
Browseable session backend (<a href="http://search.cpan.org/perldoc?Apache::Session::Browseable" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Browseable" rel="nofollow">Apache::Session::Browseable</a>) works exactly like Apache::Session::* corresponding module but add index that increase <a href="documentation/features.html#session_explorer" class="wikilink1" title="documentation:features">session explorer</a> and <a href="documentation/features.html#session_restrictions" class="wikilink1" title="documentation:features">session restrictions</a> performances.
</p>
<p>
If you use features like <abbr title="Security Assertion Markup Language">SAML</abbr> (authentication and issuer), <abbr title="Central Authentication Service">CAS</abbr> (issuer) and password reset self-service, you also need to index some fields.
</p>
<div class="noteclassic">Without index, <abbr title="LemonLDAP::NG">LL::NG</abbr> will have to retrieve all sessions stored in backend and parse them to find the needed sessions. With index, <abbr title="LemonLDAP::NG">LL::NG</abbr> wil be able to get only wanted sessions from the backend.
</div>
<p>
The following table list fields to index depending on the feature you want to increase performance:
</p>
<div class="table sectionedit3"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Feature </th><th class="col1 centeralign"> Fields to index </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> Session explorer </td><td class="col1 centeralign"> ipAddr <em>WHATTOTRACE</em> </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> Session explorer (persistent sessions) </td><td class="col1 centeralign"> _session_uid </td>
</tr>
<tr class="row3 rowodd">
<td class="col0"> Session restrictions </td><td class="col1 centeralign"> ipAddr <em>WHATTOTRACE</em> </td>
</tr>
<tr class="row4 roweven">
<td class="col0"> <abbr title="Security Assertion Markup Language">SAML</abbr> authentication and issuer </td><td class="col1 centeralign"> _saml_id ProxyID _nameID _assert_id _art_id _session_id </td>
</tr>
<tr class="row5 rowodd">
<td class="col0 leftalign"> <abbr title="Central Authentication Service">CAS</abbr> issuer </td><td class="col1 centeralign"> _cas_id </td>
</tr>
<tr class="row6 roweven">
<td class="col0 leftalign"> Password reset </td><td class="col1 centeralign"> user </td>
</tr>
</table></div>
<!-- EDIT3 TABLE [877-1222] --><div class="noteimportant"><em>WHATTOTRACE</em> must be replaced by the attribute or macro configured in the What To Trace parameter (REMOTE_USER)
</div><div class="notetip">It is advised to use separate session backends for standard sessions, <abbr title="Security Assertion Markup Language">SAML</abbr> sessions and <abbr title="Central Authentication Service">CAS</abbr> sessions, in order to manage index separately.
</div><div class="noteclassic">Documentation below explains how set index on ipAddr and _whatToTrace. Adapt it to configure the index you need.
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [43-1646] -->
<h2 class="sectionedit4" id="browseable_nosql">Browseable NoSQL</h2>
<div class="level2">
<p>
You can use Redis and set up the database like explained in <a href="nosqlsessionbackend.html" class="wikilink1" title="documentation:1.9:nosqlsessionbackend">Redis session backend</a>.
</p>
<p>
You then just have to add the <code>Index</code> parameter in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> :
</p>
<div class="table sectionedit5"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign" colspan="3"> Required parameters </th>
</tr>
<tr class="row1 rowodd">
<th class="col0 centeralign"> Name </th><th class="col1 centeralign"> Comment </th><th class="col2 centeralign"> Example </th>
</tr>
</thead>
<tr class="row2 roweven">
<td class="col0 centeralign"> <strong>server</strong> </td><td class="col1"> Redis server </td><td class="col2"> 127.0.0.1:6379 </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr </td>
</tr>
</table></div>
<!-- EDIT5 TABLE [1934-2091] -->
</div>
<!-- EDIT4 SECTION "Browseable NoSQL" [1647-2092] -->
<h2 class="sectionedit6" id="browseable_sql">Browseable SQL</h2>
<div class="level2">
<div class="noteclassic">This documentation concerns MySQL. Some adaptations are needed with other databases.
</div>
</div>
<!-- EDIT6 SECTION "Browseable SQL" [2093-2219] -->
<h3 class="sectionedit7" id="prepare_database">Prepare database</h3>
<div class="level3">
<p>
Database must be prepared exactly like in <a href="sqlsessionbackend.html#prepare_the_database" class="wikilink1" title="documentation:1.9:sqlsessionbackend">SQL session backend</a> except that a field must be added for each data to index.
</p>
<pre class="code file sql"><span class="kw1">CREATE</span> <span class="kw1">TABLE</span> sessions <span class="br0">(</span>
id <span class="kw1">CHAR</span><span class="br0">(</span><span class="nu0">32</span><span class="br0">)</span> <span class="kw1">NOT</span> <span class="kw1">NULL</span> <span class="kw1">PRIMARY</span> <span class="kw1">KEY</span><span class="sy0">,</span>
a_session <span class="kw1">BLOB</span><span class="sy0">,</span>
_whatToTrace <span class="kw1">VARCHAR</span><span class="br0">(</span><span class="nu0">255</span><span class="br0">)</span><span class="sy0">,</span>
ipAddr <span class="kw1">VARCHAR</span><span class="br0">(</span><span class="nu0">15</span><span class="br0">)</span><span class="sy0">,</span>
<span class="kw1">KEY</span> _whatToTrace <span class="br0">(</span>_whatToTrace<span class="br0">)</span><span class="sy0">,</span>
<span class="kw1">KEY</span> ipAddr <span class="br0">(</span>ipAddr<span class="br0">)</span>
<span class="br0">)</span>;</pre>
<div class="noteimportant">Change char(32) by char(64) if you use the now recommended SHA256 hash algorithm. See <a href="documentation/latest/sessions.html" class="wikilink1" title="documentation:latest:sessions">Sessions</a> for more details
</div>
</div>
<!-- EDIT7 SECTION "Prepare database" [2220-2806] -->
<h3 class="sectionedit8" id="manager">Manager</h3>
<div class="level3">
<p>
Go in the Manager and set the session module (<a href="http://search.cpan.org/perldoc?Apache::Session::Browseable::MySQL" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Browseable::MySQL" rel="nofollow">Apache::Session::Browseable::MySQL</a> for MySQL) in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
</p>
<div class="table sectionedit9"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign" colspan="3"> Required parameters </th>
</tr>
<tr class="row1 rowodd">
<th class="col0 centeralign"> Name </th><th class="col1 centeralign"> Comment </th><th class="col2 centeralign"> Example </th>
</tr>
</thead>
<tr class="row2 roweven">
<td class="col0 centeralign"> <strong>DataSource</strong> </td><td class="col1"> The <a href="http://search.cpan.org/perldoc?DBI" class="urlextern" title="http://search.cpan.org/perldoc?DBI" rel="nofollow">DBI</a> string </td><td class="col2"> dbi:mysql:dbname=sessions </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <strong>UserName</strong> </td><td class="col1"> The database username </td><td class="col2"> lemonldapng </td>
</tr>
<tr class="row4 roweven">
<td class="col0 centeralign"> <strong>Password</strong> </td><td class="col1"> The database password </td><td class="col2"> mysuperpassword </td>
</tr>
<tr class="row5 rowodd">
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr </td>
</tr>
</table></div>
<!-- EDIT9 TABLE [3135-3466] --><div class="notetip">Apache::Session::Browseable::MySQL doesn't use locks so performances are keeped.
<p>
For databases like PostgreSQL, don't forget to add “Commit” with a value of 1
</p>
</div>
</div>
<!-- EDIT8 SECTION "Manager" [2807-3645] -->
<h2 class="sectionedit10" id="browseable_ldap">Browseable LDAP</h2>
<div class="level2">
<p>
Go in the Manager and set the session module to <code>Apache::Session::Browseable::LDAP</code>. Then configure the options like in <a href="ldapsessionbackend.html" class="wikilink1" title="documentation:1.9:ldapsessionbackend">LDAP session backend</a>.
</p>
<p>
You need to add the <code>Index</code> field and can also configure the <code>ldapAttributeIndex</code> field to set the attribute name where index values will be stored.
</p>
<div class="table sectionedit11"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign" colspan="3"> Required parameters </th>
</tr>
<tr class="row1 rowodd">
<th class="col0 centeralign"> Name </th><th class="col1 centeralign"> Comment </th><th class="col2 centeralign"> Example </th>
</tr>
</thead>
<tr class="row2 roweven">
<td class="col0 centeralign"> <strong>ldapServer</strong> </td><td class="col1"> <abbr title="Uniform Resource Identifier">URI</abbr> of the server </td><td class="col2"> ldap://localhost </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <strong>ldapConfBase</strong> </td><td class="col1"> <abbr title="Distinguished Name">DN</abbr> of sessions branch </td><td class="col2"> ou=sessions,dc=example,dc=com </td>
</tr>
<tr class="row4 roweven">
<td class="col0 centeralign"> <strong>ldapBindDN</strong> </td><td class="col1"> Connection login </td><td class="col2"> cn=admin,dc=example,dc=password </td>
</tr>
<tr class="row5 rowodd">
<td class="col0 centeralign"> <strong>ldapBindPassword</strong> </td><td class="col1"> Connection password </td><td class="col2"> secret </td>
</tr>
<tr class="row6 roweven">
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index list </td><td class="col2"> _whatToTrace ipAddr </td>
</tr>
<tr class="row7 rowodd">
<th class="col0 centeralign" colspan="3"> Optional parameters </th>
</tr>
<tr class="row8 roweven">
<th class="col0 centeralign"> Name </th><th class="col1 centeralign"> Comment </th><th class="col2 centeralign"> Default value </th>
</tr>
<tr class="row9 rowodd">
<td class="col0 centeralign"> <strong>ldapObjectClass</strong> </td><td class="col1"> Objectclass of the entry </td><td class="col2"> applicationProcess </td>
</tr>
<tr class="row10 roweven">
<td class="col0 centeralign"> <strong>ldapAttributeId</strong> </td><td class="col1"> Attribute storing session ID </td><td class="col2"> cn </td>
</tr>
<tr class="row11 rowodd">
<td class="col0 centeralign"> <strong>ldapAttributeContent</strong> </td><td class="col1"> Attribute storing session content </td><td class="col2"> description </td>
</tr>
<tr class="row12 roweven">
<td class="col0 centeralign"> <strong>ldapAttributeIndex</strong> </td><td class="col1"> Attribute storing index </td><td class="col2"> ou </td>
</tr>
</table></div>
<!-- EDIT11 TABLE [3997-4731] -->
</div>
<!-- EDIT10 SECTION "Browseable LDAP" [3646-4732] -->
<h2 class="sectionedit12" id="security">Security</h2>
<div class="level2">
<p>
Restrict network access to the backend.
</p>
<p>
You can also use different user/password for your servers by overriding parameters <code>globalStorage</code> and <code>globalStorageOptions</code> in lemonldap-ng.ini file.
</p>
</div>
<!-- EDIT12 SECTION "Security" [4733-] --></div>
</body>
</html>
|
