{"id":718,"date":"2023-04-13T07:35:41","date_gmt":"2023-04-13T05:35:41","guid":{"rendered":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/?p=718"},"modified":"2023-04-20T09:45:02","modified_gmt":"2023-04-20T07:45:02","slug":"cas-deploiement-serveur-lemonldapng-via-proxy-apache2","status":"publish","type":"post","link":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/cas-deploiement-serveur-lemonldapng-via-proxy-apache2\/","title":{"rendered":"cas &#8211; d\u00e9ploiement d&rsquo;un serveur lemonldap-ng via un proxy apache2"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-content\/uploads\/sites\/2\/2023\/04\/16819755563146.jpg\" alt=\"\" \/><\/p>\n<p>LemonLDAP::NG est un logiciel open source qui fournit une solution d&rsquo;authentification unique distribu\u00e9e avec gestion centralis\u00e9e des droits sous licence GPL. Il est cr\u00e9\u00e9 en 2004 par la Gendarmerie nationale fran\u00e7aise, en fourchant le logiciel LemonLDAP <em>(Wikip\u00e9dia)<\/em>.<\/p>\n<p><!--more--><\/p>\n<h2>LL::NG &#8211; Pr\u00e9requis<\/h2>\n<pre><code>apt install apache2 libapache2-mod-perl2 libapache2-mod-fcgid libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules-5.32 libwww-perl libxml-simple-perl libsoap-lite-perl libhtml-template-perl libregexp-assemble-perl libregexp-common-perl libjs-jquery libxml-libxml-perl libcrypt-rijndael-perl libio-string-perl libxml-libxslt-perl libconfig-inifiles-perl libjson-perl libstring-random-perl libemail-date-format-perl libmime-lite-perl libcrypt-openssl-rsa-perl libdigest-hmac-perl libdigest-sha-perl libclone-perl libauthen-sasl-perl libnet-cidr-lite-perl libcrypt-openssl-x509-perl libauthcas-perl libtest-pod-perl libtest-mockobject-perl libauthen-captcha-perl libnet-openid-consumer-perl libnet-openid-server-perl libunicode-string-perl libconvert-pem-perl libmoose-perl libplack-perl libapache-session-browseable-perl libdbd-pg-perl libgd-securityimage-perl perlmagick libemail-sender-perl libconvert-base32-perl libdigest-hmac-perl libio-socket-timeout-perl\n<\/code><\/pre>\n<h2>LL::NG &#8211; Repository<\/h2>\n<p>V\u00e9rifier que votre syst\u00e8me peut installer des paquets \u00e0 partir de d\u00e9p\u00f4ts HTTPS :<\/p>\n<pre><code>apt install apt-transport-https curl gnupg\n<\/code><\/pre>\n<p>Importer la signature du d\u00e9p\u00f4t LL::NG<\/p>\n<pre><code>curl https:\/\/lemonldap-ng.org\/_media\/rpm-gpg-key-ow2 | gpg --dearmor &gt; \/usr\/share\/keyrings\/lemonldap-ng-archive-keyring.gpg\n<\/code><\/pre>\n<p>Ajouter le d\u00e9p\u00f4t LL::NG<\/p>\n<pre><code>vi \/etc\/apt\/sources.list\n<\/code><\/pre>\n<pre><code>## LemonLDAP::NG repository\ndeb [arch=amd64 signed-by=\/usr\/share\/keyrings\/lemonldap-ng-archive-keyring.gpg] https:\/\/lemonldap-ng.org\/deb stable main\n<\/code><\/pre>\n<ul>\n<li>Utiliser le d\u00e9p\u00f4t <strong>stable<\/strong> pour obtenir les paquets de la version majeure actuelle<\/li>\n<li>Utiliser le d\u00e9p\u00f4t <strong>oldstable<\/strong> pour obtenir les paquets de la version majeure pr\u00e9c\u00e9dente<\/li>\n<li>Utiliser le d\u00e9p\u00f4t <strong>testing<\/strong> pour obtenir les paquets de la prochaine version majeure<\/li>\n<li>Utiliser le d\u00e9p\u00f4t <strong>2.0<\/strong> pour rester sur cette version majeure et \u00e9viter la mise \u00e0 niveau vers la version majeure suivante<\/li>\n<\/ul>\n<h2>LL::NG &#8211; Installation<\/h2>\n<pre><code>apt install lemonldap-ng lemonldap-ng-doc liblemonldap-ng-portal-perl\n<\/code><\/pre>\n<p>Par d\u00e9faut, le domaine DNS est example.com. Vous pouvez le changer rapidement avec sed. Par exemple, nous le rempla\u00e7ons par <em>mondomaine.fr<\/em> :<\/p>\n<pre><code>sed -i 's\/example\\.com\/mondomaine.fr\/g' \/etc\/lemonldap-ng\/* \/var\/lib\/lemonldap-ng\/conf\/lmConf-1.json\nchown www-data:www-data \/var\/lib\/lemonldap-ng\/conf\/lmConf-1.json\nchmod 660 \/var\/lib\/lemonldap-ng\/conf\/lmConf-1.json\n<\/code><\/pre>\n<p>Les fichiers de configuration sont versionn\u00e9s dans \/var\/lib\/lemonldap-ng\/conf\/<\/p>\n<h2>LL::NG &#8211; DNS<\/h2>\n<p>Configurez votre serveur DNS pour qu&rsquo;il r\u00e9solve les noms avec l&rsquo;IP de votre serveur :<\/p>\n<ol>\n<li>auth. : portail principal, il doit \u00eatre public<\/li>\n<li>manager. : manager, seulement pour les administrateurs<\/li>\n<li>test1., test2. : exemples d&rsquo;applications<\/li>\n<\/ol>\n<h2>LL::NG &#8211; Apache2<\/h2>\n<p>Supprimer les fichiers non n\u00e9cessaires<\/p>\n<pre><code>rm \/etc\/apache2\/sites-enabled\/000-default.conf\nrm \/etc\/lemonldap-ng\/test-nginx.conf\nrm \/etc\/lemonldap-ng\/portal-nginx.conf\nrm \/etc\/lemonldap-ng\/nginx-l*\nrm \/etc\/lemonldap-ng\/handler-nginx.conf\nrm \/etc\/lemonldap-ng\/api-nginx.conf\n<\/code><\/pre>\n<pre><code>a2ensite manager-apache2.conf\na2ensite portal-apache2.conf\na2ensite handler-apache2.conf\na2ensite test-apache2.conf\n<\/code><\/pre>\n<pre><code>a2enmod fcgid perl alias rewrite headers ssl\n<\/code><\/pre>\n<h2>LL::NG &#8211; Configuration<\/h2>\n<p>A venir &#8230;<\/p>\n<h2>LL::NG &#8211; Tuning<\/h2>\n<p>Remplacer le sujet dans mail de localisation \u00e0 chaque connexion<\/p>\n<pre><code>sed -i 's\/\\[LemonLDAP::NG\\]\/\\[GARDE\\]\/g' \/usr\/share\/lemonldap-ng\/portal\/templates\/common\/mail\/*.json\n<\/code><\/pre>\n<h2>R\u00e9f\u00e9rences<\/h2>\n<ul>\n<li><a href=\"https:\/\/lemonldap-ng.org\/documentation\/2.0\/start.html\">https:\/\/lemonldap-ng.org\/documentation\/2.0\/start.html<\/a><\/li>\n<li><a href=\"https:\/\/fr.wikipedia.org\/wiki\/LemonLDAP::NG\">https:\/\/fr.wikipedia.org\/wiki\/LemonLDAP::NG<\/a><\/li>\n<li><a href=\"https:\/\/slash-root.fr\/lemonldap-installation-avec-un-ldap-et-fusiondirectory\/\">https:\/\/slash-root.fr\/lemonldap-installation-avec-un-ldap-et-fusiondirectory\/<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>LemonLDAP::NG est un logiciel open source qui fournit une solution d&rsquo;authentification unique distribu\u00e9e avec gestion centralis\u00e9e des droits sous licence GPL. Il est cr\u00e9\u00e9 en 2004 par la Gendarmerie nationale fran\u00e7aise, en fourchant le logiciel LemonLDAP (Wikip\u00e9dia).<\/p>\n","protected":false},"author":13,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[93,11],"tags":[94,95,2],"class_list":["post-718","post","type-post","status-publish","format-standard","hentry","category-cas","category-linux","tag-cas","tag-lemonldap-ng","tag-linux"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paBEVZ-bA","jetpack_likes_enabled":false,"_links":{"self":[{"href":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-json\/wp\/v2\/posts\/718","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-json\/wp\/v2\/comments?post=718"}],"version-history":[{"count":7,"href":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-json\/wp\/v2\/posts\/718\/revisions"}],"predecessor-version":[{"id":726,"href":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-json\/wp\/v2\/posts\/718\/revisions\/726"}],"wp:attachment":[{"href":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-json\/wp\/v2\/media?parent=718"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-json\/wp\/v2\/categories?post=718"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-json\/wp\/v2\/tags?post=718"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}