Parameter list

Presentation

The following table describes all configuration parameters. The colons are: You can edit etc/lemonldap-ng.ini to override locally any of these parameters

The key name can also be seen when you access directly to the configuration backend (for example with an LDAP browser if you choose the LDAP configuration backend).

When a key name contains one or more /, it means that it's multi-level hash map. For example level1Key / level2Key will be used as:
level1Key => { level2Key => 'value' },

General parameters

Backends



Full name Key name Version GUI Portal Menu Handler Manager Sessions
Authentication backend authentication 0 Yes X        
User backend userDB 0.9.3 Yes X        
Password backend passwordDB 0.9.4 Yes X        
Session backend globalStorage 0 Yes X   X   X
Session backend options globalStorageOptions 0 Yes X   X   X
Configuration backend configStorage 0 No X   X X X
Cache backend localStorage 0 No X   X X  
Cache backend options localStorageOptions 0 No X   X X  
Notification backend notificationStorage 0.9.3 Yes X        
Issuer backend issuerDB 1.0 No X        

Common



Full name Key name Version GUI Portal Menu Handler Manager Sessions
Remote user (for Apache logs) whatToTrace 0 Yes X   X X X
Custom functions customFunctions 0.9.3 Yes X   X X  
Headers sent exportedHeaders 0 Yes X   X    
Access rules locationRules 0 Yes X   X    
Portal URL portal 0 Yes X   X    
Name of the cookie cookieName 0 Yes X   X    
Main DNS domain domain 0 Yes X   X    
CDA activation cda 0.9.4 Yes X   X    
Cookie security securedCookie 0 Yes X        
Cookie expiration cookieExpiration 1.0 Yes X        
Attributes from user backend exportedVars 0 Yes X        
Local groups groups 0 Yes X        
Macros macros 0 Yes X        
Session lifetime for cronjob timeout 0 Yes (purge script)        
Syslog facility syslog 0.9.3 Yes X        
SOAP activation Soap 0.9.4 Yes X        
Attributes exported in SOAP exportedAttr 0.9.4 Yes X        
Store password in session storePassword 0.9.3 Yes X        
Notification activation notification 0.9.3 Yes X        
Trusted domains trustedDomains 0.9.4 Yes X        
Rule for session granting grantSessionRule 1.0 Yes X        
Status module status 0.9 No     X    
Force HTTPS in redirection https 0 Yes     X    
Force port in redirection port 0 Yes     X    
Protection scheme protection 0 No     (CGI) X X
Sessions image path imagePath 0.9.3 No         X
jQuery URI jqueryUri 0.9.3 No         X
Use XForwardedFor for IP useXForwardedForIP 0.9.4 No         X

SMTP (reset password by mail)



Full name Key name Version GUI Portal Menu Handler Manager Sessions
SMTP server SMTPServer 0.9.4 Yes X        
Mail From address mailFrom 0.9.4 Yes X        
Regexp for random password randomPasswordRegexp 0.9.4 Yes X        
Subject for password mail mailSubject 0.9.4 Yes X        
Body for password mail mailBody 0.9.4 Yes X        
Subject for confirmation mail mailConfirmSubject 1.0 Yes X        
Body for confirmation mail mailConfirmBody 1.0 Yes X        
URL for mail reset mailUrl 1.0 Yes X        


Note: setting mailBody and mailConfirmBody will disable the use of default HTML templates.

Templates customization



Full name Key name Version GUI Portal
Skin name portalSkin 1.0 Yes X
Display logout module portalDisplayLogout 1.0 Yes X
Display reset password form portalDisplayResetPassword 1.0 Yes X
Display change password module portalDisplayChangePassword 1.0 Yes X
Display applications list portalDisplayAppslist 1.0 Yes X
Allow form autocompletion portalAutocomplete 1.0 Yes X
Require old password (change) portalRequireOldPassword 1.0 Yes X
User name session field portalUserAttr 1.0 Yes X
Open links in new window portalOpenLinkInNewWindow 1.0 Yes X

Authentication configuration (Portal only)

Common



Full name Key name Version GUI
Delete other session singleSession 1.0 Yes
Delete other session if IP differs singleIP 1.0 Yes
Do not allow several users for 1 IP singleUserByIP 1.0 Yes
Display other sessions notifyOther 1.0 Yes
Display deleted sessions notifyDeleted 1.0 Yes

LDAP



Full name Key name Version GUI
LDAP server or Net::LDAP connexion string ldapServer 0 Yes
LDAP Port ldapPort 0 Yes
LDAP search base ldapBase 0 Yes
Bind DN managerDn 0 Yes
Bind Password managerPassword 0 Yes
Main search filter LDAPFilter 0 Yes
Authentication search filter AuthLDAPFilter 0.9 Yes
Mail search filter mailLDAPFilter 0.9.4 Yes
Password policy control ldapPpolicyControl 0.9.1 Yes
Extended SetPassword modify ldapSetPassword 0.9.4 Yes
Groups base ldapGroupBase 0.8 Yes
Groups objectClass ldapGroupObjectClass 0.9.4 Yes
Groups member attribute ldapGroupAttributeName 0.9.4 Yes
Groups member link value ldapGroupAttributeNameUser 0.9.4 Yes
Groups name attribute ldapGroupAttributeNameSearch 0.9.4 Yes
Activate recursive groups ldapGroupRecursive 1.0 Yes
Group link attribute name ldapGroupAttributeNameGroup 1.0 Yes
Change password as user ldapChangePasswordAsUser 1.0 Yes

DBI



Full name Key name Version
Connection chain dbiAuthChain 1.0
Connection user dbiAuthUser 1.0
Connection password dbiAuthPassword 1.0
Authentication table dbiAuthTable 1.0
Login column dbiAuthLoginCol 1.0
Password column dbiAuthPasswordCol 1.0
Password hash dbiAuthPasswordHash 1.0
UserDB connection chain dbiUserChain 1.0
UserDB connection user dbiUserUser 1.0
UserDB connection password dbiUserPassword 1.0
UserDB table dbiUserTable 1.0
Mail column dbiPasswordMailCol 1.0
Pivot from user table userPivot 1.0

SSL



Full name Key name Version GUI
User field in certificate SSLVar 0 Yes
Map with LDAP attribute SSLLDAPField 0 Yes
Force SSL authentication SSLRequire 0 Yes

CAS



Full name Key name Version GUI
CAS server URL CAS_url 0 Yes
CAS login URL CAS_loginUrl 0 Yes
CAS validation URL CAS_validationUrl 0 Yes
CAS CA file CAS_CAFile 0 Yes

Remote



Full name Key name Version GUI
Remote portal remotePortal 0.9.4 Yes
Remote Session backend remoteGlobalStorage 0.9.4 Yes
Remote Session backend options remoteGlobalStorageOptions 0.9.4 Yes

Proxy



Full name Key name Version GUI
Target portal URL soapAuthService 1.0 Yes
Target cookie name remoteCookieName 1.0 Yes
Target session SOAP end point soapSessionService 1.0 Yes

Liberty Alliance



Full name Key name Version GUI
SP certificate laSP / certificate 0.9 No
SP metadata (XML file) laSP / metadata 0.9 No
SP private key laSP / privkey 0.9 No
SP secret key laSP / secretkey 0.9 No
IDPs list (XML file) laIdpsFile 0.9 No
Debug activation laDebug 0.9 No
LDAP attribute in assertion laLdapLoginAttribute 0.9 No
Federation storage laStorage 0.9 No
Federation storage options laStorageOptions 0.9 No

Twitter



Full name Key name Version GUI
twitter application key twitterKey 1.0 Yes
twitter application secret twitterSecret 1.0 Yes
twitter application name twitterAppName 1.0 Yes

OpenID



Full name Key name Version GUI
OpenID secret token openIdSecret 1.0 Yes