Handler module has been completely rewritten. You should now call the default module in your virtual host:
PerlHeaderParserHandler Lemonldap::NG::Handler
The main Apache handler configuration file has also been modified, check it:
# Load LemonLDAP::NG Handler PerlOptions +GlobalRequest PerlRequire Lemonldap/NG/Handler.pm # Common error page and security parameters ErrorDocument 403 http://auth.example.com/?lmError=403 ErrorDocument 500 http://auth.example.com/?lmError=500 ErrorDocument 503 http://auth.example.com/?lmError=503 <VirtualHost *:80> ServerName reload.example.com # Configuration reload mechanism (only 1 per physical server is # needed): choose your URL to avoid restarting Apache when # configuration change <Location /reload> Order deny,allow Deny from all Allow from 127.0.0.0/8 PerlHeaderParserHandler Lemonldap::NG::Handler->refresh </Location> # Uncomment this to activate status module #<Location /status> # Order deny,allow # Deny from all # Allow from 127.0.0.0/8 # PerlHeaderParserHandler Lemonldap::NG::Handler->status #</Location> </VirtualHost>
We provide a new skin: bootstrap. This skin uses Twitter Bootstrap framework, and allows to have a good rendering on mobile devices. Try it!
If you are using one of these specific handlers:
You should now change their path in you virtual host: For example for sympa, from:
PerlRequire /usr/local/lemonldap-ng/handler/MyHandlerSympa.pm PerlHeaderParserHandler My::Sympa
to:
PerlRequire Lemonldap/NG/Handler/Specific/SympaAutoLogin.pm PerlHeaderParserHandler Lemonldap::NG::Handler::Specific::SympaAutoLogin
We found that the default session identifier generation may be too simple and can allow to do brute force attack to find a valid session identifier (see https://jira.ow2.org/browse/LEMONLDAP-695).
We recommend that you use a new generate module. Add generateModule
key inside your sessions backend options and use Lemonldap::NG::Common::Apache::Session::Generate::SHA256
as value.
Captcha now use an Apache::Session module as backend, you need to adapt your previous configuration to replace captcha_data
and captcha_output
by captchaStorage
and captchaStorageOptions
.
This allows to use a DB or LDAP to share captchas in a cluster.
Session management has been rewritten, now all LL::NG modules use the Lemonldap::NG::Common::Session module to access a session. This new module manages the session cache, which can now be configured trough localSessionStorage
and localSessionStorageOptions
(see the session configuration in Manager).
If you were configuring the Handler session cache trough localStorage
in lemonldap-ng.ini, then you need to change your configuration, as Handler localStorage
will not cache sessions anymore, but is still used for specific Handler features, like local macros.
Since 1.4.6
Domain value should no more begin with a .
. If you configured .example.com
as domain value, use now example.com
.
Since 1.4.6
When Multi is used with #label
(like LDAP#OpenLDAP
), the module name stored in _auth
is now LDAP
. To get the full module name, use _authMulti
(and _userDBMulti
for user module). See modules for more information.