LemonLDAP::NG 1.3 David Coutadeur New features of LemonLDAP::NG 1.3 - - PowerPoint PPT Presentation

lemonldap ng 1 3 david coutadeur
SMART_READER_LITE
LIVE PREVIEW

LemonLDAP::NG 1.3 David Coutadeur New features of LemonLDAP::NG 1.3 - - PowerPoint PPT Presentation

Feb 16, 2023 419 likes •620 views

LemonLDAP::NG 1.3 David Coutadeur New features of LemonLDAP::NG 1.3 www.ow2.org Twitter #ow2con About the speaker www.ow2.org Twitter #ow2con David Coutadeur LDAP engineer since 2010 in LINAGORA company, with experiences in SUN/Oracle

slide-1
SLIDE 1

Twitter #ow2con www.ow2.org

LemonLDAP::NG 1.3 David Coutadeur

New features of LemonLDAP::NG 1.3

slide-2
SLIDE 2

Twitter #ow2con www.ow2.org

About the speaker

slide-3
SLIDE 3

Twitter #ow2con www.ow2.org

David Coutadeur

  • LDAP engineer since 2010 in LINAGORA

company, with experiences in SUN/Oracle to OpenLDAP migration

  • Integrator for LinID solutions http://linid.org
  • Member of the LTB team http://ltb-project.org
  • Member of the LSC team http://lsc-project.org
  • Member of LemonLDAP::NG project core-team

http://lemonldap-ng.org

slide-4
SLIDE 4

Twitter #ow2con www.ow2.org

LemonLDAP::NG

slide-5
SLIDE 5

Twitter #ow2con www.ow2.org

Components

  • LemonLDAP::NG main components:
  • Portal: authentication process, user interaction,

application menu, password change form

  • Manager: configuration interface, sessions explorer
  • Handler: Apache agent, manage access

authorizations

  • Perl, only Perl, just Perl
  • Relies on Apache and mod_perl
slide-6
SLIDE 6

Twitter #ow2con www.ow2.org

Follow the white request

slide-7
SLIDE 7

Twitter #ow2con www.ow2.org

What's new ?

  • FastCGI Portal
  • Authentication/user modules:

– Active Directory, – BrowserID, – WebID, – Google, – Facebook

  • JSON file configuration backend
  • Captcha
  • Aliases for virtual hosts
  • CLI LemonLDAP Manager
slide-8
SLIDE 8

Twitter #ow2con www.ow2.org

FastCGI Portal

  • CGI interfaces applications to web servers
  • FastCGI reduces overhead thanks to persistent

processes, joined by a socket or TCP connexion

  • LemonLDAP::NG CGIs can now be easily extended to

FastCGI:

– Manager (not so useful) – Portal

  • Improves response time
  • Scalability not tested yet (cgi farm servers)
slide-9
SLIDE 9

Twitter #ow2con www.ow2.org

Active Directory module

  • Active Directory is a "special"

LDAP directory

  • AD module is nearly the same

as LDAP

  • Specific default values for

filters to match AD schema

  • Compatible password

modification

  • Reset password on next

logon workflow

slide-10
SLIDE 10

Twitter #ow2con www.ow2.org

BrowserID module

  • Authentication database only
  • Mozilla Persona: implementation of a distributed login

system based on BrowserID protocol

  • Similar to OpenID
  • BrowserID based on email address / OpenID based on

a complicated URL

  • Cross-browser (if recent)
  • Public key cryptography
  • Involves users, Relying Parties, and Identity Providers
slide-11
SLIDE 11

Twitter #ow2con www.ow2.org

WebID module

  • Invented by a community group at W3C
  • Public Key WebID = URI that refers to a person

→ uniquely identifies a user by his relation to a public key e.g. https://mywebsite.net/#dco

  • WebID protocol is based on these URIs and a client

certificate

  • You may already have one!

By joining a social network site: Libre.fm, MyOpera, Twitter

  • URI can be linked to other profiles, to create a linked web
  • f trust
  • FOAF sites: store Friend of a a friend datas

can provision users module in LemonLDAP::NG

FOAF

slide-12
SLIDE 12

Twitter #ow2con www.ow2.org

Google module

  • Authentication and users databases
  • Users log in with Google authentication process
  • LemonLDAP uses OpenID protocol to trust the latter
  • OpenID
  • decentralized authentication system based on URL,

involving Providers, Relying parties and users,

  • user chooses what data he wants to be accessible for

each RP

  • Mail used as login name
  • A few data available: country, email, firstname, language,

lastname

slide-13
SLIDE 13

Twitter #ow2con www.ow2.org

Facebook module

  • More than 1.1 billion users in the world
  • Authentication and users databases
  • Oauth2 as authorization protocol (no authentication)
  • Oauth2

– Based on access and refresh tokens exchanged

between client application and resource server

– Binding between LemonLDAP (client) and Facebook

(resource server) is done by getting an application ID and a secret

slide-14
SLIDE 14

Twitter #ow2con www.ow2.org

JSON file configuration backend

  • "JavaScript Object Notation"
  • Generic data format allowing to represent structured

information

  • Configuration stored in a more readable way
  • Can be shared by

– any files sharing system (NFS, NAS, SAN,…) – SOAP configuration backend proxy

slide-15
SLIDE 15

Twitter #ow2con www.ow2.org

And much more...

  • Captcha
  • Can be used

– At user connection – In mail reset component

  • Extra control to ensure one is human
  • Aliases for virtual hosts
  • Allows numerous vhosts creation owning same headers

and same protection rules

  • CLI LemonLDAP Manager
  • Tool to manage LemonLDAP configuration with the

command line

slide-16
SLIDE 16

Twitter #ow2con www.ow2.org

What's next ?

  • Configuration and cache optimization
  • Code refactoring with Moose/Mouse for a

better OO code

  • Handler modularization
  • compatibility with apache MPM-event or Nginx ?
slide-17
SLIDE 17

Twitter #ow2con www.ow2.org

The end... almost

slide-18
SLIDE 18

Twitter #ow2con www.ow2.org

Thanks

  • Thanks to:
  • OW2 Con organizers
  • LINAGORA company
  • LemonLDAP::NG and Perl community
  • Stay in touch:
  • IRC: stryg #lemonldap-ng@freenode
slide-19
SLIDE 19

Twitter #ow2con www.ow2.org

Questions?