News on LemonLDAP::NG 2.0


LemonLDAP::NG 2.0 will be a major release with a lot of new features. Upgrade will be easy for a basic usage but some work has to be done if you use advanced features.

See https://lemonldap-ng.org/documentation/2.0/upgrade

Handler

A new feature comes with 2.0: DevOps handler.

This new handler reads rules and headers from the /rules.json of the protected website. This allows one to protect websites in development: a developer can test itself his rules without asking changes to LLNG administrator. See https://lemonldap-ng.org/documentation/2.0/devopshandler

You will be able to choose handler type in the manager (AuthBasic,...) in each virtualHost. All specific handlers are available with both Nginx and Apache (CDA, AuthBasic, ZimbraPreAuth, SecureToken, DevOps).

A "Token" handler is coming soon to handle underlying REST calls done by a webapp to another for a connected user.

Also an experimental node.js handler has been published on GitHub

Portal

Portal use no more ModPerl::Registry: like Manager-1.9, it uses FastCGI and has been rewritten using "Plugins". Performance are increased a lot!

It generates also dynamically security headers to protect it from modern attacks (Content-Security-Policy,...).

Multi auth module has been replaced by a powerful new module named "Combination". See: https://lemonldap-ng.org/documentation/2.0/authcombination

Manager

No big changes (already done in 1.9) but differences between 2 configurations can be displayed easily.

FastCGI server (Nginx)

LLNG FastCGI server can be used to handle .pl and .psgi files (like php-fpm)

Logging

Logs can now be redirected to:

  • Standard output (webserver error.log)
  • Syslog (now default for Nginx)
  • Log4perl (looks like Java Log4J)

There are 2 categories of logs which can be redirected separately:

  • technical logs
  • user actions

Developer corner

Handler libraries have been totally rewritten. It is now more easy to build custom handlers.

Also Portal has now a powerful plugin system. It is now easy to insert a function inside authentication process or to catch a URL path_info (ex: http://auth.example.com/mypath). Doc is inserted in Portal manpages.

See:

Help wanted

You can extract 2.0 version from the SVN repository and test it, any feedback is welcome!