{"id":16106521,"url":"https://github.com/danb35/nethserver-lemonldap-ng","last_synced_at":"2026-02-06T01:45:16.049Z","repository":{"id":38127640,"uuid":"346057469","full_name":"danb35/nethserver-lemonldap-ng","owner":"danb35","description":"Integrate LemonLDAP::NG into Nethserver","archived":false,"fork":false,"pushed_at":"2022-06-10T03:52:59.000Z","size":13973,"stargazers_count":2,"open_issues_count":1,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-27T01:06:03.349Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/danb35.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-03-09T15:42:57.000Z","updated_at":"2024-02-04T04:59:02.000Z","dependencies_parsed_at":"2022-07-24T19:17:23.571Z","dependency_job_id":null,"html_url":"https://github.com/danb35/nethserver-lemonldap-ng","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danb35%2Fnethserver-lemonldap-ng","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danb35%2Fnethserver-lemonldap-ng/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danb35%2Fnethserver-lemonldap-ng/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danb35%2Fnethserver-lemonldap-ng/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/danb35","download_url":"https://codeload.github.com/danb35/nethserver-lemonldap-ng/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248691077,"owners_count":21146266,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-09T19:13:43.392Z","updated_at":"2026-02-06T01:45:11.022Z","avatar_url":"https://github.com/danb35.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# nethserver-lemonldap-ng\n[LemonLDAP::NG](https://lemonldap-ng.org/welcome/) is a single sign-on/identity and access management (SSO/IAM) application.  It supports both of the standard Nethserver accounts providers, and allows other applications to authenticate using HTTP headers (external authentication, a/k/a \"Apache authentication\"), SAML, CAS, and OpenID Connect.  It also handles multi-factor authentication using TOTP (and apps like Authy or Google Authenticator), hardware tokens, and other technologies.\n\nThis package provides basic integration of LemonLDAP::NG into Nethserver, setting up the necessary Apache virtual hosts, configuring them for your domain, and configuring LemonLDAP::NG to connect to your specified accounts provider.  Further manual configuration will be required to allow it to protect any application you're interested in.\n\n## Quick install\nYou can install and configure this module with a single command, which will handle the items in Prep, Install, and Post-install configuration below.  Specifically, it will run the `/root/lemon_config.sh` script with all the default settings.  If you don't want this to happen, follow the steps below instead.  To perform the quick install, run:\n`curl https://raw.githubusercontent.com/danb35/nethserver-lemonldap-ng/master/install-llng.sh | sh`\n\n## Prep\n\nInstall the danb35 repo: `yum install https://repo.familybrown.org/nethserver/7/noarch/nethserver-danb35-1.1.0-1.ns7.noarch.rpm`\n\nThen you'll need to add the LemonLDAP::NG repos.  Create `/etc/yum.repos.d/lemonldap-ng.repo` with your text editor of choice.  Its contents should be:\n```\n[lemonldap-ng]\nname=LemonLDAP::NG packages\nbaseurl=https://lemonldap-ng.org/redhat/stable/$releasever/noarch\nenabled=1\ngpgcheck=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OW2\n\n[lemonldap-ng-extras]\nname=LemonLDAP::NG extra packages\nbaseurl=https://lemonldap-ng.org/redhat/extras/$releasever\nenabled=1\ngpgcheck=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OW2\n```\nYou'll also need to install the GPG key: `curl https://lemonldap-ng.org/_media/rpm-gpg-key-ow2 \u003e /etc/pki/rpm-gpg/RPM-GPG-KEY-OW2`\n\n## Install\n\nNow run `yum install nethserver-lemonldap-ng --enablerepo=lemonldap-ng,lemonldap-ng-extras`.  Yum will install LemonLDAP::NG and all its dependencies, along with the integration package.\n\n## Post-install configuration\n**Caution:** LemonLDAP::NG **will not work** without additional configuration.  The `/root/lemon_config.sh` script (described below) will set up sensible defaults for most Nethserver systems.  If you want your own custom configuration, consult the [LLNG docs](https://lemonldap-ng.org/documentation/latest/installrpm.html#first-configuration-steps).  At a minimum, you'll need to run `sed -i 's/example\\.com/yourdomain/g' /var/lib/lemonldap-ng/conf/lmConf-1.json`.\n\n### Host names\nBy default, the authentication portal will be available at https://auth.yourdomain, and the manager at https://manager.yourdomain.  You can change these defaults using the `portalFqdn` and `managerFqdn` properties, respectively.\n\n### TLS certificates\nBy default, the portal and manager virtual hosts will use the default system TLS certificate.  This means that the FQDNs for the portal and manager will need to be part of that certificate.  If you prefer, you can create a separate certificate for those virtual hosts and specify it using the `CrtFile`, `ChainFile`, and `KeyFile` properties.\n\n### LLNG Master Config file\nUnlike most configuration in Nethserver, the main configuration file for LemonLDAP::NG is not templated.  Most changes will be done directly through its web interface (https://manager.yourdomain).  However, this package provides a script that will create a basic configuration.  That script will be created or updated any time you run `signal-event nethserver-lemonldap-ng-update`.  Then, to run it, run `/root/lemon_config.sh`.  This script will set the portal to enforce SSL on your domain, require secure cookies, remove the test applications, and connect to your accounts provider as configured in Nethserver.\n\n## Configuration properties\nConfiguration for this module is stored in the main configuration database, under the `lemonldap` key.  After making any changes, run `signal-event nethserver-lemonldap-ng-update`.  Available properties are:\n\n|Property|Default|Description|\n|---|---|---|\n|access|public|Control access to the WebSSO manager.  If set to `private`, access will only be allowed from private networks.|\n|portalFqdn|auth.$DomainName|FQDN where the authentication portal will be visible|\n|managerFqdn|manager.$DomainName|FQDN where the manager will be visible|\n|CrtFile|(system default)|Path to TLS certificate for the portal and manager virtual hosts|\n|ChainFile|(system default)|Path to the intermediate CA certificate(s), if any|\n|KeyFile|(system default)|Path to the TLS private key for the portal and manager virtual hosts|\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanb35%2Fnethserver-lemonldap-ng","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdanb35%2Fnethserver-lemonldap-ng","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanb35%2Fnethserver-lemonldap-ng/lists"}