Open swapon666 opened 1 year ago
coudot
commented
1 year ago Hello Pascal,
with Apache::Session::Browseable::LDAP, you need to configure Index parameter: https://lemonldap-ng.org/documentation/latest/browseablesessionbackend.html#fieldstoindex
The Index values are stored in ou attribute, and so sessions should be seen by the purge script
What we could do is not to put ou attribute in filter if no Index is defined, but anyway it is not the way it should work
swapon666
commented
1 year ago Hello Clement,
yes it working if i use ldapAttributeIndex with "cn" in value. With "ou" in ldapAttributeIndex sessions are created without ou value. So it's appear very strange to change ldapAttributeIndex with default value to "ou" because sessions are created without this attribute. I closed this issue
Thx very much Clement
best regards
coudot
commented
1 year ago That was not my suggestion. Keep ldapAttributeIndex to "ou", but configure Index with the list documented here: https://lemonldap-ng.org/documentation/latest/browseablesessionbackend.html#fieldstoindex
swapon666
commented
1 year ago yes i just try with index and now it's create muliple "ou" attribute with index values. So i can remove ldapAttributeIndex . By defaut we must configure an index, perhaps a defautlt value with _"session_kind _utime" can be set in order to work out of the box ?
coudot
commented
1 year ago Sorry for the late reply.
We could indeed set a default index but we must find one that would be common to all session type. So _session_kind could be a good candidate.
I keep this issue open to address it later.
Hi,
i use lemonldap with the fabulous docker image of Clement OUDOT ( coudot/lemonldap-ng:2.16.2). My session and my OIDC session are stored in openldap and that works, session are created with object class ApplicationProcess with cn and description. But when i want used purgeCentralCache in order to delete old sessions, the script return always 0 sessions deleted. After reading code ( like saint thomas i trust only what i saw) , the problem is in /usr/share/perl5/Apache/Session/Browseable/LDAP.pm in get_key_from_all_sessions and his filter. This code use the following filter : (&(objectClass=applicationProcess)(ou=)) So it's always return 0 because session create by lemonldap doesn't have ou attribute (it's not mandatory in https://datatracker.ietf.org/doc/html/rfc4519#page-21 ). I modify the filter with th cn despite of ou (&(objectClass=applicationProcess)(cn=)) because when we use & operator in filter we must be sure that attribute is present, and after purge is working.
before submit PR i want to discuss we you on this defect because it's perhaps an invalid configuration on my image.
Best regards,
Pascal PEJAC