This plugin allows us to check session attributes, access rights and transmitted headers for a specific user and URL. This can be useful for IT Ops, dev teams or administrators to debug or check rules. Plugin DISABLED by default.
Just enable it in the manager (section “plugins”).
!$anonymous
)whatToTrace
fails. Useful to look for sessions by mail or givenName. Let it blank to search by whatToTrace
only.
* Search attributes => mail uid givenName
If whatToTrace
fails, sessions are searched by mail
, next uid
if none session is found and so on...
* Display empty headers rule => $uid eq "dwho"
-> Only 'dwho' will see empty headers
checkUser plugin hidden attributes are concatenation of checkUserHiddenAttributes
and hiddenAttributes
.
You just have to append checkUser specific attributes.
You have to restrict access to specific users (administrators, DevOps, power users and so on...) by setting an access rule like other VirtualHosts.
By example: $groups =~ /\bsu\b/
To modify persistent sessions attributes ('_loginHistory _2fDevices notification_' by default), edit lemonldap-ng.ini
in [portal] section:
[portal] persistentSessionAttributes = _loginHistory _2fDevices notification_
When enabled, /checkuser
URL path is handled by this plugin.