1LEMONLDAP-NG-SESSIONS(1U)ser Contributed Perl DocumentatiLoEnMONLDAP-NG-SESSIONS(1)
2
3
4

NAME

6       lemonldap-ng-sessions - Scripting CLI for LemonLDAP::NG sessions
7

SYNOPSIS

9       lemonldap-ng-sessions [<options>] <command> [<arguments> ...]
10
11       Commands:
12
13               get             get one or several session from known IDs
14               search          search for sessions
15               delete          delete existing sessions
16               setKey          add/change key in existing session
17               delKey          delete key from existing session
18               secondfactors   manage second factors
19               consents        manage OIDC user consents
20
21       Options:
22
23               --help          Show full help
24               --select        Select which fields to print
25               --backend       Specify session backend
26               --persistent    Search in persistent sessions
27               --where         Set search filter (search/delete only)
28               --id-only       Only return IDs (search only)
29               --user      Change user running the script
30               --group     Change group running the script
31

COMMANDS

33   Get
34           lemonldap-ng-sessions get <id> [<id> ...]
35
36       This command lets you read the content of a session.
37
38       You must pass one or several session IDs as parameters.
39
40       Examples
41
42               lemonldap-ng-sessions get 9684dd2a6489bf2be2fbdd799a8028e3
43
44               lemonldap-ng-sessions get --persistent dwho
45
46   Search
47           lemonldap-ng-sessions search [<options>]
48
49       This command lets you search for sessions.
50
51       It can be used to find the session IDs that other commands need.
52
53       You can restrict the search with options. See "OPTIONS"
54
55       Examples
56
57               lemonldap-ng-sessions search
58
59               lemonldap-ng-sessions search --backend persistent
60
61               lemonldap-ng-sessions search --where uid=dwho
62
63               lemonldap-ng-sessions search --where uid=dwho \
64                       --id-only
65
66               lemonldap-ng-sessions search --backend persistent \
67                       --where _session_uid=dwho
68
69               lemonldap-ng-sessions search --where uid=dwho \
70                       --select authenticationLevel
71
72   Delete
73           lemonldap-ng-sessions delete <id> [<id> ...]
74           lemonldap-ng-sessions delete --where <filter>
75
76       This command lets you delete sessions.
77
78       You may give it one or several session IDs to remove.
79
80       Examples:
81
82               lemonldap-ng-sessions delete 9684dd2a6489bf2be2fbdd799a8028e3
83
84               lemonldap-ng-sessions delete --persistent dwho
85
86       Or you can give it a search expression.
87
88       Examples:
89
90               lemonldap-ng-sessions delete --where uid=dwho
91
92               lemonldap-ng-sessions delete --persistent --where _session_uid=dwho
93
94   Set Key
95           lemonldap-ng-sessions setKey <id> <key> <value> [<key> <value> ...]
96
97       This command allows you to modify one or several keys from an existing
98       session.
99
100       Examples:
101
102               lemonldap-ng-sessions setKey 9684dd2a6489bf2be2fbdd799a8028e3 \
103                       authenticationLevel 1
104
105   Delete Key
106           lemonldap-ng-sessions delKey <id> <key> [<key> ...]
107
108       This command lets you remove a key from an existing session.
109
110       You must specify a session ID, and one of several session keys to
111       remove.
112
113       Examples:
114
115               lemonldap-ng-sessions delKey --persistent dwho _oidcConsents
116
117   Second Factors
118           lemonldap-ng-sessions secondfactors <command> <user> [<id> ... ]
119
120       Commands:
121
122           get <user>
123               show all second factors for a user
124           delete <user> <id> [<id> ...]
125               delete second factors for a user. The ID must match one of the
126               IDs returned by the "show" command.
127           delType [<user>|--all] <type> [<type> ...]
128               delete all second factors of a given type for a user
129           migrateu2f [<user>|--all]
130               migrate U2F device registrations to WebAuthn device registrations
131
132   Consents
133           lemonldap-ng-sessions consents <command> <user> [<id> ... ]
134
135       Commands:
136
137           get <user>
138               show all OIDC consents for a user
139           delete <user> <id> [<id> ...]
140               delete OIDC consents for a user
141

OPTIONS

143       --select,-s
144           Lets you select which fields to output in the JSON result.
145
146           This option can be set multiple times
147
148       --where,-w
149           This option lets you filter your session search according to a
150           filter.
151
152           For now, only one filter can be set.
153
154           Only exact matches are supported
155
156           Examples:
157
158                   --search uid=dwho
159                   --search _sessionType=OIDC
160
161       --backend,-b
162           This option lets you specify which session backend to use.
163
164           You only need it when you configured multiple session backends in
165           your LemonLDAP::NG installation (for Persistent, SAML, CAS or OIDC
166           sessions)
167
168           Examples:
169
170                   --backend persistent
171                   --backend saml
172                   --backend oidc
173                   --backend cas
174
175       --persistent,-p
176           This option is a shortcut for specifying --backend persistent and
177           using the UID hash as a session ID
178
179           Example:
180
181                   lemonldap-ng-sessions --backend persistent \
182                           get 5efe8af397fc3577e05b483aca964f1b
183
184           is the same as
185
186                   lemonldap-ng-sessions get --persistent dwho
187
188       --id-only,-i
189           This option replaces the standard JSON output format with a simpler
190           format of one session ID per line.
191
192           This allows some interesting combos using xargs. For example, if
193           you want to remove all sessions started by "dwho"
194
195                   lemonldap-ng-sessions search --where uid=dwho --id-only | \
196                           xargs lemonldap-ng-sessions delete
197
198       --user,-u
199           This option forces the system user that runs the script.
200
201       --group,-g
202           This option forces the system group that runs the script.
203

SEE ALSO

205       <http://lemonldap-ng.org/>
206

AUTHORS

208       Maxime Besson, <maxime.besson@worteks.com>
209

BUG REPORT

211       Use OW2 system to report bug or ask for features:
212       <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>
213

COPYRIGHT AND LICENSE

215       Copyright (C) 2016 by Xavier Guimard, <x.guimard@free.fr>
216       Copyright (C) 2016 by Clément Oudot, <clem.oudot@gmail.com>
217
218       This library is free software; you can redistribute it and/or modify it
219       under the terms of the GNU General Public License as published by the
220       Free Software Foundation; either version 2, or (at your option) any
221       later version.
222
223       This program is distributed in the hope that it will be useful, but
224       WITHOUT ANY WARRANTY; without even the implied warranty of
225       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
226       General Public License for more details.
227
228       You should have received a copy of the GNU General Public License along
229       with this program.  If not, see <http://www.gnu.org/licenses/>.
230
231
232
233perl v5.38.0                      2023-11-14          LEMONLDAP-NG-SESSIONS(1)