Portal customization

Note

The portal is the visible part of LemonLDAP::NG, all userinteractions are displayed on it.

Main Logo

You can change the default Main Logo in Manager: General Parameters >Portal > Customization > Main logo.

A blank value disables Main logo display.

Tip

  • Logo files must be stored in lemonldap-ng-portal/site/htdocs/static/my/path directory

  • Logo file path must be like my/path/logo.png

  • Main logo is included in Portal templates AND mail body

Favicon

You can change the default favicon in Manager: General Parameters >Portal > Customization > Favicon.

A blank value displays default faviconcommon/favicon.ico.

Tip

  • Logo files must be stored in lemonldap-ng-portal/site/htdocs/static/my/path directory

  • Logo file path must be like my/path/logo.ico

Show languages choice

You can disabled languages choice in Manager: General Parameters >Portal > Customization > Show languages choice.

Option enabled by default.

Tip

If languages choice is disabled, Portal displays accepted languages byyour browser (EN by default).

Scroll to top button

You can display a button to go to back to the top after <value> pixels scrolling.

Tip

A blank or null value disable this feature.

Floating category name

You can display an applications category as a floating menu by specifying its categoryname.Example:Sampleapplications.

Tip

A blank or an inexisting value disable this feature.

Custom CSS file

You can define a custom CSS file, for examplecustom.css, which willbe loaded after default CSS files. This file must be created in the static repository(By default:/usr/share/lemonldap-ng/portal/htdocs/static/).

Then set this value in Custom CSS parameter:bootstrap/css/custom.css.

CSS file example to remove white background of main logo:

#headerimg{background-color:transparent;}

Custom JS file

Similarly, you can define a custom JS file, for examplecustom.js, which willbe loaded after default JS files. This file must be created in the static repository(By default:/usr/share/lemonldap-ng/portal/htdocs/static/).

Then set this value in Custom JS parameter:bootstrap/js/custom.js.

Check out theAvailable JQuery Events page for available integrations

Some javascript functions are exported by LemonLDAP:

  • translate(msg): lookup the value of the translation labelmsg in the current language

New in version 2.21.0:

  • translatePage(lang): translate the page intolang, if ommitted, retranslate the whole page into the current language

  • webauthn_start: start WebAuthn authentication flow. This only works on login page and 2FA pages

  • ssl_start: start SSL authentication. This only works the login page

Skin

LemonLDAP::NG is shipped with a bootstrap skin.

But you can provide your own. See Skin customization below.

Default skin

You can change the default skin in Manager:GeneralParameters >Portal >Customization >Defaultskin.

Select theCustom skin, then set the name of the skin you want touse in the input below.

Skin background

Go inGeneralParameters >Portal >Customization >Skinbackground. You can define a background by selecting one of theavailable image. SelectNone to use the default skin background configuration.

image0

To set your own background, copy your file in/usr/share/lemonldap-ng/portal/htdocs/static/common/backgrounds/ andregister it in/etc/lemonldap-ng/lemonldap-ng.ini:

[portal]portalSkinBackground=file.png

You can also uselemonldap-ng-cli:

/usr/share/lemonldap-ng/bin/lemonldap-ng-clisetportalSkinBackgroundfile.png

Skin rules

You might want to display different skin depending on the URL that wascalled before being redirected to the portal, or the IP address of theuser.

To achieve this, you can create a rule in the Manager: selectGeneralParameters >Portal >Customization >Skindisplayrules and click on “New entry”. Then fill the two fields;

  • Key: a Perl expression (you can use%ENV hash to get environmentvariables, or$_url to get URL called before redirection, or$ipAddrto use user IP address). If the rule evaluation is true, the correspondingskin is applied.

  • Value: the name of the skin to use.

Example:

$_url =~ m#^http://test1.example.com#

Skin files

A skin is composed of different files:

  • .tpl: PerlHTML::Template files, for HTML content

  • .css: CSS (styles)

  • .js: Javascript

  • images and other media files

A skin will often refer to thecommon skin, which is not a realskin, but shared skin objects (like scripts, images and CSS).

Skin customization

Attention

If you modify directly the skin files, yourmodifications will certainly be erased on the next upgrade. The best isto create your own skin, based on an existing skin.

Here we explain how to create a new skin, namedmyskin, from thebootstrap skin.

First copy static content:

cd/usr/share/lemonldap-ng/portal/htdocs/staticmkdirmyskincdmyskin/cp-a../bootstrap/js/.cp-a../bootstrap/css/.mkdirimages

Then create a folder for template overrides

cd/usr/share/lemonldap-ng/portal/templates/mkdirmyskincdmyskin/

LemonLDAP::NG contains templates that are made for common customization, theseparticular templates do not need any modification when you upgradeLemonLDAP::NG:

  • customhead.tpl : HTML header markups (like CSS, js inclusion)

  • customheader.tpl : HTML code in the header

  • customfooter.tpl : HTML code in the footer

  • customLoginHeader.tpl : HTML code in the login header

  • customLoginFooter.tpl : HTML code in the login footer

To use override these files, copy them into your skin folder:

cp../bootstrap/custom*.

Any other template file can also be overriden, be sure you checkupgrade notes for important updates in your overriden templatefiles.

Then you can add your media tomyskin/images, you will be able touse them in HTML template with this code:

<imgsrc="<TMPL_VAR NAME="STATIC_PREFIX">myskin/images/logo.png"class="mx-auto d-block"/>

To change CSS, two options:

  • Edit myksin/css/styles.css and myskin/css/styles.min.css

  • Create a new CSS file, for example myskin/css/myskin.css and load itin customhead.tpl:

<linkhref="<TMPL_VAR NAME="STATIC_PREFIX"><TMPL_VAR NAME="SKIN">/css/myskin.css"rel="stylesheet"type="text/css"/>

To add custom JS, create a new file in myskin/js/custom.js and load it in customhead.tpl

<scripttype="text/javascript"src="<TMPL_VAR NAME="STATIC_PREFIX"><TMPL_VAR NAME="SKIN">/js/custom.js"></script>

In this file, you can access JQuery functions, and hook your code toJQuery events

Put then all custom HTML code in the custom template files.

To configure your new skin in Manager, select the custom skin, and enteryour skin name in the configuration field. For example withlemonldap-ng-cli:

/usr/share/lemonldap-ng/bin/lemonldap-ng-cli-yes1setportalSkin'myskin'portalSkinBackground''

You can find additional documentation on the syntax of template files in theofficial documentation of the HTML::Template module

Note

If you modify the static files of your theme often, you should use theCache-busting salt configuration parameters to force web browsers toreload your static resources by changing the special?v= parameter in static resource URLs.Be sure that you include?v=<TMPL_VARCACHE_TAG> in the URL of your static resources

Messages

Changing messages

Messages are defined in source code. If they really do not suit you,override them! You just need to know the ID of the message (look atPortal/Main/Constants.pm).

There are two methods to do this:

  • Uselemonldap-ng.ini:

[portal]# Custom error messageserror_0=Big brother is watching you, authenticated user# Custom standard messagesmsg_lastLogins=Your last connections

You can also define messages in several languages or disable messageboxes by using the bareword_hide_ :

error_en_0=Big brother is watching you, authenticated usererror_fr_0=Souriez, vous êtes surveillés !msg_fr_lastLogins=Dernières connexionserror_9=_hide_

  • Create a lang file in custom skin:

If you have a custom skin, then you can create a lang file intemplates/<yourskin> similar to the default lang files provided inhtdocs/static/languages/.

For exampletemplates/myskin/en.json:

{"PE9":"Please authenticate!","lastLogins":"Previous authentications","myMessage":"My custom message, in english"}

You can also create a file calledall.json to override messages inall languages.

Changed in version 2.0.15:Translations in lemonldap-ng.ini now take priority over translations from skin files

Adding messages in your templates

You can use thetrspan HTML attribute to replace the content of a tag by an internationalized string

<spantrspan="myMessage">ThiswillbereplacedbythetranslationofmyMessage</span>

New in version 2.0.16:You can now also replace HTML attributes with translated messages

<imgsrc="http://xxx"trattribute="alt:myMessage data-description:myMessage"></img>

In this example, thealt= anddata-description= attributes will be replaced by the translation ofmyMessage

Menu tabs

If you modify the menu template to add some tabs, you should add the newtabs in `customMenuTabs` parameter in lemonldap-ng.ini:

[portal]customMenuTabs=test, test2

This will allow one to display the tab directly with this URL:http://auth.example.com/?tab=test

Template parameters

Template parameters are defined in source code. If you need to add atemplate parameter for your customization, then add tolemonldap-ng.ini:

[portal]# Custom template parameterstpl_myparam=world

Then you will be able to use it in your template like this:

Hello<TMPL_VARNAME="myparam">!

All session variables are also available in templates, with the prefixsession_:

Hello<TMPL_VARNAME="session_cn">!

You can also display environment variables, with the prefixenv_:

Your IP is<TMPL_VARNAME="env_REMOTE_ADDR">

Buttons on login page

This node allows one to enable/disable buttons on the login page:

  • Check last logins: display a checkbox on login form, allowinguser to check his login history right after opening session

  • Register new account: display a link toregister page (forpassword based authentication backends)

  • Reset your certificate: display a link toreset certificate page (forpassword based authentication backends)

  • Reset password: display a link toreset your password page (for password basedauthentication backends). Number of allowed retries can be set (3times by default)

Password management

  • Require old password: used only in the password changing moduleof the menu, will check the old password before updating it

  • Allow to display password: if enabled, a small icon in the passwordfield is added and when users click on it, the password value isrevealed. Disabled by default.

  • Hide old password: used only if the password need to be reset bythe user (LDAP password policy), will hide the old password input

  • Send mail on password change: send a mail if the password ischanged from the Menu, or from forced password reset (LDAP passwordpolicy)

Password Policy

Tip

Available since version 2.0.6

  • Activation: enable/disable password policy. You can set a ruleto enable policy for specific users only

  • Display policy in password form: enable this option to display aninformation message about password policy constraints

  • Minimal size: leave 0 to bypass the check

  • Maximal size: leave 0 to bypass the check

  • Minimal lower characters: leave 0 to bypass the check

  • Minimal upper characters: leave 0 to bypass the check

  • Minimal digit characters: leave 0 to bypass the check

  • Minimal special characters: leave 0 to bypass the check

  • Allowed special characters: list of allowed special characters. Set the__ALL__ value to allow ALL special characters.A blank value forbids ALL special characters. Thespace character can not bespecified at the begin or at the end of the list to prevent trimming.

Other

  • User attribute: which session attribute will be used to displayConnectedas in the menu

  • New window: open menu links in new window

  • Anti iframe protection: SetX-Frame-Options and CSPframe-ancestors headers (seeBrowsercompatibility)

  • Ping interval: number of milliseconds between each ping (Ajaxrequest) on the portal menu. Set to 0 to dismiss checks.

  • Show error on expired session: display the error “Sessionexpired”, which stops the authentication process. This is enabled bydefault but can be disabled to prevent transparent authentication(like SSL or Kerberos) to be stopped.

  • Show error on mail not found: display error if provided mail isnot found in password reset by mail process. Disabled by default toprevent mail enumeration from this page.

  • Display rights refresh link: enable/disable link in Portal menu to allow users to refresh their rights

  • Cache-busting salt: change this value any time you update a static fileon the server to force your users to reload their browser cache