.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "LEMONLDAP-NG-SESSIONS 1p" .TH LEMONLDAP-NG-SESSIONS 1p "2024-05-03" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" lemonldap\-ng\-sessions \- Scripting CLI for LemonLDAP::NG sessions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& lemonldap\-ng\-sessions [] [ ...] .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBCommands\fR: .ie n .IP "\fB""get""\fR: get one or several session from known IDs" 4 .el .IP "\fB``get''\fR: get one or several session from known IDs" 4 .IX Item "get: get one or several session from known IDs" .PD 0 .ie n .IP "\fB""search""\fR: search for sessions" 4 .el .IP "\fB``search''\fR: search for sessions" 4 .IX Item "search: search for sessions" .ie n .IP "\fB""delete""\fR: delete existing sessions" 4 .el .IP "\fB``delete''\fR: delete existing sessions" 4 .IX Item "delete: delete existing sessions" .ie n .IP "\fB""setKey""\fR: add/change key in existing session" 4 .el .IP "\fB``setKey''\fR: add/change key in existing session" 4 .IX Item "setKey: add/change key in existing session" .ie n .IP "\fB""delKey""\fR: delete key from existing session" 4 .el .IP "\fB``delKey''\fR: delete key from existing session" 4 .IX Item "delKey: delete key from existing session" .ie n .IP "\fB""secondfactors""\fR: manage second factors" 4 .el .IP "\fB``secondfactors''\fR: manage second factors" 4 .IX Item "secondfactors: manage second factors" .ie n .IP "\fB""consents""\fR: manage \s-1OIDC\s0 user consents" 4 .el .IP "\fB``consents''\fR: manage \s-1OIDC\s0 user consents" 4 .IX Item "consents: manage OIDC user consents" .PD .PP \&\fBOptions\fR: .IP "\fB\-\-help\fR: Show full help" 4 .IX Item "--help: Show full help" .PD 0 .IP "\fB\-\-select\fR: Select which fields to print" 4 .IX Item "--select: Select which fields to print" .IP "\fB\-\-backend\fR: Specify session backend" 4 .IX Item "--backend: Specify session backend" .IP "\fB\-\-persistent\fR:Search in persistent sessions" 4 .IX Item "--persistent:Search in persistent sessions" .IP "\fB\-\-where\fR: Set search filter (search/delete only)" 4 .IX Item "--where: Set search filter (search/delete only)" .IP "\fB\-\-id\-only\fR: Only return IDs (search only)" 4 .IX Item "--id-only: Only return IDs (search only)" .IP "\fB\-\-user\fR: Change user running the script" 4 .IX Item "--user: Change user running the script" .IP "\fB\-\-group\fR: Change group running the script" 4 .IX Item "--group: Change group running the script" .ie n .IP "\fB\-\-hash\fR: When ""hashed session storage"" is in use, indicates that the given session \s-1ID\s0 is the original value (cookie value)" 4 .el .IP "\fB\-\-hash\fR: When ``hashed session storage'' is in use, indicates that the given session \s-1ID\s0 is the original value (cookie value)" 4 .IX Item "--hash: When hashed session storage is in use, indicates that the given session ID is the original value (cookie value)" .PD .SS "\s-1COMMANDS\s0" .IX Subsection "COMMANDS" \fIget\fR .IX Subsection "get" .PP .Vb 1 \& lemonldap\-ng\-sessions get [ ...] .Ve .PP This command lets you read the content of a session. .PP You must pass one or several session IDs as parameters. .PP Examples .PP .Vb 1 \& lemonldap\-ng\-sessions get 9684dd2a6489bf2be2fbdd799a8028e3 \& \& lemonldap\-ng\-sessions get \-\-persistent dwho .Ve .PP \fIsearch\fR .IX Subsection "search" .PP .Vb 1 \& lemonldap\-ng\-sessions search [] .Ve .PP This command lets you search for sessions. .PP It can be used to find the session IDs that other commands need. .PP You can restrict the search with options. See \*(L"\s-1OPTIONS\*(R"\s0 .PP Examples .PP .Vb 1 \& lemonldap\-ng\-sessions search \& \& lemonldap\-ng\-sessions search \-\-backend persistent \& \& lemonldap\-ng\-sessions search \-\-where uid=dwho \& \& lemonldap\-ng\-sessions search \-\-where uid=dwho \e \& \-\-id\-only \& \& lemonldap\-ng\-sessions search \-\-backend persistent \e \& \-\-where _session_uid=dwho \& \& lemonldap\-ng\-sessions search \-\-where uid=dwho \e \& \-\-select authenticationLevel \& \& lemonldap\-ng\-sessions search \-\-where \*(Aq_startTime>20240410063538\*(Aq \& lemonldap\-ng\-sessions search \-\-where \*(Aq_startTime<20240410063538\*(Aq .Ve .PP \fIdelete\fR .IX Subsection "delete" .PP .Vb 2 \& lemonldap\-ng\-sessions delete [ ...] \& lemonldap\-ng\-sessions delete \-\-where .Ve .PP This command lets you delete sessions. .PP You may give it one or several session IDs to remove. .PP Examples: .PP .Vb 1 \& lemonldap\-ng\-sessions delete 9684dd2a6489bf2be2fbdd799a8028e3 \& \& lemonldap\-ng\-sessions delete \-\-persistent dwho .Ve .PP Or you can give it a search expression. .PP Examples: .PP .Vb 1 \& lemonldap\-ng\-sessions delete \-\-where uid=dwho \& \& lemonldap\-ng\-sessions delete \-\-persistent \-\-where _session_uid=dwho .Ve .PP \fIsetKey\fR .IX Subsection "setKey" .PP .Vb 1 \& lemonldap\-ng\-sessions setKey [ ...] .Ve .PP This command allows you to modify one or several keys from an existing session. .PP Examples: .PP .Vb 2 \& lemonldap\-ng\-sessions setKey 9684dd2a6489bf2be2fbdd799a8028e3 \e \& authenticationLevel 1 .Ve .PP \fIdelKey\fR .IX Subsection "delKey" .PP .Vb 1 \& lemonldap\-ng\-sessions delKey [ ...] .Ve .PP This command lets you remove a key from an existing session. .PP You must specify a session \s-1ID,\s0 and one of several session keys to remove. .PP Examples: .PP .Vb 1 \& lemonldap\-ng\-sessions delKey \-\-persistent dwho _oidcConsents .Ve .PP \fIsecondfactors\fR .IX Subsection "secondfactors" .PP .Vb 1 \& lemonldap\-ng\-sessions secondfactors [ ... ] .Ve .PP \&\fBCommands\fR: .IP "\fBget\fR " 4 .IX Item "get " show all second factors for a user .IP "\fBdelete\fR [ ...]" 4 .IX Item "delete [ ...]" delete second factors for a user. The \s-1ID\s0 must match one of the IDs returned by the \*(L"show\*(R" command. .IP "\fBdelType\fR [|\-\-all] [ ...]" 4 .IX Item "delType [|--all] [ ...]" delete all second factors of a given type for a user .IP "\fBmigrateu2f\fR [|\-\-all]" 4 .IX Item "migrateu2f [|--all]" migrate U2F device registrations to WebAuthn device registrations .PP \fIconsents\fR .IX Subsection "consents" .PP .Vb 1 \& lemonldap\-ng\-sessions consents [ ... ] .Ve .PP Commands: .PP .Vb 4 \& get \& show all OIDC consents for a user \& delete [ ...] \& delete OIDC consents for a user .Ve .SS "\s-1OPTIONS\s0" .IX Subsection "OPTIONS" .IP "\fB\-\-select\fR,\fB\-s\fR" 4 .IX Item "--select,-s" Lets you select which fields to output in the \s-1JSON\s0 result. .Sp This option can be set multiple times .IP "\fB\-\-where\fR,\fB\-w\fR" 4 .IX Item "--where,-w" This option lets you filter your session search according to a filter. .Sp For now, only one filter can be set. .Sp Examples: .Sp .Vb 4 \& \-\-search uid=dwho \& \-\-search _sessionType=OIDC \& \-\-search \*(Aq_startTime>20240410063538\*(Aq \& \-\-search \*(Aq_startTime<20240410063538\*(Aq .Ve .IP "\fB\-\-backend\fR,\fB\-b\fR" 4 .IX Item "--backend,-b" This option lets you specify which session backend to use. .Sp You only need it when you configured multiple session backends in your LemonLDAP::NG installation (for Persistent, \s-1SAML, CAS\s0 or \s-1OIDC\s0 sessions) .Sp Examples: .Sp .Vb 4 \& \-\-backend persistent \& \-\-backend saml \& \-\-backend oidc \& \-\-backend cas .Ve .IP "\fB\-\-persistent\fR,\fB\-p\fR" 4 .IX Item "--persistent,-p" This option is a shortcut for specifying \-\-backend persistent and using the \s-1UID\s0 hash as a session \s-1ID\s0 .Sp Example: .Sp .Vb 2 \& lemonldap\-ng\-sessions \-\-backend persistent \e \& get 5efe8af397fc3577e05b483aca964f1b .Ve .Sp is the same as .Sp .Vb 1 \& lemonldap\-ng\-sessions get \-\-persistent dwho .Ve .IP "\fB\-\-id\-only\fR,\fB\-i\fR" 4 .IX Item "--id-only,-i" This option replaces the standard \s-1JSON\s0 output format with a simpler format of one session \s-1ID\s0 per line. .Sp This allows some interesting combos using xargs. For example, if you want to remove all sessions started by \*(L"dwho\*(R" .Sp .Vb 2 \& lemonldap\-ng\-sessions search \-\-where uid=dwho \-\-id\-only | \e \& xargs lemonldap\-ng\-sessions delete .Ve .IP "\fB\-\-user\fR,\fB\-u\fR" 4 .IX Item "--user,-u" This option forces the system user that runs the script. .IP "\fB\-\-group\fR,\fB\-g\fR" 4 .IX Item "--group,-g" This option forces the system group that runs the script. .IP "\fB\-\-hash\fR, \fB\-c\fR" 4 .IX Item "--hash, -c" When the session storage is protected by hashed session storage , this option indicates that the given session is the original value \&\fI(cookie value)\fR .SH "SEE ALSO" .IX Header "SEE ALSO" .SH "AUTHORS" .IX Header "AUTHORS" .IP "Maxime Besson, " 4 .IX Item "Maxime Besson, " .SH "BUG REPORT" .IX Header "BUG REPORT" Use \s-1OW2\s0 system to report bug or ask for features: .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" .IP "Copyright (C) 2016 by Xavier Guimard, " 4 .IX Item "Copyright (C) 2016 by Xavier Guimard, " .PD 0 .IP "Copyright (C) 2016 by Clément Oudot, " 4 .IX Item "Copyright (C) 2016 by Clément Oudot, " .PD .PP This library is free software; you can redistribute it and/or modify it under the terms of the \s-1GNU\s0 General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. .PP This program is distributed in the hope that it will be useful, but \s-1WITHOUT ANY WARRANTY\s0; without even the implied warranty of \&\s-1MERCHANTABILITY\s0 or \s-1FITNESS FOR A PARTICULAR PURPOSE.\s0 See the \&\s-1GNU\s0 General Public License for more details. .PP You should have received a copy of the \s-1GNU\s0 General Public License along with this program. If not, see .