.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "LEMONLDAP-NG-SESSIONS 1p" .TH LEMONLDAP-NG-SESSIONS 1p 2024-04-30 "perl v5.38.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME lemonldap\-ng\-sessions \- Scripting CLI for LemonLDAP::NG sessions .SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& lemonldap\-ng\-sessions [] [ ...] .Ve .SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBCommands\fR: .IP "\fB""get""\fR: get one or several session from known IDs" 4 .IX Item """get"": get one or several session from known IDs" .PD 0 .IP "\fB""search""\fR: search for sessions" 4 .IX Item """search"": search for sessions" .IP "\fB""delete""\fR: delete existing sessions" 4 .IX Item """delete"": delete existing sessions" .IP "\fB""setKey""\fR: add/change key in existing session" 4 .IX Item """setKey"": add/change key in existing session" .IP "\fB""delKey""\fR: delete key from existing session" 4 .IX Item """delKey"": delete key from existing session" .IP "\fB""secondfactors""\fR: manage second factors" 4 .IX Item """secondfactors"": manage second factors" .IP "\fB""consents""\fR: manage OIDC user consents" 4 .IX Item """consents"": manage OIDC user consents" .PD .PP \&\fBOptions\fR: .IP "\fB\-\-help\fR: Show full help" 4 .IX Item "--help: Show full help" .PD 0 .IP "\fB\-\-select\fR: Select which fields to print" 4 .IX Item "--select: Select which fields to print" .IP "\fB\-\-backend\fR: Specify session backend" 4 .IX Item "--backend: Specify session backend" .IP "\fB\-\-persistent\fR:Search in persistent sessions" 4 .IX Item "--persistent:Search in persistent sessions" .IP "\fB\-\-where\fR: Set search filter (search/delete only)" 4 .IX Item "--where: Set search filter (search/delete only)" .IP "\fB\-\-id\-only\fR: Only return IDs (search only)" 4 .IX Item "--id-only: Only return IDs (search only)" .IP "\fB\-\-user\fR: Change user running the script" 4 .IX Item "--user: Change user running the script" .IP "\fB\-\-group\fR: Change group running the script" 4 .IX Item "--group: Change group running the script" .IP "\fB\-\-hash\fR: When ""hashed session storage"" is in use, indicates that the given session ID is the original value (cookie value)" 4 .IX Item "--hash: When ""hashed session storage"" is in use, indicates that the given session ID is the original value (cookie value)" .PD .SS COMMANDS .IX Subsection "COMMANDS" \fIget\fR .IX Subsection "get" .PP .Vb 1 \& lemonldap\-ng\-sessions get [ ...] .Ve .PP This command lets you read the content of a session. .PP You must pass one or several session IDs as parameters. .PP Examples .PP .Vb 1 \& lemonldap\-ng\-sessions get 9684dd2a6489bf2be2fbdd799a8028e3 \& \& lemonldap\-ng\-sessions get \-\-persistent dwho .Ve .PP \fIsearch\fR .IX Subsection "search" .PP .Vb 1 \& lemonldap\-ng\-sessions search [] .Ve .PP This command lets you search for sessions. .PP It can be used to find the session IDs that other commands need. .PP You can restrict the search with options. See "OPTIONS" .PP Examples .PP .Vb 1 \& lemonldap\-ng\-sessions search \& \& lemonldap\-ng\-sessions search \-\-backend persistent \& \& lemonldap\-ng\-sessions search \-\-where uid=dwho \& \& lemonldap\-ng\-sessions search \-\-where uid=dwho \e \& \-\-id\-only \& \& lemonldap\-ng\-sessions search \-\-backend persistent \e \& \-\-where _session_uid=dwho \& \& lemonldap\-ng\-sessions search \-\-where uid=dwho \e \& \-\-select authenticationLevel \& \& lemonldap\-ng\-sessions search \-\-where \*(Aq_startTime>20240410063538\*(Aq \& lemonldap\-ng\-sessions search \-\-where \*(Aq_startTime<20240410063538\*(Aq .Ve .PP \fIdelete\fR .IX Subsection "delete" .PP .Vb 2 \& lemonldap\-ng\-sessions delete [ ...] \& lemonldap\-ng\-sessions delete \-\-where .Ve .PP This command lets you delete sessions. .PP You may give it one or several session IDs to remove. .PP Examples: .PP .Vb 1 \& lemonldap\-ng\-sessions delete 9684dd2a6489bf2be2fbdd799a8028e3 \& \& lemonldap\-ng\-sessions delete \-\-persistent dwho .Ve .PP Or you can give it a search expression. .PP Examples: .PP .Vb 1 \& lemonldap\-ng\-sessions delete \-\-where uid=dwho \& \& lemonldap\-ng\-sessions delete \-\-persistent \-\-where _session_uid=dwho .Ve .PP \fIsetKey\fR .IX Subsection "setKey" .PP .Vb 1 \& lemonldap\-ng\-sessions setKey [ ...] .Ve .PP This command allows you to modify one or several keys from an existing session. .PP Examples: .PP .Vb 2 \& lemonldap\-ng\-sessions setKey 9684dd2a6489bf2be2fbdd799a8028e3 \e \& authenticationLevel 1 .Ve .PP \fIdelKey\fR .IX Subsection "delKey" .PP .Vb 1 \& lemonldap\-ng\-sessions delKey [ ...] .Ve .PP This command lets you remove a key from an existing session. .PP You must specify a session ID, and one of several session keys to remove. .PP Examples: .PP .Vb 1 \& lemonldap\-ng\-sessions delKey \-\-persistent dwho _oidcConsents .Ve .PP \fIsecondfactors\fR .IX Subsection "secondfactors" .PP .Vb 1 \& lemonldap\-ng\-sessions secondfactors [ ... ] .Ve .PP \&\fBCommands\fR: .IP "\fBget\fR " 4 .IX Item "get " show all second factors for a user .IP "\fBdelete\fR [ ...]" 4 .IX Item "delete [ ...]" delete second factors for a user. The ID must match one of the IDs returned by the "show" command. .IP "\fBdelType\fR [|\-\-all] [ ...]" 4 .IX Item "delType [|--all] [ ...]" delete all second factors of a given type for a user .IP "\fBmigrateu2f\fR [|\-\-all]" 4 .IX Item "migrateu2f [|--all]" migrate U2F device registrations to WebAuthn device registrations .PP \fIconsents\fR .IX Subsection "consents" .PP .Vb 1 \& lemonldap\-ng\-sessions consents [ ... ] .Ve .PP Commands: .PP .Vb 4 \& get \& show all OIDC consents for a user \& delete [ ...] \& delete OIDC consents for a user .Ve .SS OPTIONS .IX Subsection "OPTIONS" .IP \fB\-\-select\fR,\fB\-s\fR 4 .IX Item "--select,-s" Lets you select which fields to output in the JSON result. .Sp This option can be set multiple times .IP \fB\-\-where\fR,\fB\-w\fR 4 .IX Item "--where,-w" This option lets you filter your session search according to a filter. .Sp For now, only one filter can be set. .Sp Examples: .Sp .Vb 4 \& \-\-search uid=dwho \& \-\-search _sessionType=OIDC \& \-\-search \*(Aq_startTime>20240410063538\*(Aq \& \-\-search \*(Aq_startTime<20240410063538\*(Aq .Ve .IP \fB\-\-backend\fR,\fB\-b\fR 4 .IX Item "--backend,-b" This option lets you specify which session backend to use. .Sp You only need it when you configured multiple session backends in your LemonLDAP::NG installation (for Persistent, SAML, CAS or OIDC sessions) .Sp Examples: .Sp .Vb 4 \& \-\-backend persistent \& \-\-backend saml \& \-\-backend oidc \& \-\-backend cas .Ve .IP \fB\-\-persistent\fR,\fB\-p\fR 4 .IX Item "--persistent,-p" This option is a shortcut for specifying \-\-backend persistent and using the UID hash as a session ID .Sp Example: .Sp .Vb 2 \& lemonldap\-ng\-sessions \-\-backend persistent \e \& get 5efe8af397fc3577e05b483aca964f1b .Ve .Sp is the same as .Sp .Vb 1 \& lemonldap\-ng\-sessions get \-\-persistent dwho .Ve .IP \fB\-\-id\-only\fR,\fB\-i\fR 4 .IX Item "--id-only,-i" This option replaces the standard JSON output format with a simpler format of one session ID per line. .Sp This allows some interesting combos using xargs. For example, if you want to remove all sessions started by "dwho" .Sp .Vb 2 \& lemonldap\-ng\-sessions search \-\-where uid=dwho \-\-id\-only | \e \& xargs lemonldap\-ng\-sessions delete .Ve .IP \fB\-\-user\fR,\fB\-u\fR 4 .IX Item "--user,-u" This option forces the system user that runs the script. .IP \fB\-\-group\fR,\fB\-g\fR 4 .IX Item "--group,-g" This option forces the system group that runs the script. .IP "\fB\-\-hash\fR, \fB\-c\fR" 4 .IX Item "--hash, -c" When the session storage is protected by hashed session storage , this option indicates that the given session is the original value \&\fI(cookie value)\fR .SH "SEE ALSO" .IX Header "SEE ALSO" .SH AUTHORS .IX Header "AUTHORS" .IP "Maxime Besson, " 4 .IX Item "Maxime Besson, " .SH "BUG REPORT" .IX Header "BUG REPORT" Use OW2 system to report bug or ask for features: .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" .IP "Copyright (C) 2016 by Xavier Guimard, " 4 .IX Item "Copyright (C) 2016 by Xavier Guimard, " .PD 0 .IP "Copyright (C) 2016 by Clément Oudot, " 4 .IX Item "Copyright (C) 2016 by Clément Oudot, " .PD .PP This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. .PP This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. .PP You should have received a copy of the GNU General Public License along with this program. If not, see .