============
lemonldap-ng
============

Configure an OpenID Connect *Identity Provider*, to be used with an
OpenID Connect Relying Party e.g.  :doc:`libapache2-mod-auth-openidc`.

Test install for bullseye/buster::

  # /usr/share/doc/lemonldap-ng/README.Debian

  apt install openid-connect-provider \
    apache2 libapache2-mod-perl2 libapache2-mod-fcgid \
    libfcgi-perl libstring-random-perl libmime-tools-perl libemail-sender-perl \
    libgd-securityimage-perl libimage-magick-perl

  cat /etc/lemonldap-ng/for_etc_hosts >> /etc/hosts
  a2enmod perl fcgid rewrite headers
  a2ensite portal-apache2.conf manager-apache2.conf handler-apache2.conf 

  # bullseye:
  mkdir /var/lib/lemonldap-ng/cache
  chown www-data: /var/lib/lemonldap-ng/cache

  service apache2 restart

  # http://auth.example.com/
  # dwho:dwho rtyler:rtyler msmith:msmith


  # OpenID Connect Identity Provider
  # https://lemonldap-ng.org/documentation/latest/cli_examples#configure-openid-connect-identity-provider
  /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
      set \
          issuerDBOpenIDConnectActivation 1

  cd /etc/lemonldap-ng/
  openssl genrsa -out oidc.key 4096
  openssl rsa -pubout -in oidc.key -out oidc_pub.key

  /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
    set \
        oidcServicePrivateKeySig "`cat oidc.key`" \
        oidcServicePublicKeySig "`cat oidc_pub.key`" \
        oidcServiceKeyIdSig "randomstring"

  service apache2 restart
  curl http://auth.example.com/.well-known/openid-configuration


| Copyright (C) 2025  Sylvain Beucler