lunar (1) lemonldap-ng-sessions.1p.gz

Provided by: liblemonldap-ng-common-perl_2.0.16+ds-4_all bug

NAME

       lemonldap-ng-sessions - Scripting CLI for LemonLDAP::NG sessions

SYNOPSIS

       lemonldap-ng-sessions [<options>] <command> [<arguments> ...]

       Commands:

               get             get one or several session from known IDs
               search          search for sessions
               delete          delete existing sessions
               setKey          add/change key in existing session
               delKey          delete key from existing session
               secondfactors   manage second factors
               consents        manage OIDC user consents

       Options:

               --help          Show full help
               --select        Select which fields to print
               --backend       Specify session backend
               --persistent    Search in persistent sessions
               --where         Set search filter (search/delete only)
               --id-only       Only return IDs (search only)
               --user      Change user running the script
               --group     Change group running the script

COMMANDS

   Get
           lemonldap-ng-sessions get <id> [<id> ...]

       This command lets you read the content of a session.

       You must pass one or several session IDs as parameters.

       Examples

               lemonldap-ng-sessions get 9684dd2a6489bf2be2fbdd799a8028e3

               lemonldap-ng-sessions get --persistent dwho

   Search
           lemonldap-ng-sessions search [<options>]

       This command lets you search for sessions.

       It can be used to find the session IDs that other commands need.

       You can restrict the search with options. See "OPTIONS"

       Examples

               lemonldap-ng-sessions search

               lemonldap-ng-sessions search --backend persistent

               lemonldap-ng-sessions search --where uid=dwho

               lemonldap-ng-sessions search --where uid=dwho \
                       --id-only

               lemonldap-ng-sessions search --backend persistent \
                       --where _session_uid=dwho

               lemonldap-ng-sessions search --where uid=dwho \
                       --select authenticationLevel

   Delete
           lemonldap-ng-sessions delete <id> [<id> ...]
           lemonldap-ng-sessions delete --where <filter>

       This command lets you delete sessions.

       You may give it one or several session IDs to remove.

       Examples:

               lemonldap-ng-sessions delete 9684dd2a6489bf2be2fbdd799a8028e3

               lemonldap-ng-sessions delete --persistent dwho

       Or you can give it a search expression.

       Examples:

               lemonldap-ng-sessions delete --where uid=dwho

               lemonldap-ng-sessions delete --persistent --where _session_uid=dwho

   Set Key
           lemonldap-ng-sessions setKey <id> <key> <value> [<key> <value> ...]

       This command allows you to modify one or several keys from an existing session.

       Examples:

               lemonldap-ng-sessions setKey 9684dd2a6489bf2be2fbdd799a8028e3 \
                       authenticationLevel 1

   Delete Key
           lemonldap-ng-sessions delKey <id> <key> [<key> ...]

       This command lets you remove a key from an existing session.

       You must specify a session ID, and one of several session keys to remove.

       Examples:

               lemonldap-ng-sessions delKey --persistent dwho _oidcConsents

   Second Factors
           lemonldap-ng-sessions secondfactors <command> <user> [<id> ... ]

       Commands:

           get <user>
               show all second factors for a user
           delete <user> <id> [<id> ...]
               delete second factors for a user. The ID must match one of the
               IDs returned by the "show" command.
           delType [<user>|--all] <type> [<type> ...]
               delete all second factors of a given type for a user
           migrateu2f [<user>|--all]
               migrate U2F device registrations to WebAuthn device registrations

   Consents
           lemonldap-ng-sessions consents <command> <user> [<id> ... ]

       Commands:

           get <user>
               show all OIDC consents for a user
           delete <user> <id> [<id> ...]
               delete OIDC consents for a user

OPTIONS

       --select,-s
           Lets you select which fields to output in the JSON result.

           This option can be set multiple times

       --where,-w
           This option lets you filter your session search according to a filter.

           For now, only one filter can be set.

           Only exact matches are supported

           Examples:

                   --search uid=dwho
                   --search _sessionType=OIDC

       --backend,-b
           This option lets you specify which session backend to use.

           You only need it when you configured multiple session backends in your LemonLDAP::NG
           installation (for Persistent, SAML, CAS or OIDC sessions)

           Examples:

                   --backend persistent
                   --backend saml
                   --backend oidc
                   --backend cas

       --persistent,-p
           This option is a shortcut for specifying --backend persistent and using the UID hash
           as a session ID

           Example:

                   lemonldap-ng-sessions --backend persistent \
                           get 5efe8af397fc3577e05b483aca964f1b

           is the same as

                   lemonldap-ng-sessions get --persistent dwho

       --id-only,-i
           This option replaces the standard JSON output format with a simpler format of one
           session ID per line.

           This allows some interesting combos using xargs. For example, if you want to remove
           all sessions started by "dwho"

                   lemonldap-ng-sessions search --where uid=dwho --id-only | \
                           xargs lemonldap-ng-sessions delete

       --user,-u
           This option forces the system user that runs the script.

       --group,-g
           This option forces the system group that runs the script.

SEE ALSO

       <http://lemonldap-ng.org/>

AUTHORS

       Maxime Besson, <maxime.besson@worteks.com>

BUG REPORT

       Use OW2 system to report bug or ask for features:
       <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>

       Copyright (C) 2016 by Xavier Guimard, <x.guimard@free.fr>
       Copyright (C) 2016 by Clément Oudot, <clem.oudot@gmail.com>

       This library is free software; you can redistribute it and/or modify it under the terms of
       the GNU General Public License as published by the Free Software Foundation; either
       version 2, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
       without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
       See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program.
       If not, see <http://www.gnu.org/licenses/>.