lemonldap-ng-sessions [<options>] <command> [<arguments> ...]
get get one or several session from known IDs search search for sessions delete delete existing sessions setKey add/change key in existing session delKey delete key from existing session secondfactors manage second factors consents manage OIDC user consents
--help Show full help --select Select which fields to print --backend Specify session backend --persistent Search in persistent sessions --where Set search filter (search/delete only) --id-only Only return IDs (search only) --user Change user running the script --group Change group running the script
lemonldap-ng-sessions get <id> [<id> ...]
This command lets you read the content of a session.
You must pass one or several session IDs as parameters.
lemonldap-ng-sessions get 9684dd2a6489bf2be2fbdd799a8028e3 lemonldap-ng-sessions get --persistent dwho
lemonldap-ng-sessions search [<options>]
This command lets you search for sessions.
It can be used to find the session IDs that other commands need.
You can restrict the search with options. See "Options"
lemonldap-ng-sessions search lemonldap-ng-sessions search --backend persistent lemonldap-ng-sessions search --where uid=dwho lemonldap-ng-sessions search --where uid=dwho \ --id-only lemonldap-ng-sessions search --backend persistent \ --where _session_uid=dwho lemonldap-ng-sessions search --where uid=dwho \ --select authenticationLevel
lemonldap-ng-sessions delete <id> [<id> ...] lemonldap-ng-sessions delete --where <filter>
This command lets you delete sessions.
You may give it one or several session IDs to remove.
lemonldap-ng-sessions delete 9684dd2a6489bf2be2fbdd799a8028e3 lemonldap-ng-sessions delete --persistent dwho
Or you can give it a search expression.
lemonldap-ng-sessions delete --where uid=dwho lemonldap-ng-sessions delete --persistent --where _session_uid=dwho
lemonldap-ng-sessions setKey <id> <key> <value> [<key> <value> ...]
This command allows you to modify one or several keys from an existing session.
lemonldap-ng-sessions setKey 9684dd2a6489bf2be2fbdd799a8028e3 \ authenticationLevel 1
lemonldap-ng-sessions delKey <id> <key> [<key> ...]
This command lets you remove a key from an existing session.
You must specify a session ID, and one of several session keys to remove.
lemonldap-ng-sessions delKey --persistent dwho _oidcConsents
lemonldap-ng-sessions secondfactors <command> <user> [<id> ... ]
get <user> show all second factors for a user delete <user> <id> [<id> ...] delete second factors for a user. The ID must match one of the IDs returned by the "show" command. delType [<user>|--all] <type> [<type> ...] delete all second factors of a given type for a user migrateu2f [<user>|--all] migrate U2F device registrations to WebAuthn device registrations
lemonldap-ng-sessions consents <command> <user> [<id> ... ]
get <user> show all OIDC consents for a user delete <user> <id> [<id> ...] delete OIDC consents for a user
Lets you select which fields to output in the JSON result.
This option can be set multiple times
This option lets you filter your session search according to a filter.
For now, only one filter can be set.
Only exact matches are supported
--search uid=dwho --search _sessionType=OIDC
This option lets you specify which session backend to use.
You only need it when you configured multiple session backends in your LemonLDAP::NG installation (for Persistent, SAML, CAS or OIDC sessions)
--backend persistent --backend saml --backend oidc --backend cas
This option is a shortcut for specifying --backend persistent and using the UID hash as a session ID
lemonldap-ng-sessions --backend persistent \ get 5efe8af397fc3577e05b483aca964f1b
is the same as
lemonldap-ng-sessions get --persistent dwho
This option replaces the standard JSON output format with a simpler format of one session ID per line.
This allows some interesting combos using xargs. For example, if you want to remove all sessions started by "dwho"
lemonldap-ng-sessions search --where uid=dwho --id-only | \ xargs lemonldap-ng-sessions delete
This option forces the system user that runs the script.
This option forces the system group that runs the script.
Maxime Besson, <firstname.lastname@example.org>
Use OW2 system to report bug or ask for features: <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>
Copyright and License
Copyright (C) 2016 by Xavier Guimard, <email@example.com>
Copyright (C) 2016 by Clément Oudot, <firstname.lastname@example.org>
This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.