lemonldap-ng-sessions.1p - Man Page

Scripting CLI for LemonLDAP::NG sessions


lemonldap-ng-sessions [<options>] <command> [<arguments> ...]


        get             get one or several session from known IDs
        search          search for sessions
        delete          delete existing sessions
        setKey          add/change key in existing session
        delKey          delete key from existing session
        secondfactors   manage second factors
        consents        manage OIDC user consents


        --help          Show full help
        --select        Select which fields to print
        --backend       Specify session backend
        --persistent    Search in persistent sessions
        --where         Set search filter (search/delete only)
        --id-only       Only return IDs (search only)
        --user      Change user running the script
        --group     Change group running the script



    lemonldap-ng-sessions get <id> [<id> ...]

This command lets you read the content of a session.

You must pass one or several session IDs as parameters.


        lemonldap-ng-sessions get 9684dd2a6489bf2be2fbdd799a8028e3

        lemonldap-ng-sessions get --persistent dwho


    lemonldap-ng-sessions delete <id> [<id> ...]
    lemonldap-ng-sessions delete --where <filter>

This command lets you delete sessions.

You may give it one or several session IDs to remove.


        lemonldap-ng-sessions delete 9684dd2a6489bf2be2fbdd799a8028e3

        lemonldap-ng-sessions delete --persistent dwho

Or you can give it a search expression.


        lemonldap-ng-sessions delete --where uid=dwho

        lemonldap-ng-sessions delete --persistent --where _session_uid=dwho

Set Key

    lemonldap-ng-sessions setKey <id> <key> <value> [<key> <value> ...]

This command allows you to modify one or several keys from an existing session.


        lemonldap-ng-sessions setKey 9684dd2a6489bf2be2fbdd799a8028e3 \
                authenticationLevel 1

Delete Key

    lemonldap-ng-sessions delKey <id> <key> [<key> ...]

This command lets you remove a key from an existing session.

You must specify a session ID, and one of several session keys to remove.


        lemonldap-ng-sessions delKey --persistent dwho _oidcConsents

Second Factors

    lemonldap-ng-sessions secondfactors <command> <user> [<id> ... ]


    get <user>
        show all second factors for a user
    delete <user> <id> [<id> ...]
        delete second factors for a user. The ID must match one of the
        IDs returned by the "show" command.
    delType [<user>|--all] <type> [<type> ...]
        delete all second factors of a given type for a user
    migrateu2f [<user>|--all]
        migrate U2F device registrations to WebAuthn device registrations


    lemonldap-ng-sessions consents <command> <user> [<id> ... ]


    get <user>
        show all OIDC consents for a user
    delete <user> <id> [<id> ...]
        delete OIDC consents for a user



Lets you select which fields to output in the JSON result.

This option can be set multiple times


This option lets you filter your session search according to a filter.

For now, only one filter can be set.

Only exact matches are supported


        --search uid=dwho
        --search _sessionType=OIDC

This option lets you specify which session backend to use.

You only need it when you configured multiple session backends in your LemonLDAP::NG installation (for Persistent, SAML, CAS or OIDC sessions)


        --backend persistent
        --backend saml
        --backend oidc
        --backend cas

This option is a shortcut for specifying --backend persistent and using the UID hash as a session ID


        lemonldap-ng-sessions --backend persistent \
                get 5efe8af397fc3577e05b483aca964f1b

is the same as

        lemonldap-ng-sessions get --persistent dwho

This option replaces the standard JSON output format with a simpler format of one session ID per line.

This allows some interesting combos using xargs. For example, if you want to remove all sessions started by "dwho"

        lemonldap-ng-sessions search --where uid=dwho --id-only | \
                xargs lemonldap-ng-sessions delete

This option forces the system user that runs the script.


This option forces the system group that runs the script.

See Also



Maxime Besson, <maxime.besson@worteks.com>

Bug Report

Use OW2 system to report bug or ask for features: <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>


2023-11-14 perl v5.38.0 User Contributed Perl Documentation