Your company here — click to reach over 10,000 unique daily visitors

lemonldap-ng-sessions.1p - Man Page

Scripting CLI for LemonLDAP::NG sessions


  lemonldap-ng-sessions [<options>] <command> [<arguments> ...]



"get": get one or several session from known IDs

"search": search for sessions

"delete": delete existing sessions

"setKey": add/change key in existing session

"delKey": delete key from existing session

"secondfactors": manage second factors

"consents": manage OIDC user consents


--help: Show full help

--select: Select which fields to print

--backend: Specify session backend

--persistent:Search in persistent sessions

--where: Set search filter (search/delete only)

--id-only: Only return IDs (search only)

--user: Change user running the script

--group: Change group running the script

--hash: When "hashed session storage" is in use, indicates that the given session ID is the original value (cookie value)



    lemonldap-ng-sessions get <id> [<id> ...]

This command lets you read the content of a session.

You must pass one or several session IDs as parameters.


        lemonldap-ng-sessions get 9684dd2a6489bf2be2fbdd799a8028e3

        lemonldap-ng-sessions get --persistent dwho


    lemonldap-ng-sessions search [<options>]

This command lets you search for sessions.

It can be used to find the session IDs that other commands need.

You can restrict the search with options. See "Options"


        lemonldap-ng-sessions search

        lemonldap-ng-sessions search --backend persistent

        lemonldap-ng-sessions search --where uid=dwho

        lemonldap-ng-sessions search --where uid=dwho \

        lemonldap-ng-sessions search --backend persistent \
                --where _session_uid=dwho

        lemonldap-ng-sessions search --where uid=dwho \
                --select authenticationLevel

    lemonldap-ng-sessions search --where '_startTime>20240410063538'
    lemonldap-ng-sessions search --where '_startTime<20240410063538'


    lemonldap-ng-sessions delete <id> [<id> ...]
    lemonldap-ng-sessions delete --where <filter>

This command lets you delete sessions.

You may give it one or several session IDs to remove.


        lemonldap-ng-sessions delete 9684dd2a6489bf2be2fbdd799a8028e3

        lemonldap-ng-sessions delete --persistent dwho

Or you can give it a search expression.


        lemonldap-ng-sessions delete --where uid=dwho

        lemonldap-ng-sessions delete --persistent --where _session_uid=dwho


    lemonldap-ng-sessions setKey <id> <key> <value> [<key> <value> ...]

This command allows you to modify one or several keys from an existing session.


        lemonldap-ng-sessions setKey 9684dd2a6489bf2be2fbdd799a8028e3 \
                authenticationLevel 1


    lemonldap-ng-sessions delKey <id> <key> [<key> ...]

This command lets you remove a key from an existing session.

You must specify a session ID, and one of several session keys to remove.


        lemonldap-ng-sessions delKey --persistent dwho _oidcConsents


    lemonldap-ng-sessions secondfactors <command> <user> [<id> ... ]


get <user>

show all second factors for a user

delete <user> <id> [<id> ...]

delete second factors for a user. The ID must match one of the IDs returned by the "show" command.

delType [<user>|--all] <type> [<type> ...]

delete all second factors of a given type for a user

migrateu2f [<user>|--all]

migrate U2F device registrations to WebAuthn device registrations


    lemonldap-ng-sessions consents <command> <user> [<id> ... ]


    get <user>
        show all OIDC consents for a user
    delete <user> <id> [<id> ...]
        delete OIDC consents for a user



Lets you select which fields to output in the JSON result.

This option can be set multiple times


This option lets you filter your session search according to a filter.

For now, only one filter can be set.


        --search uid=dwho
        --search _sessionType=OIDC
    --search '_startTime>20240410063538'
    --search '_startTime<20240410063538'

This option lets you specify which session backend to use.

You only need it when you configured multiple session backends in your LemonLDAP::NG installation (for Persistent, SAML, CAS or OIDC sessions)


        --backend persistent
        --backend saml
        --backend oidc
        --backend cas

This option is a shortcut for specifying --backend persistent and using the UID hash as a session ID


        lemonldap-ng-sessions --backend persistent \
                get 5efe8af397fc3577e05b483aca964f1b

is the same as

        lemonldap-ng-sessions get --persistent dwho

This option replaces the standard JSON output format with a simpler format of one session ID per line.

This allows some interesting combos using xargs. For example, if you want to remove all sessions started by "dwho"

        lemonldap-ng-sessions search --where uid=dwho --id-only | \
                xargs lemonldap-ng-sessions delete

This option forces the system user that runs the script.


This option forces the system group that runs the script.

--hash,  -c

When the session storage is protected by hashed session storage <https://lemonldap-ng.org/documentation/latest/security.html#configure-security-settings>, this option indicates that the given session is the original value (cookie value)

See Also



Maxime Besson, <maxime.besson@worteks.com>

Bug Report

Use OW2 system to report bug or ask for features: <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>


2024-04-30 perl v5.38.2 User Contributed Perl Documentation