When installing LL::NG, the Manager can only be accessed from localhost, for security reasons. This How To explains how change this default behavior to protect Manager with Apache or directly with LL::NG.
The configuration can be changed in etc/manager-apache2.conf:
By default, the protection rule is to only accept clients from localhost:
<Directory /usr/local/lemonldap-ng/htdocs/manager/> Order deny,allow Deny from all Allow from 127.0.0.0/8 Options +ExecCGI </Directory>
You can change this to allow other specific IP, for example:
<Directory /usr/local/lemonldap-ng/htdocs/manager/> Order deny,allow Deny from all Allow from 127.0.0.0/8 192.168.100.0/32 Options +ExecCGI </Directory>
But you will rather prefer to use an Apache authentication module, like for example LDAP authentication module:
<Directory /usr/local/lemonldap-ng/htdocs/manager/> AuthzLDAPAuthoritative On AuthName "LL::NG Manager" AuthType Basic AuthBasicProvider ldap AuthLDAPBindDN "ou=websso,ou=applications,dc=example,dc=com" AuthLDAPBindPassword "secret" AuthLDAPURL ldap://localhost:389/ou=users,dc=example,dc=com???(objectClass=inetOrgPerson) TLS Require ldap-user coudot xguimard tchemineau Options +ExecCGI </Directory>
Go on Manager, and declare Manager as a new virtual host, for example manager.example.com. You can then set the access rule. No headers are needed.
Save the configuration and exit the Manager.
Enable protection on Manager, by editing lemonldap-ng.ini:
[manager] protection = manager
Remove Apache access control:
<Directory /usr/local/lemonldap-ng/htdocs/manager/> Order deny,allow Allow from all Options +ExecCGI </Directory>
Restart Apache and try to log on Manager. You should be redirected to LL::NG Portal.
You can then add the Manager as an application in the menu.
lemonldap-ng.ini and reconfigure Apache access control.