2018-03-02 15:44:00 +01:00
<?xml version="1.0" encoding="utf-8"?>
<creole >
2020-10-14 13:18:04 +02:00
2018-03-05 14:35:14 +01:00
<files >
2020-10-14 13:18:04 +02:00
<file filelist= 'lemonldap' name= '/etc/lemonldap-ng/lemonldap-ng.ini' mkdir= 'True' rm= 'True' />
<file filelist= 'lemonldap' name= '/var/lib/lemonldap-ng/conf/lmConf-1.json' mkdir= 'True' rm= 'True' />
<file filelist= 'lemonldap' name= '/etc/default/lemonldap-ng-fastcgi-server' mkdir= 'True' rm= 'True' />
<file filelist= 'lemonldap-nginx' name= '/etc/lemonldap-ng/manager-nginx.conf' mkdir= 'True' rm= 'True' />
<file filelist= 'lemonldap-nginx' name= '/etc/lemonldap-ng/handler-nginx.conf' mkdir= 'True' rm= 'True' />
<file filelist= 'lemonldap-nginx' name= '/etc/lemonldap-ng/portal-nginx.conf' mkdir= 'True' rm= 'True' />
2020-12-09 16:48:14 +01:00
<file filelist= 'lemonldap-nginx' name= '/etc/lemonldap-ng/nginx-lmlog.conf' mkdir= 'True' rm= 'True' />
2020-10-14 13:18:15 +02:00
<file filelist= 'lemonldap-apache' name= '/etc/lemonldap-ng/manager-apache2.X.conf' mkdir= 'True' rm= 'True' />
<file filelist= 'lemonldap-apache' name= '/etc/lemonldap-ng/handler-apache2.X.conf' mkdir= 'True' rm= 'True' />
<file filelist= 'lemonldap-apache' name= '/etc/lemonldap-ng/portal-apache2.X.conf' mkdir= 'True' rm= 'True' />
2020-09-03 16:44:25 +02:00
<service servicelist= "sllemon" > lemonldap-ng-fastcgi-server</service>
2020-10-14 13:18:15 +02:00
<service method= 'apache' servicelist= 'lemonldap-apache' > manager-apache2</service>
<service method= 'apache' servicelist= 'lemonldap-apache' > portal-apache2</service>
<service method= 'apache' servicelist= 'lemonldap-apache' > handler-apache2</service>
2020-10-14 13:16:21 +02:00
<service_access service= 'nginx' >
<port service_accesslist= "saLemon" > 80</port>
<port service_accesslist= "saLemon" > 443</port>
</service_access>
</files>
2020-10-14 13:18:04 +02:00
2020-10-14 13:16:21 +02:00
<variables >
2020-12-02 11:52:11 +01:00
<family name= 'eole-sso' >
<variable name= 'eolesso_cas_folder' redefine= "True" exists= 'True' >
<value > /cas</value>
</variable>
<variable name= 'eolesso_port' redefine= "True" exists= 'True' >
<value > 443</value>
</variable>
</family>
2020-10-14 13:16:21 +02:00
<family name= 'Services' >
<variable name= 'activerLemon' type= 'oui/non' description= "Activer LemonLDAP::NG" >
<value > non</value>
</variable>
</family>
2020-10-14 13:18:04 +02:00
2020-11-16 15:40:44 +01:00
<family name= 'LemonLDAP' icon= 'lemon' >
2020-10-14 13:18:04 +02:00
2020-10-14 13:16:21 +02:00
<variable name= 'managerWebName' type= 'string' description= "Nom DNS du manager LemonLDAP-NG" />
<variable name= 'authWebName' type= 'string' description= "Nom DNS du service d'authentification LemonLDAP-NG" />
<variable name= 'reloadWebName' type= 'string' description= "Nom DNS du service Reload de LemonLDAP-NG" mode= "expert" />
2020-10-14 13:18:04 +02:00
2020-12-02 11:52:11 +01:00
<variable name= 'lemon_user_db' type= 'string' description= "Backend pour les comptes utilisateurs" mode= "expert" >
<value > LDAP</value>
</variable>
2020-10-14 13:18:04 +02:00
<variable name= 'ldapScheme' type= 'string' description= "Protocole LDAP à utiliser" mandatory= 'True' />
2020-10-14 13:16:21 +02:00
<variable name= 'ldapServer' type= 'string' description= "Adresse du Serveur LDAP utilisé par LemonLDAP::NG" mandatory= "True" />
<variable name= 'ldapServerPort' type= 'number' description= "Port d'écoute du LDAP utilisé par LemonLDAP::NG" mandatory= 'True' />
<variable name= 'ldapUserBaseDN' type= 'string' description= "Base DN des utilisateurs dans l'annuaire" mandatory= 'True' />
<variable name= 'ldapBindUserDN' type= 'string' description= "Utilisateur de connection à l'annuaire" mandatory= "True" />
2020-10-14 13:18:04 +02:00
<variable name= 'ldapBindUserPassword' type= 'password' description= "Mot de passe de l'utilisateur de connection à l'annuaire" mandatory= "True" />
2020-10-14 13:16:21 +02:00
<variable name= "samlOrganizationName" type= 'string' description= "Nom de l'organisation SAML" mode= 'expert' />
2020-12-02 10:20:42 +01:00
<variable name= 'lmldapverify' type= 'oui/non' description= "Vérifier les certificats SSL du serveur LDAP" >
<value > oui</value>
</variable>
2020-10-14 13:18:04 +02:00
<variable name= "lemonproc" type= 'number' description= "Nombre de processus dédié à Lemon (équivalent au nombre de processeurs)" mandatory= "True" >
2020-01-16 09:13:16 +01:00
<value > 4</value>
</variable>
2020-12-02 10:20:42 +01:00
<variable name= "lm_loglevel" type= 'string' description= "Verbosité des journaux" mode= 'expert' >
<value > info</value>
</variable>
2020-10-14 13:16:21 +02:00
<variable name= "lemonAdmin" type= 'string' description= "LemonLDAP Administrator username" mode= 'expert' >
<value > admin</value>
</variable>
2020-10-14 13:16:45 +02:00
2020-10-14 13:16:21 +02:00
<variable name= "casAttribute" description= "Nom de l'attribut CAS" type= "string" mode= "expert" multi= "True" />
<variable name= "casLDAPAttribute" description= "Attribut LDAP équivalent" type= "string" mode= "expert" />
2020-10-14 13:18:04 +02:00
2020-10-14 13:16:21 +02:00
<variable name= "casFolder" description= "Endpoint du service cas" type= "string" mode= "expert" >
<value > cas</value>
</variable>
2020-10-14 13:16:45 +02:00
<variable name= 'cas_send_logout' type= 'oui/non' description= "Activer le logout centralisé du serveur SSO" hidden= 'True' exists= 'False' >
2020-10-14 13:16:21 +02:00
<value > oui</value>
</variable>
2020-10-14 13:18:04 +02:00
2020-10-14 13:16:21 +02:00
<variable name= 'ssoCALocation' type= 'string' description= "Chemin de l'autorité de certification (ou rien)" mode= "expert" />
<variable name= 'llSkin' type= 'string' description= "Skin utilisé par LemonLDAP::NG" >
<value > bootstrap</value>
</variable>
<variable name= 'llCheckLogins' type= 'oui/non' description= "Permettre aux utilisateurs d'afficher l'historique de connection" >
<value > non</value>
</variable>
2020-12-07 11:58:50 +01:00
<variable name= 'llResetPassword' type= 'oui/non' description= "Permettre aux utilisateurs de réinitialiser leurs mots de passe par mail" >
<value > oui</value>
</variable>
<variable name= 'llChangePassword' type= 'oui/non' description= "Permettre aux utilisateurs de changer leurs mots de passe depuis LemonLDAP" >
2020-10-14 13:16:21 +02:00
<value > oui</value>
</variable>
2020-12-11 09:25:41 +01:00
<variable name= 'llADPasswordMaxAge' type= 'number' description= "Durée de vie des mots de passe (en secondes)" mode= 'expert' >
<value > 5184000</value>
</variable>
<variable name= 'llADPasswordExpireWarn' type= 'number' description= "Délai avant affichage d'un message d'alerte sur l'expiration du mot de passe (en secondes)" >
<value > 3456000</value>
</variable>
2020-12-02 11:52:11 +01:00
<variable name= 'llResetExpiredPassword' type= 'oui/non' description= "Autoriser le renouvellement des mots de passe expirés" >
2020-10-14 13:16:21 +02:00
<value > oui</value>
</variable>
<variable name= 'llResetUrl' type= 'string' description= "Adresse de l'application pour réinitialiser leurs mots de passe" />
<variable name= 'llRegisterAccount' type= 'oui/non' description= "Permettre aux utilisateurs de créer un compte" >
<value > oui</value>
</variable>
<variable name= 'llRegisterDB' type= 'string' description= "Base de comptes pour l'enregistrement" />
<variable name= 'llRegisterURL' type= 'string' description= "Adresse de l'application de création de compte" />
<variable name= 'llCSPTargets' type= 'domain' description= "Domaines vers lesquels le forumaire peut renvoyer" multi= 'True' />
2020-10-14 13:18:04 +02:00
2020-10-14 13:16:21 +02:00
</family>
2020-10-14 13:18:04 +02:00
2018-03-05 14:35:14 +01:00
<separators >
2020-10-14 13:16:21 +02:00
<separator name= "managerWebName" > Configuration DNS</separator>
<separator name= "ldapScheme" > Configuration LDAP</separator>
<separator name= "casAttribute" > Configuration CAS</separator>
<separator name= "llSkin" > Personnalisation de la mire SSO</separator>
</separators>
2020-10-14 13:18:04 +02:00
2020-10-14 13:16:21 +02:00
</variables>
2020-10-14 13:18:04 +02:00
2020-10-14 13:16:21 +02:00
<constraints >
<fill name= 'concat' target= 'managerWebName' >
<param > manager.</param>
<param type= 'eole' > nom_domaine_local</param>
</fill>
<fill name= 'concat' target= 'authWebName' >
<param > auth.</param>
<param type= 'eole' > nom_domaine_local</param>
</fill>
<fill name= 'concat' target= 'reloadWebName' >
<param > reload.</param>
<param type= 'eole' > nom_domaine_local</param>
</fill>
<fill name= 'concat' target= 'samlOrganizationName' >
<param > SAML</param>
<param type= 'eole' > nom_domaine_local</param>
</fill>
2020-10-14 13:18:04 +02:00
2020-10-14 13:16:21 +02:00
<check name= "valid_enum" target= "ldapScheme" >
<param > ['ldaps','ldap']</param>
2018-03-23 16:13:40 +01:00
</check>
2020-10-14 13:18:04 +02:00
2020-12-02 11:52:11 +01:00
<check name= "valid_enum" target= "lemon_user_db" >
<param > ['LDAP','AD']</param>
</check>
2020-12-02 10:20:42 +01:00
<check name= 'valid_enum' target= "lm_loglevel" >
<param > ['info','notice','warn','error','debug']</param>
</check>
2020-10-14 13:16:21 +02:00
<check name= "valid_enum" target= "llRegisterDB" >
2020-12-07 11:58:50 +01:00
<param > ['LDAP','AD','Demo','Custom']</param>
2018-03-05 14:35:14 +01:00
</check>
2021-03-03 17:05:07 +01:00
2020-10-14 13:16:21 +02:00
<group master= "casAttribute" >
<slave > casLDAPAttribute</slave>
</group>
2020-10-14 13:18:04 +02:00
2020-12-14 10:24:17 +01:00
<condition name= 'disabled_if_not_in' source= 'lemon_user_db' >
2020-12-11 09:25:41 +01:00
<param > AD</param>
<target type= 'variable' > llADPasswordMaxAge</target>
<target type= 'variable' > llADPasswordExpireWarn</target>
</condition>
2020-10-14 13:16:21 +02:00
<condition name= 'disabled_if_in' source= 'activerLemon' >
<param > non</param>
2020-10-14 13:18:04 +02:00
<target type= 'filelist' > lemonldap</target>
<target type= 'filelist' > lemonldap-nginx</target>
2020-10-14 13:18:15 +02:00
<target type= 'filelist' > lemonldap-apache</target>
2020-10-16 09:47:14 +02:00
<target type= 'servicelist' > lemonldap-apache</target>
2020-09-03 16:44:25 +02:00
<target type= 'servicelist' > sllemon</target>
2020-10-14 13:16:21 +02:00
<target type= 'family' > LemonLDAP</target>
<target type= 'service_accesslist' > saLemon</target>
</condition>
2020-10-14 13:18:15 +02:00
<condition name= "disabled_if_in" source= "activer_nginx_web" fallback= "True" >
<param > non</param>
<target type= 'filelist' > lemonldap-nginx</target>
</condition>
<condition name= "disabled_if_in" source= "activer_apache" fallback= "True" >
<param > non</param>
<target type= 'filelist' > lemonldap-apache</target>
<target type= 'servicelist' > lemonldap-apache</target>
</condition>
2020-10-14 13:16:21 +02:00
<condition name= 'disabled_if_in' source= 'llRegisterAccount' >
<param > non</param>
<target type= 'variable' > llRegisterDB</target>
</condition>
<condition name= 'disabled_if_not_in' source= 'llRegisterDB' >
<param > Custom</param>
<target type= 'variable' > llRegisterURL</target>
</condition>
2018-09-13 14:35:15 +02:00
<condition name= 'disabled_if_in' source= 'llResetPassword' >
<param > non</param>
<target type= 'variable' > llResetUrl</target>
2020-12-02 11:52:11 +01:00
<target type= 'variable' > llResetExpiredPassword</target>
2020-10-14 13:16:21 +02:00
</condition>
<check name= 'valid_enum' target= 'llSkin' >
<param > ['bootstrap','dark','impact','pastel']</param>
<param name= "checkval" > False</param>
</check>
</constraints>
2020-10-14 13:18:04 +02:00
2020-10-14 13:16:21 +02:00
<help >
2020-11-16 15:40:44 +01:00
<family name= 'LemonLDAP' > Configuration de la solution d'authentification unique LemonLDAP::NG</family>
2020-10-14 13:18:04 +02:00
<variable name= 'activerLemon' > Activer le service LemonLDAP::NG sur ce serveur</variable>
<variable name= 'managerWebName' > Nom DNS de l'application de gestion de LemonLDAP::NG ex:manager.example.fr</variable>
<variable name= 'authWebName' > Nom DNS de service d'authentification de LemonLDAP::NG ex:auth.example.fr</variable>
2020-09-03 16:44:25 +02:00
<variable name= 'ldapUserBaseDN' > DN de base de l'emplactement des utilisateurs dans l'annuaire (ex: ou=users,o=gouv,c=fr)</variable>
2020-11-24 13:54:10 +01:00
<variable name= 'ldapBindUserDN' > DN de l'utilisateur de connection en lecture à l'annuaire (ex: cn=reader,o=gouv,c=fr)</variable>
2020-10-14 13:16:21 +02:00
<variable name= 'llCheckLogins' > Affiche une case à cocher sur la mire SSO qui permet a l'utilisateur de voir l'historique de connection de son compte avant d'être redirigé vers le service demandé</variable>
<variable name= 'llCSPTargets' > Liste des domaines à ajouter à la directive form-action.</variable>
</help>
2018-03-02 15:44:00 +01:00
</creole>