Cadoles
/
eole-lemonldap
20
0
Fork 0
Code Issues 11 Pull Requests Releases Wiki Activity

Merge branch 'master' into dist/eole/2.6.2/master

This commit is contained in:
Philippe Caseiro 2018-03-26 11:31:14 +02:00
parent faf2a361db 5f5c5359f7
commit 08ed6a21dc
3 changed files with 58 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
dicos/70_lemonldap_ng.xml
View File

@ -7,6 +7,7 @@
<file filelist='lemon' name='/etc/nginx/sites-available/portal-nginx.conf' mkdir='True' rm='True'/> <file filelist='lemon' name='/etc/nginx/sites-available/portal-nginx.conf' mkdir='True' rm='True'/>
<file filelist='lemon' name='/etc/nginx/sites-available/test-nginx.conf' mkdir='True' rm='True'/> <file filelist='lemon' name='/etc/nginx/sites-available/test-nginx.conf' mkdir='True' rm='True'/>
<file filelist='lemon' name='/var/lib/lemonldap-ng/conf/lmConf-1.js' mkdir='True' rm='True'/> <file filelist='lemon' name='/var/lib/lemonldap-ng/conf/lmConf-1.js' mkdir='True' rm='True'/>
<file filelist='lemon' name='/etc/lemonldap-ng/lemonldap-ng.ini' mkdir='True' rm='True'/>
<file filelist='lemonCAS' name='/usr/share/php/configCAS/cas.inc.php' source='cas.inc.php.tmpl' mkdir='True'/> <file filelist='lemonCAS' name='/usr/share/php/configCAS/cas.inc.php' source='cas.inc.php.tmpl' mkdir='True'/>
<file filelist='lemonCAS' name='/usr/share/php/CAS/eoleCASConfig.php' source='eoleCASConfig.php.tmpl' mkdir='True'/> <file filelist='lemonCAS' name='/usr/share/php/CAS/eoleCASConfig.php' source='eoleCASConfig.php.tmpl' mkdir='True'/>
<file filelist='lemonCAS' name='/etc/pam_cas.conf' source="pam_cas_auth.conf"/> <file filelist='lemonCAS' name='/etc/pam_cas.conf' source="pam_cas_auth.conf"/>
@ -51,11 +52,26 @@
<variable name='ssoDebug' type='string' description="Activer le Debug pour la lib php-CAS" mode="expert"> <variable name='ssoDebug' type='string' description="Activer le Debug pour la lib php-CAS" mode="expert">
<value>non</value> <value>non</value>
</variable> </variable>
<variable name='llSkin' type='string' description="Skin utilisé par LemonLDAP::NG">
<value>bootstrap</value>
</variable>
<variable name='llCheckLogins' type='oui/non' description="Permettre aux utilisateurs d'afficher l'historique de connection">
<value>non</value>
</variable>
<variable name='llResetPassword' type='oui/non' description="Permettre aux utilisateurs de réinitialiser leurs mots de passe">
<value>oui</value>
</variable>
<variable name='llRegisterAccount' type='oui/non' description="Permettre aux utilisateurs de créer un compte">
<value>oui</value>
</variable>
<variable name='llRegisterDB' type='string' description="Base de comptes pour l'enregistrement"/>
<variable name='llRegisterURL' type='string' description="Adresse de l'application de création de compte"/>
</family> </family>
<separators> <separators>
<separator name="managerWebName">Configuration DNS</separator> <separator name="managerWebName">Configuration DNS</separator>
<separator name="ldapScheme">Configuration LDAP</separator> <separator name="ldapScheme">Configuration LDAP</separator>
<separator name="casAttribute">Configuration CAS</separator> <separator name="casAttribute">Configuration CAS</separator>
<separator name="llSkin">Personnalisation de la mire SSO</separator>
</separators> </separators>
</variables> </variables>
<constraints> <constraints>
@ -77,6 +93,9 @@
</fill> </fill>
<check name="valid_enum" target="ldapScheme"> <check name="valid_enum" target="ldapScheme">
<param>['ldaps','ldap']</param> <param>['ldaps','ldap']</param>
</check>
<check name="valid_enum" target="llRegisterDB">
<param>['LDAP','Demo','Custom']</param>
</check> </check>
<group master="casAttribute"> <group master="casAttribute">
<slave>casLDAPAttribute</slave> <slave>casLDAPAttribute</slave>
@ -88,6 +107,18 @@
<target type='family'>LemonLDAP</target> <target type='family'>LemonLDAP</target>
<target type='service_accesslist'>saLemon</target> <target type='service_accesslist'>saLemon</target>
</condition> </condition>
<condition name='disabled_if_in' source='llRegisterAccount'>
<param>non</param>
<target type='variable'>llRegisterDB</target>
</condition>
<condition name='disabled_if_not_in' source='llRegisterDB'>
<param>Custom</param>
<target type='variable'>llRegisterURL</target>
</condition>
<check name='valid_enum' target='llSkin'>
<param>['bootstrap','dark','impact','pastel']</param>
<param name="checkval">False</param>
</check>
</constraints> </constraints>
<help> <help>
<variable name='activerLemon'>Activer l'hébergement d'une place de marché HTTP pour OpenNebula</variable> <variable name='activerLemon'>Activer l'hébergement d'une place de marché HTTP pour OpenNebula</variable>
@ -95,5 +126,6 @@
<variable name='authWebName'>Nom DNS de service d'authentification de LemonLDAP::NG ex:auth.cadoles.com</variable> <variable name='authWebName'>Nom DNS de service d'authentification de LemonLDAP::NG ex:auth.cadoles.com</variable>
<variable name='ldapUserBaseDN'>DN de l'utilisateur de connection en lecture à l'annuaire (ex: cn=reader,o=gouv,c=fr)</variable> <variable name='ldapUserBaseDN'>DN de l'utilisateur de connection en lecture à l'annuaire (ex: cn=reader,o=gouv,c=fr)</variable>
<variable name='nginxBucketSize'>server_names_hash_bucket_size Taille du hash des noms de serveur pour NGINX</variable> <variable name='nginxBucketSize'>server_names_hash_bucket_size Taille du hash des noms de serveur pour NGINX</variable>
<variable name='llCheckLogins'>Affiche une case à cocher sur la mire SSO qui permet a l'utilisateur de voir l'historique de connection de son compte avant d'être redirigé vers le service demandé</variable>
</help> </help>
</creole> </creole>

8
tmpl/lemonldap-ng.ini
View File

@ -112,10 +112,14 @@ localStorageOptions={ \
; PORTAL CUSTOMIZATION ; PORTAL CUSTOMIZATION
; Name of the skin ; Name of the skin
;portalSkin = pastel portalSkin = %%llSkin
; Modules displayed ; Modules displayed
;portalDisplayLogout = 1 ;portalDisplayLogout = 1
;portalDisplayResetPassword = 1 %if %%llResetPassword == "oui"
portalDisplayResetPassword = 1
%else
portalDisplayResetPassword = 0
%end if
;portalDisplayChangePassword = 1 ;portalDisplayChangePassword = 1
;portalDisplayAppslist = 1 ;portalDisplayAppslist = 1
;portalDisplayLoginHistory = 1 ;portalDisplayLoginHistory = 1

22
tmpl/lmConf-1.js
View File

@ -39,7 +39,9 @@
"%%managerWebName": {} "%%managerWebName": {}
}, },
"vhostOptions": { "vhostOptions": {
"%%managerWebName": {}, "%%managerWebName": {
"vhostHttps" : "1"
},
"test1.%%nom_domaine_local": {}, "test1.%%nom_domaine_local": {},
"test2.%%nom_domaine_local": {} "test2.%%nom_domaine_local": {}
}, },
@ -195,7 +197,11 @@
"mailSubject": "[LemonLDAP::NG] Your new password", "mailSubject": "[LemonLDAP::NG] Your new password",
"nginxCustomHandlers": {}, "nginxCustomHandlers": {},
"samlSPSSODescriptorAuthnRequestsSigned": 1, "samlSPSSODescriptorAuthnRequestsSigned": 1,
%if %%llResetPassword == "oui"
"portalDisplayResetPassword": 1, "portalDisplayResetPassword": 1,
%else
"portalDisplayResetPassword": 0,
%end if
"openIdSreg_timezone": "_timezone", "openIdSreg_timezone": "_timezone",
"infoFormMethod": "get", "infoFormMethod": "get",
"openIdAuthnLevel": 1, "openIdAuthnLevel": 1,
@ -212,7 +218,11 @@
"slaveAuthnLevel": 2, "slaveAuthnLevel": 2,
"samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn", "samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
"Soap": 1, "Soap": 1,
"registerDB": "Demo", %if %%llRegisterDB == "Custom"
"registerDB": "Null",
%else
"registerDB": "%%llRegisterDB",
%end if
"locationRules": { "locationRules": {
"%%managerWebName": { "%%managerWebName": {
"default": "$uid eq \"%%lemonAdmin\"" "default": "$uid eq \"%%lemonAdmin\""
@ -342,7 +352,11 @@
"activeTimer": 1, "activeTimer": 1,
"cda": 0, "cda": 0,
"samlServicePublicKeySig": "", "samlServicePublicKeySig": "",
%if %%llCheckLogins == "oui"
"portalCheckLogins": 1, "portalCheckLogins": 1,
%else
"portalCheckLogins": 0,
%end if
"CAS_authnLevel": 1, "CAS_authnLevel": 1,
"macros": { "macros": {
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\"" "_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
@ -388,7 +402,11 @@
"oidcOPMetaDataOptions": null, "oidcOPMetaDataOptions": null,
"samlSPSSODescriptorWantAssertionsSigned": 1, "samlSPSSODescriptorWantAssertionsSigned": 1,
"samlOrganizationName": "%%samlOrganizationName", "samlOrganizationName": "%%samlOrganizationName",
%if %%llRegisterDB == "Custom"
"registerUrl": "%%llRegisterURL",
%else
"registerUrl": "https://%%authWebName/register.pl", "registerUrl": "https://%%authWebName/register.pl",
%end if
"casAccessControlPolicy": "none", "casAccessControlPolicy": "none",
"multiValuesSeparator": ";", "multiValuesSeparator": ";",
"ldapPort": %%ldapServerPort "ldapPort": %%ldapServerPort