Cadoles
/
eole-lemonldap
20
0
Fork 0
Code Issues 11 Pull Requests Releases Wiki Activity

Update configuration for version 2.0.7 of LemonLDAP::NG 

Ref: #30852
This commit is contained in:
Daniel Dehennin 2020-10-14 13:18:35 +02:00
parent 589239352e
commit 1ea5813c8f
3 changed files with 465 additions and 862 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

175
tmpl/lemonldap-ng.ini
View File

@ -1,3 +1,4 @@
%set %%boolean = {'oui': 1, 'non': 0}
;============================================================================== ;==============================================================================
; LemonLDAP::NG local configuration parameters ; LemonLDAP::NG local configuration parameters
; ;
@ -11,9 +12,6 @@
; Section "configuration" is used to load global configuration and set cache ; Section "configuration" is used to load global configuration and set cache
; (replace old storage.conf file) ; (replace old storage.conf file)
; ;
; Section "apply" is read by Manager to reload handlers
; (replace old apply.conf file)
;
; Other section are only read by the specific LemonLDAP::NG component ; Other section are only read by the specific LemonLDAP::NG component
;============================================================================== ;==============================================================================
@ -34,16 +32,80 @@
; Warning: this can allow malicious code in custom functions or rules ; Warning: this can allow malicious code in custom functions or rules
;useSafeJail = 0 ;useSafeJail = 0
; LOGGING
;
; 1 - Defined logging level
; Set here one of error, warn, notice, info or debug
logLevel = debug
; Note that this has no effect for Apache2 logging: Apache LogLevel is used
; instead
;
; 2 - Change logger
;
; By default, logging is set to:
; - Lemonldap::NG::Common::Logger::Apache2 for ApacheMP2 handlers
; - Lemonldap::NG::Common::Logger::Syslog for FastCGI (Nginx)
; - Lemonldap::NG::Common::Logger::Std for PSGI applications (manager,
; portal,...) when they are not
; launched by FastCGI server
; Other loggers availables:
; - Lemonldap::NG::Common::Logger::Log4perl to use Log4perl
;
; "Std" is redirected to the web server logs for Apache. For Nginx, only if
; request failed
;
; You can overload this in this section (for all) or in another section if
; you want to change logger for a specified app.
;
; LLNG uses 2 loggers: 1 for technical logs (logger), 1 for user actions
; (userLogger). "userLogger" uses the same class as "logger" if not set.
;logger = Lemonldap::NG::Common::Logger::Syslog
;userLogger = Lemonldap::NG::Common::Logger::Std
;
; 2.1 - Using Syslog
;
; For Syslog logging, you can also overwrite facilities. Default values:
;logger = Lemonldap::NG::Common::Logger::Syslog
;syslogFacility = daemon
;userSyslogFacility = auth
;
; 2.2 - Using Log4perl
;
; If you want to use Log4perl, you can set these parameters. Here are default
; values:
;logger = Lemonldap::NG::Common::Logger::Log4perl
;log4perlConfFile = /etc/lemonldap-ng/log4perl.conf
;log4perlLogger = LLNG
;log4perlUserLogger = LLNG.user
;
; Here, Log4perl configuration is read from /etc/log4perl.conf. The "LLNG"
; value points to the logger class. Example:
; log4perl.logger.LLNG = WARN, File1
; log4perl.logger.LLNG.user = INFO, File2
; ...
; CONFIGURATION CHECK
;
; LLNG verify configuration at server start. If you use "reload" mechanism,
; local cache will be updated. Configuration is checked locally every
; 10 minutes by each LLNG component. You can change this value using
; `checkTime` (time in seconds).
; To increase performances, you should comment this parameter and rely on cache.
checkTime = 1
[configuration] [configuration]
; confTimeout: maximum time to get configuration (default 10)
;confTimeout = 5
; GLOBAL CONFIGURATION ACCESS TYPE ; GLOBAL CONFIGURATION ACCESS TYPE
; (File, SOAP, RDBI/CDBI, LDAP) ; (File, REST, SOAP, RDBI/CDBI, LDAP, YAMLFile)
; Set here the parameters needed to access to LemonLDAP::NG configuration. ; Set here the parameters needed to access to LemonLDAP::NG configuration.
; You have to set "type" to one of the followings : ; You have to set "type" to one of the followings :
; ;
; * File: you have to set 'dirName' parameter. Example: ; * File/YAMLFile: you have to set 'dirName' parameter. Example:
; ;
; type = File ; type = File ; or type = YAMLFile
; dirName = /var/lib/lemonldap-ng/conf ; dirName = /var/lib/lemonldap-ng/conf
; ;
; * RDBI/CDBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword' ; * RDBI/CDBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword'
@ -51,17 +113,28 @@
; ;
; type = RDBI ; type = RDBI
; ;type = CDBI ; ;type = CDBI
; dbiChain = DBI:mysql:database=lemonldap-ng;host=1.2.3.4 ; dbiChain = DBI:MariaDB:database=lemonldap-ng;host=1.2.3.4
; dbiUser = lemonldap ; dbiUser = lemonldap
; dbiPassword = password ; dbiPassword = password
; ;
; * REST: REST configuration access is a sort of proxy: the portal is
; configured to use the real session storage type (DBI or File for
; example).
; You have to set 'baseUrl' parameter. Example:
;
; type = REST
; baseUrl = https://auth.example.com/config
; proxyOptions = { timeout => 5 }
; User = lemonldap
; Password = mypassword
;
; * SOAP: SOAP configuration access is a sort of proxy: the portal is ; * SOAP: SOAP configuration access is a sort of proxy: the portal is
; configured to use the real session storage type (DBI or File for ; configured to use the real session storage type (DBI or File for
; example). ; example).
; You have to set 'proxy' parameter. Example: ; You have to set 'proxy' parameter. Example:
; ;
; type = SOAP ; type = SOAP
; proxy = https://auth.example.com/index.pl/config ; proxy = https://auth.example.com/config
; proxyOptions = { timeout => 5 } ; proxyOptions = { timeout => 5 }
; User = lemonldap ; User = lemonldap
; Password = mypassword ; Password = mypassword
@ -91,7 +164,7 @@ dirName = /var/lib/lemonldap-ng/conf
; 'default_expires_in' => 600, \ ; 'default_expires_in' => 600, \
; 'directory_umask' => '007', \ ; 'directory_umask' => '007', \
; 'cache_root' => '/tmp', \ ; 'cache_root' => '/tmp', \
; 'cache_depth' => 0, \ ; 'cache_depth' => 3, \
; } ; }
localStorage=Cache::FileCache localStorage=Cache::FileCache
localStorageOptions={ \ localStorageOptions={ \
@ -99,33 +172,31 @@ localStorageOptions={ \
'default_expires_in' => 600, \ 'default_expires_in' => 600, \
'directory_umask' => '007', \ 'directory_umask' => '007', \
'cache_root' => '/tmp', \ 'cache_root' => '/tmp', \
'cache_depth' => 0, \ 'cache_depth' => 3, \
} }
[portal] [portal]
; PERFORMANCES ; PORTAL CUSTOMIZATION
; By setting useLocalConf, Portal will use only local cached configuration
; To refresh it, you must have an handler on the same server or you have to ; I - Required parameters
; restart your server. This increase performances
;useLocalConf = 1
; staticPrefix: relative (or URL) location of static HTML components ; staticPrefix: relative (or URL) location of static HTML components
staticPrefix = /static staticPrefix = /static
; location of HTML templates directory ; location of HTML templates directory
templateDir = /usr/share/lemonldap-ng/portal/templates templateDir = /usr/share/lemonldap-ng/portal/templates
; languages: available languages for portal interface ; languages: available languages for portal interface
languages = fr, en languages = fr, en, vi, it, ar, de, fi, tr
; PORTAL CUSTOMIZATION
; II - Optional parameters (overwrite configuration)
; Name of the skin ; Name of the skin
portalSkin = %%llSkin portalSkin = %%llSkin
; Modules displayed ; Modules displayed
;portalDisplayLogout = 1 ;portalDisplayLogout = 1
%if %%llResetPassword == "oui" portalDisplayResetPassword = %%boolean[%%llResetPassword]
portalDisplayResetPassword = 1
%else
portalDisplayResetPassword = 0
%end if
;portalDisplayChangePassword = 1 ;portalDisplayChangePassword = 1
;portalDisplayAppslist = 1 ;portalDisplayAppslist = 1
;portalDisplayLoginHistory = 1 ;portalDisplayLoginHistory = 1
@ -142,16 +213,17 @@ portalDisplayResetPassword = 0
; For example to use <TMPL_VAR NAME="myparam"> ; For example to use <TMPL_VAR NAME="myparam">
;tpl_myparam = test ;tpl_myparam = test
; LOG ; COMBINATION FORMS
; By default, all is logged in Apache file. To log user actions by ; If you want to fix forms to display, you can use this;
; syslog, just set syslog facility here: ;combinationForms = standardform, yubikeyform
;syslog = auth ;syslog = auth
; SOAP FUNCTIONS ; SOAP FUNCTIONS
; Remove comment to activate SOAP Functions getCookies(user,pwd) and ; Remove comment to activate SOAP Functions getCookies(user,pwd) and
; error(language, code) ; error(language, code)
;Soap = 1 ;Soap = 1
; Note that getAttibutes() will be activated but on a different URI ; Note that getAttibutes() will be activated but on a different URI
; (http://auth.example.com/index.pl/sessions) ; (http://auth.example.com/sessions)
; You can also restrict attributes and macros exported by getAttributes ; You can also restrict attributes and macros exported by getAttributes
;exportedAttr = uid mail ;exportedAttr = uid mail
@ -208,8 +280,8 @@ portalDisplayResetPassword = 0
; Use it to be able to notify messages during authentication ; Use it to be able to notify messages during authentication
;notification = 1 ;notification = 1
; Note that the SOAP function newNotification will be activated on ; Note that the SOAP function newNotification will be activated on
; http://auth.example.com/index.pl/notification ; http://auth.example.com/notification
; If you want to hide this, just protect "/index.pl/notification" in ; If you want to hide this, just protect "/index.fcgi/notification" in
; your Apache configuration file ; your Apache configuration file
; XSS protection bypass ; XSS protection bypass
; By default, the portal refuse redirections that comes from sites not ; By default, the portal refuse redirections that comes from sites not
@ -225,6 +297,21 @@ portalDisplayResetPassword = 0
; Set to 0 to disable error on XSS attack detection ; Set to 0 to disable error on XSS attack detection
;checkXSS = 0 ;checkXSS = 0
; pdata cookie domain
; pdata cookie could not be sent with cross domains AJAX request
; Null is default value
;pdataDomain = example.com
; CUSTOM PLUGINS
; If you want to add custom plugins, set list here (comma separated)
; Read Lemonldap::NG::Portal::Main::Plugin(3pm) man page.
;customPlugins = ::My::Package1, ::My::Package2
; To avoid bad/expired OTT if "authssl" and "auth" are served by different Load Balancers
; you can override OTT configuration to store Upgrade or Issuer OTT into global storage
;forceGlobalStorageUpgradeOTT = 1
;forceGlobalStorageIssuerOTT = 1
[handler] [handler]
; Handler cache configuration ; Handler cache configuration
@ -240,7 +327,7 @@ portalDisplayResetPassword = 0
; Set https to 1 if your handler protect a https website (used only for ; Set https to 1 if your handler protect a https website (used only for
; redirections to the portal) ; redirections to the portal)
;https = 0 https = 1
; Set port if your your hanlder protect a website on a non standard port ; Set port if your your hanlder protect a website on a non standard port
; - 80 for http, 443 for https (used only for redirections to the portal) ; - 80 for http, 443 for https (used only for redirections to the portal)
;port = 8080 ;port = 8080
@ -252,6 +339,10 @@ status = 0
;useRedirectOnForbidden = 1 ;useRedirectOnForbidden = 1
; Hide LemonLDAP::NG Handler in Apache Server Signature ; Hide LemonLDAP::NG Handler in Apache Server Signature
;hideSignature = 1 ;hideSignature = 1
; Set ServiceToken timeout
;handlerServiceTokenTTL = 30
; Set Impersonation/ContextSwitching prefix
; impersonationPrefix = real_
useRedirectOnError = 1 useRedirectOnError = 1
; Zimbra Handler parameters ; Zimbra Handler parameters
@ -275,9 +366,6 @@ useRedirectOnError = 1
; * none : no protection ; * none : no protection
protection = manager protection = manager
; logLevel. Set here one of error, warn, notice, info or debug
logLevel = warn
; staticPrefix: relative (or URL) location of static HTML components ; staticPrefix: relative (or URL) location of static HTML components
staticPrefix = /static staticPrefix = /static
; ;
@ -285,10 +373,29 @@ staticPrefix = /static
templateDir = /usr/share/lemonldap-ng/manager/htdocs/templates templateDir = /usr/share/lemonldap-ng/manager/htdocs/templates
; languages: available languages for manager interface ; languages: available languages for manager interface
languages = fr, en languages = fr, en, it, vi, ar, tr
; Manager modules enabled ; Manager modules enabled
; Set here the list of modules you want to see in manager interface ; Set here the list of modules you want to see in manager interface
; The first will be used as default module displayed ; The first will be used as default module displayed
enabledModules = conf, sessions, notifications ;enabledModules = conf, sessions, notifications, 2ndFA, viewer
enabledModules = conf, sessions, notifications, 2ndFA
; To avoid restricted users to edit configuration, defaulModule MUST be different than 'conf'
; 'conf' is set by default
;defaultModule = viewer
; Viewer module allows us to edit configuration in read-only mode
; Options can be set with specific rules like this :
;viewerAllowBrowser = $uid eq 'dwho'
;viewerAllowDiff = $uid ne 'dwho'
;
; Viewer options - Default values
;viewerHiddenKeys = samlIDPMetaDataNodes samlSPMetaDataNodes managerPassword ManagerDn globalStorageOptions persistentStorageOptions
;viewerAllowBrowser = 0
;viewerAllowDiff = 0
;[node-handler]
;
;This section is for node-lemonldap-ng-handler
;nodeVhosts = test3.example.com, test4.example.com

441
tmpl/lmConf-1.js
View File

@ -1,441 +0,0 @@
%set %%ssoFilters = %%getSSOFilters
{
"ldapGroupAttributeNameUser": "dn",
"cfgAuthorIP": "172.16.0.1",
"samlSPMetaDataXML": null,
"facebookAuthnLevel": 1,
"mailConfirmSubject": "[LemonLDAP::NG] Password reset confirmation",
"secureTokenAttribute": "uid",
"singleSession": 0,
"registerConfirmSubject": "[LemonLDAP::NG] Account register confirmation",
"CAS_pgtFile": "/tmp/pgt.txt",
"cookieName": "lemonldap",
"slaveExportedVars": {},
"whatToTrace": "_whatToTrace",
"oidcRPMetaDataOptions": {},
"notifyDeleted": 1,
"useRedirectOnError": 1,
"samlSPMetaDataExportedAttributes": null,
"ldapPwdEnc": "utf-8",
"openIdSPList": "0;",
"samlNameIDFormatMapEmail": "mail",
"samlSPMetaDataOptions": null,
"issuerDBOpenIDRule": 1,
"casStorageOptions": {},
"mailFrom": "noreply@%%nom_domaine_local",
"timeoutActivity": 0,
"oidcRPMetaDataExportedVars": {},
"issuerDBSAMLActivation": 0,
"issuerDBCASPath": "^/%%casFolder/",
"randomPasswordRegexp": "[A-Z]{3}[a-z]{5}.\\d{2}",
"samlIDPSSODescriptorSingleSignOnServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;",
"samlSPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
"exportedHeaders": {
"test1.%%nom_domaine_local": {
"Auth-User": "$uid"
},
"test2.%%nom_domaine_local": {
"Auth-User": "$uid"
},
"%%managerWebName": {}
},
"vhostOptions": {
"%%managerWebName": {
"vhostHttps" : "1"
},
"test1.%%nom_domaine_local": {},
"test2.%%nom_domaine_local": {}
},
"radiusAuthnLevel": 3,
"dbiAuthnLevel": 2,
"ldapPasswordResetAttribute": "pwdReset",
"ldapGroupObjectClass": "groupOfNames",
"apacheAuthnLevel": 4,
"samlNameIDFormatMapKerberos": "uid",
"groups": {},
"securedCookie": 0,
"httpOnly": 1,
"yubikeyAuthnLevel": 3,
"ADPwdMaxAge": 0,
"samlUseQueryStringSpecific": 0,
"loginHistoryEnabled": 1,
"samlSPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;",
"failedLoginNumber": 5,
"samlServicePrivateKeyEncPwd": "",
"portalForceAuthnInterval": 0,
"cfgLog": "",
"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
"exportedVars": {
"UA": "HTTP_USER_AGENT",
%for att in %%casAttribute
"%%att": "%%att",
%end for
%set %%idx = 0
%set %%size = %%len(%%ssoFilters) - 1
%for key,value in %%ssoFilters
%if %%idx == %%size
"%%key": "%%value"
%else
"%%key": "%%value",
%end if
%set %%idx += 1
%end for
},
"notificationStorage": "File",
"applicationList": {
"1sample": {
"test2": {
"options": {
"name": "Application Test 2",
"logo": "thumbnail.png",
"uri": "https://test2.%%nom_domaine_local/",
"display": "auto",
"description": "The same simple application displaying authenticated user"
},
"type": "application"
},
"type": "category",
"catname": "Sample applications",
"test1": {
"type": "application",
"options": {
"description": "A simple application displaying authenticated user",
"uri": "https://test1.%%nom_domaine_local/",
"logo": "demo.png",
"display": "auto",
"name": "Application Test 1"
}
}
},
"2administration": {
"notifications": {
"options": {
"name": "Notifications explorer",
"display": "auto",
"description": "Explore WebSSO notifications",
"uri": "https://%%managerWebName/notifications.pl",
"logo": "database.png"
},
"type": "application"
},
"manager": {
"options": {
"uri": "https://%%managerWebName/",
"display": "auto",
"description": "Configure LemonLDAP::NG WebSSO",
"logo": "configure.png",
"name": "WebSSO Manager"
},
"type": "application"
},
"type": "category",
"sessions": {
"type": "application",
"options": {
"description": "Explore WebSSO sessions",
"uri": "https://%%managerWebName/sessions.pl",
"logo": "database.png",
"display": "auto",
"name": "Sessions explorer"
}
},
"catname": "Administration"
},
"3documentation": {
"catname": "Documentation",
"officialwebsite": {
"type": "application",
"options": {
"name": "Offical Website",
"description": "Official LemonLDAP::NG Website",
"logo": "network.png",
"display": "on",
"uri": "http://lemonldap-ng.org/"
}
},
"type": "category",
"localdoc": {
"options": {
"logo": "help.png",
"description": "Documentation supplied with LemonLDAP::NG",
"display": "on",
"uri": "https://%%managerWebName/doc/",
"name": "Local documentation"
},
"type": "application"
}
}
},
"userControl": "^[\\w\\.\\-@]+$",
"timeout": 72000,
"portalAntiFrame": 1,
"SMTPServer": "",
"ldapTimeout": 120,
"samlAuthnContextMapPasswordProtectedTransport": 3,
"ldapUsePasswordResetAttribute": 1,
"ldapPpolicyControl": 0,
"casAttributes": {
%for att in %%casAttribute
"%%att": "%%att.casLDAPAttribute",
%end for
%set %%idx = 0
%set %%size = %%len(%%ssoFilters) - 1
%for key,value in %%ssoFilters
%if %%idx == %%size
"%%key": "%%key"
%else
"%%key": "%%key",
%end if
%set %%idx += 1
%end for
},
"issuerDBSAMLPath": "^/saml/",
"samlAttributeAuthorityDescriptorAttributeServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;",
"portalDisplayAppslist": 1,
"confirmFormMethod": "post",
"domain": "%%nom_domaine_local",
"cfgNum": "1",
"authentication": "LDAP",
"samlNameIDFormatMapWindows": "uid",
"authChoiceModules": {},
"ldapGroupAttributeName": "member",
"samlServicePrivateKeySigPwd": "",
"googleAuthnLevel": 1,
"successLoginNumber": 5,
"localSessionStorageOptions": {
"cache_root": "/tmp",
"namespace": "lemonldap-ng-sessions",
"default_expires_in": 600,
"directory_umask": "007",
"cache_depth": 3
},
"samlSPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
"portalRequireOldPassword": 1,
"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;",
"ADPwdExpireWarning": 0,
"yubikeyPublicIDSize": 12,
"ldapGroupAttributeNameGroup": "dn",
"oidcRPMetaDataOptionsExtraClaims": null,
"ldapGroupRecursive": 0,
"mailSubject": "[LemonLDAP::NG] Your new password",
"nginxCustomHandlers": {},
"samlSPSSODescriptorAuthnRequestsSigned": 1,
%if %%llResetPassword == "oui"
"portalDisplayResetPassword": 1,
%else
"portalDisplayResetPassword": 0,
%end if
"openIdSreg_timezone": "_timezone",
"infoFormMethod": "get",
"openIdAuthnLevel": 1,
"openIdSreg_nickname": "uid",
"samlServicePublicKeyEnc": "",
"userDB": "LDAP",
"grantSessionRules": {},
"remoteGlobalStorage": "Lemonldap::NG::Common::Apache::Session::SOAP",
"reloadUrls": {
"%%reloadWebName": "https://%%reloadWebName/reload"
},
"registerTimeout": 0,
"samlIDPSSODescriptorSingleSignOnServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;",
"slaveAuthnLevel": 2,
"samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
"Soap": 1,
%set %%RegisterDB=%%getVar('llRegisterDB', 'Demo')
%if %%RegisterDB == "Custom"
"registerDB": "Null",
%else
"registerDB": "%%RegisterDB",
%end if
"locationRules": {
"%%managerWebName": {
"default": "$uid eq \"%%lemonAdmin\""
},
"test1.%%nom_domaine_local": {
"default": "accept",
"^/logout": "logout_sso"
},
"test2.%%nom_domaine_local": {
"default": "accept",
"^/logout": "logout_sso"
}
},
"portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/",
"hideOldPassword": 0,
%if %%is_file(%%ldapBindUserPassword)
"managerPassword": "%%readPass("", %%ldapBindUserPassword)",
%else
"managerPassword": "%%ldapBindUserPassword",
%end if
"authChoiceParam": "lmAuth",
"lwpSslOpts": {},
"portalSkinRules": {},
"issuerDBOpenIDPath": "^/openidserver/",
"redirectFormMethod": "get",
"portalDisplayRegister": 1,
"secureTokenMemcachedServers": "127.0.0.1:11211",
"notificationStorageOptions": {
"dirName": "/var/lib/lemonldap-ng/notifications"
},
"browserIdAuthnLevel": 1,
"portalUserAttr": "_user",
"ldapVersion": 3,
"sessionDataToRemember": {},
"samlNameIDFormatMapX509": "mail",
"managerDn": "%%ldapBindUserDN",
"mailSessionKey": "mail",
"openIdSreg_email": "mail",
"localSessionStorage": "Cache::FileCache",
"persistentStorage": "Apache::Session::File",
"mailOnPasswordChange": 0,
"captchaStorage": "Apache::Session::File",
"remoteGlobalStorageOptions": {
"proxy": "https://%%authWebName/index.pl/sessions",
"ns": "https://%%authWebName/Lemonldap/NG/Common/CGI/SOAPService"
},
"passwordDB": "LDAP",
"captcha_size": 6,
"mailCharset": "utf-8",
"facebookExportedVars": {},
"nullAuthnLevel": 2,
"singleIP": 0,
"dbiExportedVars": {},
"portalSkin": "bootstrap",
"storePassword": 0,
"hiddenAttributes": "_password",
"samlServicePrivateKeySig": "",
"globalStorage": "Apache::Session::File",
"notificationWildcard": "allusers",
"portalForceAuthn": 0,
"samlMetadataForceUTF8": 1,
"secureTokenUrls": ".*",
"secureTokenAllowOnError": 1,
"samlAuthnContextMapTLSClient": 5,
"ldapAllowResetExpiredPassword": 0,
"oidcOPMetaDataExportedVars": {},
"notifyOther": 0,
"secureTokenExpiration": 60,
"captcha_mail_enabled": 0,
"samlStorageOptions": {},
"samlOrganizationDisplayName": "Example",
"trustedProxies": "",
"secureTokenHeader": "Auth-Token",
"issuerDBCASActivation": 1,
"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;",
"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
"samlIDPMetaDataXML": {},
"oidcStorageOptions": {},
"cfgDate": 1519998069,
"samlAuthnContextMapPassword": 2,
"portalDisplayLoginHistory": 1,
"ldapPasswordResetAttributeValue": "TRUE",
"ldapServer": "%%ldapScheme://%%ldapServer",
"samlIDPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;",
"samlIDPMetaDataExportedAttributes": null,
"samlServicePrivateKeyEnc": "",
"useRedirectOnForbidden": 0,
"captcha_login_enabled": 0,
"https": 0,
"checkXSS": 1,
"ldapSetPassword": 0,
"portalPingInterval": 60000,
"captchaStorageOptions": {
"Directory": "/var/lib/lemonldap-ng/captcha/"
},
"useSafeJail": 1,
"registerDoneSubject": "[LemonLDAP::NG] Your new account",
"issuerDBCASRule": 1,
"samlAuthnContextMapKerberos": 4,
"ldapGroupAttributeNameSearch": "cn",
"logoutServices": {},
"samlIDPSSODescriptorWantAuthnRequestsSigned": 1,
"portalDisplayLogout": 1,
"issuerDBGetParameters": {},
"googleExportedVars": {},
"openIdSreg_fullname": "cn",
"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact",
"demoExportedVars": {
"mail": "mail",
"uid": "uid",
"cn": "cn"
},
"oidcOPMetaDataJSON": null,
"samlIdPResolveCookie": "lemonldapidp",
"samlRelayStateTimeout": 600,
"samlOrganizationURL": "https://auth.%%nom_domaine_local",
"globalStorageOptions": {
"Directory": "/var/lib/lemonldap-ng/sessions",
"LockDirectory": "/var/lib/lemonldap-ng/sessions/lock"
},
"ldapExportedVars": {
"mail": "mail",
"cn": "cn",
"uid": "uid"
},
"webIDExportedVars": {},
"activeTimer": 1,
"cda": 0,
"samlServicePublicKeySig": "",
%if %%llCheckLogins == "oui"
"portalCheckLogins": 1,
%else
"portalCheckLogins": 0,
%end if
"CAS_authnLevel": 1,
"macros": {
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
},
"samlIDPMetaDataOptions": null,
"twitterAuthnLevel": 1,
"openIdExportedVars": {},
"captcha_register_enabled": 1,
"oidcOPMetaDataJWKS": null,
"webIDAuthnLevel": 1,
"issuerDBOpenIDActivation": "1",
%if %%is_empty(%%llResetUrl)
"mailUrl": "https://%%authWebName/mail.pl",
%else
"mailUrl": "%%llResetUrl",
%end if
"maintenance": 0,
"jsRedirect": 0,
"cfgAuthor": "Cadoles",
"persistentStorageOptions": {
"LockDirectory": "/var/lib/lemonldap-ng/psessions/lock",
"Directory": "/var/lib/lemonldap-ng/psessions"
},
"SSLAuthnLevel": 5,
"oidcServiceMetaDataAuthnContext": {},
"samlIDPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
"notification": 1,
"ldapChangePasswordAsUser": 0,
"CAS_proxiedServices": {},
"key": "e\"bTCt3*eU9^\\V%b",
"portal": "https://%%authWebName/",
"singleSessionUserByIP": 0,
"portalOpenLinkInNewWindow": 0,
"post": {
"test2.%%nom_domaine_local": {},
"test1.%%nom_domaine_local": {},
"%%managerWebName": {}
},
"samlSPSSODescriptorAssertionConsumerServiceHTTPPost": "0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost",
"issuerDBSAMLRule": 1,
"samlCommonDomainCookieActivation": 0,
"syslog": "",
"ldapBase": "%%ldapUserBaseDN",
"ldapAuthnLevel": 2,
"mailTimeout": 0,
"samlEntityID": "#PORTAL#/saml/metadata",
"oidcOPMetaDataOptions": null,
"samlSPSSODescriptorWantAssertionsSigned": 1,
"samlOrganizationName": "%%samlOrganizationName",
%if %%RegisterDB == "Custom"
"registerUrl": "%%llRegisterURL",
%else
"registerUrl": "https://%%authWebName/register.pl",
%end if
"casAccessControlPolicy": "none",
"multiValuesSeparator": ";",
"ldapPort": %%ldapServerPort
}

711
tmpl/lmConf-1.json
View File

@ -1,441 +1,378 @@
%set %%boolean = {'oui': 1, 'non': 0}
%set %%ssoFilters = %%getSSOFilters %set %%ssoFilters = %%getSSOFilters
%set %%exported_vars = ['"UA": "HTTP_USER_AGENT"']
%set %%cas_attributes = []
%for %%attr in %%casAttribute
%silent %%exported_vars.append('"' + %%attr + '": "' + %%attr + '.casLDAPAttribute"')
%silent %%cas_attributes.append('"' + %%attr + '": "' + %%attr + '.casLDAPAttribute"')
%end for
%for %%key, %%value in %%ssoFilters
%silent %%exported_vars.append('"' + %%key + '": "' + %%value + '"')
%silent %%cas_attributes.append('"' + %%key + '": "' + %%value + '"')
%end for
%silent %%exported_vars.sort()
%silent %%cas_attributes.sort()
{ {
"ldapGroupAttributeNameUser": "dn", "ADPwdExpireWarning": 0,
"cfgAuthorIP": "172.16.0.1",
"samlSPMetaDataXML": null,
"facebookAuthnLevel": 1,
"mailConfirmSubject": "[LemonLDAP::NG] Password reset confirmation",
"secureTokenAttribute": "uid",
"singleSession": 0,
"registerConfirmSubject": "[LemonLDAP::NG] Account register confirmation",
"CAS_pgtFile": "/tmp/pgt.txt",
"cookieName": "lemonldap",
"slaveExportedVars": {},
"whatToTrace": "_whatToTrace",
"oidcRPMetaDataOptions": {},
"notifyDeleted": 1,
"useRedirectOnError": 1,
"samlSPMetaDataExportedAttributes": null,
"ldapPwdEnc": "utf-8",
"openIdSPList": "0;",
"samlNameIDFormatMapEmail": "mail",
"samlSPMetaDataOptions": null,
"issuerDBOpenIDRule": 1,
"casStorageOptions": {},
"mailFrom": "noreply@%%nom_domaine_local",
"timeoutActivity": 0,
"oidcRPMetaDataExportedVars": {},
"issuerDBSAMLActivation": 0,
"issuerDBCASPath": "^/%%casFolder/",
"randomPasswordRegexp": "[A-Z]{3}[a-z]{5}.\\d{2}",
"samlIDPSSODescriptorSingleSignOnServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;",
"samlSPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
"exportedHeaders": {
"test1.%%nom_domaine_local": {
"Auth-User": "$uid"
},
"test2.%%nom_domaine_local": {
"Auth-User": "$uid"
},
"%%managerWebName": {}
},
"vhostOptions": {
"%%managerWebName": {
"vhostHttps" : "1"
},
"test1.%%nom_domaine_local": {},
"test2.%%nom_domaine_local": {}
},
"radiusAuthnLevel": 3,
"dbiAuthnLevel": 2,
"ldapPasswordResetAttribute": "pwdReset",
"ldapGroupObjectClass": "groupOfNames",
"apacheAuthnLevel": 4,
"samlNameIDFormatMapKerberos": "uid",
"groups": {},
"securedCookie": 0,
"httpOnly": 1,
"yubikeyAuthnLevel": 3,
"ADPwdMaxAge": 0, "ADPwdMaxAge": 0,
"samlUseQueryStringSpecific": 0, "CAS_authnLevel": 1,
"loginHistoryEnabled": 1, "CAS_pgtFile": "/tmp/pgt.txt",
"samlSPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;", "CAS_proxiedServices": {},
"failedLoginNumber": 5, "SMTPServer": "",
"samlServicePrivateKeyEncPwd": "", "SSLAuthnLevel": 5,
"portalForceAuthnInterval": 0, "Soap": 1,
"cfgLog": "", "activeTimer": 1,
"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn", "apacheAuthnLevel": 4,
"exportedVars": {
"UA": "HTTP_USER_AGENT",
%for att in %%casAttribute
"%%att": "%%att",
%end for
%set %%idx = 0
%set %%size = %%len(%%ssoFilters) - 1
%for key,value in %%ssoFilters
%if %%idx == %%size
"%%key": "%%value"
%else
"%%key": "%%value",
%end if
%set %%idx += 1
%end for
},
"notificationStorage": "File",
"applicationList": { "applicationList": {
"1sample": { "1administration": {
"test2": { "catname": "Administration",
"options": {
"name": "Application Test 2",
"logo": "thumbnail.png",
"uri": "https://test2.%%nom_domaine_local/",
"display": "auto",
"description": "The same simple application displaying authenticated user"
},
"type": "application"
},
"type": "category",
"catname": "Sample applications",
"test1": {
"type": "application",
"options": {
"description": "A simple application displaying authenticated user",
"uri": "https://test1.%%nom_domaine_local/",
"logo": "demo.png",
"display": "auto",
"name": "Application Test 1"
}
}
},
"2administration": {
"notifications": {
"options": {
"name": "Notifications explorer",
"display": "auto",
"description": "Explore WebSSO notifications",
"uri": "https://%%managerWebName/notifications.pl",
"logo": "database.png"
},
"type": "application"
},
"manager": { "manager": {
"options": { "options": {
"uri": "https://%%managerWebName/",
"display": "auto",
"description": "Configure LemonLDAP::NG WebSSO", "description": "Configure LemonLDAP::NG WebSSO",
"display": "auto",
"logo": "configure.png", "logo": "configure.png",
"name": "WebSSO Manager" "name": "WebSSO Manager",
"uri": "https://%%managerWebName/"
},
"type": "application"
},
"notifications": {
"options": {
"description": "Explore WebSSO notifications",
"display": "auto",
"logo": "database.png",
"name": "Notifications explorer",
"uri": "https://%%managerWebName/notifications.pl"
}, },
"type": "application" "type": "application"
}, },
"type": "category",
"sessions": { "sessions": {
"type": "application",
"options": { "options": {
"description": "Explore WebSSO sessions", "description": "Explore WebSSO sessions",
"uri": "https://%%managerWebName/sessions.pl",
"logo": "database.png",
"display": "auto", "display": "auto",
"name": "Sessions explorer" "logo": "database.png",
} "name": "Sessions explorer",
}, "uri": "https://%%managerWebName/sessions.pl"
"catname": "Administration"
},
"3documentation": {
"catname": "Documentation",
"officialwebsite": {
"type": "application",
"options": {
"name": "Offical Website",
"description": "Official LemonLDAP::NG Website",
"logo": "network.png",
"display": "on",
"uri": "http://lemonldap-ng.org/"
}
},
"type": "category",
"localdoc": {
"options": {
"logo": "help.png",
"description": "Documentation supplied with LemonLDAP::NG",
"display": "on",
"uri": "http://%%managerWebName/doc/",
"name": "Local documentation"
}, },
"type": "application" "type": "application"
} },
"type": "category"
},
"2documentation": {
"catname": "Documentation",
"localdoc": {
"options": {
"description": "Documentation supplied with LemonLDAP::NG",
"display": "on",
"logo": "help.png",
"name": "Local documentation",
"uri": "http://%%managerWebName/doc/"
},
"type": "application"
},
"officialwebsite": {
"options": {
"description": "Official LemonLDAP::NG Website",
"display": "on",
"logo": "network.png",
"name": "Offical Website",
"uri": "http://lemonldap-ng.org/"
},
"type": "application"
},
"type": "category"
} }
}, },
"userControl": "^[\\w\\.\\-@]+$",
"timeout": 72000,
"portalAntiFrame": 1,
"SMTPServer": "",
"ldapTimeout": 120,
"samlAuthnContextMapPasswordProtectedTransport": 3,
"ldapUsePasswordResetAttribute": 1,
"ldapPpolicyControl": 0,
"casAttributes": {
%for att in %%casAttribute
"%%att": "%%att.casLDAPAttribute",
%end for
%set %%idx = 0
%set %%size = %%len(%%ssoFilters) - 1
%for key,value in %%ssoFilters
%if %%idx == %%size
"%%key": "%%key"
%else
"%%key": "%%key",
%end if
%set %%idx += 1
%end for
},
"issuerDBSAMLPath": "^/saml/",
"samlAttributeAuthorityDescriptorAttributeServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;",
"portalDisplayAppslist": 1,
"confirmFormMethod": "post",
"domain": "%%nom_domaine_local",
"cfgNum": "1",
"authentication": "LDAP",
"samlNameIDFormatMapWindows": "uid",
"authChoiceModules": {}, "authChoiceModules": {},
"ldapGroupAttributeName": "member", "authChoiceParam": "lmAuth",
"samlServicePrivateKeySigPwd": "", "authentication": "LDAP",
"browserIdAuthnLevel": 1,
"captchaStorage": "Apache::Session::File",
"captchaStorageOptions": {
"Directory": "/var/lib/lemonldap-ng/captcha/"
},
"captcha_login_enabled": 0,
"captcha_mail_enabled": 0,
"captcha_register_enabled": 1,
"captcha_size": 6,
"casAccessControlPolicy": "none",
"casAttributes": {
%%custom_join(%%cas_attributes, ',\n ')
},
"casStorageOptions": {},
"cda": 0,
"cfgAuthor": "EOLE",
"cfgAuthorIP": "127.0.0.1",
"cfgDate": 1600257889,
"cfgLog": "",
"cfgNum": "1",
"checkXSS": 1,
"confirmFormMethod": "post",
"cookieName": "lemonldap",
"dbiAuthnLevel": 2,
"dbiExportedVars": {},
"demoExportedVars": {
"cn": "cn",
"mail": "mail",
"uid": "uid"
},
"domain": "%%nom_domaine_local",
"exportedHeaders": {
"%%managerWebName": {}
},
"exportedVars": {
%%custom_join(%%exported_vars, ',\n ')
},
"facebookAuthnLevel": 1,
"facebookExportedVars": {},
"failedLoginNumber": 5,
"globalStorage": "Apache::Session::File",
"globalStorageOptions": {
"Directory": "/var/lib/lemonldap-ng/sessions",
"LockDirectory": "/var/lib/lemonldap-ng/sessions/lock"
},
"googleAuthnLevel": 1, "googleAuthnLevel": 1,
"successLoginNumber": 5, "googleExportedVars": {},
"grantSessionRules": {},
"groups": {},
"hiddenAttributes": "_password",
"hideOldPassword": 0,
"httpOnly": 1,
"https": 0,
"infoFormMethod": "get",
"issuerDBCASActivation": 1,
"issuerDBCASPath": "^/%%casFolder/",
"issuerDBCASRule": 1,
"issuerDBGetParameters": {},
"issuerDBOpenIDActivation": "1",
"issuerDBOpenIDPath": "^/openidserver/",
"issuerDBOpenIDRule": 1,
"issuerDBSAMLActivation": 0,
"issuerDBSAMLPath": "^/saml/",
"issuerDBSAMLRule": 1,
"jsRedirect": 0,
"key": "e\"bTCt3*eU9^\\V%b",
"ldapAllowResetExpiredPassword": 0,
"ldapAuthnLevel": 2,
"ldapBase": "%%ldapUserBaseDN",
"ldapChangePasswordAsUser": 0,
"ldapExportedVars": {
"cn": "cn",
"mail": "mail",
"uid": "uid"
},
"ldapGroupAttributeName": "memberUid",
"ldapGroupAttributeNameGroup": "dn",
"ldapGroupAttributeNameSearch": "cn",
"ldapGroupAttributeNameUser": "uid",
"ldapGroupObjectClass": "eolegroupe",
"ldapGroupRecursive": 0,
"ldapPasswordResetAttribute": "pwdReset",
"ldapPasswordResetAttributeValue": "TRUE",
"ldapPort": "%%ldapServerPort",
"ldapPpolicyControl": 0,
"ldapPwdEnc": "utf-8",
"ldapServer": "%%ldapScheme://%%ldapServer",
"ldapSetPassword": 0,
"ldapTimeout": 120,
"ldapUsePasswordResetAttribute": 1,
"ldapVersion": 3,
"localSessionStorage": "Cache::FileCache",
"localSessionStorageOptions": { "localSessionStorageOptions": {
"cache_depth": 3,
"cache_root": "/tmp", "cache_root": "/tmp",
"namespace": "lemonldap-ng-sessions",
"default_expires_in": 600, "default_expires_in": 600,
"directory_umask": "007", "directory_umask": "007",
"cache_depth": 3 "namespace": "lemonldap-ng-sessions"
}, },
"samlSPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
"portalRequireOldPassword": 1,
"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;",
"ADPwdExpireWarning": 0,
"yubikeyPublicIDSize": 12,
"ldapGroupAttributeNameGroup": "dn",
"oidcRPMetaDataOptionsExtraClaims": null,
"ldapGroupRecursive": 0,
"mailSubject": "[LemonLDAP::NG] Your new password",
"nginxCustomHandlers": {},
"samlSPSSODescriptorAuthnRequestsSigned": 1,
%if %%llResetPassword == "oui"
"portalDisplayResetPassword": 1,
%else
"portalDisplayResetPassword": 0,
%end if
"openIdSreg_timezone": "_timezone",
"infoFormMethod": "get",
"openIdAuthnLevel": 1,
"openIdSreg_nickname": "uid",
"samlServicePublicKeyEnc": "",
"userDB": "LDAP",
"grantSessionRules": {},
"remoteGlobalStorage": "Lemonldap::NG::Common::Apache::Session::SOAP",
"reloadUrls": {
"%%reloadWebName": "https://%%reloadWebName/reload"
},
"registerTimeout": 0,
"samlIDPSSODescriptorSingleSignOnServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;",
"slaveAuthnLevel": 2,
"samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
"Soap": 1,
%set %%RegisterDB=%%getVar('llRegisterDB', 'Demo')
%if %%RegisterDB == "Custom"
"registerDB": "Null",
%else
"registerDB": "%%RegisterDB",
%end if
"locationRules": { "locationRules": {
"%%managerWebName": { "%%managerWebName": {
"default": "$uid eq \"%%lemonAdmin\"" "default": "$uid eq \"%%lemonAdmin\""
},
"test1.%%nom_domaine_local": {
"default": "accept",
"^/logout": "logout_sso"
},
"test2.%%nom_domaine_local": {
"default": "accept",
"^/logout": "logout_sso"
} }
}, },
"portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/", "loginHistoryEnabled": 1,
"hideOldPassword": 0, "logoutServices": {},
"lwpSslOpts": {},
"macros": {
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
},
"mailCharset": "utf-8",
"mailConfirmSubject": "[LemonLDAP::NG] Password reset confirmation",
"mailFrom": "noreply@%%nom_domaine_local",
"mailOnPasswordChange": 0,
"mailSessionKey": "mail",
"mailSubject": "[LemonLDAP::NG] Your new password",
"mailTimeout": 0,
%if %%llResetPassword == "oui"
%if %%is_empty(%%llResetUrl)
"mailUrl": "https://%%authWebName/mail.pl",
%else
"mailUrl": "%%llResetUrl",
%end if
%end if
"maintenance": 0,
"managerDn": "%%ldapBindUserDN",
%if %%is_file(%%ldapBindUserPassword) %if %%is_file(%%ldapBindUserPassword)
"managerPassword": "%%readPass("", %%ldapBindUserPassword)", "managerPassword": "%%readPass("", %%ldapBindUserPassword)",
%else %else
"managerPassword": "%%ldapBindUserPassword", "managerPassword": "%%ldapBindUserPassword",
%end if %end if
"authChoiceParam": "lmAuth", "multiValuesSeparator": ";",
"lwpSslOpts": {}, "nginxCustomHandlers": {},
"portalSkinRules": {}, "notification": 1,
"issuerDBOpenIDPath": "^/openidserver/", "notificationStorage": "File",
"redirectFormMethod": "get",
"portalDisplayRegister": 1,
"secureTokenMemcachedServers": "127.0.0.1:11211",
"notificationStorageOptions": { "notificationStorageOptions": {
"dirName": "/var/lib/lemonldap-ng/notifications" "dirName": "/var/lib/lemonldap-ng/notifications"
}, },
"browserIdAuthnLevel": 1,
"portalUserAttr": "_user",
"ldapVersion": 3,
"sessionDataToRemember": {},
"samlNameIDFormatMapX509": "mail",
"managerDn": "%%ldapBindUserDN",
"mailSessionKey": "mail",
"openIdSreg_email": "mail",
"localSessionStorage": "Cache::FileCache",
"persistentStorage": "Apache::Session::File",
"mailOnPasswordChange": 0,
"captchaStorage": "Apache::Session::File",
"remoteGlobalStorageOptions": {
"proxy": "https://%%authWebName/index.pl/sessions",
"ns": "https://%%authWebName/Lemonldap/NG/Common/CGI/SOAPService"
},
"passwordDB": "LDAP",
"captcha_size": 6,
"mailCharset": "utf-8",
"facebookExportedVars": {},
"nullAuthnLevel": 2,
"singleIP": 0,
"dbiExportedVars": {},
"portalSkin": "bootstrap",
"storePassword": 0,
"hiddenAttributes": "_password",
"samlServicePrivateKeySig": "",
"globalStorage": "Apache::Session::File",
"notificationWildcard": "allusers", "notificationWildcard": "allusers",
"portalForceAuthn": 0, "notifyDeleted": 1,
"samlMetadataForceUTF8": 1,
"secureTokenUrls": ".*",
"secureTokenAllowOnError": 1,
"samlAuthnContextMapTLSClient": 5,
"ldapAllowResetExpiredPassword": 0,
"oidcOPMetaDataExportedVars": {},
"notifyOther": 0, "notifyOther": 0,
"secureTokenExpiration": 60, "nullAuthnLevel": 2,
"captcha_mail_enabled": 0, "oidcOPMetaDataExportedVars": {},
"samlStorageOptions": {},
"samlOrganizationDisplayName": "Example",
"trustedProxies": "",
"secureTokenHeader": "Auth-Token",
"issuerDBCASActivation": 1,
"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;",
"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
"samlIDPMetaDataXML": {},
"oidcStorageOptions": {},
"cfgDate": 1519998069,
"samlAuthnContextMapPassword": 2,
"portalDisplayLoginHistory": 1,
"ldapPasswordResetAttributeValue": "TRUE",
"ldapServer": "%%ldapScheme://%%ldapServer",
"samlIDPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;",
"samlIDPMetaDataExportedAttributes": null,
"samlServicePrivateKeyEnc": "",
"useRedirectOnForbidden": 0,
"captcha_login_enabled": 0,
"https": 0,
"checkXSS": 1,
"ldapSetPassword": 0,
"portalPingInterval": 60000,
"captchaStorageOptions": {
"Directory": "/var/lib/lemonldap-ng/captcha/"
},
"useSafeJail": 1,
"registerDoneSubject": "[LemonLDAP::NG] Your new account",
"issuerDBCASRule": 1,
"samlAuthnContextMapKerberos": 4,
"ldapGroupAttributeNameSearch": "cn",
"logoutServices": {},
"samlIDPSSODescriptorWantAuthnRequestsSigned": 1,
"portalDisplayLogout": 1,
"issuerDBGetParameters": {},
"googleExportedVars": {},
"openIdSreg_fullname": "cn",
"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact",
"demoExportedVars": {
"mail": "mail",
"uid": "uid",
"cn": "cn"
},
"oidcOPMetaDataJSON": null, "oidcOPMetaDataJSON": null,
"samlIdPResolveCookie": "lemonldapidp",
"samlRelayStateTimeout": 600,
"samlOrganizationURL": "https://auth.%%nom_domaine_local",
"globalStorageOptions": {
"Directory": "/var/lib/lemonldap-ng/sessions",
"LockDirectory": "/var/lib/lemonldap-ng/sessions/lock"
},
"ldapExportedVars": {
"mail": "mail",
"cn": "cn",
"uid": "uid"
},
"webIDExportedVars": {},
"activeTimer": 1,
"cda": 0,
"samlServicePublicKeySig": "",
%if %%llCheckLogins == "oui"
"portalCheckLogins": 1,
%else
"portalCheckLogins": 0,
%end if
"CAS_authnLevel": 1,
"macros": {
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
},
"samlIDPMetaDataOptions": null,
"twitterAuthnLevel": 1,
"openIdExportedVars": {},
"captcha_register_enabled": 1,
"oidcOPMetaDataJWKS": null, "oidcOPMetaDataJWKS": null,
"webIDAuthnLevel": 1, "oidcOPMetaDataOptions": null,
"issuerDBOpenIDActivation": "1", "oidcRPMetaDataExportedVars": {},
%if %%is_empty(%%llResetUrl) "oidcRPMetaDataOptions": {},
"mailUrl": "https://%%authWebName/mail.pl", "oidcRPMetaDataOptionsExtraClaims": null,
%else
"mailUrl": "%%llResetUrl",
%end if
"maintenance": 0,
"jsRedirect": 0,
"cfgAuthor": "Cadoles",
"persistentStorageOptions": {
"LockDirectory": "/var/lib/lemonldap-ng/psessions/lock",
"Directory": "/var/lib/lemonldap-ng/psessions"
},
"SSLAuthnLevel": 5,
"oidcServiceMetaDataAuthnContext": {}, "oidcServiceMetaDataAuthnContext": {},
"samlIDPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact", "oidcStorageOptions": {},
"notification": 1, "openIdAuthnLevel": 1,
"ldapChangePasswordAsUser": 0, "openIdExportedVars": {},
"CAS_proxiedServices": {}, "openIdSPList": "0;",
"key": "e\"bTCt3*eU9^\\V%b", "openIdSreg_email": "mail",
"openIdSreg_fullname": "cn",
"openIdSreg_nickname": "uid",
"openIdSreg_timezone": "_timezone",
"passwordDB": "LDAP",
"persistentStorage": "Apache::Session::File",
"persistentStorageOptions": {
"Directory": "/var/lib/lemonldap-ng/psessions",
"LockDirectory": "/var/lib/lemonldap-ng/psessions/lock"
},
"portal": "https://%%authWebName/", "portal": "https://%%authWebName/",
"singleSessionUserByIP": 0, "portalAntiFrame": 1,
"portalCheckLogins": %%boolean[%%llCheckLogins],
"portalDisplayAppslist": 1,
"portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/",
"portalDisplayLoginHistory": 1,
"portalDisplayLogout": 1,
"portalDisplayRegister": 1,
"portalDisplayResetPassword": %%boolean[%%llResetPassword],
"portalForceAuthn": 0,
"portalForceAuthnInterval": 0,
"portalOpenLinkInNewWindow": 0, "portalOpenLinkInNewWindow": 0,
"portalPingInterval": 60000,
"portalRequireOldPassword": 1,
"portalSkin": "bootstrap",
"portalSkinRules": {},
"portalUserAttr": "_user",
"post": { "post": {
"test2.%%nom_domaine_local": {},
"test1.%%nom_domaine_local": {},
"%%managerWebName": {} "%%managerWebName": {}
}, },
"samlSPSSODescriptorAssertionConsumerServiceHTTPPost": "0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost", "radiusAuthnLevel": 3,
"issuerDBSAMLRule": 1, "randomPasswordRegexp": "[A-Z]{3}[a-z]{5}.\\d{2}",
"samlCommonDomainCookieActivation": 0, "redirectFormMethod": "get",
"syslog": "", "registerConfirmSubject": "[LemonLDAP::NG] Account register confirmation",
"ldapBase": "%%ldapUserBaseDN", %set %%register_db = %%getVar('llRegisterDB', 'Demo')
"ldapAuthnLevel": 2, %if %%register_db == 'Custom'
"mailTimeout": 0, "registerDB": "Null",
"samlEntityID": "#PORTAL#/saml/metadata",
"oidcOPMetaDataOptions": null,
"samlSPSSODescriptorWantAssertionsSigned": 1,
"samlOrganizationName": "%%samlOrganizationName",
%if %%RegisterDB == "Custom"
"registerUrl": "%%llRegisterURL", "registerUrl": "%%llRegisterURL",
%else %else
"registerDB": "%%register_db",
"registerUrl": "https://%%authWebName/register.pl", "registerUrl": "https://%%authWebName/register.pl",
%end if %end if
"casAccessControlPolicy": "none", "registerDoneSubject": "[LemonLDAP::NG] Your new account",
"multiValuesSeparator": ";", "registerTimeout": 0,
"ldapPort": %%ldapServerPort "reloadUrls": {
"%%reloadWebName": "https://%%reloadWebName/reload"
},
"remoteGlobalStorage": "Lemonldap::NG::Common::Apache::Session::SOAP",
"remoteGlobalStorageOptions": {
"ns": "https://%%authWebName/Lemonldap/NG/Common/CGI/SOAPService",
"proxy": "https://%%authWebName/index.pl/sessions"
},
"samlAttributeAuthorityDescriptorAttributeServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;",
"samlAuthnContextMapKerberos": 4,
"samlAuthnContextMapPassword": 2,
"samlAuthnContextMapPasswordProtectedTransport": 3,
"samlAuthnContextMapTLSClient": 5,
"samlCommonDomainCookieActivation": 0,
"samlEntityID": "#PORTAL#/saml/metadata",
"samlIDPMetaDataExportedAttributes": null,
"samlIDPMetaDataOptions": null,
"samlIDPMetaDataXML": {},
"samlIDPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
"samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
"samlIDPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;",
"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;",
"samlIDPSSODescriptorSingleSignOnServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;",
"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;",
"samlIDPSSODescriptorSingleSignOnServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;",
"samlIDPSSODescriptorWantAuthnRequestsSigned": 1,
"samlIdPResolveCookie": "lemonldapidp",
"samlMetadataForceUTF8": 1,
"samlNameIDFormatMapEmail": "mail",
"samlNameIDFormatMapKerberos": "uid",
"samlNameIDFormatMapWindows": "uid",
"samlNameIDFormatMapX509": "mail",
"samlOrganizationDisplayName": "Example",
"samlOrganizationName": "%%samlOrganizationName",
"samlOrganizationURL": "https://auth.%%nom_domaine_local",
"samlRelayStateTimeout": 600,
"samlSPMetaDataExportedAttributes": null,
"samlSPMetaDataOptions": null,
"samlSPMetaDataXML": null,
"samlSPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact",
"samlSPSSODescriptorAssertionConsumerServiceHTTPPost": "0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost",
"samlSPSSODescriptorAuthnRequestsSigned": 1,
"samlSPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
"samlSPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;",
"samlSPSSODescriptorWantAssertionsSigned": 1,
"samlServicePrivateKeyEnc": "",
"samlServicePrivateKeyEncPwd": "",
"samlServicePrivateKeySig": "",
"samlServicePrivateKeySigPwd": "",
"samlServicePublicKeyEnc": "",
"samlServicePublicKeySig": "",
"samlStorageOptions": {},
"samlUseQueryStringSpecific": 0,
"secureTokenAllowOnError": 1,
"secureTokenAttribute": "uid",
"secureTokenExpiration": 60,
"secureTokenHeader": "Auth-Token",
"secureTokenMemcachedServers": "127.0.0.1:11211",
"secureTokenUrls": ".*",
"securedCookie": 0,
"sessionDataToRemember": {},
"singleIP": 0,
"singleSession": 0,
"singleSessionUserByIP": 0,
"slaveAuthnLevel": 2,
"slaveExportedVars": {},
"storePassword": 0,
"successLoginNumber": 5,
"syslog": "",
"timeout": 72000,
"timeoutActivity": 0,
"trustedProxies": "",
"twitterAuthnLevel": 1,
"useRedirectOnError": 1,
"useRedirectOnForbidden": 0,
"useSafeJail": 1,
"userControl": "^[\\w\\.\\-@]+$",
"userDB": "LDAP",
"vhostOptions": {
"%%managerWebName": {
"vhostHttps": "1"
}
},
"webIDAuthnLevel": 1,
"webIDExportedVars": {},
"whatToTrace": "_whatToTrace",
"yubikeyAuthnLevel": 3,
"yubikeyPublicIDSize": 12
} }