First commit
This commit is contained in:
parent
54cfa10c7a
commit
4eb5b96a70
|
@ -0,0 +1,27 @@
|
||||||
|
################################
|
||||||
|
# Makefile pour XXX-XXX
|
||||||
|
################################
|
||||||
|
|
||||||
|
SOURCE=eole-lemonldap
|
||||||
|
VERSION=0.1
|
||||||
|
EOLE_VERSION=2.6
|
||||||
|
EOLE_RELEASE=2.6.2
|
||||||
|
PKGAPPS=non
|
||||||
|
#FLASK_MODULE=<APPLICATION>
|
||||||
|
|
||||||
|
################################
|
||||||
|
# Début de zone à ne pas éditer
|
||||||
|
################################
|
||||||
|
|
||||||
|
include eole.mk
|
||||||
|
include apps.mk
|
||||||
|
|
||||||
|
################################
|
||||||
|
# Fin de zone à ne pas éditer
|
||||||
|
################################
|
||||||
|
|
||||||
|
# Makefile rules dedicated to application
|
||||||
|
# if exists
|
||||||
|
ifneq (, $(strip $(wildcard $(SOURCE).mk)))
|
||||||
|
include $(SOURCE).mk
|
||||||
|
endif
|
12
README.md
12
README.md
|
@ -1,3 +1,15 @@
|
||||||
# eole-lemonldap
|
# eole-lemonldap
|
||||||
|
|
||||||
Intégration LemonLDAP::NG pour EOLE
|
Intégration LemonLDAP::NG pour EOLE
|
||||||
|
|
||||||
|
## Howto
|
||||||
|
|
||||||
|
* Add the lemonldap-ng deb respository we need the last version of LemonLDAP.
|
||||||
|
|
||||||
|
Gen_config -> Mode Expert -> Dépôts tiers -> Libellé du dépôt
|
||||||
|
|
||||||
|
*# LemonLDAP::NG repository
|
||||||
|
deb https://lemonldap-ng.org/deb stable main
|
||||||
|
deb-src https://lemonldap-ng.org/deb stable main
|
||||||
|
Key URL : https://lemonldap-ng.org/_media/rpm-gpg-key-ow2
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,64 @@
|
||||||
|
#
|
||||||
|
# NE PAS EDITER CE FICHIER
|
||||||
|
#
|
||||||
|
# Voir Makefile
|
||||||
|
|
||||||
|
|
||||||
|
##########################
|
||||||
|
# Application web envole #
|
||||||
|
##########################
|
||||||
|
ifneq (, $(filter oui web, $(PKGAPPS)))
|
||||||
|
#
|
||||||
|
# Sanity check
|
||||||
|
#
|
||||||
|
ifeq (, $(filter-out X.X, $(strip $(VERSION))))
|
||||||
|
$(error $$(VERSION) variable has incorrect value '$(VERSION)')
|
||||||
|
endif
|
||||||
|
|
||||||
|
# Where to store web application files
|
||||||
|
WEB_PATH := $(DESTDIR)/var/www/html
|
||||||
|
|
||||||
|
# Envole
|
||||||
|
sharenvole_PROG_DIR := $(DESTDIR)/usr/share/envole/$(SOURCE)
|
||||||
|
|
||||||
|
src_$(SOURCE)-$(VERSION)_REC_DIR := $(WEB_PATH)/$(SOURCE)
|
||||||
|
src_plugins-$(VERSION)_REC_DIR := $(WEB_PATH)/$(SOURCE)/plugin
|
||||||
|
src_lang-$(VERSION)_REC_DIR := $(WEB_PATH)/$(SOURCE)/lang
|
||||||
|
|
||||||
|
endif
|
||||||
|
|
||||||
|
##########################
|
||||||
|
# Application EOLE flask #
|
||||||
|
##########################
|
||||||
|
ifneq (, $(filter flask, $(PKGAPPS)))
|
||||||
|
#
|
||||||
|
# Sanity check
|
||||||
|
#
|
||||||
|
ifeq (, $(filter-out XXX, $(strip $(FLASK_MODULE))))
|
||||||
|
$(error $$(FLASK_MODULE) variable has incorrect value '$(FLASK_MODULE)')
|
||||||
|
endif
|
||||||
|
|
||||||
|
ifeq (, $(strip $(wildcard src/$(FLASK_MODULE).conf)))
|
||||||
|
$(error missing eoleflask configuration file 'src/$(FLASK_MODULE).conf')
|
||||||
|
endif
|
||||||
|
|
||||||
|
# Everything is related to mount point
|
||||||
|
APPS_MOUNT_POINT := $(shell sed -ne 's|^"MOUNT_POINT"[[:space:]]*:[[:space:]]*"/\([^"]*\)",|\1|p' \
|
||||||
|
src/$(FLASK_MODULE).conf)
|
||||||
|
|
||||||
|
ifeq (, $(strip $(APPS_MOUNT_POINT)))
|
||||||
|
$(error no "MOUNT_POINT" in eoleflask configuration file 'src/$(FLASK_MODULE).conf')
|
||||||
|
endif
|
||||||
|
|
||||||
|
# eole-flask configuration
|
||||||
|
src_DATA_DIR := $(DESTDIR)/etc/eole/flask/available
|
||||||
|
|
||||||
|
# Where to store flask application files
|
||||||
|
FLASK_PATH := $(eole_DIR)/flask/$(APPS_MOUNT_POINT)
|
||||||
|
|
||||||
|
# static files
|
||||||
|
src_$(FLASK_MODULE)_static_REC_DIR := $(FLASK_PATH)/static
|
||||||
|
src_$(FLASK_MODULE)_templates_REC_DIR := $(FLASK_PATH)/templates
|
||||||
|
src_$(FLASK_MODULE)_instance_REC_DIR := $(FLASK_PATH)/resources
|
||||||
|
|
||||||
|
endif
|
|
@ -0,0 +1,42 @@
|
||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<creole>
|
||||||
|
<files>
|
||||||
|
<!-- Je suis un commentaire -->
|
||||||
|
<file filelist='lemon' name='/etc/nginx/sites-available/http_lemon.conf' source='market.nginx' mkdir='True' rm='True'/>
|
||||||
|
<service_access service='nginx'>
|
||||||
|
<port service_accesslist="saLemon">80</port>
|
||||||
|
<port service_accesslist="saLemon">443</port>
|
||||||
|
</service_access>
|
||||||
|
</files>
|
||||||
|
<variables>
|
||||||
|
<family name='Services'>
|
||||||
|
<variable name='activerLemon' type='oui/non' description="Activer l'hébergement d'une place de marché HTTP ">
|
||||||
|
<value>non</value>
|
||||||
|
</variable>
|
||||||
|
</family>
|
||||||
|
<family name='Lemon-LDAP-NG'>
|
||||||
|
<variable name='managerWebName' type='string' description="Nom DNS du manager LemonLDAP-NG"/>
|
||||||
|
<variable name='authWebName' type='string' description="Nom DNS du service d'authentification LemonLDAP-NG"/>
|
||||||
|
<value>/srv/one/market</value>
|
||||||
|
</variable>
|
||||||
|
</family>
|
||||||
|
</variables>
|
||||||
|
<constraints>
|
||||||
|
<fill name='concat' target='managerWebName'>
|
||||||
|
<param type='eole'>nom_machine</param>
|
||||||
|
<param>.</param>
|
||||||
|
<param type='eole'>nom_domaine_local</param>
|
||||||
|
</fill>
|
||||||
|
<condition name='disabled_if_in' source='activerLemon'>
|
||||||
|
<param>non</param>
|
||||||
|
<target type='filelist'>lemon</target>
|
||||||
|
<target type='family'>Lemon-LDAP-NG</target>
|
||||||
|
<target type='service_accesslist'>saLemon</target>
|
||||||
|
</condition>
|
||||||
|
</constraints>
|
||||||
|
<help>
|
||||||
|
<variable name='activer_http_lemon'>Activer l'hébergement d'une place de marché HTTP pour OpenNebula</variable>
|
||||||
|
<variable name='managerWebName'>Nom DNS de l'application de gestion de LemonLDAP-NG ex:manager.cadoles.com</variable>
|
||||||
|
<variable name='authWebName'>Nom DNS de l'application de gestion de LemonLDAP-NG ex:manager.cadoles.com</variable>
|
||||||
|
</help>
|
||||||
|
</creole>
|
|
@ -0,0 +1,231 @@
|
||||||
|
#
|
||||||
|
# NE PAS EDITER CE FICHIER
|
||||||
|
#
|
||||||
|
# Utiliser <appli>.mk à inclure à la fin de Makefile
|
||||||
|
|
||||||
|
#################
|
||||||
|
# Sanity checks #
|
||||||
|
#################
|
||||||
|
|
||||||
|
ifeq (, $(DESTDIR))
|
||||||
|
$(warning $$(DESTDIR) is empty, installation will be done in /)
|
||||||
|
endif
|
||||||
|
|
||||||
|
ifeq (, $(filter-out XXX-XXX, $(strip $(SOURCE))))
|
||||||
|
$(error $$(SOURCE) variable has incorrect value '$(SOURCE)')
|
||||||
|
endif
|
||||||
|
|
||||||
|
ifeq (, $(filter-out 2.X, $(strip $(EOLE_VERSION))))
|
||||||
|
$(error $$(EOLE_VERSION) variable has incorrect value '$(EOLE_VERSION)')
|
||||||
|
endif
|
||||||
|
|
||||||
|
ifeq (, $(filter-out 2.X.Y, $(strip $(EOLE_RELEASE))))
|
||||||
|
$(error $$(EOLE_RELEASE) variable has incorrect value '$(EOLE_RELEASE)')
|
||||||
|
endif
|
||||||
|
|
||||||
|
#########################
|
||||||
|
# Variables definitions #
|
||||||
|
#########################
|
||||||
|
|
||||||
|
INSTALL := install
|
||||||
|
INSTALL_DATA := install -m 644
|
||||||
|
INSTALL_PROGRAM := install -m 755
|
||||||
|
INSTALL_DIRECTORY := install -m 755 -d
|
||||||
|
INSTALL_RECURSIVE := cp -dr --no-preserve=ownership
|
||||||
|
|
||||||
|
# Standard path
|
||||||
|
bin_PROG_DIR := $(DESTDIR)/usr/bin
|
||||||
|
sbin_PROG_DIR := $(DESTDIR)/usr/sbin
|
||||||
|
man8_DATA_DIR := $(DESTDIR)/usr/share/man/fr.UTF-8/man8
|
||||||
|
|
||||||
|
# Base
|
||||||
|
eole_DIR := $(DESTDIR)/usr/share/eole
|
||||||
|
|
||||||
|
ifeq ($(strip $(EOLE_VERSION)), 2.3)
|
||||||
|
diagnose_PROG_DIR := $(eole_DIR)/diagnose/module
|
||||||
|
else
|
||||||
|
diagnose_PROG_DIR := $(eole_DIR)/diagnose/
|
||||||
|
endif
|
||||||
|
|
||||||
|
# Creole
|
||||||
|
creole_DIR := $(eole_DIR)/creole
|
||||||
|
dicos_DATA_DIR := $(creole_DIR)/dicos
|
||||||
|
tmpl_DATA_DIR := $(creole_DIR)/distrib
|
||||||
|
preservice_PROG_DIR := $(eole_DIR)/preservice
|
||||||
|
pretemplate_PROG_DIR := $(eole_DIR)/pretemplate
|
||||||
|
posttemplate_PROG_DIR := $(eole_DIR)/posttemplate
|
||||||
|
postservice_PROG_DIR := $(eole_DIR)/postservice
|
||||||
|
ifeq ($(strip $(EOLE_VERSION)), 2.3)
|
||||||
|
firewall_DATA_DIR := $(eole_DIR)/firewall
|
||||||
|
endif
|
||||||
|
bacula_restore_DATA_DIR := $(eole_DIR)/bacula/restore
|
||||||
|
bareos_restore_DATA_DIR := $(eole_DIR)/bareos/restore
|
||||||
|
bacula_fichier_DATA_DIR := $(DESTDIR)/etc/bacula/baculafichiers.d
|
||||||
|
bareos_fichier_DATA_DIR := $(DESTDIR)/etc/bareos/bareosfichiers.d
|
||||||
|
ifeq ($(strip $(EOLE_VERSION)), 2.3)
|
||||||
|
schedule_pre_PROG_DIR := $(eole_DIR)/schedule/pre
|
||||||
|
schedule_post_PROG_DIR := $(eole_DIR)/schedule/post
|
||||||
|
else
|
||||||
|
schedule_scripts_PROG_DIR := $(eole_DIR)/schedule/scripts
|
||||||
|
endif
|
||||||
|
extra_REC_DIR := $(creole_DIR)/extra
|
||||||
|
|
||||||
|
# Zéphir
|
||||||
|
zephir_DATA_DIR := $(DESTDIR)/usr/share/zephir
|
||||||
|
zephir_configs_DATA_DIR := $(zephir_DATA_DIR)/monitor/configs
|
||||||
|
zephir_srv_DATA_DIR := $(zephir_configs_DATA_DIR)/services
|
||||||
|
zephir_scripts_PROG_DIR := $(zephir_DATA_DIR)/scripts
|
||||||
|
|
||||||
|
# SSO
|
||||||
|
sso_DATA_DIR := $(DESTDIR)/usr/share/sso
|
||||||
|
sso_filtres_DATA_DIR := $(sso_DATA_DIR)/app_filters
|
||||||
|
sso_user-info_DATA_DIR := $(sso_DATA_DIR)/user_infos
|
||||||
|
|
||||||
|
# EAD
|
||||||
|
ead_DATA_DIR := $(DESTDIR)/usr/share/ead2/backend/config
|
||||||
|
ead_actions_DATA_DIR := $(ead_DATA_DIR)/actions
|
||||||
|
ead_perms_DATA_DIR := $(ead_DATA_DIR)/perms
|
||||||
|
ead_roles_DATA_DIR := $(ead_DATA_DIR)/roles
|
||||||
|
|
||||||
|
# Program libraries goes under /usr/lib/<PROGRAM>/
|
||||||
|
lib_$(SOURCE)_DATA_DIR := $(DESTDIR)/usr/lib/$(SOURCE)
|
||||||
|
|
||||||
|
# Scripts Eole
|
||||||
|
scripts_PROG_DIR := $(eole_DIR)/sbin
|
||||||
|
lib_eole_DATA_DIR := $(DESTDIR)/usr/lib/eole
|
||||||
|
|
||||||
|
# LDAP
|
||||||
|
ldap_passwords_DATA_DIR := $(eole_DIR)/annuaire/password_files
|
||||||
|
|
||||||
|
# LXC
|
||||||
|
lxc_DATA_DIR := $(eole_DIR)/lxc
|
||||||
|
lxc_fstab_DATA_DIR := $(lxc_DATA_DIR)/fstab
|
||||||
|
lxc_hosts_DATA_DIR := $(lxc_DATA_DIR)/hosts
|
||||||
|
|
||||||
|
# SQL
|
||||||
|
sql_DATA_DIR := $(eole_DIR)/mysql/$(SOURCE)
|
||||||
|
sql_gen_DATA_DIR := $(sql_DATA_DIR)/gen
|
||||||
|
sql_updates_DATA_DIR := $(sql_DATA_DIR)/updates
|
||||||
|
|
||||||
|
sql_conf_gen_DATA_DIR := $(eole_DIR)/applications/gen
|
||||||
|
sql_conf_passwords_DATA_DIR := $(eole_DIR)/applications/passwords
|
||||||
|
sql_conf_updates_DATA_DIR := $(eole_DIR)/applications/updates/$(SOURCE)
|
||||||
|
|
||||||
|
# EoleDB sql directory
|
||||||
|
db_DIR := $(eole_DIR)/db
|
||||||
|
db_gen_DATA_DIR := $(eole_DIR)/db/$(SOURCE)/gen
|
||||||
|
db_updates_DATA_DIR := $(eole_DIR)/db/$(SOURCE)/updates
|
||||||
|
|
||||||
|
# Certifs
|
||||||
|
certs_DATA_DIR := $(eole_DIR)/certs
|
||||||
|
|
||||||
|
# Logrotate
|
||||||
|
logrotate_DATA_DIR := $(DESTDIR)/etc/logrotate.d
|
||||||
|
|
||||||
|
# Cron
|
||||||
|
cron_PROG_DIR := $(DESTDIR)/etc/cron.daily
|
||||||
|
|
||||||
|
# Python modules
|
||||||
|
ifneq ($(DESTDIR),)
|
||||||
|
PYTHON_OPTS := --root $(DESTDIR)
|
||||||
|
endif
|
||||||
|
|
||||||
|
# Translation
|
||||||
|
TRANSLATION_SRC := translation
|
||||||
|
TRANSLATION_DEST := $(DESTDIR)/usr/share/locale
|
||||||
|
PO_FILES = $(wildcard $(TRANSLATION_SRC)/*/*.po)
|
||||||
|
MO_FOLDERS = $(addprefix $(TRANSLATION_DEST), $(addsuffix LC_MESSAGES,$(subst $(TRANSLATION_SRC),,$(dir $(PO_FILES)))))
|
||||||
|
|
||||||
|
#############################################
|
||||||
|
# Common directories and files installation #
|
||||||
|
#############################################
|
||||||
|
|
||||||
|
all:
|
||||||
|
|
||||||
|
$(MO_FOLDERS):
|
||||||
|
$(INSTALL_DIRECTORY) $@
|
||||||
|
|
||||||
|
$(PO_FILES): $(MO_FOLDERS)
|
||||||
|
msgfmt -o $(TRANSLATION_DEST)$(subst $(TRANSLATION_SRC),,$(addsuffix LC_MESSAGES,$(dir $@)))/$(notdir $(@:.po=.mo)) $@
|
||||||
|
|
||||||
|
install-lang: $(PO_FILES)
|
||||||
|
|
||||||
|
install:: install-dirs install-files install-lang
|
||||||
|
|
||||||
|
# $1 = command to run
|
||||||
|
# $2 = source directory
|
||||||
|
# $3 = destination directory
|
||||||
|
define fc_install_file
|
||||||
|
if [ -d $2 ]; then \
|
||||||
|
for file in `ls -1 $2/`; do \
|
||||||
|
$1 $2/$$file $3 || true; \
|
||||||
|
done; \
|
||||||
|
fi
|
||||||
|
endef
|
||||||
|
|
||||||
|
##
|
||||||
|
## Directory creation
|
||||||
|
##
|
||||||
|
|
||||||
|
# use % to catch local name in $*
|
||||||
|
# data, program and recursive directory require a corresponding
|
||||||
|
# directory in local sources
|
||||||
|
%_DATA_DIR %_PROG_DIR %REC_DIR:
|
||||||
|
test ! -d $(subst _,/,$*) || $(INSTALL_DIRECTORY) $($@)
|
||||||
|
|
||||||
|
# Create the directory referenced by the variable without a local one.
|
||||||
|
%_DIR:
|
||||||
|
@: # do nothing
|
||||||
|
|
||||||
|
##
|
||||||
|
## Install files present directly under data, program and recursive directories
|
||||||
|
##
|
||||||
|
|
||||||
|
# $* : name of variable
|
||||||
|
# $($*): value of variable
|
||||||
|
%-instdata:
|
||||||
|
$(call fc_install_file, $(INSTALL_DATA), $(subst _,/,$(subst _DATA_DIR,,$*)), $($*))
|
||||||
|
|
||||||
|
%-instprog:
|
||||||
|
$(call fc_install_file, $(INSTALL_PROGRAM), $(subst _,/,$(subst _PROG_DIR,,$*)), $($*))
|
||||||
|
|
||||||
|
%-instrec:
|
||||||
|
$(call fc_install_file, $(INSTALL_RECURSIVE), $(subst _,/,$(subst _REC_DIR,,$*)), $($*))
|
||||||
|
|
||||||
|
|
||||||
|
# Use second expansion as variables may be created in included
|
||||||
|
# Makefiles
|
||||||
|
.SECONDEXPANSION:
|
||||||
|
|
||||||
|
# List of all directories
|
||||||
|
installdirs_LIST = $(foreach V, $(filter %_DIR, $(.VARIABLES)), \
|
||||||
|
$(if $(filter file, $(origin $(V))), \
|
||||||
|
$(V)))
|
||||||
|
# List of data directories
|
||||||
|
installdata_LIST = $(filter %_DATA_DIR, $(installdirs_LIST))
|
||||||
|
# List of program directories
|
||||||
|
installprog_LIST = $(filter %_PROG_DIR, $(installdirs_LIST))
|
||||||
|
# List of recursive directories
|
||||||
|
installrec_LIST = $(filter %_REC_DIR, $(installdirs_LIST))
|
||||||
|
|
||||||
|
# Expand directories to create as dependency
|
||||||
|
# Use double-colon to permit user to define additionnal install-dirs
|
||||||
|
install-dirs:: $$(installdirs_LIST)
|
||||||
|
|
||||||
|
# Expand files to install as dependency
|
||||||
|
# Use double-colon to permit user to define additionnal install-files
|
||||||
|
install-files:: install-data-files install-prog-files install-rec-dirs
|
||||||
|
|
||||||
|
install-data-files: $$(patsubst %,%-instdata,$$(installdata_LIST))
|
||||||
|
|
||||||
|
install-prog-files: $$(patsubst %,%-instprog,$$(installprog_LIST))
|
||||||
|
|
||||||
|
install-rec-dirs: $$(patsubst %,%-instrec,$$(installrec_LIST))
|
||||||
|
|
||||||
|
# Installation of python modules
|
||||||
|
ifeq ($(shell test -f setup.py && echo 0), 0)
|
||||||
|
install-files::
|
||||||
|
python setup.py install --no-compile --install-layout=deb $(PYTHON_OPTS)
|
||||||
|
endif
|
||||||
|
|
||||||
|
.PHONY: install install-dirs install-files install-data-files install-prog-files install-rec-dirs
|
|
@ -0,0 +1,48 @@
|
||||||
|
#=======================================================================
|
||||||
|
# Nginx configuration for LemonLDAP::NG Handler
|
||||||
|
#=======================================================================
|
||||||
|
# This file implements the reload virtualhost that permits to reload
|
||||||
|
# configuration without restarting server.
|
||||||
|
# You need then to declare this vhost in reloadUrls (in the manager
|
||||||
|
# interface if this server doesn't host the manager itself):
|
||||||
|
#
|
||||||
|
# KEY : VALUE
|
||||||
|
# host-or-IP:port : http://reload.example.com/reload
|
||||||
|
#
|
||||||
|
# IMPORTANT:
|
||||||
|
# To protect applications, see test-nginx.conf template in example files
|
||||||
|
|
||||||
|
# Log format
|
||||||
|
include /etc/lemonldap-ng/nginx-lmlog.conf;
|
||||||
|
#access_log /var/log/nginx/access.log lm_combined;
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name reload.example.com;
|
||||||
|
root /var/www/html;
|
||||||
|
|
||||||
|
location = /reload {
|
||||||
|
allow 127.0.0.1;
|
||||||
|
deny all;
|
||||||
|
include /etc/nginx/fastcgi_params;
|
||||||
|
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
||||||
|
fastcgi_param LLTYPE reload;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Client requests
|
||||||
|
location / {
|
||||||
|
deny all;
|
||||||
|
|
||||||
|
# Uncomment this if you use https only
|
||||||
|
#add_header Strict-Transport-Security "15768000";
|
||||||
|
}
|
||||||
|
|
||||||
|
# Uncomment this if status is enabled
|
||||||
|
#location = /status {
|
||||||
|
# allow 127.0.0.1;
|
||||||
|
# deny all;
|
||||||
|
# include /etc/nginx/fastcgi_params;
|
||||||
|
# fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
||||||
|
# fastcgi_param LLTYPE status;
|
||||||
|
#}
|
||||||
|
}
|
|
@ -0,0 +1,284 @@
|
||||||
|
;==============================================================================
|
||||||
|
; LemonLDAP::NG local configuration parameters
|
||||||
|
;
|
||||||
|
; This file is dedicated to configuration parameters override
|
||||||
|
; You can set here configuration parameters that will be used only by
|
||||||
|
; local LemonLDAP::NG elements
|
||||||
|
;
|
||||||
|
; Section "all" is always read first before "portal", "handler"
|
||||||
|
; and "manager"
|
||||||
|
;
|
||||||
|
; Section "configuration" is used to load global configuration and set cache
|
||||||
|
; (replace old storage.conf file)
|
||||||
|
;
|
||||||
|
; Section "apply" is read by Manager to reload handlers
|
||||||
|
; (replace old apply.conf file)
|
||||||
|
;
|
||||||
|
; Other section are only read by the specific LemonLDAP::NG component
|
||||||
|
;==============================================================================
|
||||||
|
|
||||||
|
[all]
|
||||||
|
|
||||||
|
; CUSTOM FUNCTION
|
||||||
|
; If you want to create customFunctions in rules, declare them here:
|
||||||
|
;customFunctions = function1 function2
|
||||||
|
;customFunctions = Package::func1 Package::func2
|
||||||
|
|
||||||
|
; CROSS-DOMAIN
|
||||||
|
; If you have some handlers that are not registered on the main domain,
|
||||||
|
; uncomment this
|
||||||
|
;cda = 1
|
||||||
|
|
||||||
|
; SAFE JAIL
|
||||||
|
; Uncomment this to disable Safe jail.
|
||||||
|
; Warning: this can allow malicious code in custom functions or rules
|
||||||
|
;useSafeJail = 0
|
||||||
|
|
||||||
|
[configuration]
|
||||||
|
|
||||||
|
; GLOBAL CONFIGURATION ACCESS TYPE
|
||||||
|
; (File, SOAP, RDBI/CDBI, LDAP)
|
||||||
|
; Set here the parameters needed to access to LemonLDAP::NG configuration.
|
||||||
|
; You have to set "type" to one of the followings :
|
||||||
|
;
|
||||||
|
; * File: you have to set 'dirName' parameter. Example:
|
||||||
|
;
|
||||||
|
; type = File
|
||||||
|
; dirName = /var/lib/lemonldap-ng/conf
|
||||||
|
;
|
||||||
|
; * RDBI/CDBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword'
|
||||||
|
; if needed. Example:
|
||||||
|
;
|
||||||
|
; type = RDBI
|
||||||
|
; ;type = CDBI
|
||||||
|
; dbiChain = DBI:mysql:database=lemonldap-ng;host=1.2.3.4
|
||||||
|
; dbiUser = lemonldap
|
||||||
|
; dbiPassword = password
|
||||||
|
;
|
||||||
|
; * SOAP: SOAP configuration access is a sort of proxy: the portal is
|
||||||
|
; configured to use the real session storage type (DBI or File for
|
||||||
|
; example).
|
||||||
|
; You have to set 'proxy' parameter. Example:
|
||||||
|
;
|
||||||
|
; type = SOAP
|
||||||
|
; proxy = https://auth.example.com/index.pl/config
|
||||||
|
; proxyOptions = { timeout => 5 }
|
||||||
|
; User = lemonldap
|
||||||
|
; Password = mypassword
|
||||||
|
;
|
||||||
|
; * LDAP: you have to set ldapServer, ldapConfBase, ldapBindDN and ldapBindPassword.
|
||||||
|
;
|
||||||
|
; type = LDAP
|
||||||
|
; ldapServer = ldap://localhost
|
||||||
|
; ldapConfBase = ou=conf,ou=applications,dc=example,dc=com
|
||||||
|
; ldapBindDN = cn=manager,dc=example,dc=com
|
||||||
|
; ldapBindPassword = secret
|
||||||
|
; ldapObjectClass = applicationProcess
|
||||||
|
; ldapAttributeId = cn
|
||||||
|
; ldapAttributeContent = description
|
||||||
|
|
||||||
|
type=File
|
||||||
|
dirName = /var/lib/lemonldap-ng/conf
|
||||||
|
|
||||||
|
; LOCAL CACHE CONFIGURATION
|
||||||
|
;
|
||||||
|
; To increase performances, use a local cache for the configuration. You have
|
||||||
|
; to choose a Cache::Cache module and set its parameters. Example:
|
||||||
|
;
|
||||||
|
; localStorage = Cache::FileCache
|
||||||
|
; localStorageOptions={ \
|
||||||
|
; 'namespace' => 'lemonldap-ng-config',\
|
||||||
|
; 'default_expires_in' => 600, \
|
||||||
|
; 'directory_umask' => '007', \
|
||||||
|
; 'cache_root' => '/tmp', \
|
||||||
|
; 'cache_depth' => 0, \
|
||||||
|
; }
|
||||||
|
localStorage=Cache::FileCache
|
||||||
|
localStorageOptions={ \
|
||||||
|
'namespace' => 'lemonldap-ng-config',\
|
||||||
|
'default_expires_in' => 600, \
|
||||||
|
'directory_umask' => '007', \
|
||||||
|
'cache_root' => '/tmp', \
|
||||||
|
'cache_depth' => 0, \
|
||||||
|
}
|
||||||
|
|
||||||
|
[portal]
|
||||||
|
|
||||||
|
; PERFORMANCES
|
||||||
|
; By setting useLocalConf, Portal will use only local cached configuration
|
||||||
|
; To refresh it, you must have an handler on the same server or you have to
|
||||||
|
; restart your server. This increase performances
|
||||||
|
;useLocalConf = 1
|
||||||
|
|
||||||
|
; PORTAL CUSTOMIZATION
|
||||||
|
; Name of the skin
|
||||||
|
;portalSkin = pastel
|
||||||
|
; Modules displayed
|
||||||
|
;portalDisplayLogout = 1
|
||||||
|
;portalDisplayResetPassword = 1
|
||||||
|
;portalDisplayChangePassword = 1
|
||||||
|
;portalDisplayAppslist = 1
|
||||||
|
;portalDisplayLoginHistory = 1
|
||||||
|
; Require the old password when changing password
|
||||||
|
;portalRequireOldPassword = 1
|
||||||
|
; Attribute displayed as connected user
|
||||||
|
;portalUserAttr = mail
|
||||||
|
; Old menu HTML code
|
||||||
|
; Enable it if you use old templates
|
||||||
|
;useOldMenuItems=1
|
||||||
|
; Override error codes
|
||||||
|
;error_0 = You are well authenticated!
|
||||||
|
; Custom template parameters
|
||||||
|
; For example to use <TMPL_VAR NAME="myparam">
|
||||||
|
;tpl_myparam = test
|
||||||
|
|
||||||
|
; LOG
|
||||||
|
; By default, all is logged in Apache file. To log user actions by
|
||||||
|
; syslog, just set syslog facility here:
|
||||||
|
;syslog = auth
|
||||||
|
; SOAP FUNCTIONS
|
||||||
|
; Remove comment to activate SOAP Functions getCookies(user,pwd) and
|
||||||
|
; error(language, code)
|
||||||
|
;Soap = 1
|
||||||
|
; Note that getAttibutes() will be activated but on a different URI
|
||||||
|
; (http://auth.example.com/index.pl/sessions)
|
||||||
|
; You can also restrict attributes and macros exported by getAttributes
|
||||||
|
;exportedAttr = uid mail
|
||||||
|
|
||||||
|
; PASSWORD POLICY
|
||||||
|
; Remove comment to use LDAP Password Policy
|
||||||
|
;ldapPpolicyControl = 1
|
||||||
|
; Remove comment to store password in session (use with caution)
|
||||||
|
;storePassword = 1
|
||||||
|
; Remove comment to use LDAP modify password extension
|
||||||
|
; (beware of compatibility with LDAP Password Policy)
|
||||||
|
;ldapSetPassword = 1
|
||||||
|
; RESET PASSWORD BY MAIL
|
||||||
|
; SMTP server (default to localhost), set to '' to use default mail service
|
||||||
|
;SMTPServer = localhost
|
||||||
|
; SMTP auth user
|
||||||
|
;SMTPAuthUser = toto
|
||||||
|
; SMTP auth password
|
||||||
|
;SMTPAuthPass = secret
|
||||||
|
; Mail From address
|
||||||
|
;mailFrom = noreply@example.com
|
||||||
|
; Reply To
|
||||||
|
;mailReplyTo = noreply@example.com
|
||||||
|
; Mail confirmation URL
|
||||||
|
;mailUrl = http://reset.example.com
|
||||||
|
; Mail subject for confirmation message
|
||||||
|
;mailConfirmSubject = [LemonLDAP::NG] Password reset confirmation
|
||||||
|
; Mail body for confiramtion (can use $url for confirmation URL, and other session
|
||||||
|
; infos, like $cn). Keep comment to use HTML templates
|
||||||
|
;mailConfirmBody = Hello $cn,\n\nClick here to receive your new password: $url
|
||||||
|
; Mail subject for new password message
|
||||||
|
;mailSubject = [LemonLDAP::NG] Your new password
|
||||||
|
; Mail body for new password (can use $password for generated password, and other session
|
||||||
|
; infos, like $cn). Keep comment to use HTML templates
|
||||||
|
;mailBody = Hello $cn,\n\nYour new password is $password
|
||||||
|
; LDAP filter to use
|
||||||
|
;mailLDAPFilter = '(&(mail=$mail)(objectClass=inetOrgPerson))'
|
||||||
|
; Random regexp for password generation
|
||||||
|
;randomPasswordRegexp = [A-Z]{3}[a-z]{5}.\d{2}
|
||||||
|
; LDAP GROUPS
|
||||||
|
; Set the base DN of your groups branch
|
||||||
|
;ldapGroupBase = ou=groups,dc=example,dc=com
|
||||||
|
; Objectclass used by groups
|
||||||
|
;ldapGroupObjectClass = groupOfUniqueNames
|
||||||
|
; Attribute used by groups to store member
|
||||||
|
;ldapGroupAttributeName = uniqueMember
|
||||||
|
; Attribute used by user to link to groups
|
||||||
|
;ldapGroupAttributeNameUser = dn
|
||||||
|
; Attribute used to identify a group. The group will be displayed as
|
||||||
|
; cn|mail|status, where cn, mail and status will be replaced by their
|
||||||
|
; values.
|
||||||
|
;ldapGroupAttributeNameSearch = cn mail
|
||||||
|
|
||||||
|
; NOTIFICATIONS SERVICE
|
||||||
|
; Use it to be able to notify messages during authentication
|
||||||
|
;notification = 1
|
||||||
|
; Note that the SOAP function newNotification will be activated on
|
||||||
|
; http://auth.example.com/index.pl/notification
|
||||||
|
; If you want to hide this, just protect "/index.pl/notification" in
|
||||||
|
; your Apache configuration file
|
||||||
|
; XSS protection bypass
|
||||||
|
; By default, the portal refuse redirections that comes from sites not
|
||||||
|
; registered in the configuration (manager) except for those coming
|
||||||
|
; from trusted domains. By default, trustedDomains contains the domain
|
||||||
|
; declared in the manager. You can set trustedDomains to empty value so
|
||||||
|
; that, undeclared sites will be rejected. You can also set here a list
|
||||||
|
; of trusted domains or hosts separated by spaces. This is usefull if
|
||||||
|
; your website use LemonLDAP::NG without handler with SOAP functions.
|
||||||
|
;trustedDomains = my.trusted.host example2.com
|
||||||
|
|
||||||
|
; Check XSS
|
||||||
|
; Set to 0 to disable error on XSS attack detection
|
||||||
|
;checkXSS = 0
|
||||||
|
|
||||||
|
[handler]
|
||||||
|
|
||||||
|
; Handler cache configuration
|
||||||
|
; You can overwrite here local session cache settings in manager:
|
||||||
|
; localSessionStorage=Cache::FileCache
|
||||||
|
; localSessionStorageOptions={ \
|
||||||
|
; 'namespace' => 'lemonldap-ng-sessions', \
|
||||||
|
; 'default_expires_in' => 600, \
|
||||||
|
; 'directory_umask' => '007', \
|
||||||
|
; 'cache_root' => '/tmp', \
|
||||||
|
; 'cache_depth' => 3, \
|
||||||
|
; }
|
||||||
|
|
||||||
|
; Set https to 1 if your handler protect a https website (used only for
|
||||||
|
; redirections to the portal)
|
||||||
|
;https = 0
|
||||||
|
; Set port if your your hanlder protect a website on a non standard port
|
||||||
|
; - 80 for http, 443 for https (used only for redirections to the portal)
|
||||||
|
;port = 8080
|
||||||
|
; Set status to 1 if you want to have the report of activity (used for
|
||||||
|
; example to inform MRTG)
|
||||||
|
status = 0
|
||||||
|
; Set useRedirectOnForbidden to 1 if you want to use REDIRECT and not FORBIDDEN
|
||||||
|
; when a user is not allowed by Handler
|
||||||
|
;useRedirectOnForbidden = 1
|
||||||
|
; Hide LemonLDAP::NG Handler in Apache Server Signature
|
||||||
|
;hideSignature = 1
|
||||||
|
useRedirectOnError = 1
|
||||||
|
|
||||||
|
; Zimbra Handler parameters
|
||||||
|
;zimbraPreAuthKey = XXXX
|
||||||
|
;zimbraAccountKey = uid
|
||||||
|
;zimbraBy =id
|
||||||
|
;zimbraUrl = /service/preauth
|
||||||
|
;zimbraSsoUrl = ^/zimbrasso$
|
||||||
|
|
||||||
|
[manager]
|
||||||
|
|
||||||
|
; Manager protection: by default, the manager is protected by a demo account.
|
||||||
|
; You can protect it :
|
||||||
|
; * by Apache itself,
|
||||||
|
; * by the parameter 'protection' which can take one of the following
|
||||||
|
; values :
|
||||||
|
; * authenticate : all authenticated users can access
|
||||||
|
; * manager : manager is protected like other virtual hosts: you
|
||||||
|
; have to set rules in the corresponding virtual host
|
||||||
|
; * <rule> : you can set here directly the rule to apply
|
||||||
|
; * none : no protection
|
||||||
|
protection = manager
|
||||||
|
|
||||||
|
; logLevel. Set here one of error, warn, notice, info or debug
|
||||||
|
logLevel = warn
|
||||||
|
|
||||||
|
; staticPrefix: relative (or URL) location of static HTML components
|
||||||
|
staticPrefix = /static
|
||||||
|
;
|
||||||
|
; location of HTML templates directory
|
||||||
|
templateDir = /usr/share/lemonldap-ng/manager/templates
|
||||||
|
|
||||||
|
; languages: available languages for manager interface
|
||||||
|
languages = fr, en
|
||||||
|
|
||||||
|
; Manager modules enabled
|
||||||
|
; Set here the list of modules you want to see in manager interface
|
||||||
|
; The first will be used as default module displayed
|
||||||
|
enabledModules = conf, sessions, notifications
|
||||||
|
|
|
@ -0,0 +1,167 @@
|
||||||
|
{
|
||||||
|
"applicationList" : {
|
||||||
|
"1sample" : {
|
||||||
|
"catname" : "Sample applications",
|
||||||
|
"test1" : {
|
||||||
|
"options" : {
|
||||||
|
"description" : "A simple application displaying authenticated user",
|
||||||
|
"display" : "auto",
|
||||||
|
"logo" : "demo.png",
|
||||||
|
"name" : "Application Test 1",
|
||||||
|
"uri" : "http://test1.example.com/"
|
||||||
|
},
|
||||||
|
"type" : "application"
|
||||||
|
},
|
||||||
|
"test2" : {
|
||||||
|
"options" : {
|
||||||
|
"description" : "The same simple application displaying authenticated user",
|
||||||
|
"display" : "auto",
|
||||||
|
"logo" : "thumbnail.png",
|
||||||
|
"name" : "Application Test 2",
|
||||||
|
"uri" : "http://test2.example.com/"
|
||||||
|
},
|
||||||
|
"type" : "application"
|
||||||
|
},
|
||||||
|
"type" : "category"
|
||||||
|
},
|
||||||
|
"2administration" : {
|
||||||
|
"catname" : "Administration",
|
||||||
|
"manager" : {
|
||||||
|
"options" : {
|
||||||
|
"description" : "Configure LemonLDAP::NG WebSSO",
|
||||||
|
"display" : "auto",
|
||||||
|
"logo" : "configure.png",
|
||||||
|
"name" : "WebSSO Manager",
|
||||||
|
"uri" : "http://manager.example.com/manager.html"
|
||||||
|
},
|
||||||
|
"type" : "application"
|
||||||
|
},
|
||||||
|
"notifications" : {
|
||||||
|
"options" : {
|
||||||
|
"description" : "Explore WebSSO notifications",
|
||||||
|
"display" : "auto",
|
||||||
|
"logo" : "database.png",
|
||||||
|
"name" : "Notifications explorer",
|
||||||
|
"uri" : "http://manager.example.com/notifications.html"
|
||||||
|
},
|
||||||
|
"type" : "application"
|
||||||
|
},
|
||||||
|
"sessions" : {
|
||||||
|
"options" : {
|
||||||
|
"description" : "Explore WebSSO sessions",
|
||||||
|
"display" : "auto",
|
||||||
|
"logo" : "database.png",
|
||||||
|
"name" : "Sessions explorer",
|
||||||
|
"uri" : "http://manager.example.com/sessions.html"
|
||||||
|
},
|
||||||
|
"type" : "application"
|
||||||
|
},
|
||||||
|
"type" : "category"
|
||||||
|
},
|
||||||
|
"3documentation" : {
|
||||||
|
"catname" : "Documentation",
|
||||||
|
"localdoc" : {
|
||||||
|
"options" : {
|
||||||
|
"description" : "Documentation supplied with LemonLDAP::NG",
|
||||||
|
"display" : "on",
|
||||||
|
"logo" : "help.png",
|
||||||
|
"name" : "Local documentation",
|
||||||
|
"uri" : "http://manager.example.com/doc/"
|
||||||
|
},
|
||||||
|
"type" : "application"
|
||||||
|
},
|
||||||
|
"officialwebsite" : {
|
||||||
|
"options" : {
|
||||||
|
"description" : "Official LemonLDAP::NG Website",
|
||||||
|
"display" : "on",
|
||||||
|
"logo" : "network.png",
|
||||||
|
"name" : "Offical Website",
|
||||||
|
"uri" : "http://lemonldap-ng.org/"
|
||||||
|
},
|
||||||
|
"type" : "application"
|
||||||
|
},
|
||||||
|
"type" : "category"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"authentication" : "Demo",
|
||||||
|
"cfgAuthor" : "The LemonLDAP::NG team",
|
||||||
|
"cfgNum" : 1,
|
||||||
|
"cookieName" : "lemonldap",
|
||||||
|
"demoExportedVars" : {
|
||||||
|
"cn" : "cn",
|
||||||
|
"mail" : "mail",
|
||||||
|
"uid" : "uid"
|
||||||
|
},
|
||||||
|
"domain" : "example.com",
|
||||||
|
"exportedHeaders" : {
|
||||||
|
"test1.example.com" : {
|
||||||
|
"Auth-User" : "$uid"
|
||||||
|
},
|
||||||
|
"test2.example.com" : {
|
||||||
|
"Auth-User" : "$uid"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"exportedVars" : {
|
||||||
|
"UA" : "HTTP_USER_AGENT"
|
||||||
|
},
|
||||||
|
"globalStorage" : "Apache::Session::File",
|
||||||
|
"globalStorageOptions" : {
|
||||||
|
"Directory" : "/var/lib/lemonldap-ng/sessions",
|
||||||
|
"LockDirectory" : "/var/lib/lemonldap-ng/sessions/lock",
|
||||||
|
"generateModule" : "Lemonldap::NG::Common::Apache::Session::Generate::SHA256"
|
||||||
|
},
|
||||||
|
"groups" : {},
|
||||||
|
"localSessionStorage" : "Cache::FileCache",
|
||||||
|
"localSessionStorageOptions" : {
|
||||||
|
"cache_depth" : 3,
|
||||||
|
"cache_root" : "/tmp",
|
||||||
|
"default_expires_in" : 600,
|
||||||
|
"directory_umask" : "007",
|
||||||
|
"namespace" : "lemonldap-ng-sessions"
|
||||||
|
},
|
||||||
|
"locationRules" : {
|
||||||
|
"manager.example.com" : {
|
||||||
|
"(?#Configuration)^/(manager\\.html|conf/)" : "$uid eq \"dwho\"",
|
||||||
|
"(?#Notifications)/notifications" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
|
||||||
|
"(?#Sessions)/sessions" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
|
||||||
|
"default" : "$uid eq \"dwho\""
|
||||||
|
},
|
||||||
|
"test1.example.com" : {
|
||||||
|
"^/logout" : "logout_sso",
|
||||||
|
"default" : "accept"
|
||||||
|
},
|
||||||
|
"test2.example.com" : {
|
||||||
|
"^/logout" : "logout_sso",
|
||||||
|
"default" : "accept"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"loginHistoryEnabled" : 1,
|
||||||
|
"macros" : {
|
||||||
|
"_whatToTrace" : "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
|
||||||
|
},
|
||||||
|
"mailUrl" : "http://auth.example.com/mail.pl",
|
||||||
|
"notification" : 1,
|
||||||
|
"notificationStorage" : "File",
|
||||||
|
"notificationStorageOptions" : {
|
||||||
|
"dirName" : "/var/lib/lemonldap-ng/notifications"
|
||||||
|
},
|
||||||
|
"passwordDB" : "Demo",
|
||||||
|
"persistentStorage" : "Apache::Session::File",
|
||||||
|
"persistentStorageOptions" : {
|
||||||
|
"Directory" : "/var/lib/lemonldap-ng/psessions",
|
||||||
|
"LockDirectory" : "/var/lib/lemonldap-ng/psessions/lock"
|
||||||
|
},
|
||||||
|
"portal" : "http://auth.example.com/",
|
||||||
|
"portalSkin" : "bootstrap",
|
||||||
|
"portalSkinBackground" : "1280px-Cedar_Breaks_National_Monument_partially.jpg",
|
||||||
|
"registerDB" : "Demo",
|
||||||
|
"registerUrl" : "http://auth.example.com/register.pl",
|
||||||
|
"reloadUrls" : {
|
||||||
|
"reload.example.com" : "http://reload.example.com/reload"
|
||||||
|
},
|
||||||
|
"securedCookie" : 0,
|
||||||
|
"sessionDataToRemember" : {},
|
||||||
|
"timeout" : 72000,
|
||||||
|
"userDB" : "Demo",
|
||||||
|
"whatToTrace" : "_whatToTrace"
|
||||||
|
}
|
|
@ -0,0 +1,386 @@
|
||||||
|
{
|
||||||
|
"ldapGroupAttributeNameUser": "dn",
|
||||||
|
"cfgAuthorIP": "172.16.0.1",
|
||||||
|
"samlSPMetaDataXML": null,
|
||||||
|
"facebookAuthnLevel": 1,
|
||||||
|
"mailConfirmSubject": "[LemonLDAP::NG] Password reset confirmation",
|
||||||
|
"secureTokenAttribute": "uid",
|
||||||
|
"singleSession": 0,
|
||||||
|
"registerConfirmSubject": "[LemonLDAP::NG] Account register confirmation",
|
||||||
|
"CAS_pgtFile": "/tmp/pgt.txt",
|
||||||
|
"cookieName": "lemonldap",
|
||||||
|
"slaveExportedVars": {},
|
||||||
|
"whatToTrace": "_whatToTrace",
|
||||||
|
"oidcRPMetaDataOptions": {},
|
||||||
|
"notifyDeleted": 1,
|
||||||
|
"useRedirectOnError": 1,
|
||||||
|
"samlSPMetaDataExportedAttributes": null,
|
||||||
|
"ldapPwdEnc": "utf-8",
|
||||||
|
"openIdSPList": "0;",
|
||||||
|
"samlNameIDFormatMapEmail": "mail",
|
||||||
|
"samlSPMetaDataOptions": null,
|
||||||
|
"issuerDBOpenIDRule": 1,
|
||||||
|
"casStorageOptions": {},
|
||||||
|
"mailFrom": "noreply@%%nom_domaine_local",
|
||||||
|
"timeoutActivity": 0,
|
||||||
|
"oidcRPMetaDataExportedVars": {},
|
||||||
|
"issuerDBSAMLActivation": 0,
|
||||||
|
"issuerDBCASPath": "^/cas/",
|
||||||
|
"randomPasswordRegexp": "[A-Z]{3}[a-z]{5}.\\d{2}",
|
||||||
|
"samlIDPSSODescriptorSingleSignOnServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;",
|
||||||
|
"samlSPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
|
||||||
|
"exportedHeaders": {
|
||||||
|
"test1.%%nom_domaine_local": {
|
||||||
|
"Auth-User": "$uid"
|
||||||
|
},
|
||||||
|
"test2.%%nom_domaine_local": {
|
||||||
|
"Auth-User": "$uid"
|
||||||
|
},
|
||||||
|
"manager.%%nom_domaine_local": {}
|
||||||
|
},
|
||||||
|
"vhostOptions": {
|
||||||
|
"manager.%%nom_domaine_local": {},
|
||||||
|
"test1.%%nom_domaine_local": {},
|
||||||
|
"test2.%%nom_domaine_local": {}
|
||||||
|
},
|
||||||
|
"radiusAuthnLevel": 3,
|
||||||
|
"dbiAuthnLevel": 2,
|
||||||
|
"ldapPasswordResetAttribute": "pwdReset",
|
||||||
|
"ldapGroupObjectClass": "groupOfNames",
|
||||||
|
"apacheAuthnLevel": 4,
|
||||||
|
"samlNameIDFormatMapKerberos": "uid",
|
||||||
|
"groups": {},
|
||||||
|
"securedCookie": 0,
|
||||||
|
"httpOnly": 1,
|
||||||
|
"yubikeyAuthnLevel": 3,
|
||||||
|
"ADPwdMaxAge": 0,
|
||||||
|
"samlUseQueryStringSpecific": 0,
|
||||||
|
"loginHistoryEnabled": 1,
|
||||||
|
"samlSPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;",
|
||||||
|
"failedLoginNumber": 5,
|
||||||
|
"samlServicePrivateKeyEncPwd": "",
|
||||||
|
"portalForceAuthnInterval": 0,
|
||||||
|
"cfgLog": "",
|
||||||
|
"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
|
||||||
|
"exportedVars": {
|
||||||
|
"UA": "HTTP_USER_AGENT"
|
||||||
|
},
|
||||||
|
"notificationStorage": "File",
|
||||||
|
"applicationList": {
|
||||||
|
"1sample": {
|
||||||
|
"test2": {
|
||||||
|
"options": {
|
||||||
|
"name": "Application Test 2",
|
||||||
|
"logo": "thumbnail.png",
|
||||||
|
"uri": "http://test2.%%nom_domaine_local/",
|
||||||
|
"display": "auto",
|
||||||
|
"description": "The same simple application displaying authenticated user"
|
||||||
|
},
|
||||||
|
"type": "application"
|
||||||
|
},
|
||||||
|
"type": "category",
|
||||||
|
"catname": "Sample applications",
|
||||||
|
"test1": {
|
||||||
|
"type": "application",
|
||||||
|
"options": {
|
||||||
|
"description": "A simple application displaying authenticated user",
|
||||||
|
"uri": "http://test1.%%nom_domaine_local/",
|
||||||
|
"logo": "demo.png",
|
||||||
|
"display": "auto",
|
||||||
|
"name": "Application Test 1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"2administration": {
|
||||||
|
"notifications": {
|
||||||
|
"options": {
|
||||||
|
"name": "Notifications explorer",
|
||||||
|
"display": "auto",
|
||||||
|
"description": "Explore WebSSO notifications",
|
||||||
|
"uri": "http://manager.%%nom_domaine_local/notifications.pl",
|
||||||
|
"logo": "database.png"
|
||||||
|
},
|
||||||
|
"type": "application"
|
||||||
|
},
|
||||||
|
"manager": {
|
||||||
|
"options": {
|
||||||
|
"uri": "http://manager.%%nom_domaine_local/",
|
||||||
|
"display": "auto",
|
||||||
|
"description": "Configure LemonLDAP::NG WebSSO",
|
||||||
|
"logo": "configure.png",
|
||||||
|
"name": "WebSSO Manager"
|
||||||
|
},
|
||||||
|
"type": "application"
|
||||||
|
},
|
||||||
|
"type": "category",
|
||||||
|
"sessions": {
|
||||||
|
"type": "application",
|
||||||
|
"options": {
|
||||||
|
"description": "Explore WebSSO sessions",
|
||||||
|
"uri": "http://manager.%%nom_domaine_local/sessions.pl",
|
||||||
|
"logo": "database.png",
|
||||||
|
"display": "auto",
|
||||||
|
"name": "Sessions explorer"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"catname": "Administration"
|
||||||
|
},
|
||||||
|
"3documentation": {
|
||||||
|
"catname": "Documentation",
|
||||||
|
"officialwebsite": {
|
||||||
|
"type": "application",
|
||||||
|
"options": {
|
||||||
|
"name": "Offical Website",
|
||||||
|
"description": "Official LemonLDAP::NG Website",
|
||||||
|
"logo": "network.png",
|
||||||
|
"display": "on",
|
||||||
|
"uri": "http://lemonldap-ng.org/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "category",
|
||||||
|
"localdoc": {
|
||||||
|
"options": {
|
||||||
|
"logo": "help.png",
|
||||||
|
"description": "Documentation supplied with LemonLDAP::NG",
|
||||||
|
"display": "on",
|
||||||
|
"uri": "http://manager.%%nom_domaine_local/doc/",
|
||||||
|
"name": "Local documentation"
|
||||||
|
},
|
||||||
|
"type": "application"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"userControl": "^[\\w\\.\\-@]+$",
|
||||||
|
"timeout": 72000,
|
||||||
|
"portalAntiFrame": 1,
|
||||||
|
"SMTPServer": "",
|
||||||
|
"ldapTimeout": 120,
|
||||||
|
"samlAuthnContextMapPasswordProtectedTransport": 3,
|
||||||
|
"ldapUsePasswordResetAttribute": 1,
|
||||||
|
"ldapPpolicyControl": 0,
|
||||||
|
"casAttributes": {},
|
||||||
|
"issuerDBSAMLPath": "^/saml/",
|
||||||
|
"samlAttributeAuthorityDescriptorAttributeServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;",
|
||||||
|
"portalDisplayAppslist": 1,
|
||||||
|
"confirmFormMethod": "post",
|
||||||
|
"domain": "%%nom_domaine_local",
|
||||||
|
"cfgNum": "9",
|
||||||
|
"authentication": "LDAP",
|
||||||
|
"samlNameIDFormatMapWindows": "uid",
|
||||||
|
"authChoiceModules": {},
|
||||||
|
"ldapGroupAttributeName": "member",
|
||||||
|
"samlServicePrivateKeySigPwd": "",
|
||||||
|
"googleAuthnLevel": 1,
|
||||||
|
"successLoginNumber": 5,
|
||||||
|
"localSessionStorageOptions": {
|
||||||
|
"cache_root": "/tmp",
|
||||||
|
"namespace": "lemonldap-ng-sessions",
|
||||||
|
"default_expires_in": 600,
|
||||||
|
"directory_umask": "007",
|
||||||
|
"cache_depth": 3
|
||||||
|
},
|
||||||
|
"samlSPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
|
||||||
|
"portalRequireOldPassword": 1,
|
||||||
|
"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;",
|
||||||
|
"ADPwdExpireWarning": 0,
|
||||||
|
"yubikeyPublicIDSize": 12,
|
||||||
|
"ldapGroupAttributeNameGroup": "dn",
|
||||||
|
"oidcRPMetaDataOptionsExtraClaims": null,
|
||||||
|
"ldapGroupRecursive": 0,
|
||||||
|
"mailSubject": "[LemonLDAP::NG] Your new password",
|
||||||
|
"nginxCustomHandlers": {},
|
||||||
|
"samlSPSSODescriptorAuthnRequestsSigned": 1,
|
||||||
|
"portalDisplayResetPassword": 1,
|
||||||
|
"openIdSreg_timezone": "_timezone",
|
||||||
|
"infoFormMethod": "get",
|
||||||
|
"openIdAuthnLevel": 1,
|
||||||
|
"openIdSreg_nickname": "uid",
|
||||||
|
"samlServicePublicKeyEnc": "",
|
||||||
|
"userDB": "LDAP",
|
||||||
|
"grantSessionRules": {},
|
||||||
|
"remoteGlobalStorage": "Lemonldap::NG::Common::Apache::Session::SOAP",
|
||||||
|
"reloadUrls": {
|
||||||
|
"reload.%%nom_domaine_local": "http://reload.%%nom_domaine_local/reload"
|
||||||
|
},
|
||||||
|
"registerTimeout": 0,
|
||||||
|
"samlIDPSSODescriptorSingleSignOnServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;",
|
||||||
|
"slaveAuthnLevel": 2,
|
||||||
|
"samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
|
||||||
|
"Soap": 1,
|
||||||
|
"registerDB": "Demo",
|
||||||
|
"locationRules": {
|
||||||
|
"manager.%%nom_domaine_local": {
|
||||||
|
"default": "$uid eq \"dwho\""
|
||||||
|
},
|
||||||
|
"test1.%%nom_domaine_local": {
|
||||||
|
"default": "accept",
|
||||||
|
"^/logout": "logout_sso"
|
||||||
|
},
|
||||||
|
"test2.%%nom_domaine_local": {
|
||||||
|
"default": "accept",
|
||||||
|
"^/logout": "logout_sso"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/",
|
||||||
|
"hideOldPassword": 0,
|
||||||
|
"managerPassword": "ohc7kei8lil8Zoesai5chisaiGhu5Yaisai6kaegh9aingai0pae8ohb",
|
||||||
|
"authChoiceParam": "lmAuth",
|
||||||
|
"lwpSslOpts": {},
|
||||||
|
"portalSkinRules": {},
|
||||||
|
"issuerDBOpenIDPath": "^/openidserver/",
|
||||||
|
"redirectFormMethod": "get",
|
||||||
|
"portalDisplayRegister": 1,
|
||||||
|
"secureTokenMemcachedServers": "127.0.0.1:11211",
|
||||||
|
"notificationStorageOptions": {
|
||||||
|
"dirName": "/var/lib/lemonldap-ng/notifications"
|
||||||
|
},
|
||||||
|
"browserIdAuthnLevel": 1,
|
||||||
|
"portalUserAttr": "_user",
|
||||||
|
"ldapVersion": 3,
|
||||||
|
"sessionDataToRemember": {},
|
||||||
|
"samlNameIDFormatMapX509": "mail",
|
||||||
|
"managerDn": "cn=reader,o=gouv,c=fr",
|
||||||
|
"mailSessionKey": "mail",
|
||||||
|
"openIdSreg_email": "mail",
|
||||||
|
"localSessionStorage": "Cache::FileCache",
|
||||||
|
"persistentStorage": "Apache::Session::File",
|
||||||
|
"mailOnPasswordChange": 0,
|
||||||
|
"captchaStorage": "Apache::Session::File",
|
||||||
|
"remoteGlobalStorageOptions": {
|
||||||
|
"proxy": "http://auth.%%nom_domaine_local/index.pl/sessions",
|
||||||
|
"ns": "http://auth.%%nom_domaine_local/Lemonldap/NG/Common/CGI/SOAPService"
|
||||||
|
},
|
||||||
|
"passwordDB": "LDAP",
|
||||||
|
"captcha_size": 6,
|
||||||
|
"mailCharset": "utf-8",
|
||||||
|
"facebookExportedVars": {},
|
||||||
|
"nullAuthnLevel": 2,
|
||||||
|
"singleIP": 0,
|
||||||
|
"dbiExportedVars": {},
|
||||||
|
"portalSkin": "bootstrap",
|
||||||
|
"storePassword": 0,
|
||||||
|
"hiddenAttributes": "_password",
|
||||||
|
"samlServicePrivateKeySig": "",
|
||||||
|
"globalStorage": "Apache::Session::File",
|
||||||
|
"notificationWildcard": "allusers",
|
||||||
|
"portalForceAuthn": 0,
|
||||||
|
"samlMetadataForceUTF8": 1,
|
||||||
|
"secureTokenUrls": ".*",
|
||||||
|
"secureTokenAllowOnError": 1,
|
||||||
|
"samlAuthnContextMapTLSClient": 5,
|
||||||
|
"ldapAllowResetExpiredPassword": 0,
|
||||||
|
"oidcOPMetaDataExportedVars": {},
|
||||||
|
"notifyOther": 0,
|
||||||
|
"secureTokenExpiration": 60,
|
||||||
|
"captcha_mail_enabled": 0,
|
||||||
|
"samlStorageOptions": {},
|
||||||
|
"samlOrganizationDisplayName": "Example",
|
||||||
|
"trustedProxies": "",
|
||||||
|
"secureTokenHeader": "Auth-Token",
|
||||||
|
"issuerDBCASActivation": 1,
|
||||||
|
"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;",
|
||||||
|
"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
|
||||||
|
"samlIDPMetaDataXML": {},
|
||||||
|
"oidcStorageOptions": {},
|
||||||
|
"cfgDate": 1519998069,
|
||||||
|
"samlAuthnContextMapPassword": 2,
|
||||||
|
"portalDisplayLoginHistory": 1,
|
||||||
|
"ldapPasswordResetAttributeValue": "TRUE",
|
||||||
|
"ldapServer": "%%ldapScheme://%%ldapServer",
|
||||||
|
"samlIDPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;",
|
||||||
|
"samlIDPMetaDataExportedAttributes": null,
|
||||||
|
"samlServicePrivateKeyEnc": "",
|
||||||
|
"useRedirectOnForbidden": 0,
|
||||||
|
"captcha_login_enabled": 0,
|
||||||
|
"https": 0,
|
||||||
|
"checkXSS": 1,
|
||||||
|
"ldapSetPassword": 0,
|
||||||
|
"portalPingInterval": 60000,
|
||||||
|
"captchaStorageOptions": {
|
||||||
|
"Directory": "/var/lib/lemonldap-ng/captcha/"
|
||||||
|
},
|
||||||
|
"useSafeJail": 1,
|
||||||
|
"registerDoneSubject": "[LemonLDAP::NG] Your new account",
|
||||||
|
"issuerDBCASRule": 1,
|
||||||
|
"samlAuthnContextMapKerberos": 4,
|
||||||
|
"ldapGroupAttributeNameSearch": "cn",
|
||||||
|
"logoutServices": {},
|
||||||
|
"samlIDPSSODescriptorWantAuthnRequestsSigned": 1,
|
||||||
|
"portalDisplayLogout": 1,
|
||||||
|
"issuerDBGetParameters": {},
|
||||||
|
"googleExportedVars": {},
|
||||||
|
"openIdSreg_fullname": "cn",
|
||||||
|
"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact",
|
||||||
|
"demoExportedVars": {
|
||||||
|
"mail": "mail",
|
||||||
|
"uid": "uid",
|
||||||
|
"cn": "cn"
|
||||||
|
},
|
||||||
|
"oidcOPMetaDataJSON": null,
|
||||||
|
"samlIdPResolveCookie": "lemonldapidp",
|
||||||
|
"samlRelayStateTimeout": 600,
|
||||||
|
"samlOrganizationURL": "http://www.%%nom_domaine_local",
|
||||||
|
"globalStorageOptions": {
|
||||||
|
"Directory": "/var/lib/lemonldap-ng/sessions",
|
||||||
|
"LockDirectory": "/var/lib/lemonldap-ng/sessions/lock"
|
||||||
|
},
|
||||||
|
"ldapExportedVars": {
|
||||||
|
"mail": "mail",
|
||||||
|
"cn": "cn",
|
||||||
|
"uid": "uid"
|
||||||
|
},
|
||||||
|
"webIDExportedVars": {},
|
||||||
|
"activeTimer": 1,
|
||||||
|
"cda": 0,
|
||||||
|
"samlServicePublicKeySig": "",
|
||||||
|
"portalCheckLogins": 1,
|
||||||
|
"CAS_authnLevel": 1,
|
||||||
|
"macros": {
|
||||||
|
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
|
||||||
|
},
|
||||||
|
"samlIDPMetaDataOptions": null,
|
||||||
|
"twitterAuthnLevel": 1,
|
||||||
|
"openIdExportedVars": {},
|
||||||
|
"captcha_register_enabled": 1,
|
||||||
|
"oidcOPMetaDataJWKS": null,
|
||||||
|
"webIDAuthnLevel": 1,
|
||||||
|
"issuerDBOpenIDActivation": "1",
|
||||||
|
"mailUrl": "http://auth.%%nom_domaine_local/mail.pl",
|
||||||
|
"maintenance": 0,
|
||||||
|
"jsRedirect": 0,
|
||||||
|
"cfgAuthor": "dwho",
|
||||||
|
"persistentStorageOptions": {
|
||||||
|
"LockDirectory": "/var/lib/lemonldap-ng/psessions/lock",
|
||||||
|
"Directory": "/var/lib/lemonldap-ng/psessions"
|
||||||
|
},
|
||||||
|
"SSLAuthnLevel": 5,
|
||||||
|
"oidcServiceMetaDataAuthnContext": {},
|
||||||
|
"samlIDPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
|
||||||
|
"notification": 1,
|
||||||
|
"ldapChangePasswordAsUser": 0,
|
||||||
|
"CAS_proxiedServices": {},
|
||||||
|
"key": "e\"bTCt3*eU9^\\V%b",
|
||||||
|
"portal": "http://auth.%%nom_domaine_local/",
|
||||||
|
"singleSessionUserByIP": 0,
|
||||||
|
"portalOpenLinkInNewWindow": 0,
|
||||||
|
"post": {
|
||||||
|
"test2.%%nom_domaine_local": {},
|
||||||
|
"test1.%%nom_domaine_local": {},
|
||||||
|
"manager.%%nom_domaine_local": {}
|
||||||
|
},
|
||||||
|
"samlSPSSODescriptorAssertionConsumerServiceHTTPPost": "0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost",
|
||||||
|
"issuerDBSAMLRule": 1,
|
||||||
|
"samlCommonDomainCookieActivation": 0,
|
||||||
|
"syslog": "",
|
||||||
|
"ldapBase": %%ldapUserBaseDN,
|
||||||
|
"ldapAuthnLevel": 2,
|
||||||
|
"mailTimeout": 0,
|
||||||
|
"samlEntityID": "#PORTAL#/saml/metadata",
|
||||||
|
"oidcOPMetaDataOptions": null,
|
||||||
|
"samlSPSSODescriptorWantAssertionsSigned": 1,
|
||||||
|
"samlOrganizationName": "%%samlOrganizationName",
|
||||||
|
"registerUrl": "http://auth.%%nom_domaine_local/register.pl",
|
||||||
|
"casAccessControlPolicy": "none",
|
||||||
|
"multiValuesSeparator": ";",
|
||||||
|
"ldapPort": %%ldapServerPort
|
||||||
|
}
|
|
@ -0,0 +1,63 @@
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name manager.%%nom_domaine_local;
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443;
|
||||||
|
ssl on;
|
||||||
|
ssl_certificate %%server_cert;
|
||||||
|
ssl_certificate_key %%server_key;
|
||||||
|
ssl_client_certificate /etc/ssl/certs/ca.crt;
|
||||||
|
access_log /var/log/nginx/manager-lemon-ldap.access-ssl.log;
|
||||||
|
server_name manager.%%nom_domaine_local;
|
||||||
|
|
||||||
|
error_page 403 404 502 503 504 /nginx.html;
|
||||||
|
location = /nginx.html{
|
||||||
|
root /usr/share/nginx/www;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($uri !~ ^/(manager\.psgi|static|doc|fr-doc|lib|javascript|favicon)) {
|
||||||
|
rewrite ^/(.*)$ /manager.psgi/$1 break;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /manager.psgi {
|
||||||
|
include /etc/nginx/fastcgi_params;
|
||||||
|
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
||||||
|
fastcgi_param LLTYPE manager;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
|
||||||
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||||
|
# Uncomment this if you use https only
|
||||||
|
#add_header Strict-Transport-Security "15768000";
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
index manager.psgi;
|
||||||
|
allow 127.0.0.0/8;
|
||||||
|
deny all;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /doc/ {
|
||||||
|
alias /usr/share/doc/lemonldap-ng-doc/;
|
||||||
|
index index.html start.html;
|
||||||
|
}
|
||||||
|
location /lib/ {
|
||||||
|
alias /usr/share/doc/lemonldap-ng-doc/pages/documentation/current/lib/;
|
||||||
|
}
|
||||||
|
location /fr-doc/ {
|
||||||
|
alias /usr/share/doc/lemonldap-ng-fr-doc/;
|
||||||
|
index index.html start.html;
|
||||||
|
}
|
||||||
|
location /static/ {
|
||||||
|
alias /usr/share/lemonldap-ng/manager/static/;
|
||||||
|
}
|
||||||
|
|
||||||
|
# DEBIAN
|
||||||
|
# If install was made with USEDEBIANLIBS (official releases), uncomment this
|
||||||
|
#location /javascript/ {
|
||||||
|
# alias /usr/share/javascript/;
|
||||||
|
#}
|
||||||
|
}
|
|
@ -0,0 +1,3 @@
|
||||||
|
log_format lm_combined '$remote_addr - $lmremote_user [$time_local] '
|
||||||
|
'"$request" $status $body_bytes_sent '
|
||||||
|
'"$http_referer" "$http_user_agent"';
|
|
@ -0,0 +1,34 @@
|
||||||
|
auth_request_set $headername1 $upstream_http_headername1;
|
||||||
|
auth_request_set $headervalue1 $upstream_http_headervalue1;
|
||||||
|
auth_request_set $headername2 $upstream_http_headername2;
|
||||||
|
auth_request_set $headervalue2 $upstream_http_headervalue2;
|
||||||
|
auth_request_set $headername3 $upstream_http_headername3;
|
||||||
|
auth_request_set $headervalue3 $upstream_http_headervalue3;
|
||||||
|
auth_request_set $headername4 $upstream_http_headername4;
|
||||||
|
auth_request_set $headervalue4 $upstream_http_headervalue4;
|
||||||
|
auth_request_set $headername5 $upstream_http_headername5;
|
||||||
|
auth_request_set $headervalue5 $upstream_http_headervalue5;
|
||||||
|
auth_request_set $headername6 $upstream_http_headername6;
|
||||||
|
auth_request_set $headervalue6 $upstream_http_headervalue6;
|
||||||
|
auth_request_set $headername7 $upstream_http_headername7;
|
||||||
|
auth_request_set $headervalue7 $upstream_http_headervalue7;
|
||||||
|
auth_request_set $headername8 $upstream_http_headername8;
|
||||||
|
auth_request_set $headervalue8 $upstream_http_headervalue8;
|
||||||
|
auth_request_set $headername9 $upstream_http_headername9;
|
||||||
|
auth_request_set $headervalue9 $upstream_http_headervalue9;
|
||||||
|
auth_request_set $headername10 $upstream_http_headername10;
|
||||||
|
auth_request_set $headervalue10 $upstream_http_headervalue10;
|
||||||
|
auth_request_set $lmcookie $upstream_http_cookie;
|
||||||
|
access_by_lua '
|
||||||
|
i = 1
|
||||||
|
ngx.req.set_header("Cookie",ngx.var.lmcookie)
|
||||||
|
while true do
|
||||||
|
if ngx.var["headername"..i] ~= nil then
|
||||||
|
ngx.req.set_header(ngx.var["headername"..i],ngx.var["headervalue"..i])
|
||||||
|
else
|
||||||
|
break
|
||||||
|
end
|
||||||
|
i = i +1
|
||||||
|
end
|
||||||
|
';
|
||||||
|
|
|
@ -0,0 +1,92 @@
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name auth.%%nom_domaine_local;
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443;
|
||||||
|
ssl on;
|
||||||
|
ssl_certificate %%server_cert;
|
||||||
|
ssl_certificate_key %%server_key;
|
||||||
|
ssl_client_certificate /etc/ssl/certs/ca.crt;
|
||||||
|
access_log /var/log/nginx/auth-lemon-ldap.access-ssl.log;
|
||||||
|
server_name auth.%%nom_domaine_local;
|
||||||
|
root /var/lib/lemonldap-ng/portal/;
|
||||||
|
|
||||||
|
location ~ \.pl(?:$|/) {
|
||||||
|
include /etc/nginx/fastcgi_params;
|
||||||
|
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
||||||
|
fastcgi_param LLTYPE cgi;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
set $sn $request_uri;
|
||||||
|
if ($sn ~ "^(.*)\?") {
|
||||||
|
set $sn $1;
|
||||||
|
}
|
||||||
|
if ($sn ~ "^/index.pl") {
|
||||||
|
set $sn "/index.pl";
|
||||||
|
}
|
||||||
|
fastcgi_param SCRIPT_NAME $sn;
|
||||||
|
fastcgi_split_path_info ^(.*\.pl)(/.*)$;
|
||||||
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||||
|
# Uncomment this if you use Auth SSL:
|
||||||
|
#map $ssl_client_s_dn $ssl_client_s_dn_cn {
|
||||||
|
# default "";
|
||||||
|
# ~/CN=(?<CN>[^/]+) $CN;
|
||||||
|
#}
|
||||||
|
#fastcgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn
|
||||||
|
}
|
||||||
|
|
||||||
|
index index.pl;
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
|
||||||
|
# Uncomment this if you use https only
|
||||||
|
#add_header Strict-Transport-Security "15768000";
|
||||||
|
}
|
||||||
|
|
||||||
|
# SOAP functions for sessions management (disabled by default)
|
||||||
|
location /index.pl/adminSessions {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
# SOAP functions for sessions access (disabled by default)
|
||||||
|
location /index.pl/sessions {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
# SOAP functions for configuration access (disabled by default)
|
||||||
|
location /index.pl/config {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
# SOAP functions for notification insertion (disabled by default)
|
||||||
|
location /index.pl/notification {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
# SAML2 Issuer
|
||||||
|
rewrite ^/saml/metadata /metadata.pl last;
|
||||||
|
rewrite ^/saml/.* /index.pl last;
|
||||||
|
|
||||||
|
# CAS Issuer
|
||||||
|
rewrite ^/cas/.* /index.pl;
|
||||||
|
|
||||||
|
# OpenID Issuer
|
||||||
|
rewrite ^/openidserver/.* /index.pl last;
|
||||||
|
|
||||||
|
# OpenID Connect Issuer
|
||||||
|
rewrite ^/oauth2/.* /index.pl last;
|
||||||
|
rewrite ^/.well-known/openid-configuration$ /openid-configuration.pl last;
|
||||||
|
|
||||||
|
# Get Issuer
|
||||||
|
rewrite ^/get/.* /index.pl;
|
||||||
|
|
||||||
|
# Public pages
|
||||||
|
rewrite ^/public.* /public.pl;
|
||||||
|
|
||||||
|
# DEBIAN
|
||||||
|
# If install was made with USEDEBIANLIBS (official releases), uncomment this
|
||||||
|
#location /javascript/ {
|
||||||
|
# alias /usr/share/javascript/;
|
||||||
|
#}
|
||||||
|
}
|
|
@ -0,0 +1,104 @@
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name test1.%%nom_domaine_local test2.%%nom_domaine_local;
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443;
|
||||||
|
ssl on;
|
||||||
|
ssl_certificate %%server_cert;
|
||||||
|
ssl_certificate_key %%server_key;
|
||||||
|
ssl_client_certificate /etc/ssl/certs/ca.crt;
|
||||||
|
access_log /var/log/nginx/test1-2-lemon-ldap.access-ssl.log;
|
||||||
|
|
||||||
|
server_name test1.%%nom_domaine_local test2.%%nom_domaine_local;
|
||||||
|
root /var/lib/lemonldap-ng/test/;
|
||||||
|
|
||||||
|
|
||||||
|
# Internal authentication request
|
||||||
|
location = /lmauth {
|
||||||
|
internal;
|
||||||
|
include /etc/nginx/fastcgi_params;
|
||||||
|
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
||||||
|
# To use AuthBasic handler, uncomment this and remove "error_page 401"
|
||||||
|
# fastcgi_param LLTYPE authbasic;
|
||||||
|
|
||||||
|
# Drop post datas
|
||||||
|
fastcgi_pass_request_body off;
|
||||||
|
fastcgi_param CONTENT_LENGTH "";
|
||||||
|
|
||||||
|
# Keep original hostname
|
||||||
|
fastcgi_param HOST $http_host;
|
||||||
|
|
||||||
|
# Keep original request (LLNG server will received /llauth)
|
||||||
|
fastcgi_param X_ORIGINAL_URI $request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Client requests
|
||||||
|
location / {
|
||||||
|
# Local application
|
||||||
|
index index.pl;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
|
||||||
|
# Reverse proxy
|
||||||
|
#proxy_pass http://remote.server/;
|
||||||
|
#include /etc/nginx/proxy_params;
|
||||||
|
|
||||||
|
##################################
|
||||||
|
# CALLING AUTHENTICATION #
|
||||||
|
##################################
|
||||||
|
auth_request /lmauth;
|
||||||
|
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
|
||||||
|
auth_request_set $lmlocation $upstream_http_location;
|
||||||
|
# Uncomment this if CDA is used
|
||||||
|
#auth_request_set $cookie_value $upstream_http_set_cookie;
|
||||||
|
#add_header Set-Cookie $cookie_value;
|
||||||
|
# Remove this for AuthBasic handler
|
||||||
|
error_page 401 $lmlocation;
|
||||||
|
|
||||||
|
##################################
|
||||||
|
# PASSING HEADERS TO APPLICATION #
|
||||||
|
##################################
|
||||||
|
|
||||||
|
# IF LUA IS SUPPORTED
|
||||||
|
#include /etc/lemonldap-ng/nginx-lua-headers.conf;
|
||||||
|
|
||||||
|
# ELSE
|
||||||
|
# Set manually your headers
|
||||||
|
#auth_request_set $authuser $upstream_http_auth_user;
|
||||||
|
#proxy_set_header Auth-User $authuser;
|
||||||
|
# OR in the correspondinc block
|
||||||
|
#fastcgi_param HTTP_AUTH_USER $authuser;
|
||||||
|
|
||||||
|
# Then (if LUA not supported), change cookie header to hide LLNG cookie
|
||||||
|
#auth_request_set $lmcookie $upstream_http_cookie;
|
||||||
|
#proxy_set_header Cookie: $lmcookie;
|
||||||
|
# OR in the corresponding block
|
||||||
|
#fastcgi_param HTTP_COOKIE $lmcookie;
|
||||||
|
|
||||||
|
# Uncomment this if you use https only
|
||||||
|
#add_header Strict-Transport-Security "15768000";
|
||||||
|
|
||||||
|
# Set REMOTE_USER (for FastCGI apps only)
|
||||||
|
#fastcgi_param REMOTE_USER $lmremote_user;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Handle test CGI
|
||||||
|
location ~ \.pl$ {
|
||||||
|
include /etc/nginx/fastcgi_params;
|
||||||
|
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
||||||
|
fastcgi_param LLTYPE cgi;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_split_path_info ^(.*\.pl)(/.+)$;
|
||||||
|
fastcgi_param REMOTE_USER $lmremote_user;
|
||||||
|
}
|
||||||
|
|
||||||
|
#location = /status {
|
||||||
|
# allow 127.0.0.1;
|
||||||
|
# deny all;
|
||||||
|
# include /etc/nginx/fastcgi_params;
|
||||||
|
# fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
||||||
|
# fastcgi_param LLTYPE status;
|
||||||
|
#}
|
||||||
|
}
|
Loading…
Reference in New Issue