LemonLDAP::NG should be installable side by side with EOLESSO

Ref: #30852
2020-10-14 13:16:45 +02:00 · 2020-10-14 13:16:45 +02:00 · 6be262c6fb
parent 04215109ac
commit 6be262c6fb
4 changed files with 3 additions and 80 deletions
--- a/dicos/70_lemonldap_ng.xml
+++ b/dicos/70_lemonldap_ng.xml
@ -9,9 +9,6 @@
        <file filelist='lemon' name='/etc/lemonldap-ng/lemonldap-ng.ini' mkdir='True' rm='True'/>
        <file filelist='lemon' name='/var/lib/lemonldap-ng/conf/lmConf-1.json' mkdir='True' rm='True'/>
        <file filelist='lemon' name='/etc/default/lemonldap-ng-fastcgi-server' mkdir='True' rm='True'/>
        <file filelist='lemonCAS' name='/usr/share/php/configCAS/cas.inc.php' source='cas.inc.php.tmpl' mkdir='True'/>
        <file filelist='lemonCAS' name='/usr/share/php/CAS/eoleCASConfig.php' source='eoleCASConfig.php.tmpl' mkdir='True'/>
        <file filelist='lemonCAS' name='/etc/pam_cas.conf' source="pam_cas_auth.conf"/>
        <service>lemonldap-ng-fastcgi-server</service>
        <service_access service='nginx'>
            <port service_accesslist="saLemon">80</port>
@ -42,21 +39,17 @@
            <variable name="lemonAdmin" type='string' description="LemonLDAP Administrator username" mode='expert'>
                <value>admin</value>
            </variable>
-            <variable name="nginxBucketSize" type='number' description="Taille du hash des noms de serveur pour NGINX" mode='expert'>
+
                <value>64</value>
            </variable>
            <variable name="casAttribute" description="Nom de l'attribut CAS" type="string" mode="expert" multi="True"/>
            <variable name="casLDAPAttribute" description="Attribut LDAP équivalent" type="string" mode="expert"/>
            <variable name="casFolder" description="Endpoint du service cas" type="string" mode="expert">
                <value>cas</value>
            </variable>
-            <variable name='cas_send_logout' type='oui/non' description="Activer le logout centralisé du serveur SSO" hidden='True'>
+
            <variable name='cas_send_logout' type='oui/non' description="Activer le logout centralisé du serveur SSO" hidden='True' exists='False'>
                <value>oui</value>
            </variable>
            <variable name='ssoCALocation' type='string' description="Chemin de l'autorité de certification (ou rien)" mode="expert"/>
            <variable name='ssoDebug' type='string' description="Activer le Debug pour la lib php-CAS" mode="expert">
                <value>non</value>
            </variable>
            <variable name='llSkin' type='string' description="Skin utilisé par LemonLDAP::NG">
                <value>bootstrap</value>
            </variable>
@ -136,7 +129,6 @@
        <variable name='managerWebName'>Nom DNS de l'application de gestion de LemonLDAP::NG ex:manager.cadoles.com</variable>
        <variable name='authWebName'>Nom DNS de service d'authentification de LemonLDAP::NG ex:auth.cadoles.com</variable>
        <variable name='ldapUserBaseDN'>DN de l'utilisateur de connection en lecture à l'annuaire (ex: cn=reader,o=gouv,c=fr)</variable>
        <variable name='nginxBucketSize'>server_names_hash_bucket_size Taille du hash des noms de serveur pour NGINX</variable>
        <variable name='llCheckLogins'>Affiche une case à cocher sur la mire SSO qui permet a l'utilisateur de voir l'historique de connection de son compte avant d'être redirigé vers le service demandé</variable>
        <variable name='llCSPTargets'>Liste des domaines à ajouter à la directive form-action.</variable>
    </help>
--- a/tmpl/cas.inc.php.tmpl
+++ b/tmpl/cas.inc.php.tmpl
@ -1,27 +0,0 @@
 <?php
 define("__CAS_SERVER", "%%authWebName");
 define("__CAS_VERSION", "2.0");
 define("__CAS_FOLDER", "%%casFolder");
 define("__CAS_PORT", 443);
 define("__CAS_PROTO", "https");
 %if %%cas_send_logout == 'oui'
 define("__CAS_LOGOUT", true);
 %else
 define("__CAS_LOGOUT", false);
 %end if
 %if %%getVar('activer_web_valider_ca', 'non') == 'oui'
 define("__CAS_VALIDER_CA", true);
 %else
 define("__CAS_VALIDER_CA", false);
 %end if
 %if %%is_empty(%%getVar('ssoCALocation', ''))
 define("__CAS_CA_LOCATION", "/etc/ssl/certs/ca.crt");
 %else
 define("__CAS_CA_LOCATION", "%%ssoCALocation");
 %end if
 %if %%getVar("ssoDebug", 'non') == "oui"
 define("__CAS_DEBUG", true);
 %else
 define("__CAS_DEBUG", false);
 %end if
 ?>
--- a/tmpl/eoleCASConfig.php.tmpl
+++ b/tmpl/eoleCASConfig.php.tmpl
@ -1,7 +0,0 @@
 <?php
 %if %%mode_conteneur_actif != "non"
 define("__CAS_IP", "%%adresse_ip_br0");
 %else
 define("__CAS_IP", "false");
 %end if
 ?>
--- a/tmpl/pam_cas_auth.conf
+++ b/tmpl/pam_cas_auth.conf
@ -1,35 +0,0 @@
 # sample pam_cas config
 # host from CAS server. mandatory
 host %%authWebName
 # port from CAS server. Default to 80 or 443, depends from ssl instruction
 port 443
 # uri to validate ticket. Default to /proxyValidate
 uriValidate /proxyValidate
 # https or no. values on or off. Default to on.
 ssl on
 # debug (on) or no (off). debug in syslog, level LOG_DEBUG. Default to off
 debug off
 # proxy or proxies who deliver Proxy Ticket.
 # If no proxy, pam_cas doesn't control it
 # It may be several proxy instructions
 #proxy https://%%authWebName/proxycas/casimap.php
 #proxy https://imp.its.yale.edu/cas/casProxy.php
 #proxy https://uportal1.its.yale.edu/CasProxyServlet
 #proxy https://uportal2.its.yale.edu/CasProxyServlet
 # trusted_ca. mandatory if ssl on.
 # It a file in pem format. It can contents several certificates
 # If the CAS server certificate is auto-signed, the file must content the certificate
 # If the certificate is trusted by an Certificate Autority, The file must content
 #    certificate from high level CA
 %if not %%is_empty(%%getVar('ssoCALocation', ''))
 trusted_ca %%ssoCALocation
 %else
 trusted_ca /etc/ssl/certs/ca.crt
 %end if