diff --git a/dicos/70_lemonldap_ng.xml b/dicos/70_lemonldap_ng.xml index d75adfc..4bac8f7 100644 --- a/dicos/70_lemonldap_ng.xml +++ b/dicos/70_lemonldap_ng.xml @@ -1,38 +1,44 @@ + - - - - - - - - + + + + + + + + lemonldap-ng-fastcgi-server 80 443 + non + + - --> + + - + - + + 4 @@ -42,6 +48,7 @@ + cas @@ -49,6 +56,7 @@ + bootstrap @@ -66,14 +74,18 @@ + + Configuration DNS Configuration LDAP Configuration CAS Personnalisation de la mire SSO + + manager. @@ -91,19 +103,23 @@ SAML nom_domaine_local + ['ldaps','ldap'] + ['LDAP','Demo','Custom'] + casLDAPAttribute + non - lemon - lemonCAS + lemonldap + lemonldap-nginx LemonLDAP saLemon @@ -124,10 +140,11 @@ False + - Activer l'hébergement d'une place de marché HTTP pour OpenNebula - Nom DNS de l'application de gestion de LemonLDAP::NG ex:manager.cadoles.com - Nom DNS de service d'authentification de LemonLDAP::NG ex:auth.cadoles.com + Activer le service LemonLDAP::NG sur ce serveur + Nom DNS de l'application de gestion de LemonLDAP::NG ex:manager.example.fr + Nom DNS de service d'authentification de LemonLDAP::NG ex:auth.example.fr DN de l'utilisateur de connection en lecture à l'annuaire (ex: cn=reader,o=gouv,c=fr) Affiche une case à cocher sur la mire SSO qui permet a l'utilisateur de voir l'historique de connection de son compte avant d'être redirigé vers le service demandé Liste des domaines à ajouter à la directive form-action. diff --git a/tmpl/test-nginx.conf b/tmpl/test-nginx.conf deleted file mode 100644 index 64e08bd..0000000 --- a/tmpl/test-nginx.conf +++ /dev/null @@ -1,117 +0,0 @@ -server { - listen 80; - server_name test1.%%nom_domaine_local test2.%%nom_domaine_local; - return 301 https://$host$request_uri; -} - -server { - listen 443; - ssl on; - ssl_certificate %%server_cert; - ssl_certificate_key %%server_key; - ssl_client_certificate /etc/ssl/certs/ca.crt; - access_log /var/log/nginx/test1-2-lemon-ldap.access-ssl.log; - - server_name test1.%%nom_domaine_local test2.%%nom_domaine_local; - root /var/lib/lemonldap-ng/test/; - - # Internal authentication request - location = /lmauth { - internal; - - # FastCGI configuration - include /etc/nginx/fastcgi_params; - fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # Drop post datas - fastcgi_pass_request_body off; - fastcgi_param CONTENT_LENGTH ""; - # Keep original hostname - fastcgi_param HOST $http_host; - # Keep original request (LLNG server will receive /lmauth) - fastcgi_param X_ORIGINAL_URI $request_uri; - # Improve performances - #fastcgi_buffer_size 32k; - #fastcgi_buffers 32 32k; - - } - - # Client requests - location / { - # Local application - index index.pl; - try_files $uri $uri/ =404; - - # Reverse proxy - #proxy_pass http://remote.server/; - #include /etc/nginx/proxy_params; - - ################################## - # CALLING AUTHENTICATION # - ################################## - auth_request /lmauth; - auth_request_set $lmremote_user $upstream_http_lm_remote_user; - auth_request_set $lmremote_custom $upstream_http_lm_remote_custom; - auth_request_set $lmlocation $upstream_http_location; - # If CDA is used, uncomment this - #auth_request_set $cookie_value $upstream_http_set_cookie; - #add_header Set-Cookie $cookie_value; - # Remove this for AuthBasic handler - error_page 401 $lmlocation; - - ################################## - # PASSING HEADERS TO APPLICATION # - ################################## - - # IF LUA IS SUPPORTED - #include /etc/lemonldap-ng/nginx-lua-headers.conf; - - # ELSE - # Set manually your headers - #auth_request_set $authuser $upstream_http_auth_user; - #proxy_set_header Auth-User $authuser; - # OR in the corresponding block - #fastcgi_param HTTP_AUTH_USER $authuser; - - # Then (if LUA is not supported), change cookie header to hide LLNG cookie - #auth_request_set $lmcookie $upstream_http_cookie; - #proxy_set_header Cookie: $lmcookie; - # OR in the corresponding block - #fastcgi_param HTTP_COOKIE $lmcookie; - - # Uncomment this if you use https only - #add_header Strict-Transport-Security "max-age=15768000"; - - # Set REMOTE_USER (for FastCGI apps only) - #fastcgi_param REMOTE_USER $lmremote_user; - } - - # Handle test CGI - location ~ ^(?/.*\.pl)(?:$|/) { - include /etc/nginx/fastcgi_params; - fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - fastcgi_param LLTYPE cgi; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_split_path_info ^(.*\.pl)(/.+)$; - fastcgi_param REMOTE_USER $lmremote_user; - - # Or with uWSGI - #include /etc/nginx/uwsgi_params; - #uwsgi_pass 127.0.0.1:5000; - #uwsgi_param LLTYPE cgi; - #uwsgi_param SCRIPT_FILENAME $document_root$sc; - #uwsgi_param SCRIPT_NAME $sc; - } - - #location = /status { - # allow 127.0.0.1; - # deny all; - # include /etc/nginx/fastcgi_params; - # fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # fastcgi_param LLTYPE status; - - ### Or with uWSGI - ## include /etc/nginx/uwsgi_params; - ## uwsgi_pass 127.0.0.1:5000; - ## uwsgi_param LLTYPE status; - #} -}