From c9c6171367f61d373fd385caa16ad508204df9c5 Mon Sep 17 00:00:00 2001
From: Daniel Dehennin <daniel.dehennin@ac-dijon.fr>
Date: Wed, 14 Oct 2020 13:18:04 +0200
Subject: [PATCH] Prettify the XML

And remove useless test sites.

Ref: #30852
---
 dicos/70_lemonldap_ng.xml |  49 ++++++++++------
 tmpl/test-nginx.conf      | 117 --------------------------------------
 2 files changed, 33 insertions(+), 133 deletions(-)
 delete mode 100644 tmpl/test-nginx.conf

diff --git a/dicos/70_lemonldap_ng.xml b/dicos/70_lemonldap_ng.xml
index d75adfc..4bac8f7 100644
--- a/dicos/70_lemonldap_ng.xml
+++ b/dicos/70_lemonldap_ng.xml
@@ -1,38 +1,44 @@
 <?xml version="1.0" encoding="utf-8"?>
 <creole>
+
     <files>
-        <!-- Je suis un commentaire -->
-        <file filelist='lemon' name='/etc/lemonldap-ng/manager-nginx.conf' mkdir='True' rm='True'/>
-        <file filelist='lemon' name='/etc/lemonldap-ng/handler-nginx.conf' mkdir='True' rm='True'/>
-        <file filelist='lemon' name='/etc/lemonldap-ng/portal-nginx.conf' mkdir='True' rm='True'/>
-        <file filelist='lemon' name='/etc/lemonldap-ng/test-nginx.conf' mkdir='True' rm='True'/>
-        <file filelist='lemon' name='/etc/lemonldap-ng/lemonldap-ng.ini' mkdir='True' rm='True'/>
-        <file filelist='lemon' name='/var/lib/lemonldap-ng/conf/lmConf-1.json' mkdir='True' rm='True'/>
-        <file filelist='lemon' name='/etc/default/lemonldap-ng-fastcgi-server' mkdir='True' rm='True'/>
+
+        <file filelist='lemonldap' name='/etc/lemonldap-ng/lemonldap-ng.ini' mkdir='True' rm='True'/>
+        <file filelist='lemonldap' name='/var/lib/lemonldap-ng/conf/lmConf-1.json' mkdir='True' rm='True'/>
+        <file filelist='lemonldap' name='/etc/default/lemonldap-ng-fastcgi-server' mkdir='True' rm='True'/>
+
+        <file filelist='lemonldap-nginx' name='/etc/lemonldap-ng/manager-nginx.conf' mkdir='True' rm='True'/>
+        <file filelist='lemonldap-nginx' name='/etc/lemonldap-ng/handler-nginx.conf' mkdir='True' rm='True'/>
+        <file filelist='lemonldap-nginx' name='/etc/lemonldap-ng/portal-nginx.conf' mkdir='True' rm='True'/>
         <service>lemonldap-ng-fastcgi-server</service>
         <service_access service='nginx'>
             <port service_accesslist="saLemon">80</port>
             <port service_accesslist="saLemon">443</port>
         </service_access>
     </files>
+
     <variables>
         <family name='Services'>
             <variable name='activerLemon' type='oui/non' description="Activer LemonLDAP::NG">
                 <value>non</value>
             </variable>
         </family>
+
         <family name='LemonLDAP'>
+
             <variable name='managerWebName' type='string' description="Nom DNS du manager LemonLDAP-NG"/>
             <variable name='authWebName' type='string' description="Nom DNS du service d'authentification LemonLDAP-NG"/>
             <variable name='reloadWebName' type='string' description="Nom DNS du service Reload de LemonLDAP-NG" mode="expert"/>
-            <variable name='ldapScheme' type='string' description="Protocole LDAP à utiliser" mandatory='True'/> -->
+
+            <variable name='ldapScheme' type='string' description="Protocole LDAP à utiliser" mandatory='True'/>
             <variable name='ldapServer' type='string' description="Adresse du Serveur LDAP utilisé par LemonLDAP::NG" mandatory="True"/>
             <variable name='ldapServerPort' type='number' description="Port d'écoute du LDAP utilisé par LemonLDAP::NG" mandatory='True'/>
             <variable name='ldapUserBaseDN' type='string' description="Base DN des utilisateurs dans l'annuaire" mandatory='True'/>
             <variable name='ldapBindUserDN' type='string' description="Utilisateur de connection à l'annuaire" mandatory="True"/>
-            <variable name='ldapBindUserPassword' type='string' description="Mot de passe de l'utilisateur de connection à l'annuaire" mandatory="True"/>
+            <variable name='ldapBindUserPassword' type='password' description="Mot de passe de l'utilisateur de connection à l'annuaire" mandatory="True"/>
             <variable name="samlOrganizationName" type='string' description="Nom de l'organisation SAML" mode='expert'/>
-            <variable name="lemonproc" type='number' description="Nombre de processus dédié à Lemon (équivalent au nombre de processeur)" mandatory="True">
+
+            <variable name="lemonproc" type='number' description="Nombre de processus dédié à Lemon (équivalent au nombre de processeurs)" mandatory="True">
                 <value>4</value>
             </variable>
 
@@ -42,6 +48,7 @@
 
             <variable name="casAttribute" description="Nom de l'attribut CAS" type="string" mode="expert" multi="True"/>
             <variable name="casLDAPAttribute" description="Attribut LDAP équivalent" type="string" mode="expert"/>
+
             <variable name="casFolder" description="Endpoint du service cas" type="string" mode="expert">
                 <value>cas</value>
             </variable>
@@ -49,6 +56,7 @@
             <variable name='cas_send_logout' type='oui/non' description="Activer le logout centralisé du serveur SSO" hidden='True' exists='False'>
                 <value>oui</value>
             </variable>
+
             <variable name='ssoCALocation' type='string' description="Chemin de l'autorité de certification (ou rien)" mode="expert"/>
             <variable name='llSkin' type='string' description="Skin utilisé par LemonLDAP::NG">
                 <value>bootstrap</value>
@@ -66,14 +74,18 @@
             <variable name='llRegisterDB' type='string' description="Base de comptes pour l'enregistrement"/>
             <variable name='llRegisterURL' type='string' description="Adresse de l'application de création de compte"/>
             <variable name='llCSPTargets' type='domain' description="Domaines vers lesquels le forumaire peut renvoyer" multi='True'/>
+
         </family>
+
         <separators>
             <separator name="managerWebName">Configuration DNS</separator>
             <separator name="ldapScheme">Configuration LDAP</separator>
             <separator name="casAttribute">Configuration CAS</separator>
             <separator name="llSkin">Personnalisation de la mire SSO</separator>
         </separators>
+
     </variables>
+
     <constraints>
         <fill name='concat' target='managerWebName'>
             <param>manager.</param>
@@ -91,19 +103,23 @@
             <param>SAML</param>
             <param type='eole'>nom_domaine_local</param>
         </fill>
+
         <check name="valid_enum" target="ldapScheme">
             <param>['ldaps','ldap']</param>
         </check>
+
         <check name="valid_enum" target="llRegisterDB">
             <param>['LDAP','Demo','Custom']</param>
         </check>
+
         <group master="casAttribute">
             <slave>casLDAPAttribute</slave>
         </group>
+
         <condition name='disabled_if_in' source='activerLemon'>
             <param>non</param>
-            <target type='filelist'>lemon</target>
-            <target type='filelist'>lemonCAS</target>
+            <target type='filelist'>lemonldap</target>
+            <target type='filelist'>lemonldap-nginx</target>
             <target type='family'>LemonLDAP</target>
             <target type='service_accesslist'>saLemon</target>
         </condition>
@@ -124,10 +140,11 @@
             <param name="checkval">False</param>
         </check>
     </constraints>
+
     <help>
-        <variable name='activerLemon'>Activer l'hébergement d'une place de marché HTTP pour OpenNebula</variable>
-        <variable name='managerWebName'>Nom DNS de l'application de gestion de LemonLDAP::NG ex:manager.cadoles.com</variable>
-        <variable name='authWebName'>Nom DNS de service d'authentification de LemonLDAP::NG ex:auth.cadoles.com</variable>
+        <variable name='activerLemon'>Activer le service LemonLDAP::NG sur ce serveur</variable>
+        <variable name='managerWebName'>Nom DNS de l'application de gestion de LemonLDAP::NG ex:manager.example.fr</variable>
+        <variable name='authWebName'>Nom DNS de service d'authentification de LemonLDAP::NG ex:auth.example.fr</variable>
         <variable name='ldapUserBaseDN'>DN de l'utilisateur de connection en lecture à l'annuaire (ex: cn=reader,o=gouv,c=fr)</variable>
         <variable name='llCheckLogins'>Affiche une case à cocher sur la mire SSO qui permet a l'utilisateur de voir l'historique de connection de son compte avant d'être redirigé vers le service demandé</variable>
         <variable name='llCSPTargets'>Liste des domaines à ajouter à la directive form-action.</variable>
diff --git a/tmpl/test-nginx.conf b/tmpl/test-nginx.conf
deleted file mode 100644
index 64e08bd..0000000
--- a/tmpl/test-nginx.conf
+++ /dev/null
@@ -1,117 +0,0 @@
-server {
-  listen 80;
-  server_name test1.%%nom_domaine_local test2.%%nom_domaine_local;
-  return 301 https://$host$request_uri;
-}
-
-server {
-  listen 443;
-  ssl on;
-  ssl_certificate    %%server_cert;
-  ssl_certificate_key     %%server_key;
-  ssl_client_certificate  /etc/ssl/certs/ca.crt;
-  access_log  /var/log/nginx/test1-2-lemon-ldap.access-ssl.log;
-
-  server_name test1.%%nom_domaine_local test2.%%nom_domaine_local;
-  root /var/lib/lemonldap-ng/test/;
-
-  # Internal authentication request
-  location = /lmauth {
-    internal;
-
-    # FastCGI configuration
-    include /etc/nginx/fastcgi_params;
-    fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
-    # Drop post datas
-    fastcgi_pass_request_body  off;
-    fastcgi_param CONTENT_LENGTH "";
-    # Keep original hostname
-    fastcgi_param HOST $http_host;
-    # Keep original request (LLNG server will receive /lmauth)
-    fastcgi_param X_ORIGINAL_URI  $request_uri;
-    # Improve performances
-    #fastcgi_buffer_size 32k;
-    #fastcgi_buffers 32 32k;
-    
-  }
-
-  # Client requests
-  location / {
-    # Local application
-    index index.pl;
-    try_files $uri $uri/ =404;
-
-    # Reverse proxy
-    #proxy_pass http://remote.server/;
-    #include /etc/nginx/proxy_params;
-
-    ##################################
-    # CALLING AUTHENTICATION         #
-    ##################################
-    auth_request /lmauth;
-    auth_request_set $lmremote_user $upstream_http_lm_remote_user;
-    auth_request_set $lmremote_custom $upstream_http_lm_remote_custom;
-    auth_request_set $lmlocation $upstream_http_location;
-    # If CDA is used, uncomment this
-    #auth_request_set $cookie_value $upstream_http_set_cookie;
-    #add_header Set-Cookie $cookie_value;
-    # Remove this for AuthBasic handler
-    error_page 401 $lmlocation;
-
-    ##################################
-    # PASSING HEADERS TO APPLICATION #
-    ##################################
-
-    # IF LUA IS SUPPORTED
-    #include /etc/lemonldap-ng/nginx-lua-headers.conf;
-
-    # ELSE
-    # Set manually your headers
-    #auth_request_set $authuser $upstream_http_auth_user;
-    #proxy_set_header Auth-User $authuser;
-    # OR in the corresponding block
-    #fastcgi_param HTTP_AUTH_USER $authuser;
-
-    # Then (if LUA is not supported), change cookie header to hide LLNG cookie
-    #auth_request_set $lmcookie $upstream_http_cookie;
-    #proxy_set_header Cookie: $lmcookie;
-    # OR in the corresponding block
-    #fastcgi_param HTTP_COOKIE $lmcookie;
-
-    # Uncomment this if you use https only
-    #add_header Strict-Transport-Security "max-age=15768000";
-
-    # Set REMOTE_USER (for FastCGI apps only)
-    #fastcgi_param REMOTE_USER $lmremote_user;
-  }
-
-  # Handle test CGI
-  location ~ ^(?<sc>/.*\.pl)(?:$|/) {
-    include /etc/nginx/fastcgi_params;
-    fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
-    fastcgi_param LLTYPE cgi;
-    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    fastcgi_split_path_info ^(.*\.pl)(/.+)$;
-    fastcgi_param REMOTE_USER $lmremote_user;
-
-    # Or with uWSGI
-    #include /etc/nginx/uwsgi_params;
-    #uwsgi_pass 127.0.0.1:5000;
-    #uwsgi_param LLTYPE cgi;
-    #uwsgi_param SCRIPT_FILENAME $document_root$sc;
-    #uwsgi_param SCRIPT_NAME $sc;
-  }
-
-  #location = /status {
-  #  allow 127.0.0.1;
-  #  deny all;
-  #  include /etc/nginx/fastcgi_params;
-  #  fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
-  #  fastcgi_param LLTYPE status;
-
-  ### Or with uWSGI
-  ## include /etc/nginx/uwsgi_params;
-  ## uwsgi_pass 127.0.0.1:5000;
-  ## uwsgi_param LLTYPE status;
-  #}
-}