Compare commits

...

66 Commits

Author SHA1 Message Date
797ec9dc06 Fix .mk file name 2021-03-04 08:44:01 +01:00
da3c97d534 Merge branch 'master' into 2.7.2/master 2021-03-03 17:05:07 +01:00
3edf7dd774 Fix ldapVerify values 2021-03-03 16:24:20 +01:00
293d940fdc Adding ldapExportedVars 2021-02-03 17:18:18 +01:00
918ceab882 Export LDAP Attributes
this attributes and the variables names have to be named with the
same name
2021-02-03 15:48:55 +01:00
adea10270d Fix LDAP/CAS/Exported attributes bug 2021-02-03 15:44:14 +01:00
6c5beb7e9f Fix conflict for Makefile 2021-02-03 15:19:11 +01:00
0f0e822069 Fix Register button display 2021-01-29 10:51:24 +01:00
583e77d7c7 Fix Register button display 2021-01-29 10:10:15 +01:00
eddc9696c3 Mise à jour de 'README.md' 2021-01-06 11:23:29 +01:00
4e8caeda89 Merge branch '2.8.0/master' 2021-01-05 11:31:43 +01:00
f3b120eb62 patch lemonldap pour corriger le problème des attributs avec la valeur 0 (ref #31384) 2021-01-05 11:27:02 +01:00
b6ba914978 2.7.2 uses python 2 and not python3 2020-12-21 16:10:54 +01:00
cc9a5e20ce Merge remote-tracking branch 'eole/master' into develop 2020-12-18 16:53:36 +01:00
5512f64aab Merge branch '2.8.0/master' 2020-12-16 10:31:04 +01:00
569e0caab8 set correct openldap conf 2020-12-16 10:30:33 +01:00
bb18f68a54 Merge branch '2.8.0/master' 2020-12-14 14:04:43 +01:00
20e382934c set default openldap 2020-12-14 14:04:09 +01:00
cf5d9485ca Merge branch '2.8.0/master' 2020-12-14 10:25:37 +01:00
cf82616454 correction on condition 2020-12-14 10:24:17 +01:00
e423388795 Merge branch '2.8.0/master' 2020-12-11 09:26:06 +01:00
e810740ba9 Adding AD password warning support 2020-12-11 09:25:41 +01:00
140cc084a3 Merge branch '2.8.0/master' 2020-12-09 17:17:56 +01:00
3753625b20 Updating nginx configuration for 2.8 2020-12-09 17:17:30 +01:00
df5dabbcf4 Merge branch '2.8.0/master' 2020-12-09 16:48:35 +01:00
47e822f9b9 Updating lmlog file for nginx mode 2020-12-09 16:48:14 +01:00
87818bd6f0 Activer la possibilité de changer son mot de passe depuis LemonLDAP
ref #31347
2020-12-07 16:07:34 +01:00
fe8722e776 Activer la possibilité de changer son mot de passe depuis LemonLDAP
ref #31347
2020-12-07 16:06:55 +01:00
200c9c41e9 Using Active Directory (samba4) instead of OpenLDAP
Moving to Active Directory the actual auth LDAP server

The password is updated in the Samba4 directory so we
need to use this one and not the OpenLDAP one
2020-12-03 16:52:33 +01:00
bf94e74916 Using Active Directory (samba4) instead of OpenLDAP
Moving to Active Directory the actual auth LDAP server

The password is updated in the Samba4 directory so we
need to use this one and not the OpenLDAP one
2020-12-03 16:50:55 +01:00
0f3ff07b5f Merge last evolutions from master branch 2020-12-02 10:20:42 +01:00
63bf3c9f98 UserBaseDN and BaseDN is not the same thing
We need to use the user base dn
2020-11-26 17:13:37 +01:00
03a00fb7ce Cleanup ldap_tls redefine 2020-11-26 16:58:32 +01:00
52e5c433eb Enable option for SSL verify 2020-11-26 16:53:02 +01:00
d1ad6aeb25 Fix lm_loglevel 2020-11-26 14:09:15 +01:00
815fca0e82 Merge branch 'master' of https://dev-eole.ac-dijon.fr/git/eole-lemonldap-ng 2020-11-26 13:49:34 +01:00
8ec486eafc Adding syslog configuration 2020-11-26 13:48:14 +01:00
4af11f3d28 Cleanup dico and support for loglevel 2020-11-26 13:47:47 +01:00
8af3ee655f Cleanup dico 2020-11-26 13:43:33 +01:00
5d4e572967 Fixing log format 2020-11-26 13:21:49 +01:00
15da7394f3 Make eole-lemonldap-ng compatible with eolebase 2020-11-24 15:47:38 +01:00
536da57382 parent d08c965ee8
author vfebvre <vfebvre@cadoles.com> 1599144265 +0200
committer Philippe Caseiro <pcaseiro@cadoles.com> 1606220045 +0100

Corrections diverses
2020-11-24 15:47:38 +01:00
e348aa7381 Fix daemon default configuration 2020-11-24 14:45:02 +01:00
dfeb49f3d6 Fix missing sso port 2020-11-24 14:33:17 +01:00
36fe95a0ca Adding eolesso_cas_folder variable redefine 2020-11-24 14:27:23 +01:00
027d549e18 we now need eole-ldapclient 2020-11-24 14:20:54 +01:00
48c524c555 Fix ldap_tls redefine 2020-11-24 14:17:00 +01:00
24d49c49e3 Fix ldap_tls missing variable 2020-11-24 14:00:20 +01:00
578090525e Fix dicos 2020-11-24 13:54:10 +01:00
25006949e8 Fix redefine for eolebase compat 2020-11-24 13:50:29 +01:00
faac2bb213 Merge branch 'master' into 2.7.2/master 2020-11-24 13:31:11 +01:00
944dbed98a Cleanup merge fail 2020-11-24 13:27:45 +01:00
c1478b7e77 parent d08c965ee8
author vfebvre <vfebvre@cadoles.com> 1599144265 +0200
committer Philippe Caseiro <pcaseiro@cadoles.com> 1606220045 +0100

Corrections diverses
2020-11-24 13:19:52 +01:00
fd4ee5dc87 Fix reset password bug 2020-11-24 11:08:33 +01:00
70a1c26d53 Fix disable if in 2020-11-24 10:53:58 +01:00
09fcd2eacb Disable service 2020-11-24 09:31:12 +01:00
6bf3f75087 Don't run postservice if service is disabled 2020-11-24 09:30:08 +01:00
beb6341981 Fix llResetUrl bugé 2020-11-20 14:44:51 +01:00
eafbc3bd8a Fix typo 2020-11-20 14:34:56 +01:00
7e3f6d3408 Updating readme 2020-11-20 11:16:29 +01:00
edc22cacc2 Fix help and variable type 2020-11-20 11:06:51 +01:00
d08c965ee8 Merge branch '2.8.0/master' 2020-11-16 15:46:53 +01:00
f2e6a3afe0 Merge branch '2.8.0/master' into master 2020-10-16 09:52:25 +02:00
2700a5d440 Prepare version 2.8.1
* Makefile: Mise à jour de la version.
  Mise à jour de la release.

* .gitignore: règles minimale pour les fichiers de sauvegarde des
éditeurs.
2020-10-15 09:34:31 +02:00
eb06eaaf5a Merge branch 'develop' into staging 2020-09-10 15:05:11 +02:00
ad9059bfae passage en 2.7.2 2020-09-03 16:44:25 +02:00
21 changed files with 766 additions and 68 deletions

4
.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
# Backup and swap files
*~
*#
*.swp

View File

@ -3,9 +3,9 @@
################################
SOURCE=eole-lemonldap
VERSION=2.8.0
EOLE_VERSION=2.8
EOLE_RELEASE=2.8.0
VERSION=0.1
EOLE_VERSION=2.7
EOLE_RELEASE=2.7.2
PKGAPPS=non
#FLASK_MODULE=<APPLICATION>

View File

@ -4,6 +4,27 @@ LemonLDAP::NG EOLE integration
## Howto
### Repository configuration
* Add the lemonldap-ng deb respository we need the last version of LemonLDAP.
GenConfig -> Mode Expert -> Dépôts tiers -> Libellé du dépôt
#### LemonLDAP::NG repository (if you use EOLE 2.7.2 this is not needed anymore)
* deb https://lemonldap-ng.org/deb stable main
* deb-src https://lemonldap-ng.org/deb stable main
* Key URL : https://lemonldap-ng.org/_media/rpm-gpg-key-ow2
#### Cadoles Repository
* deb [ arch=all ] https://vulcain.cadoles.com 2.7.2-dev main
* Key URL : https://vulcain.cadoles.com/cadoles.gpg
### Install packages
apt update
apt install eole-lemonldap
### Configure LemonLDAP in GenConfig
* Enable lemonldap in "Services" tab

View File

@ -31,7 +31,7 @@ def getSSOFilters():
""" Convert former eole-sso filters to LemonLDAP filters
"""
import glob
from configparser import ConfigParser
from ConfigParser import ConfigParser
try:
filters = { 'uid': "uid", "mail": "mail" }

View File

@ -2,7 +2,6 @@
<creole>
<files>
<file filelist='lemonldap' name='/etc/lemonldap-ng/lemonldap-ng.ini' mkdir='True' rm='True'/>
<file filelist='lemonldap' name='/var/lib/lemonldap-ng/conf/lmConf-1.json' mkdir='True' rm='True'/>
<file filelist='lemonldap' name='/etc/default/lemonldap-ng-fastcgi-server' mkdir='True' rm='True'/>
@ -10,12 +9,13 @@
<file filelist='lemonldap-nginx' name='/etc/lemonldap-ng/manager-nginx.conf' mkdir='True' rm='True'/>
<file filelist='lemonldap-nginx' name='/etc/lemonldap-ng/handler-nginx.conf' mkdir='True' rm='True'/>
<file filelist='lemonldap-nginx' name='/etc/lemonldap-ng/portal-nginx.conf' mkdir='True' rm='True'/>
<file filelist='lemonldap-nginx' name='/etc/lemonldap-ng/nginx-lmlog.conf' mkdir='True' rm='True'/>
<file filelist='lemonldap-apache' name='/etc/lemonldap-ng/manager-apache2.X.conf' mkdir='True' rm='True'/>
<file filelist='lemonldap-apache' name='/etc/lemonldap-ng/handler-apache2.X.conf' mkdir='True' rm='True'/>
<file filelist='lemonldap-apache' name='/etc/lemonldap-ng/portal-apache2.X.conf' mkdir='True' rm='True'/>
<service>lemonldap-ng-fastcgi-server</service>
<service servicelist="sllemon">lemonldap-ng-fastcgi-server</service>
<service method='apache' servicelist='lemonldap-apache'>manager-apache2</service>
<service method='apache' servicelist='lemonldap-apache'>portal-apache2</service>
@ -28,6 +28,14 @@
</files>
<variables>
<family name='eole-sso'>
<variable name='eolesso_cas_folder' redefine="True" exists='True'>
<value>/cas</value>
</variable>
<variable name='eolesso_port' redefine="True" exists='True'>
<value>443</value>
</variable>
</family>
<family name='Services'>
<variable name='activerLemon' type='oui/non' description="Activer LemonLDAP::NG">
<value>non</value>
@ -40,6 +48,10 @@
<variable name='authWebName' type='string' description="Nom DNS du service d'authentification LemonLDAP-NG"/>
<variable name='reloadWebName' type='string' description="Nom DNS du service Reload de LemonLDAP-NG" mode="expert"/>
<variable name='lemon_user_db' type='string' description="Backend pour les comptes utilisateurs" mode="expert">
<value>LDAP</value>
</variable>
<variable name='ldapScheme' type='string' description="Protocole LDAP à utiliser" mandatory='True'/>
<variable name='ldapServer' type='string' description="Adresse du Serveur LDAP utilisé par LemonLDAP::NG" mandatory="True"/>
<variable name='ldapServerPort' type='number' description="Port d'écoute du LDAP utilisé par LemonLDAP::NG" mandatory='True'/>
@ -47,11 +59,18 @@
<variable name='ldapBindUserDN' type='string' description="Utilisateur de connection à l'annuaire" mandatory="True"/>
<variable name='ldapBindUserPassword' type='password' description="Mot de passe de l'utilisateur de connection à l'annuaire" mandatory="True"/>
<variable name="samlOrganizationName" type='string' description="Nom de l'organisation SAML" mode='expert'/>
<variable name='lmldapverify' type='oui/non' description="Vérifier les certificats SSL du serveur LDAP">
<value>oui</value>
</variable>
<variable name="lemonproc" type='number' description="Nombre de processus dédié à Lemon (équivalent au nombre de processeurs)" mandatory="True">
<value>4</value>
</variable>
<variable name="lm_loglevel" type='string' description="Verbosité des journaux" mode='expert'>
<value>info</value>
</variable>
<variable name="lemonAdmin" type='string' description="LemonLDAP Administrator username" mode='expert'>
<value>admin</value>
</variable>
@ -74,7 +93,19 @@
<variable name='llCheckLogins' type='oui/non' description="Permettre aux utilisateurs d'afficher l'historique de connection">
<value>non</value>
</variable>
<variable name='llResetPassword' type='oui/non' description="Permettre aux utilisateurs de réinitialiser leurs mots de passe">
<variable name='llResetPassword' type='oui/non' description="Permettre aux utilisateurs de réinitialiser leurs mots de passe par mail">
<value>oui</value>
</variable>
<variable name='llChangePassword' type='oui/non' description="Permettre aux utilisateurs de changer leurs mots de passe depuis LemonLDAP">
<value>oui</value>
</variable>
<variable name='llADPasswordMaxAge' type='number' description="Durée de vie des mots de passe (en secondes)" mode='expert'>
<value>5184000</value>
</variable>
<variable name='llADPasswordExpireWarn' type='number' description="Délai avant affichage d'un message d'alerte sur l'expiration du mot de passe (en secondes)">
<value>3456000</value>
</variable>
<variable name='llResetExpiredPassword' type='oui/non' description="Autoriser le renouvellement des mots de passe expirés">
<value>oui</value>
</variable>
<variable name='llResetUrl' type='string' description="Adresse de l'application pour réinitialiser leurs mots de passe" />
@ -118,20 +149,35 @@
<param>['ldaps','ldap']</param>
</check>
<check name="valid_enum" target="lemon_user_db">
<param>['LDAP','AD']</param>
</check>
<check name='valid_enum' target="lm_loglevel">
<param>['info','notice','warn','error','debug']</param>
</check>
<check name="valid_enum" target="llRegisterDB">
<param>['LDAP','Demo','Custom']</param>
<param>['LDAP','AD','Demo','Custom']</param>
</check>
<group master="casAttribute">
<slave>casLDAPAttribute</slave>
</group>
<condition name='disabled_if_not_in' source='lemon_user_db'>
<param>AD</param>
<target type='variable'>llADPasswordMaxAge</target>
<target type='variable'>llADPasswordExpireWarn</target>
</condition>
<condition name='disabled_if_in' source='activerLemon'>
<param>non</param>
<target type='filelist'>lemonldap</target>
<target type='filelist'>lemonldap-nginx</target>
<target type='filelist'>lemonldap-apache</target>
<target type='servicelist'>lemonldap-apache</target>
<target type='servicelist'>sllemon</target>
<target type='family'>LemonLDAP</target>
<target type='service_accesslist'>saLemon</target>
</condition>
@ -158,6 +204,7 @@
<condition name='disabled_if_in' source='llResetPassword'>
<param>non</param>
<target type='variable'>llResetUrl</target>
<target type='variable'>llResetExpiredPassword</target>
</condition>
<check name='valid_enum' target='llSkin'>
<param>['bootstrap','dark','impact','pastel']</param>

View File

@ -6,20 +6,12 @@
<variables>
<family name='eole sso'>
<variable name='eolesso_adresse' description="Nom de domaine du serveur d'authentification SSO" redefine="True" exists='True' />
<variable name='ldap_tls' redefine="True" exists='True' />
<variable name='eolesso_cas_folder' redefine="True" exists='True'>
<value>cas</value>
</variable>
<variable name='eolesso_port' redefine="True" exists='True'>
<value>443</value>
</variable>
<variable name='eolesso_adresse' description="Nom de domaine du serveur d'authentification SSO" redefine="True" exists='True' />
</family>
</variables>
<constraints>
<fill name='calc_multi_condition' target='activer_sso'>
<param>oui</param>
<param type='eole' name='condition_1'>activerLemon</param>
@ -32,12 +24,6 @@
<target type='variable'>activer_sso</target>
</condition>
<auto name='calc_multi_condition' target='ldapScheme'>
<param>oui</param>
<param type='eole' name='condition_1'>ldap_tls</param>
<param name='match'>ldaps</param>
<param name='default_mismatch'>ldap</param>
</auto>
<fill name='calc_val_first_value' target='eolesso_adresse'>
<param type='eole' optional='True' hidden='False'>authWebName</param>
@ -50,6 +36,13 @@
<target type='variable'>eolesso_adresse</target>
</condition>
<auto name='calc_multi_condition' target='ldapScheme'>
<param>oui</param>
<param type='eole' name='condition_1'>ldap_tls</param>
<param name='match'>ldaps</param>
<param name='default_mismatch'>ldap</param>
</auto>
<auto name='calc_val' target='ldapServer'>
<param type='eole'>adresse_ip_ldap</param>
</auto>
@ -58,16 +51,22 @@
<param type='eole'>ldap_port</param>
</auto>
<auto name='calc_val' target='lemon_user_db'>
<param>LDAP</param>
</auto>
<auto name='calc_val' target='llRegisterDB'>
<param>LDAP</param>
</auto>
<auto name='calc_val' target='ldapUserBaseDN'>
<param type='eole'>ldap_base_dn</param>
</auto>
<auto name='calc_val' target='ldapBindUserDN'>
<param type='eole'>ldap_reader</param>
</auto>
<auto name='calc_val' target='ldapBindUserPassword'>
<param type='eole'>ldap_reader_passfile</param>
<param type='eole'>ldap_reader_passfile</param>
</auto>
<auto name='calc_val' target='casFolder'>

View File

@ -1 +1,2 @@
creolefuncs_DATA_DIR := $(DESTDIR)/usr/share/creole/funcs
lemonldap-ng_DATA_DIR := $(eole_DIR)/lemonldap-ng

102
lemonldap-ng/LDAP.pm Normal file
View File

@ -0,0 +1,102 @@
package Lemonldap::NG::Portal::UserDB::LDAP;
use strict;
use Mouse;
use utf8;
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK);
extends 'Lemonldap::NG::Portal::Lib::LDAP';
our $VERSION = '2.0.6';
has ldapGroupAttributeNameSearch => (
is => 'rw',
lazy => 1,
builder => sub {
my $attributes = [];
@$attributes =
split( /\s+/, $_[0]->{conf}->{ldapGroupAttributeNameSearch} )
if $_[0]->{conf}->{ldapGroupAttributeNameSearch};
push( @$attributes, $_[0]->{conf}->{ldapGroupAttributeNameGroup} )
if ( $_[0]->{conf}->{ldapGroupRecursive}
and $_[0]->{conf}->{ldapGroupAttributeNameGroup} ne "dn" );
return $attributes;
}
);
# RUNNING METHODS
#
# getUser is provided by Portal::Lib::LDAP
# Load all parameters included in exportedVars parameter.
# Multi-value parameters are loaded in a single string with
# a separator (param multiValuesSeparator)
# @return Lemonldap::NG::Portal constant
sub setSessionInfo {
my ( $self, $req ) = @_;
$req->{sessionInfo}->{_dn} = $req->data->{dn};
my %vars = ( %{ $self->conf->{exportedVars} },
%{ $self->conf->{ldapExportedVars} } );
while ( my ( $k, $v ) = each %vars ) {
# getLdapValue returns an empty string for missing attribute
# but we really want to return undef so they don't get stored in session
$req->sessionInfo->{$k} =
$self->ldap->getLdapValue( $req->data->{ldapentry}, $v ) || undef;
}
PE_OK;
}
# Load all groups in $groups.
# @return Lemonldap::NG::Portal constant
sub setGroups {
my ( $self, $req ) = @_;
my $groups = $req->{sessionInfo}->{groups};
my $hGroups = $req->{sessionInfo}->{hGroups};
if ( $self->conf->{ldapGroupBase} ) {
# Get value for group search
my $group_value = $self->ldap->getLdapValue( $req->data->{ldapentry},
$self->conf->{ldapGroupAttributeNameUser} );
if ( $self->conf->{ldapGroupDecodeSearchedValue} ) {
utf8::decode($group_value);
}
$self->logger->debug( "Searching LDAP groups in "
. $self->conf->{ldapGroupBase}
. " for $group_value" );
# Call searchGroups
my $ldapGroups = $self->ldap->searchGroups(
$self->conf->{ldapGroupBase},
$self->conf->{ldapGroupAttributeName},
$group_value,
$self->ldapGroupAttributeNameSearch,
$req->{ldapGroupDuplicateCheck}
);
foreach ( keys %$ldapGroups ) {
my $groupName = $_;
$hGroups->{$groupName} = $ldapGroups->{$groupName};
my $groupValues = [];
foreach ( @{ $self->ldapGroupAttributeNameSearch } ) {
next if $_ =~ /^name$/;
my $firstValue = $ldapGroups->{$groupName}->{$_}->[0];
push @$groupValues, $firstValue;
}
$groups .= $self->conf->{multiValuesSeparator} if $groups;
$groups .= join( '|', @$groupValues );
}
}
$req->{sessionInfo}->{groups} = $groups;
$req->{sessionInfo}->{hGroups} = $hGroups;
PE_OK;
}
1;

View File

@ -0,0 +1,20 @@
--- /usr/share/perl5/Lemonldap/NG/Portal/UserDB/LDAP.pm.old 2019-12-11 12:05:54.000000000 +0100
+++ /usr/share/perl5/Lemonldap/NG/Portal/UserDB/LDAP.pm 2021-01-05 10:54:19.188732119 +0100
@@ -40,10 +40,15 @@
%{ $self->conf->{ldapExportedVars} } );
while ( my ( $k, $v ) = each %vars ) {
+ my $value = $self->ldap->getLdapValue( $req->data->{ldapentry}, $v );
+
# getLdapValue returns an empty string for missing attribute
# but we really want to return undef so they don't get stored in session
- $req->sessionInfo->{$k} =
- $self->ldap->getLdapValue( $req->data->{ldapentry}, $v ) || undef;
+ # This has to be a string comparison because "0" is a valid attribute
+ # value. See #2403
+ $value = undef if ( $value eq "" );
+
+ $req->sessionInfo->{$k} = $value;
}
PE_OK;

View File

@ -1,6 +1,12 @@
#!/bin/bash
[ "$(CreoleGet activerLemon non)" = 'oui' ] || exit 0
[[ $(CreoleGet activerLemon non) == "non" ]] && exit 0
# Updating Configuration cache
cmd="/usr/share/lemonldap-ng/bin/lemonldap-ng-cli update-cache"
opt="update-cache"
# Updating Configuration cache
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli update-cache 2>&1

12
posttemplate/70-lemonldap-patch Executable file
View File

@ -0,0 +1,12 @@
#!/bin/bash
# vérifie si le patch est déjà appliqué
grep -q 2403 /usr/share/perl5/Lemonldap/NG/Portal/UserDB/LDAP.pm && exit 0
# copie de sauvegarde
cp -a /usr/share/perl5/Lemonldap/NG/Portal/UserDB/LDAP.pm /usr/share/eole/lemonldap-ng/
# application du patch
patch -d / -p 0 < /usr/share/eole/lemonldap-ng/LDAP.pm.patch
exit 0

View File

@ -29,6 +29,17 @@ ErrorDocument 503 https://%%authWebName/lmerror/503
<VirtualHost %%adresse_ip_eth0:443>
ServerName %%reloadWebName
SSLEngine on
SSLCertificateFile %%server_cert
SSLCertificateKeyFile %%server_key
SSLCertificateChainFile /etc/ssl/certs/ca_local.crt
SSLProtocol all -SSLv3 -SSLv2
SSLProxyEngine on
LogLevel %%lm_loglevel
ErrorLog /var/log/apache2/handler_error.log
CustomLog /var/log/apache2/handler_access.log common
# Configuration reload mechanism (only 1 per physical server is
# needed): choose your URL to avoid restarting Apache when
# configuration change

View File

@ -23,8 +23,7 @@ server {
}
server {
listen 443;
ssl on;
listen 443 ssl;
%if %%cert_type == "letsencrypt"
ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
@ -62,7 +61,7 @@ server {
deny all;
# Uncomment this if you use https only
#add_header Strict-Transport-Security "max-age=15768000";
add_header Strict-Transport-Security "max-age=15768000";
}
}

View File

@ -36,7 +36,7 @@
;
; 1 - Defined logging level
; Set here one of error, warn, notice, info or debug
logLevel = debug
logLevel = %%lm_loglevel
; Note that this has no effect for Apache2 logging: Apache LogLevel is used
; instead
;
@ -65,9 +65,9 @@ logLevel = debug
; 2.1 - Using Syslog
;
; For Syslog logging, you can also overwrite facilities. Default values:
;logger = Lemonldap::NG::Common::Logger::Syslog
;syslogFacility = daemon
;userSyslogFacility = auth
logger = Lemonldap::NG::Common::Logger::Syslog
syslogFacility = daemon
userSyslogFacility = auth
;
; 2.2 - Using Log4perl
;
@ -197,11 +197,11 @@ portalSkin = %%llSkin
; Modules displayed
;portalDisplayLogout = 1
portalDisplayResetPassword = %%boolean[%%llResetPassword]
;portalDisplayChangePassword = 1
portalDisplayChangePassword = %%boolean[%%llChangePassword]
;portalDisplayAppslist = 1
;portalDisplayLoginHistory = 1
; Require the old password when changing password
;portalRequireOldPassword = 1
portalRequireOldPassword = %%boolean[%%llChangePassword]
; Attribute displayed as connected user
;portalUserAttr = mail
; Old menu HTML code

443
tmpl/lmConf-1.js Normal file
View File

@ -0,0 +1,443 @@
%set %%ssoFilters = %%getSSOFilters
{
"ldapGroupAttributeNameUser": "dn",
"cfgAuthorIP": "172.16.0.1",
"samlSPMetaDataXML": null,
"facebookAuthnLevel": 1,
"mailConfirmSubject": "[LemonLDAP::NG] Password reset confirmation",
"secureTokenAttribute": "uid",
"singleSession": 0,
"registerConfirmSubject": "[LemonLDAP::NG] Account register confirmation",
"CAS_pgtFile": "/tmp/pgt.txt",
"cookieName": "lemonldap",
"slaveExportedVars": {},
"whatToTrace": "_whatToTrace",
"oidcRPMetaDataOptions": {},
"notifyDeleted": 1,
"useRedirectOnError": 1,
"samlSPMetaDataExportedAttributes": null,
"ldapPwdEnc": "utf-8",
"openIdSPList": "0;",
"samlNameIDFormatMapEmail": "mail",
"samlSPMetaDataOptions": null,
"issuerDBOpenIDRule": 1,
"casStorageOptions": {},
"mailFrom": "noreply@%%nom_domaine_local",
"timeoutActivity": 0,
"oidcRPMetaDataExportedVars": {},
"issuerDBSAMLActivation": 0,
"issuerDBCASPath": "^/%%casFolder/",
"randomPasswordRegexp": "[A-Z]{3}[a-z]{5}.\\d{2}",
"samlIDPSSODescriptorSingleSignOnServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;",
"samlSPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
"exportedHeaders": {
"test1.%%nom_domaine_local": {
"Auth-User": "$uid"
},
"test2.%%nom_domaine_local": {
"Auth-User": "$uid"
},
"%%managerWebName": {}
},
"vhostOptions": {
"%%managerWebName": {
"vhostHttps" : "1"
},
"test1.%%nom_domaine_local": {},
"test2.%%nom_domaine_local": {}
},
"radiusAuthnLevel": 3,
"dbiAuthnLevel": 2,
"ldapPasswordResetAttribute": "pwdReset",
"ldapGroupObjectClass": "groupOfNames",
"apacheAuthnLevel": 4,
"samlNameIDFormatMapKerberos": "uid",
"groups": {},
"securedCookie": 0,
"httpOnly": 1,
"yubikeyAuthnLevel": 3,
"ADPwdMaxAge": 0,
"samlUseQueryStringSpecific": 0,
"loginHistoryEnabled": 1,
"samlSPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;",
"failedLoginNumber": 5,
"samlServicePrivateKeyEncPwd": "",
"portalForceAuthnInterval": 0,
"cfgLog": "",
"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
"exportedVars": {
"UA": "HTTP_USER_AGENT",
%for att in %%casAttribute
"%%att": "%%att",
%end for
%set %%idx = 0
%set %%size = %%len(%%ssoFilters) - 1
%for key,value in %%ssoFilters
%if %%idx == %%size
"%%key": "%%value"
%else
"%%key": "%%value",
%end if
%set %%idx += 1
%end for
},
"notificationStorage": "File",
"applicationList": {
"1sample": {
"test2": {
"options": {
"name": "Application Test 2",
"logo": "thumbnail.png",
"uri": "https://test2.%%nom_domaine_local/",
"display": "auto",
"description": "The same simple application displaying authenticated user"
},
"type": "application"
},
"type": "category",
"catname": "Sample applications",
"test1": {
"type": "application",
"options": {
"description": "A simple application displaying authenticated user",
"uri": "https://test1.%%nom_domaine_local/",
"logo": "demo.png",
"display": "auto",
"name": "Application Test 1"
}
}
},
"2administration": {
"notifications": {
"options": {
"name": "Notifications explorer",
"display": "auto",
"description": "Explore WebSSO notifications",
"uri": "https://%%managerWebName/notifications.pl",
"logo": "database.png"
},
"type": "application"
},
"manager": {
"options": {
"uri": "https://%%managerWebName/",
"display": "auto",
"description": "Configure LemonLDAP::NG WebSSO",
"logo": "configure.png",
"name": "WebSSO Manager"
},
"type": "application"
},
"type": "category",
"sessions": {
"type": "application",
"options": {
"description": "Explore WebSSO sessions",
"uri": "https://%%managerWebName/sessions.pl",
"logo": "database.png",
"display": "auto",
"name": "Sessions explorer"
}
},
"catname": "Administration"
},
"3documentation": {
"catname": "Documentation",
"officialwebsite": {
"type": "application",
"options": {
"name": "Offical Website",
"description": "Official LemonLDAP::NG Website",
"logo": "network.png",
"display": "on",
"uri": "http://lemonldap-ng.org/"
}
},
"type": "category",
"localdoc": {
"options": {
"logo": "help.png",
"description": "Documentation supplied with LemonLDAP::NG",
"display": "on",
"uri": "https://%%managerWebName/doc/",
"name": "Local documentation"
},
"type": "application"
}
}
},
"userControl": "^[\\w\\.\\-@]+$",
"timeout": 72000,
"portalAntiFrame": 1,
"SMTPServer": "",
"ldapTimeout": 120,
"samlAuthnContextMapPasswordProtectedTransport": 3,
"ldapUsePasswordResetAttribute": 1,
"ldapPpolicyControl": 0,
"casAttributes": {
%for att in %%casAttribute
"%%att": "%%att.casLDAPAttribute",
%end for
%set %%idx = 0
%set %%size = %%len(%%ssoFilters) - 1
%for key,value in %%ssoFilters
%if %%idx == %%size
"%%key": "%%key"
%else
"%%key": "%%key",
%end if
%set %%idx += 1
%end for
},
"issuerDBSAMLPath": "^/saml/",
"samlAttributeAuthorityDescriptorAttributeServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;",
"portalDisplayAppslist": 1,
"confirmFormMethod": "post",
"domain": "%%nom_domaine_local",
"cfgNum": "1",
"authentication": "LDAP",
"samlNameIDFormatMapWindows": "uid",
"authChoiceModules": {},
"ldapGroupAttributeName": "member",
"samlServicePrivateKeySigPwd": "",
"googleAuthnLevel": 1,
"successLoginNumber": 5,
"localSessionStorageOptions": {
"cache_root": "/tmp",
"namespace": "lemonldap-ng-sessions",
"default_expires_in": 600,
"directory_umask": "007",
"cache_depth": 3
},
"samlSPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
"portalRequireOldPassword": 1,
"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;",
"ADPwdExpireWarning": 0,
"yubikeyPublicIDSize": 12,
"ldapGroupAttributeNameGroup": "dn",
"oidcRPMetaDataOptionsExtraClaims": null,
"ldapGroupRecursive": 0,
"mailSubject": "[LemonLDAP::NG] Your new password",
"nginxCustomHandlers": {},
"samlSPSSODescriptorAuthnRequestsSigned": 1,
%if %%llResetPassword == "oui"
"portalDisplayResetPassword": 1,
%else
"portalDisplayResetPassword": 0,
%end if
"openIdSreg_timezone": "_timezone",
"infoFormMethod": "get",
"openIdAuthnLevel": 1,
"openIdSreg_nickname": "uid",
"samlServicePublicKeyEnc": "",
"userDB": "LDAP",
"grantSessionRules": {},
"remoteGlobalStorage": "Lemonldap::NG::Common::Apache::Session::SOAP",
"reloadUrls": {
"%%reloadWebName": "https://%%reloadWebName/reload"
},
"registerTimeout": 0,
"samlIDPSSODescriptorSingleSignOnServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;",
"slaveAuthnLevel": 2,
"samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
"Soap": 1,
%set %%RegisterDB=%%getVar('llRegisterDB', 'Demo')
%if %%RegisterDB == "Custom"
"registerDB": "Null",
%else
"registerDB": "%%RegisterDB",
%end if
"locationRules": {
"%%managerWebName": {
"default": "$uid eq \"%%lemonAdmin\""
},
"test1.%%nom_domaine_local": {
"default": "accept",
"^/logout": "logout_sso"
},
"test2.%%nom_domaine_local": {
"default": "accept",
"^/logout": "logout_sso"
}
},
"portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/",
"hideOldPassword": 0,
%if %%is_file(%%ldapBindUserPassword)
"managerPassword": "%%readPass("", %%ldapBindUserPassword)",
%else
"managerPassword": "%%ldapBindUserPassword",
%end if
"authChoiceParam": "lmAuth",
"lwpSslOpts": {},
"portalSkinRules": {},
"issuerDBOpenIDPath": "^/openidserver/",
"redirectFormMethod": "get",
"portalDisplayRegister": 1,
"secureTokenMemcachedServers": "127.0.0.1:11211",
"notificationStorageOptions": {
"dirName": "/var/lib/lemonldap-ng/notifications"
},
"browserIdAuthnLevel": 1,
"portalUserAttr": "_user",
"ldapVersion": 3,
"sessionDataToRemember": {},
"samlNameIDFormatMapX509": "mail",
"managerDn": "%%ldapBindUserDN",
"mailSessionKey": "mail",
"openIdSreg_email": "mail",
"localSessionStorage": "Cache::FileCache",
"persistentStorage": "Apache::Session::File",
"mailOnPasswordChange": 0,
"captchaStorage": "Apache::Session::File",
"remoteGlobalStorageOptions": {
"proxy": "https://%%authWebName/index.pl/sessions",
"ns": "https://%%authWebName/Lemonldap/NG/Common/CGI/SOAPService"
},
"passwordDB": "LDAP",
"captcha_size": 6,
"mailCharset": "utf-8",
"facebookExportedVars": {},
"nullAuthnLevel": 2,
"singleIP": 0,
"dbiExportedVars": {},
"portalSkin": "bootstrap",
"storePassword": 0,
"hiddenAttributes": "_password",
"samlServicePrivateKeySig": "",
"globalStorage": "Apache::Session::File",
"notificationWildcard": "allusers",
"portalForceAuthn": 0,
"samlMetadataForceUTF8": 1,
"secureTokenUrls": ".*",
"secureTokenAllowOnError": 1,
"samlAuthnContextMapTLSClient": 5,
"ldapAllowResetExpiredPassword": 0,
"oidcOPMetaDataExportedVars": {},
"notifyOther": 0,
"secureTokenExpiration": 60,
"captcha_mail_enabled": 0,
"samlStorageOptions": {},
"samlOrganizationDisplayName": "Example",
"trustedProxies": "",
"secureTokenHeader": "Auth-Token",
"issuerDBCASActivation": 1,
"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;",
"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
"samlIDPMetaDataXML": {},
"oidcStorageOptions": {},
"cfgDate": 1519998069,
"samlAuthnContextMapPassword": 2,
"portalDisplayLoginHistory": 1,
"ldapPasswordResetAttributeValue": "TRUE",
"ldapServer": "%%ldapScheme://%%ldapServer",
"samlIDPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;",
"samlIDPMetaDataExportedAttributes": null,
"samlServicePrivateKeyEnc": "",
"useRedirectOnForbidden": 0,
"captcha_login_enabled": 0,
"https": 0,
"checkXSS": 1,
"ldapSetPassword": 0,
"portalPingInterval": 60000,
"captchaStorageOptions": {
"Directory": "/var/lib/lemonldap-ng/captcha/"
},
"useSafeJail": 1,
"registerDoneSubject": "[LemonLDAP::NG] Your new account",
"issuerDBCASRule": 1,
"samlAuthnContextMapKerberos": 4,
"ldapGroupAttributeNameSearch": "cn",
"logoutServices": {},
"samlIDPSSODescriptorWantAuthnRequestsSigned": 1,
"portalDisplayLogout": 1,
"issuerDBGetParameters": {},
"googleExportedVars": {},
"openIdSreg_fullname": "cn",
"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact",
"demoExportedVars": {
"mail": "mail",
"uid": "uid",
"cn": "cn"
},
"oidcOPMetaDataJSON": null,
"samlIdPResolveCookie": "lemonldapidp",
"samlRelayStateTimeout": 600,
"samlOrganizationURL": "https://auth.%%nom_domaine_local",
"globalStorageOptions": {
"Directory": "/var/lib/lemonldap-ng/sessions",
"LockDirectory": "/var/lib/lemonldap-ng/sessions/lock"
},
"ldapExportedVars": {
"mail": "mail",
"cn": "cn",
"uid": "uid"
},
"webIDExportedVars": {},
"activeTimer": 1,
"cda": 0,
"samlServicePublicKeySig": "",
%if %%llCheckLogins == "oui"
"portalCheckLogins": 1,
%else
"portalCheckLogins": 0,
%end if
"CAS_authnLevel": 1,
"macros": {
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
},
"samlIDPMetaDataOptions": null,
"twitterAuthnLevel": 1,
"openIdExportedVars": {},
"captcha_register_enabled": 1,
"oidcOPMetaDataJWKS": null,
"webIDAuthnLevel": 1,
"issuerDBOpenIDActivation": "1",
%if %%llResetPassword == "oui"
%if %%is_empty(%%llResetUrl)
"mailUrl": "https://%%authWebName/mail.pl",
%else
"mailUrl": "%%llResetUrl",
%end if
%end if
"maintenance": 0,
"jsRedirect": 0,
"cfgAuthor": "Cadoles",
"persistentStorageOptions": {
"LockDirectory": "/var/lib/lemonldap-ng/psessions/lock",
"Directory": "/var/lib/lemonldap-ng/psessions"
},
"SSLAuthnLevel": 5,
"oidcServiceMetaDataAuthnContext": {},
"samlIDPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
"notification": 1,
"ldapChangePasswordAsUser": 0,
"CAS_proxiedServices": {},
"key": "e\"bTCt3*eU9^\\V%b",
"portal": "https://%%authWebName/",
"singleSessionUserByIP": 0,
"portalOpenLinkInNewWindow": 0,
"post": {
"test2.%%nom_domaine_local": {},
"test1.%%nom_domaine_local": {},
"%%managerWebName": {}
},
"samlSPSSODescriptorAssertionConsumerServiceHTTPPost": "0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost",
"issuerDBSAMLRule": 1,
"samlCommonDomainCookieActivation": 0,
"syslog": "",
"ldapBase": "%%ldapUserBaseDN",
"ldapAuthnLevel": 2,
"mailTimeout": 0,
"samlEntityID": "#PORTAL#/saml/metadata",
"oidcOPMetaDataOptions": null,
"samlSPSSODescriptorWantAssertionsSigned": 1,
"samlOrganizationName": "%%samlOrganizationName",
%if %%RegisterDB == "Custom"
"registerUrl": "%%llRegisterURL",
%else
"registerUrl": "https://%%authWebName/register.pl",
%end if
"casAccessControlPolicy": "none",
"multiValuesSeparator": ";",
"ldapPort": %%ldapServerPort
}

View File

@ -1,20 +1,30 @@
%set %%boolean = {'oui': 1, 'non': 0}
%set %%ssoFilters = %%getSSOFilters
%set %%ldapAttributes = {"uid": "uid", "mail": "mail", "cn":"cn"}
%set %%exported_vars = ['"UA": "HTTP_USER_AGENT"']
%set %%cas_attributes = []
%set %%ldap_attributes = {}
%for %%attr in %%casAttribute
%silent %%exported_vars.append('"' + %%attr + '": "' + %%attr + '.casLDAPAttribute"')
%silent %%cas_attributes.append('"' + %%attr + '": "' + %%attr + '.casLDAPAttribute"')
%silent %%exported_vars.append('"' + %%attr + '": "' + %%attr.casLDAPAttribute + '"')
%silent %%cas_attributes.append('"' + %%attr + '": "' + %%attr.casLDAPAttribute + '"')
%set %%ldap_attributes[%%attr.casLDAPAttribute] = %%attr.casLDAPAttribute
%end for
%for %%key, %%value in %%ssoFilters
%silent %%exported_vars.append('"' + %%key + '": "' + %%value + '"')
%silent %%cas_attributes.append('"' + %%key + '": "' + %%value + '"')
%set %%ldap_attributes[%%value] = %%value
%end for
%silent %%exported_vars.sort()
%silent %%cas_attributes.sort()
%set %%ldapAttr = []
%for %%k, %%v in %%ldap_attributes.items()
%silent %%ldapAttr.append('"' + %%k + '": "' + %%v + '"')
%end for
{
"ADPwdExpireWarning": 0,
"ADPwdMaxAge": 0,
%if %%lemon_user_db == "AD"
"ADPwdExpireWarning": %%llADPasswordExpireWarn,
"ADPwdMaxAge": %%llADPasswordMaxAge,
%end if
"CAS_authnLevel": 1,
"CAS_pgtFile": "/tmp/pgt.txt",
"CAS_proxiedServices": {},
@ -85,7 +95,7 @@
},
"authChoiceModules": {},
"authChoiceParam": "lmAuth",
"authentication": "LDAP",
"authentication": "%%lemon_user_db",
"browserIdAuthnLevel": 1,
"captchaStorage": "Apache::Session::File",
"captchaStorageOptions": {
@ -152,14 +162,26 @@
"issuerDBSAMLRule": 1,
"jsRedirect": 0,
"key": "e\"bTCt3*eU9^\\V%b",
%if %%llResetPassword == "oui"
%if %%llResetExpiredPassword == "oui"
%if %%lemon_user_db == "AD"
"ldapPpolicyControl": 0,
%else
"ldapPpolicyControl": 1,
%end if
"ldapAllowResetExpiredPassword": 1,
"ldapChangePasswordAsUser": 1,
%else
"ldapPpolicyControl": 0,
"ldapAllowResetExpiredPassword": 0,
"ldapChangePasswordAsUser": 1,
%end if
%end if
"ldapAuthnLevel": 2,
"ldapSearchDeref": "find",
"ldapBase": "%%ldapUserBaseDN",
"ldapChangePasswordAsUser": 0,
"ldapExportedVars": {
"cn": "cn",
"mail": "mail",
"uid": "uid"
%%custom_join(%%ldapAttr, ',\n ')
},
"ldapGroupAttributeName": "memberUid",
"ldapGroupAttributeNameGroup": "dn",
@ -170,9 +192,15 @@
"ldapPasswordResetAttribute": "pwdReset",
"ldapPasswordResetAttributeValue": "TRUE",
"ldapPort": "%%ldapServerPort",
"ldapPpolicyControl": 0,
"ldapPwdEnc": "utf-8",
"ldapServer": "%%ldapScheme://%%ldapServer",
%if %%ldapScheme == "ldaps"
%if %%lmldapverify == "oui"
"ldapVerify": "Require",
%else
"ldapVerify": "None",
%end if
%end if
"ldapSetPassword": 0,
"ldapTimeout": 120,
"ldapUsePasswordResetAttribute": 1,
@ -196,6 +224,13 @@
"macros": {
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
},
"samlIDPMetaDataOptions": null,
"twitterAuthnLevel": 1,
"openIdExportedVars": {},
"captcha_register_enabled": 1,
"oidcOPMetaDataJWKS": null,
"webIDAuthnLevel": 1,
"issuerDBOpenIDActivation": "1",
"mailCharset": "utf-8",
"mailConfirmSubject": "[LemonLDAP::NG] Password reset confirmation",
"mailFrom": "noreply@%%nom_domaine_local",
@ -205,7 +240,7 @@
"mailTimeout": 0,
%if %%llResetPassword == "oui"
%if %%is_empty(%%llResetUrl)
"mailUrl": "https://%%authWebName/mail.pl",
"mailUrl": "https://%%authWebName/resetpwd",
%else
"mailUrl": "%%llResetUrl",
%end if
@ -244,7 +279,7 @@
"openIdSreg_fullname": "cn",
"openIdSreg_nickname": "uid",
"openIdSreg_timezone": "_timezone",
"passwordDB": "LDAP",
"passwordDB": "%%lemon_user_db",
"persistentStorage": "Apache::Session::File",
"persistentStorageOptions": {
"Directory": "/var/lib/lemonldap-ng/psessions",
@ -254,10 +289,10 @@
"portalAntiFrame": 1,
"portalCheckLogins": %%boolean[%%llCheckLogins],
"portalDisplayAppslist": 1,
"portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/",
"portalDisplayChangePassword": "$_auth =~ /^(AD|LDAP|DBI|Demo)$/",
"portalDisplayLoginHistory": 1,
"portalDisplayLogout": 1,
"portalDisplayRegister": 1,
"portalDisplayRegister": %%boolean[%%llRegisterAccount],
"portalDisplayResetPassword": %%boolean[%%llResetPassword],
"portalForceAuthn": 0,
"portalForceAuthnInterval": 0,
@ -364,7 +399,7 @@
"useRedirectOnForbidden": 0,
"useSafeJail": 1,
"userControl": "^[\\w\\.\\-@]+$",
"userDB": "LDAP",
"userDB": "%%lemon_user_db",
"vhostOptions": {
"%%managerWebName": {
"vhostHttps": "1"

View File

@ -13,13 +13,13 @@
<VirtualHost %%adresse_ip_eth0:443>
ServerName %%managerWebName
SSLEngine on
SSLCertificateFile /etc/ssl/certs/eole.crt
SSLCertificateKeyFile /etc/ssl/private/eole.key
SSLCertificateFile %%server_cert
SSLCertificateKeyFile %%server_key
SSLCertificateChainFile /etc/ssl/certs/ca_local.crt
SSLProtocol all -SSLv3 -SSLv2
SSLProxyEngine on
LogLevel info
LogLevel %%lm_loglevel
ErrorLog /var/log/apache2/manager_error.log
CustomLog /var/log/apache2/manager_access.log common

View File

@ -5,8 +5,7 @@ server {
}
server {
listen 443;
ssl on;
listen 443 ssl;
%if %%cert_type == "letsencrypt"
ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
@ -70,8 +69,8 @@ server {
# DEBIAN
# If install was made with USEDEBIANLIBS (official releases), uncomment this
#location /javascript/ {
# alias /usr/share/javascript/;
#}
location /javascript/ {
alias /usr/share/javascript/;
}
}

View File

@ -1,3 +1,3 @@
log_format lm_combined '$remote_addr - $lmremote_user [$time_local] '
log_format lm_app '$remote_addr - $upstream_http_lm_remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
'"$http_referer" "$http_user_agent" $upstream_http_lm_remote_custom';

View File

@ -13,13 +13,13 @@
<VirtualHost %%adresse_ip_eth0:443>
ServerName %%authWebName
SSLEngine on
SSLCertificateFile /etc/ssl/certs/eole.crt
SSLCertificateKeyFile /etc/ssl/private/eole.key
SSLCertificateFile %%server_cert
SSLCertificateKeyFile %%server_key
SSLCertificateChainFile /etc/ssl/certs/ca_local.crt
SSLProtocol all -SSLv3 -SSLv2
SSLProxyEngine on
LogLevel info
LogLevel %%lm_loglevel
ErrorLog /var/log/apache2/portal_error.log
CustomLog /var/log/apache2/portal_access.log common

View File

@ -15,8 +15,7 @@ server {
}
server {
listen 443;
ssl on;
listen 443 ssl;
%if %%cert_type == "letsencrypt"
ssl_certificate %%le_config_dir/live/%%authWebName/cert.pem;
ssl_certificate_key %%le_config_dir/live/%%authWebName/privkey.pem;
@ -83,7 +82,7 @@ server {
# DEBIAN
# If install was made with USEDEBIANLIBS (official releases), uncomment this
#location /javascript/ {
# alias /usr/share/javascript/;
#}
location /javascript/ {
alias /usr/share/javascript/;
}
}