Merge branch 'master' into dist/eole/2.6.2/master

README.md

@@ -8,8 +8,9 @@ Intégration LemonLDAP::NG pour EOLE
 
 Gen_config -> Mode Expert -> Dépôts tiers -> Libellé du dépôt
 
-*# LemonLDAP::NG repository
-deb     https://lemonldap-ng.org/deb stable main
-deb-src https://lemonldap-ng.org/deb stable main
-Key URL : https://lemonldap-ng.org/_media/rpm-gpg-key-ow2 
+ ### LemonLDAP::NG repository
+ 
+* deb     https://lemonldap-ng.org/deb stable main
+* deb-src https://lemonldap-ng.org/deb stable main
+* Key URL : https://lemonldap-ng.org/_media/rpm-gpg-key-ow2 
 

debian/compat

@@ -0,0 +1 @@
+9

debian/control

@@ -0,0 +1,18 @@
+Source: eole-lemonldap
+Section: web
+Priority: optional
+Maintainer: Cadoles <eole@ac-dijon.fr>
+Build-Depends: debhelper (>= 9)
+Standards-Version: 3.9.3
+Homepage: https://forge.cadoles.com/Cadoles/eole-lemonldap
+Vcs-Git: https://forge.cadoles.com/Cadoles/eole-lemonldap.git
+Vcs-Browser: https://forge.cadoles.com/Cadoles/eole-lemonldap
+
+Package: eole-lemonldap
+Architecture: all
+Depends: ${misc:Depends}, lemonldap-ng, lemonldap-ng-doc, lemonldap-ng-fr-doc, lemonldap-ng-fastcgi-server,
+   libxml-libxml-perl, libxml-libxslt-perl, libcgi-emulate-psgi-perl, libauthen-captcha-perl, liblasso-perl,
+   libxml-simple-perl, libcgi-compile-perl
+Description: Dictionnaires et templates pour la configuration d'un serveur LemonLDAP::NG, testée uniquement avec eolebase
+ .
+ Pour toute information complémentaire, veuillez vous rendre sur la forge Cadoles.

debian/copyright

@@ -0,0 +1,44 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: {PROJECT}
+Source: {URL}
+
+Files: *
+Copyright: YEAR {UPSTREAM} {AUTHOR} <{MAIL}>
+License: {UPSTREAM LICENSE}
+
+Files: debian/*
+Copyright: 2012 Équipe EOLE <eole@ac-dijon.fr>
+License: CeCILL-2
+
+License: {UPSTREAM LICENSE}
+ {TEXT OF THE LICENSE}
+
+License: CeCILL-2
+ This software is governed by the CeCILL-2 license under French law and
+ abiding by the rules of distribution of free software.  You can  use,
+ modify and or redistribute the software under the terms of the CeCILL-2
+ license as circulated by CEA, CNRS and INRIA at the following URL
+ "http://www.cecill.info";.
+ .
+ As a counterpart to the access to the source code and  rights to copy,
+ modify and redistribute granted by the license, users are provided only
+ with a limited warranty  and the software's author,  the holder of the
+ economic rights,  and the successive licensors  have only  limited
+ liability.
+ .
+ In this respect, the user's attention is drawn to the risks associated
+ with loading,  using,  modifying and/or developing or reproducing the
+ software by the user in light of its specific status of free software,
+ that may mean  that it is complicated to manipulate,  and  that  also
+ therefore means  that it is reserved for developers  and  experienced
+ professionals having in-depth computer knowledge. Users are therefore
+ encouraged to load and test the software's suitability as regards their
+ requirements in conditions enabling the security of their systems and/or
+ data to be ensured and,  more generally, to use and operate it in the
+ same conditions as regards security.
+ .
+ The fact that you are presently reading this means that you have had
+ knowledge of the CeCILL-2 license and that you accept its terms.
+ .
+ On Eole systems, the complete text of the CeCILL-2 License can be found
+ in '/usr/share/common-licenses/CeCILL-2-en'.

debian/gbp.conf

@@ -0,0 +1,3 @@
+# Set per distribution debian tag
+[DEFAULT]
+debian-tag = debian/eole/%(version)s

debian/rules

@@ -0,0 +1,8 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+%:
+	dh $@

debian/source/format

@@ -0,0 +1 @@
+3.0 (native)

dicos/70_lemonldap_ng.xml

@@ -2,9 +2,11 @@
 <creole>
     <files>
 		<!-- Je suis un commentaire -->
+		<file filelist='lemon' name='/etc/nginx/nginx.conf' mkdir='True' rm='True'/>
 		<file filelist='lemon' name='/etc/nginx/sites-available/manager-nginx.conf' mkdir='True' rm='True'/>
 		<file filelist='lemon' name='/etc/nginx/sites-available/handler-nginx.conf' mkdir='True' rm='True'/>
 		<file filelist='lemon' name='/etc/nginx/sites-available/portal-nginx.conf' mkdir='True' rm='True'/>
+		<file filelist='lemon' name='/etc/nginx/sites-available/test-nginx.conf' mkdir='True' rm='True'/>
 		<file filelist='lemon' name='/var/lib/lemonldap-ng/conf/lmConf-1.js' mkdir='True' rm='True'/>
 		<service_access service='nginx'>
 			<port service_accesslist="saLemon">80</port>
@@ -28,6 +30,12 @@
 			<variable name='ldapBindUserDN' type='string' description="Utilisateur de connection à l'annuaire" mandatory="True"/>
 			<variable name='ldapBindUserPassword' type='string' description="Mot de passe de l'utilisateur de connection à l'annuaire" mandatory="True"/>
 			<variable name="samlOrganizationName" type='string' description="Nom de l'organisation SAML" mode='expert'/>
+			<variable name="lemonAdmin" type='string' description="LemonLDAP Administrator username" mode='expert'>
+				<value>admin</value>
+			</variable>
+			<variable name="nginxBucketSize" type='number' description="Taille du hash des noms de serveur pour NGINX" mode='expert'>
+				<value>64</value>
+			</variable>
 		</family>
         <separators>
 		    <separator name="managerWebName">Configuration DNS</separator>
@@ -65,5 +73,6 @@
 		<variable name='activerLemon'>Activer l'hébergement d'une place de marché HTTP pour OpenNebula</variable>
 		<variable name='managerWebName'>Nom DNS de l'application de gestion de LemonLDAP::NG ex:manager.cadoles.com</variable>
 		<variable name='authWebName'>Nom DNS de service d'authentification de LemonLDAP::NG ex:auth.cadoles.com</variable>
+		<variable name='nginxBucketSize'>server_names_hash_bucket_size Taille du hash des noms de serveur pour NGINX</variable>
 	</help>
 </creole>

posttemplate/70-lemon-nginx

@@ -1,9 +1,10 @@
 #!/bin/bash
 
 ENABLE=$(CreoleGet activerLemon 'non')
-CONF_FILES='manager-nginx.conf'
-CONF_FILES='${CONF_FILE} handler-nginx.conf'
-CONF_FILES='${CONF_FILE} portal-nginx.conf'
+CONF_FILES="manager-nginx.conf"
+CONF_FILES="${CONF_FILES} handler-nginx.conf"
+CONF_FILES="${CONF_FILES} portal-nginx.conf"
+CONF_FILES="${CONF_FILES} test-nginx.conf"
 
 for CONF_FILE in ${CONF_FILES}
 do

tmpl/lmConf-1.js

@@ -210,7 +210,7 @@
     "registerDB": "Demo",
     "locationRules": {
         "%%managerWebName": {
-            "default": "$uid eq \"dwho\""
+            "default": "$uid eq \"%%lemonAdmin\""
         },
         "test1.%%nom_domaine_local": {
             "default": "accept",

tmpl/nginx.conf

@@ -0,0 +1,85 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+	server_names_hash_bucket_size %%nginxBucketSize;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+	gzip_disable "msie6";
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+}
+
+
+#mail {
+#	# See sample authentication script at:
+#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+# 
+#	# auth_http localhost/auth.php;
+#	# pop3_capabilities "TOP" "USER";
+#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
+# 
+#	server {
+#		listen     localhost:110;
+#		protocol   pop3;
+#		proxy      on;
+#	}
+# 
+#	server {
+#		listen     localhost:143;
+#		protocol   imap;
+#		proxy      on;
+#	}
+#}