Compare commits
22 Commits
pkg/eole/e
...
pkg/eole/e
Author | SHA1 | Date | |
---|---|---|---|
5982b59a1b | |||
fe8722e776 | |||
41728043ed | |||
61a0b1f79b | |||
200c9c41e9 | |||
63bf3c9f98 | |||
03a00fb7ce | |||
52e5c433eb | |||
d1ad6aeb25 | |||
815fca0e82 | |||
8ec486eafc | |||
4af11f3d28 | |||
8af3ee655f | |||
5d4e572967 | |||
15da7394f3 | |||
536da57382 | |||
9de4ea6dde | |||
d08c965ee8 | |||
6ee3589185 | |||
f2e6a3afe0 | |||
24f985d642 | |||
2700a5d440 |
4
.gitignore
vendored
Normal file
4
.gitignore
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
# Backup and swap files
|
||||
*~
|
||||
*#
|
||||
*.swp
|
4
Makefile
4
Makefile
@ -3,9 +3,9 @@
|
||||
################################
|
||||
|
||||
SOURCE=eole-lemonldap
|
||||
VERSION=2.8.0
|
||||
VERSION=2.8
|
||||
EOLE_VERSION=2.8
|
||||
EOLE_RELEASE=2.8.0
|
||||
EOLE_RELEASE=2.8.1
|
||||
PKGAPPS=non
|
||||
#FLASK_MODULE=<APPLICATION>
|
||||
|
||||
|
21
README.md
21
README.md
@ -4,6 +4,27 @@ LemonLDAP::NG EOLE integration
|
||||
|
||||
## Howto
|
||||
|
||||
### Repository configuration
|
||||
|
||||
* Add the lemonldap-ng deb respository we need the last version of LemonLDAP.
|
||||
|
||||
GenConfig -> Mode Expert -> Dépôts tiers -> Libellé du dépôt
|
||||
|
||||
#### LemonLDAP::NG repository (if you use EOLE 2.7.2 this is not needed anymore)
|
||||
|
||||
* deb https://lemonldap-ng.org/deb stable main
|
||||
* deb-src https://lemonldap-ng.org/deb stable main
|
||||
* Key URL : https://lemonldap-ng.org/_media/rpm-gpg-key-ow2
|
||||
|
||||
#### Cadoles Repository
|
||||
* deb [ arch=all ] https://vulcain.cadoles.com 2.7.2-dev main
|
||||
* Key URL : https://vulcain.cadoles.com/cadoles.gpg
|
||||
|
||||
### Install packages
|
||||
|
||||
apt update
|
||||
apt install eole-lemonldap
|
||||
|
||||
### Configure LemonLDAP in GenConfig
|
||||
|
||||
* Enable lemonldap in "Services" tab
|
||||
|
3
debian/control
vendored
3
debian/control
vendored
@ -44,9 +44,6 @@ Depends: lemonldap-ng,
|
||||
libimage-magick-perl,
|
||||
libio-string-perl,
|
||||
liblasso-perl,
|
||||
libnet-ldap-perl,
|
||||
libunicode-string-perl,
|
||||
libmime-tools-perl,
|
||||
libnet-openid-server-perl,
|
||||
${misc:Depends}
|
||||
Description: Paquet de dépendances pour eole-lemonldap.
|
||||
|
@ -9,7 +9,6 @@
|
||||
<file filelist='lemonldap-nginx' name='/etc/lemonldap-ng/manager-nginx.conf' mkdir='True' rm='True'/>
|
||||
<file filelist='lemonldap-nginx' name='/etc/lemonldap-ng/handler-nginx.conf' mkdir='True' rm='True'/>
|
||||
<file filelist='lemonldap-nginx' name='/etc/lemonldap-ng/portal-nginx.conf' mkdir='True' rm='True'/>
|
||||
<file filelist='lemonldap-nginx' name='/etc/lemonldap-ng/nginx-lmlog.conf' mkdir='True' rm='True'/>
|
||||
|
||||
<file filelist='lemonldap-apache' name='/etc/lemonldap-ng/manager-apache2.X.conf' mkdir='True' rm='True'/>
|
||||
<file filelist='lemonldap-apache' name='/etc/lemonldap-ng/handler-apache2.X.conf' mkdir='True' rm='True'/>
|
||||
@ -99,12 +98,6 @@
|
||||
<variable name='llChangePassword' type='oui/non' description="Permettre aux utilisateurs de changer leurs mots de passe depuis LemonLDAP">
|
||||
<value>oui</value>
|
||||
</variable>
|
||||
<variable name='llADPasswordMaxAge' type='number' description="Durée de vie des mots de passe (en secondes)" mode='expert'>
|
||||
<value>5184000</value>
|
||||
</variable>
|
||||
<variable name='llADPasswordExpireWarn' type='number' description="Délai avant affichage d'un message d'alerte sur l'expiration du mot de passe (en secondes)">
|
||||
<value>3456000</value>
|
||||
</variable>
|
||||
<variable name='llResetExpiredPassword' type='oui/non' description="Autoriser le renouvellement des mots de passe expirés">
|
||||
<value>oui</value>
|
||||
</variable>
|
||||
@ -164,12 +157,6 @@
|
||||
<slave>casLDAPAttribute</slave>
|
||||
</group>
|
||||
|
||||
<condition name='disabled_if_not_in' source='lemon_user_db'>
|
||||
<param>AD</param>
|
||||
<target type='variable'>llADPasswordMaxAge</target>
|
||||
<target type='variable'>llADPasswordExpireWarn</target>
|
||||
</condition>
|
||||
|
||||
<condition name='disabled_if_in' source='activerLemon'>
|
||||
<param>non</param>
|
||||
<target type='filelist'>lemonldap</target>
|
||||
|
@ -35,8 +35,8 @@
|
||||
</fill>
|
||||
|
||||
<auto name='calc_val' target='ldap_port'>
|
||||
<param>389</param>
|
||||
</auto>
|
||||
<param>636</param>
|
||||
</auto>
|
||||
|
||||
<condition name='frozen_if_in' source='activerLemon'>
|
||||
<param>oui</param>
|
||||
@ -48,19 +48,17 @@
|
||||
</auto>
|
||||
|
||||
<auto name='calc_val' target='ldapServerPort'>
|
||||
<param type='number'>389</param>
|
||||
<param type='number'>636</param>
|
||||
</auto>
|
||||
|
||||
<auto name='calc_val' target='lemon_user_db'>
|
||||
<param>LDAP</param>
|
||||
<param>AD</param>
|
||||
</auto>
|
||||
|
||||
<auto name='calc_val' target='llRegisterDB'>
|
||||
<param>LDAP</param>
|
||||
</auto>
|
||||
<auto name='calc_val' target='ldapUserBaseDN'>
|
||||
<param type='eole'>ldap_base_dn</param>
|
||||
<param>AD</param>
|
||||
</auto>
|
||||
|
||||
<auto name='calc_val' target='ldapBindUserDN'>
|
||||
<param type='eole'>sasl_ldap_reader</param>
|
||||
</auto>
|
||||
|
@ -1,6 +1,12 @@
|
||||
#!/bin/bash
|
||||
|
||||
[ "$(CreoleGet activerLemon non)" = 'oui' ] || exit 0
|
||||
|
||||
[[ $(CreoleGet activerLemon non) == "non" ]] && exit 0
|
||||
|
||||
# Updating Configuration cache
|
||||
|
||||
cmd="/usr/share/lemonldap-ng/bin/lemonldap-ng-cli update-cache"
|
||||
opt="update-cache"
|
||||
|
||||
# Updating Configuration cache
|
||||
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli update-cache 2>&1
|
||||
|
@ -23,7 +23,8 @@ server {
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen 443;
|
||||
ssl on;
|
||||
%if %%cert_type == "letsencrypt"
|
||||
ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
|
||||
ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
|
||||
@ -61,7 +62,7 @@ server {
|
||||
deny all;
|
||||
|
||||
# Uncomment this if you use https only
|
||||
add_header Strict-Transport-Security "max-age=15768000";
|
||||
#add_header Strict-Transport-Security "max-age=15768000";
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -36,7 +36,7 @@
|
||||
;
|
||||
; 1 - Defined logging level
|
||||
; Set here one of error, warn, notice, info or debug
|
||||
logLevel = debug
|
||||
logLevel = %%lm_loglevel
|
||||
; Note that this has no effect for Apache2 logging: Apache LogLevel is used
|
||||
; instead
|
||||
;
|
||||
@ -65,9 +65,9 @@ logLevel = debug
|
||||
; 2.1 - Using Syslog
|
||||
;
|
||||
; For Syslog logging, you can also overwrite facilities. Default values:
|
||||
;logger = Lemonldap::NG::Common::Logger::Syslog
|
||||
;syslogFacility = daemon
|
||||
;userSyslogFacility = auth
|
||||
logger = Lemonldap::NG::Common::Logger::Syslog
|
||||
syslogFacility = daemon
|
||||
userSyslogFacility = auth
|
||||
;
|
||||
; 2.2 - Using Log4perl
|
||||
;
|
||||
|
@ -13,10 +13,8 @@
|
||||
%silent %%exported_vars.sort()
|
||||
%silent %%cas_attributes.sort()
|
||||
{
|
||||
%if %%lemon_user_db == "AD"
|
||||
"ADPwdExpireWarning": %%llADPasswordExpireWarn,
|
||||
"ADPwdMaxAge": %%llADPasswordMaxAge,
|
||||
%end if
|
||||
"ADPwdExpireWarning": 0,
|
||||
"ADPwdMaxAge": 0,
|
||||
"CAS_authnLevel": 1,
|
||||
"CAS_pgtFile": "/tmp/pgt.txt",
|
||||
"CAS_proxiedServices": {},
|
||||
@ -171,6 +169,19 @@
|
||||
%end if
|
||||
"ldapAuthnLevel": 2,
|
||||
"ldapSearchDeref": "find",
|
||||
%if %%eole_module == "scribe"
|
||||
"ldapBase": "cn=Users,dc=%echo ",dc=".join(%%ad_domain.split('.')) + '",'
|
||||
"ldapExportedVars": {
|
||||
"cn": "cn",
|
||||
"mail": "mail",
|
||||
"uid": "cn"
|
||||
},
|
||||
"ldapGroupAttributeName": "memberUid",
|
||||
"ldapGroupAttributeNameGroup": "dn",
|
||||
"ldapGroupAttributeNameSearch": "cn",
|
||||
"ldapGroupAttributeNameUser": "cn",
|
||||
"ldapGroupObjectClass": "group",
|
||||
%else
|
||||
"ldapBase": "%%ldapUserBaseDN",
|
||||
"ldapExportedVars": {
|
||||
"cn": "cn",
|
||||
@ -182,6 +193,7 @@
|
||||
"ldapGroupAttributeNameSearch": "cn",
|
||||
"ldapGroupAttributeNameUser": "uid",
|
||||
"ldapGroupObjectClass": "eolegroupe",
|
||||
%end if
|
||||
"ldapGroupRecursive": 0,
|
||||
"ldapPasswordResetAttribute": "pwdReset",
|
||||
"ldapPasswordResetAttributeValue": "TRUE",
|
||||
@ -233,7 +245,11 @@
|
||||
%end if
|
||||
%end if
|
||||
"maintenance": 0,
|
||||
%if %%eole_module == "scribe"
|
||||
"managerDn": "cn=%%ldapBindUserDN,cn=Users,dc=%echo ",dc=".join(%%ad_domain.split('.')) + '",'
|
||||
%else
|
||||
"managerDn": "%%ldapBindUserDN",
|
||||
%end if
|
||||
%if %%is_file(%%ldapBindUserPassword)
|
||||
"managerPassword": "%%readPass("", %%ldapBindUserPassword)",
|
||||
%else
|
||||
|
@ -5,7 +5,8 @@ server {
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen 443;
|
||||
ssl on;
|
||||
%if %%cert_type == "letsencrypt"
|
||||
ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
|
||||
ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
|
||||
@ -69,8 +70,8 @@ server {
|
||||
|
||||
# DEBIAN
|
||||
# If install was made with USEDEBIANLIBS (official releases), uncomment this
|
||||
location /javascript/ {
|
||||
alias /usr/share/javascript/;
|
||||
}
|
||||
#location /javascript/ {
|
||||
# alias /usr/share/javascript/;
|
||||
#}
|
||||
|
||||
}
|
||||
|
@ -15,7 +15,8 @@ server {
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen 443;
|
||||
ssl on;
|
||||
%if %%cert_type == "letsencrypt"
|
||||
ssl_certificate %%le_config_dir/live/%%authWebName/cert.pem;
|
||||
ssl_certificate_key %%le_config_dir/live/%%authWebName/privkey.pem;
|
||||
@ -82,7 +83,7 @@ server {
|
||||
|
||||
# DEBIAN
|
||||
# If install was made with USEDEBIANLIBS (official releases), uncomment this
|
||||
location /javascript/ {
|
||||
alias /usr/share/javascript/;
|
||||
}
|
||||
#location /javascript/ {
|
||||
# alias /usr/share/javascript/;
|
||||
#}
|
||||
}
|
||||
|
Reference in New Issue
Block a user