parent d08c965ee8

author vfebvre <vfebvre@cadoles.com> 1599144265 +0200
committer Philippe Caseiro <pcaseiro@cadoles.com> 1606220045 +0100

Corrections diverses

.gitignore

@@ -0,0 +1,4 @@
+# Backup and swap files
+*~
+*#
+*.swp

Makefile

@@ -3,9 +3,9 @@
 ################################
 
 SOURCE=eole-lemonldap
-VERSION=2.8.0
+VERSION=2.8
 EOLE_VERSION=2.8
-EOLE_RELEASE=2.8.0
+EOLE_RELEASE=2.8.1
 PKGAPPS=non
 #FLASK_MODULE=<APPLICATION>
 

README.md

@@ -4,6 +4,27 @@ LemonLDAP::NG EOLE integration
 
 ## Howto
 
+### Repository configuration
+
+* Add the lemonldap-ng deb respository we need the last version of LemonLDAP.
+
+GenConfig -> Mode Expert -> Dépôts tiers -> Libellé du dépôt
+
+#### LemonLDAP::NG repository (if you use EOLE 2.7.2 this is not needed anymore)
+ 
+* deb     https://lemonldap-ng.org/deb stable main
+* deb-src https://lemonldap-ng.org/deb stable main
+* Key URL : https://lemonldap-ng.org/_media/rpm-gpg-key-ow2 
+
+#### Cadoles Repository
+* deb [ arch=all  ] https://vulcain.cadoles.com 2.7.2-dev main
+* Key URL : https://vulcain.cadoles.com/cadoles.gpg
+
+### Install packages
+
+apt update
+apt install eole-lemonldap
+
 ### Configure LemonLDAP in GenConfig
 
 * Enable lemonldap in "Services" tab

debian/control

@@ -1,50 +0,0 @@
-Source: eole-lemonldap-ng
-Section: web
-Priority: optional
-Maintainer: Équipe EOLE <eole@ac-dijon.fr>
-Build-Depends: debhelper-compat (= 12)
-Standards-Version: 4.5.0
-Homepage: https://dev-eole.ac-dijon.fr/projects/sso
-Vcs-Git: https://dev-eole.ac-dijon.fr/git/eole-lemonldap-ng.git
-Vcs-Browser: https://dev-eole.ac-dijon.fr/projects/sso/repository
-
-Package: eole-lemonldap-ng
-Architecture: all
-Depends: eole-lemonldap-ng-pkg,
-         ${misc:Depends}
-Description: Dictionnaires et templates pour la configuration d'un serveur LemonLDAP::NG
- Pour toute information complémentaire, veuillez vous rendre sur le
- site du projet EOLE.
-
-Package: eole-lemonldap-ng-scribe
-Architecture: all
-Depends: eole-scribe,
-         eole-lemonldap-ng,
-	 libapache2-mod-perl2,
-         ${misc:Depends}
-Description: Dictionnaire pour calculer les valeurs automatiquement sur Scribe
- .
- Pour toute information complémentaire, veuillez vous rendre sur le
- site du projet EOLE.
-
-Package: eole-lemonldap-ng-pkg
-Architecture: all
-Section: metapackages
-Depends: lemonldap-ng,
-         lemonldap-ng-doc,
-         lemonldap-ng-fastcgi-server,
-         lemonldap-ng-handler,
-         liblemonldap-ng-handler-perl,
-         liblemonldap-ng-manager-perl,
-         liblemonldap-ng-portal-perl,
-         libauthen-captcha-perl,
-         libemail-sender-perl,
-         libgd-securityimage-perl,
-         libimage-magick-perl,
-         libio-string-perl,
-         liblasso-perl,
-         libnet-openid-server-perl,
-         ${misc:Depends}
-Description: Paquet de dépendances pour eole-lemonldap.
- .
- Pour toute information complémentaire, veuillez vous rendre sur la forge Cadoles.

debian/copyright

@@ -1,37 +0,0 @@
-Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Upstream-Name: eole-lemonldap-ng
-Source: http://dev-eole.ac-dijon.fr/projects/sso
-
-Files: *
-Copyright: 2020 Équipe EOLE <eole@ac-dijon.fr>
-License: CeCILL-C
-
-License: CeCILL-C
- This software is governed by the CeCILL-C license under French law and
- abiding by the rules of distribution of free software.  You can  use,
- modify and or redistribute the software under the terms of the CeCILL-C
- license as circulated by CEA, CNRS and INRIA at the following URL
- "http://www.cecill.info";.
- .
- As a counterpart to the access to the source code and  rights to copy,
- modify and redistribute granted by the license, users are provided only
- with a limited warranty  and the software's author,  the holder of the
- economic rights,  and the successive licensors  have only  limited
- liability.
- .
- In this respect, the user's attention is drawn to the risks associated
- with loading,  using,  modifying and/or developing or reproducing the
- software by the user in light of its specific status of free software,
- that may mean  that it is complicated to manipulate,  and  that  also
- therefore means  that it is reserved for developers  and  experienced
- professionals having in-depth computer knowledge. Users are therefore
- encouraged to load and test the software's suitability as regards their
- requirements in conditions enabling the security of their systems and/or
- data to be ensured and,  more generally, to use and operate it in the
- same conditions as regards security.
- .
- The fact that you are presently reading this means that you have had
- knowledge of the CeCILL-C license and that you accept its terms.
- .
- On Eole systems, the complete text of the CeCILL-C License can be found
- in `/usr/share/common-licenses/CeCILL-2'.

debian/eole-lemonldap-ng-scribe.install

@@ -1,2 +0,0 @@
-usr/share/eole/creole/dicos/71_lemonldap_ng_scribe.xml
-usr/share/eole/postservice/98-lemonldap-ng-scribe-register-hosts

debian/eole-lemonldap-ng.install

@@ -1,6 +0,0 @@
-usr/share/creole/
-usr/share/eole/creole/dicos/70_lemonldap_ng.xml
-usr/share/eole/creole/distrib/
-usr/share/eole/diagnose/
-usr/share/eole/postservice/99-lemonldap-ng
-usr/share/eole/posttemplate/

debian/gbp.conf

@@ -1,3 +0,0 @@
-# Set per distribution debian tag
-[DEFAULT]
-debian-tag = debian/eole/%(version)s

debian/rules

@@ -1,9 +0,0 @@
-#!/usr/bin/make -f
-# -*- makefile -*-
-
-# Uncomment this to turn on verbose mode.
-export DH_VERBOSE=1
-export DH_OPTIONS=-v
-
-%:
-	dh $@

debian/source/format

@@ -1 +0,0 @@
-3.0 (native)

dicos/70_lemonldap_ng.xml

@@ -2,6 +2,7 @@
 <creole>
 
     <files>
+<<<<<<< HEAD
 
         <file filelist='lemonldap' name='/etc/lemonldap-ng/lemonldap-ng.ini' mkdir='True' rm='True'/>
         <file filelist='lemonldap' name='/var/lib/lemonldap-ng/conf/lmConf-1.json' mkdir='True' rm='True'/>
@@ -15,7 +16,7 @@
         <file filelist='lemonldap-apache' name='/etc/lemonldap-ng/handler-apache2.X.conf' mkdir='True' rm='True'/>
         <file filelist='lemonldap-apache' name='/etc/lemonldap-ng/portal-apache2.X.conf' mkdir='True' rm='True'/>
 
-        <service>lemonldap-ng-fastcgi-server</service>
+        <service servicelist="sllemon">lemonldap-ng-fastcgi-server</service>
 
         <service method='apache' servicelist='lemonldap-apache'>manager-apache2</service>
         <service method='apache' servicelist='lemonldap-apache'>portal-apache2</service>
@@ -34,7 +35,7 @@
             </variable>
         </family>
 
-        <family name='LemonLDAP'>
+        <family name='LemonLDAP' icon='lemon'>
 
             <variable name='managerWebName' type='string' description="Nom DNS du manager LemonLDAP-NG"/>
             <variable name='authWebName' type='string' description="Nom DNS du service d'authentification LemonLDAP-NG"/>
@@ -49,6 +50,43 @@
             <variable name="samlOrganizationName" type='string' description="Nom de l'organisation SAML" mode='expert'/>
 
             <variable name="lemonproc" type='number' description="Nombre de processus dédié à Lemon (équivalent au nombre de processeurs)" mandatory="True">
+=======
+		<!-- Je suis un commentaire -->
+		<file filelist='lemon' name='/etc/lemonldap-ng/manager-nginx.conf' mkdir='True' rm='True'/>
+		<file filelist='lemon' name='/etc/lemonldap-ng/handler-nginx.conf' mkdir='True' rm='True'/>
+		<file filelist='lemon' name='/etc/lemonldap-ng/portal-nginx.conf' mkdir='True' rm='True'/>
+		<file filelist='lemon' name='/etc/lemonldap-ng/test-nginx.conf' mkdir='True' rm='True'/>
+		<file filelist='lemon' name='/etc/lemonldap-ng/lemonldap-ng.ini' mkdir='True' rm='True'/>
+		<file filelist='lemon' name='/var/lib/lemonldap-ng/conf/lmConf-1.json' mkdir='True' rm='True'/>
+        <file filelist='lemon' name='/etc/default/lemonldap-ng-fastcgi-server' mkdir='True' rm='True'/>
+		<file filelist='lemonCAS' name='/usr/share/php/configCAS/cas.inc.php' source='cas.inc.php.tmpl' mkdir='True'/>
+		<file filelist='lemonCAS' name='/usr/share/php/CAS/eoleCASConfig.php' source='eoleCASConfig.php.tmpl' mkdir='True'/>
+		<file filelist='lemonCAS' name='/etc/pam_cas.conf' source="pam_cas_auth.conf"/>
+		<service servicelist="sllemon">lemonldap-ng-fastcgi-server</service>
+		<service_access service='nginx'>
+			<port service_accesslist="saLemon">80</port>
+			<port service_accesslist="saLemon">443</port>
+		</service_access>
+	</files>
+	<variables>
+		<family name='Services'>
+			<variable name='activerLemon' type='oui/non' description="Activer LemonLDAP::NG">
+				<value>non</value>
+			</variable>
+		</family>
+		<family name='LemonLDAP'>
+			<variable name='managerWebName' type='string' description="Nom DNS du manager LemonLDAP-NG"/>
+			<variable name='authWebName' type='string' description="Nom DNS du service d'authentification LemonLDAP-NG"/>
+			<variable name='reloadWebName' type='string' description="Nom DNS du service Reload de LemonLDAP-NG" mode="expert"/>
+			<variable name='ldapScheme' type='string' description="Protocole LDAP à utiliser" mandatory='True'/> -->
+			<variable name='ldapServer' type='string' description="Adresse du Serveur LDAP utilisé par LemonLDAP::NG" mandatory="True"/>
+			<variable name='ldapServerPort' type='number' description="Port d'écoute du LDAP utilisé par LemonLDAP::NG" mandatory='True'/>
+			<variable name='ldapUserBaseDN' type='string' description="Base DN des utilisateurs dans l'annuaire" mandatory='True'/>
+			<variable name='ldapBindUserDN' type='string' description="Utilisateur de connection à l'annuaire" mandatory="True"/>
+			<variable name='ldapBindUserPassword' type='string' description="Mot de passe de l'utilisateur de connection à l'annuaire" mandatory="True"/>
+			<variable name="samlOrganizationName" type='string' description="Nom de l'organisation SAML" mode='expert'/>
+            <variable name="lemonproc" type='number' description="Nombre de processus dédié à Lemon (équivalent au nombre de processeur)" mandatory="True">
+>>>>>>> 70a1c26 (Fix disable if in)
                 <value>4</value>
             </variable>
 
@@ -121,7 +159,6 @@
         <check name="valid_enum" target="llRegisterDB">
             <param>['LDAP','Demo','Custom']</param>
         </check>
-
         <group master="casAttribute">
             <slave>casLDAPAttribute</slave>
         </group>
@@ -131,6 +168,8 @@
             <target type='filelist'>lemonldap</target>
             <target type='filelist'>lemonldap-nginx</target>
             <target type='filelist'>lemonldap-apache</target>
+            <target type='servicelist'>lemonldap-apache</target>
+            <target type='servicelist'>sllemon</target>
             <target type='family'>LemonLDAP</target>
             <target type='service_accesslist'>saLemon</target>
         </condition>
@@ -165,10 +204,12 @@
     </constraints>
 
     <help>
+        <family name='LemonLDAP'>Configuration de la solution d'authentification unique LemonLDAP::NG</family>
         <variable name='activerLemon'>Activer le service LemonLDAP::NG sur ce serveur</variable>
         <variable name='managerWebName'>Nom DNS de l'application de gestion de LemonLDAP::NG ex:manager.example.fr</variable>
         <variable name='authWebName'>Nom DNS de service d'authentification de LemonLDAP::NG ex:auth.example.fr</variable>
-        <variable name='ldapUserBaseDN'>DN de l'utilisateur de connection en lecture à l'annuaire (ex: cn=reader,o=gouv,c=fr)</variable>
+	<variable name='ldapUserBaseDN'>DN de base de l'emplactement des utilisateurs dans l'annuaire (ex: ou=users,o=gouv,c=fr)</variable>
+	<variable name='ldapBindUsererDN'>DN de l'utilisateur de connection en lecture à l'annuaire (ex: cn=reader,o=gouv,c=fr)</variable>
         <variable name='llCheckLogins'>Affiche une case à cocher sur la mire SSO qui permet a l'utilisateur de voir l'historique de connection de son compte avant d'être redirigé vers le service demandé</variable>
         <variable name='llCSPTargets'>Liste des domaines à ajouter à la directive form-action.</variable>
     </help>

dicos/71_lemonldap_ng_scribe.xml

@@ -32,9 +32,16 @@
             <param name='default_mismatch'>ldap</param>
         </auto>
 
-        <auto name='calc_val' target='eolesso_adresse'>
-            <param type='eole'>authWebName</param>
-        </auto>
+        <fill name='calc_val_first_value' target='eolesso_adresse'>
+            <param type='eole' optional='True' hidden='False'>authWebName</param>
+            <param type='eole' optional='True' hidden='False'>web_url</param>
+            <param type='eole'>nom_domaine_machine</param>
+        </fill>
+
+        <condition name='frozen_if_in' source='activerLemon'>
+            <param>oui</param>
+            <target type='variable'>eolesso_adresse</target>
+        </condition>
 
         <auto name='calc_val' target='ldapServer'>
             <param type='eole'>adresse_ip_ldap</param>

postservice/99-lemonldap-ng

@@ -1,6 +1,12 @@
 #!/bin/bash
 
-[ "$(CreoleGet activerLemon non)" = 'oui' ] || exit 0
+
+[[ $(CreoleGet activerLemon non) == "non" ]] && exit 0
+
+# Updating Configuration cache
+
+cmd="/usr/share/lemonldap-ng/bin/lemonldap-ng-cli update-cache"
+opt="update-cache"
 
 # Updating Configuration cache
 /usr/share/lemonldap-ng/bin/lemonldap-ng-cli update-cache 2>&1

tmpl/lmConf-1.json

@@ -196,6 +196,7 @@
     "macros": {
         "_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
     },
+<<<<<<< HEAD
     "mailCharset": "utf-8",
     "mailConfirmSubject": "[LemonLDAP::NG] Password reset confirmation",
     "mailFrom": "noreply@%%nom_domaine_local",