Merge branch 'master' into dist/eole/2.7.2/master

ref #31347

debian/compat

@@ -0,0 +1 @@
+10

debian/control

@@ -1,16 +1,16 @@
-Source: eole-lemonldap-ng
+Source: eole-lemonldap
 Section: web
 Priority: optional
 Maintainer: Équipe EOLE <eole@ac-dijon.fr>
-Build-Depends: debhelper-compat (= 12)
+Build-Depends: debhelper (>= 9)
-Standards-Version: 4.5.0
+Standards-Version: 3.9.3
 Homepage: https://dev-eole.ac-dijon.fr/projects/sso
 Vcs-Git: https://dev-eole.ac-dijon.fr/git/eole-lemonldap-ng.git
 Vcs-Browser: https://dev-eole.ac-dijon.fr/projects/sso/repository
 
-Package: eole-lemonldap-ng
+Package: eole-lemonldap
 Architecture: all
-Depends: eole-lemonldap-ng-pkg,
+Depends: eole-lemonldap-pkg,
          ${misc:Depends}
 Description: Dictionnaires et templates pour la configuration d'un serveur LemonLDAP::NG
  Pour toute information complémentaire, veuillez vous rendre sur le
@@ -19,7 +19,7 @@ Description: Dictionnaires et templates pour la configuration d'un serveur Lemon
 Package: eole-lemonldap-ng-scribe
 Architecture: all
 Depends: eole-scribe,
-         eole-lemonldap-ng,
+         eole-lemonldap,
 	 libapache2-mod-perl2,
          ${misc:Depends}
 Description: Dictionnaire pour calculer les valeurs automatiquement sur Scribe
@@ -27,7 +27,7 @@ Description: Dictionnaire pour calculer les valeurs automatiquement sur Scribe
  Pour toute information complémentaire, veuillez vous rendre sur le
  site du projet EOLE.
 
-Package: eole-lemonldap-ng-pkg
+Package: eole-lemonldap-pkg
 Architecture: all
 Section: metapackages
 Depends: lemonldap-ng,

debian/copyright

@@ -1,6 +1,6 @@
 Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Upstream-Name: eole-lemonldap-ng
+Upstream-Name: {PROJECT}
-Source: http://dev-eole.ac-dijon.fr/projects/sso
+Source: ${URL}
 
 Files: *
 Copyright: 2020 Équipe EOLE <eole@ac-dijon.fr>

debian/eole-lemonldap.install

@@ -0,0 +1,6 @@
+usr/share/creole/
+usr/share/eole/creole/dicos/70_lemonldap_ng.xml
+usr/share/eole/creole/distrib/
+usr/share/eole/diagnose/
+usr/share/eole/postservice/99-lemonldap-ng
+usr/share/eole/posttemplate/

debian/rules

@@ -2,8 +2,8 @@
 # -*- makefile -*-
 
 # Uncomment this to turn on verbose mode.
-export DH_VERBOSE=1
+#export DH_VERBOSE=1
-export DH_OPTIONS=-v
+#export DH_OPTIONS=-v
 
 %:
 	dh $@

dicos/70_lemonldap_ng.xml

@@ -9,6 +9,7 @@
         <file filelist='lemonldap-nginx' name='/etc/lemonldap-ng/manager-nginx.conf' mkdir='True' rm='True'/>
         <file filelist='lemonldap-nginx' name='/etc/lemonldap-ng/handler-nginx.conf' mkdir='True' rm='True'/>
         <file filelist='lemonldap-nginx' name='/etc/lemonldap-ng/portal-nginx.conf' mkdir='True' rm='True'/>
+        <file filelist='lemonldap-nginx' name='/etc/lemonldap-ng/nginx-lmlog.conf' mkdir='True' rm='True'/>
 
         <file filelist='lemonldap-apache' name='/etc/lemonldap-ng/manager-apache2.X.conf' mkdir='True' rm='True'/>
         <file filelist='lemonldap-apache' name='/etc/lemonldap-ng/handler-apache2.X.conf' mkdir='True' rm='True'/>
@@ -98,6 +99,12 @@
             <variable name='llChangePassword' type='oui/non' description="Permettre aux utilisateurs de changer leurs mots de passe depuis LemonLDAP">
                 <value>oui</value>
             </variable>
+            <variable name='llADPasswordMaxAge' type='number' description="Durée de vie des mots de passe (en secondes)" mode='expert'>
+                <value>5184000</value>
+            </variable>
+            <variable name='llADPasswordExpireWarn' type='number' description="Délai avant affichage d'un message d'alerte sur l'expiration du mot de passe (en secondes)">
+                <value>3456000</value>
+            </variable>
             <variable name='llResetExpiredPassword' type='oui/non' description="Autoriser le renouvellement des mots de passe expirés">
                 <value>oui</value>
             </variable>
@@ -157,6 +164,12 @@
             <slave>casLDAPAttribute</slave>
         </group>
 
+        <condition name='enabled_if_in' source='lemon_user_db'>
+            <param>AD</param>
+            <target type='variable'>llADPasswordMaxAge</target>
+            <target type='variable'>llADPasswordExpireWarn</target>
+        </condition>
+
         <condition name='disabled_if_in' source='activerLemon'>
             <param>non</param>
             <target type='filelist'>lemonldap</target>

tmpl/handler-nginx.conf

@@ -23,8 +23,7 @@ server {
 }
 
 server {
-  listen 443;
+  listen 443 ssl;
-  ssl on;
 %if %%cert_type == "letsencrypt"
   ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
   ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
@@ -62,7 +61,7 @@ server {
     deny all;
 
     # Uncomment this if you use https only
-    #add_header Strict-Transport-Security "max-age=15768000";
+    add_header Strict-Transport-Security "max-age=15768000";
   }
 
 }

tmpl/lmConf-1.json

@@ -13,8 +13,10 @@
 %silent %%exported_vars.sort()
 %silent %%cas_attributes.sort()
 {
-    "ADPwdExpireWarning": 0,
+%if %%lemon_user_db == "AD"
-    "ADPwdMaxAge": 0,
+    "ADPwdExpireWarning": %%llADPasswordExpireWarn,
+    "ADPwdMaxAge": %%llADPasswordMaxAge,
+%end if
     "CAS_authnLevel": 1,
     "CAS_pgtFile": "/tmp/pgt.txt",
     "CAS_proxiedServices": {},

tmpl/manager-nginx.conf

@@ -5,8 +5,7 @@ server {
 }
 
 server {
-  listen 443;
+  listen 443 ssl;
-  ssl on;
   %if %%cert_type == "letsencrypt"
   ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
   ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
@@ -70,8 +69,8 @@ server {
 
   # DEBIAN
   # If install was made with USEDEBIANLIBS (official releases), uncomment this
-  #location /javascript/ {
+  location /javascript/ {
-  #  alias /usr/share/javascript/;
+    alias /usr/share/javascript/;
-  #}
+  }
 
 }

tmpl/portal-nginx.conf

@@ -15,8 +15,7 @@ server {
 }
 
 server {
-  listen 443;
+  listen 443 ssl;
-  ssl on;
 %if %%cert_type == "letsencrypt"
   ssl_certificate %%le_config_dir/live/%%authWebName/cert.pem;
   ssl_certificate_key %%le_config_dir/live/%%authWebName/privkey.pem;
@@ -83,7 +82,7 @@ server {
 
   # DEBIAN
   # If install was made with USEDEBIANLIBS (official releases), uncomment this
-  #location /javascript/ {
+  location /javascript/ {
-  #  alias /usr/share/javascript/;
+    alias /usr/share/javascript/;
-  #}
+  }
 }