Compare commits
18 Commits
pkg/stable
...
pkg/eole/e
| Author | SHA1 | Date | |
|---|---|---|---|
| ae88bb7602 | |||
| 195484f1fb | |||
| cc637b2c7e | |||
| 1c91addc6d | |||
| e5afd4ccff | |||
| 34239e8ce5 | |||
| ad8e4a69a9 | |||
| 5c7a9f9894 | |||
| 8d3f12de72 | |||
| c7d4949fb7 | |||
| 6890500d5b | |||
| 2355b20c7d | |||
| 2ac6c9158f | |||
| c9c23aaa69 | |||
| 26ddf79a97 | |||
| 11c83c8d92 | |||
| dd242a3c5a | |||
| bd8403b610 |
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,4 +0,0 @@
|
||||
# Backup and swap files
|
||||
*~
|
||||
*#
|
||||
*.swp
|
||||
6
Makefile
6
Makefile
@ -3,9 +3,9 @@
|
||||
################################
|
||||
|
||||
SOURCE=eole-lemonldap
|
||||
VERSION=0.1
|
||||
EOLE_VERSION=2.7
|
||||
EOLE_RELEASE=2.7.2
|
||||
VERSION=2.8.0
|
||||
EOLE_VERSION=2.8
|
||||
EOLE_RELEASE=2.8.0
|
||||
PKGAPPS=non
|
||||
#FLASK_MODULE=<APPLICATION>
|
||||
|
||||
|
||||
21
README.md
21
README.md
@ -4,27 +4,6 @@ LemonLDAP::NG EOLE integration
|
||||
|
||||
## Howto
|
||||
|
||||
### Repository configuration
|
||||
|
||||
* Add the lemonldap-ng deb respository we need the last version of LemonLDAP.
|
||||
|
||||
GenConfig -> Mode Expert -> Dépôts tiers -> Libellé du dépôt
|
||||
|
||||
#### LemonLDAP::NG repository (if you use EOLE 2.7.2 this is not needed anymore)
|
||||
|
||||
* deb https://lemonldap-ng.org/deb stable main
|
||||
* deb-src https://lemonldap-ng.org/deb stable main
|
||||
* Key URL : https://lemonldap-ng.org/_media/rpm-gpg-key-ow2
|
||||
|
||||
#### Cadoles Repository
|
||||
* deb [ arch=all ] https://vulcain.cadoles.com 2.7.2-dev main
|
||||
* Key URL : https://vulcain.cadoles.com/cadoles.gpg
|
||||
|
||||
### Install packages
|
||||
|
||||
apt update
|
||||
apt install eole-lemonldap
|
||||
|
||||
### Configure LemonLDAP in GenConfig
|
||||
|
||||
* Enable lemonldap in "Services" tab
|
||||
|
||||
@ -31,7 +31,7 @@ def getSSOFilters():
|
||||
""" Convert former eole-sso filters to LemonLDAP filters
|
||||
"""
|
||||
import glob
|
||||
from ConfigParser import ConfigParser
|
||||
from configparser import ConfigParser
|
||||
|
||||
try:
|
||||
filters = { 'uid': "uid", "mail": "mail" }
|
||||
|
||||
1
debian/compat
vendored
1
debian/compat
vendored
@ -1 +0,0 @@
|
||||
10
|
||||
16
debian/control
vendored
16
debian/control
vendored
@ -1,16 +1,16 @@
|
||||
Source: eole-lemonldap
|
||||
Source: eole-lemonldap-ng
|
||||
Section: web
|
||||
Priority: optional
|
||||
Maintainer: Équipe EOLE <eole@ac-dijon.fr>
|
||||
Build-Depends: debhelper (>= 9)
|
||||
Standards-Version: 3.9.3
|
||||
Build-Depends: debhelper-compat (= 12)
|
||||
Standards-Version: 4.5.0
|
||||
Homepage: https://dev-eole.ac-dijon.fr/projects/sso
|
||||
Vcs-Git: https://dev-eole.ac-dijon.fr/git/eole-lemonldap-ng.git
|
||||
Vcs-Browser: https://dev-eole.ac-dijon.fr/projects/sso/repository
|
||||
|
||||
Package: eole-lemonldap
|
||||
Package: eole-lemonldap-ng
|
||||
Architecture: all
|
||||
Depends: eole-lemonldap-pkg,
|
||||
Depends: eole-lemonldap-ng-pkg,
|
||||
${misc:Depends}
|
||||
Description: Dictionnaires et templates pour la configuration d'un serveur LemonLDAP::NG
|
||||
Pour toute information complémentaire, veuillez vous rendre sur le
|
||||
@ -19,7 +19,7 @@ Description: Dictionnaires et templates pour la configuration d'un serveur Lemon
|
||||
Package: eole-lemonldap-ng-scribe
|
||||
Architecture: all
|
||||
Depends: eole-scribe,
|
||||
eole-lemonldap,
|
||||
eole-lemonldap-ng,
|
||||
libapache2-mod-perl2,
|
||||
${misc:Depends}
|
||||
Description: Dictionnaire pour calculer les valeurs automatiquement sur Scribe
|
||||
@ -27,7 +27,7 @@ Description: Dictionnaire pour calculer les valeurs automatiquement sur Scribe
|
||||
Pour toute information complémentaire, veuillez vous rendre sur le
|
||||
site du projet EOLE.
|
||||
|
||||
Package: eole-lemonldap-pkg
|
||||
Package: eole-lemonldap-ng-pkg
|
||||
Architecture: all
|
||||
Section: metapackages
|
||||
Depends: lemonldap-ng,
|
||||
@ -44,11 +44,9 @@ Depends: lemonldap-ng,
|
||||
libimage-magick-perl,
|
||||
libio-string-perl,
|
||||
liblasso-perl,
|
||||
libmouse-perl,
|
||||
libnet-ldap-perl,
|
||||
libunicode-string-perl,
|
||||
libmime-tools-perl,
|
||||
libio-socket-timeout-perl,
|
||||
libnet-openid-server-perl,
|
||||
${misc:Depends}
|
||||
Description: Paquet de dépendances pour eole-lemonldap.
|
||||
|
||||
4
debian/copyright
vendored
4
debian/copyright
vendored
@ -1,6 +1,6 @@
|
||||
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
|
||||
Upstream-Name: {PROJECT}
|
||||
Source: ${URL}
|
||||
Upstream-Name: eole-lemonldap-ng
|
||||
Source: http://dev-eole.ac-dijon.fr/projects/sso
|
||||
|
||||
Files: *
|
||||
Copyright: 2020 Équipe EOLE <eole@ac-dijon.fr>
|
||||
|
||||
4
debian/rules
vendored
4
debian/rules
vendored
@ -2,8 +2,8 @@
|
||||
# -*- makefile -*-
|
||||
|
||||
# Uncomment this to turn on verbose mode.
|
||||
#export DH_VERBOSE=1
|
||||
#export DH_OPTIONS=-v
|
||||
export DH_VERBOSE=1
|
||||
export DH_OPTIONS=-v
|
||||
|
||||
%:
|
||||
dh $@
|
||||
|
||||
BIN
debian/source/.format.un~
vendored
BIN
debian/source/.format.un~
vendored
Binary file not shown.
@ -99,12 +99,6 @@
|
||||
<variable name='llChangePassword' type='oui/non' description="Permettre aux utilisateurs de changer leurs mots de passe depuis LemonLDAP">
|
||||
<value>oui</value>
|
||||
</variable>
|
||||
<variable name='llADPasswordMaxAge' type='number' description="Durée de vie des mots de passe (en secondes)" mode='expert'>
|
||||
<value>5184000</value>
|
||||
</variable>
|
||||
<variable name='llADPasswordExpireWarn' type='number' description="Délai avant affichage d'un message d'alerte sur l'expiration du mot de passe (en secondes)">
|
||||
<value>3456000</value>
|
||||
</variable>
|
||||
<variable name='llResetExpiredPassword' type='oui/non' description="Autoriser le renouvellement des mots de passe expirés">
|
||||
<value>oui</value>
|
||||
</variable>
|
||||
@ -160,17 +154,10 @@
|
||||
<check name="valid_enum" target="llRegisterDB">
|
||||
<param>['LDAP','AD','Demo','Custom']</param>
|
||||
</check>
|
||||
|
||||
<group master="casAttribute">
|
||||
<slave>casLDAPAttribute</slave>
|
||||
</group>
|
||||
|
||||
<condition name='disabled_if_not_in' source='lemon_user_db'>
|
||||
<param>AD</param>
|
||||
<target type='variable'>llADPasswordMaxAge</target>
|
||||
<target type='variable'>llADPasswordExpireWarn</target>
|
||||
</condition>
|
||||
|
||||
<condition name='disabled_if_in' source='activerLemon'>
|
||||
<param>non</param>
|
||||
<target type='filelist'>lemonldap</target>
|
||||
|
||||
@ -24,6 +24,9 @@
|
||||
<target type='variable'>activer_sso</target>
|
||||
</condition>
|
||||
|
||||
<auto name='calc_val' target='ldapScheme'>
|
||||
<param>ldaps</param>
|
||||
</auto>
|
||||
|
||||
<fill name='calc_val_first_value' target='eolesso_adresse'>
|
||||
<param type='eole' optional='True' hidden='False'>authWebName</param>
|
||||
@ -31,42 +34,37 @@
|
||||
<param type='eole'>nom_domaine_machine</param>
|
||||
</fill>
|
||||
|
||||
<auto name='calc_val' target='ldap_port'>
|
||||
<param>636</param>
|
||||
</auto>
|
||||
|
||||
<condition name='frozen_if_in' source='activerLemon'>
|
||||
<param>oui</param>
|
||||
<target type='variable'>eolesso_adresse</target>
|
||||
</condition>
|
||||
|
||||
<auto name='calc_multi_condition' target='ldapScheme'>
|
||||
<param>oui</param>
|
||||
<param type='eole' name='condition_1'>ldap_tls</param>
|
||||
<param name='match'>ldaps</param>
|
||||
<param name='default_mismatch'>ldap</param>
|
||||
</auto>
|
||||
|
||||
<auto name='calc_val' target='ldapServer'>
|
||||
<param type='eole'>adresse_ip_ldap</param>
|
||||
<param type='eole'>ad_address</param>
|
||||
</auto>
|
||||
|
||||
<auto name='calc_val' target='ldapServerPort'>
|
||||
<param type='eole'>ldap_port</param>
|
||||
<param type='number'>636</param>
|
||||
</auto>
|
||||
|
||||
<auto name='calc_val' target='lemon_user_db'>
|
||||
<param>LDAP</param>
|
||||
<param>AD</param>
|
||||
</auto>
|
||||
|
||||
<auto name='calc_val' target='llRegisterDB'>
|
||||
<param>LDAP</param>
|
||||
</auto>
|
||||
<auto name='calc_val' target='ldapUserBaseDN'>
|
||||
<param type='eole'>ldap_base_dn</param>
|
||||
<param>AD</param>
|
||||
</auto>
|
||||
|
||||
<auto name='calc_val' target='ldapBindUserDN'>
|
||||
<param type='eole'>ldap_reader</param>
|
||||
<param type='eole'>sasl_ldap_reader</param>
|
||||
</auto>
|
||||
|
||||
<auto name='calc_val' target='ldapBindUserPassword'>
|
||||
<param type='eole'>ldap_reader_passfile</param>
|
||||
<param>/etc/eole/private/sasl-reader.password</param>
|
||||
</auto>
|
||||
|
||||
<auto name='calc_val' target='casFolder'>
|
||||
|
||||
@ -1,2 +1 @@
|
||||
creolefuncs_DATA_DIR := $(DESTDIR)/usr/share/creole/funcs
|
||||
lemonldap-ng_DATA_DIR := $(eole_DIR)/lemonldap-ng
|
||||
|
||||
@ -1,102 +0,0 @@
|
||||
package Lemonldap::NG::Portal::UserDB::LDAP;
|
||||
|
||||
use strict;
|
||||
use Mouse;
|
||||
use utf8;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK);
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Lib::LDAP';
|
||||
|
||||
our $VERSION = '2.0.6';
|
||||
|
||||
has ldapGroupAttributeNameSearch => (
|
||||
is => 'rw',
|
||||
lazy => 1,
|
||||
builder => sub {
|
||||
my $attributes = [];
|
||||
@$attributes =
|
||||
split( /\s+/, $_[0]->{conf}->{ldapGroupAttributeNameSearch} )
|
||||
if $_[0]->{conf}->{ldapGroupAttributeNameSearch};
|
||||
push( @$attributes, $_[0]->{conf}->{ldapGroupAttributeNameGroup} )
|
||||
if ( $_[0]->{conf}->{ldapGroupRecursive}
|
||||
and $_[0]->{conf}->{ldapGroupAttributeNameGroup} ne "dn" );
|
||||
return $attributes;
|
||||
}
|
||||
);
|
||||
|
||||
# RUNNING METHODS
|
||||
#
|
||||
# getUser is provided by Portal::Lib::LDAP
|
||||
|
||||
# Load all parameters included in exportedVars parameter.
|
||||
# Multi-value parameters are loaded in a single string with
|
||||
# a separator (param multiValuesSeparator)
|
||||
# @return Lemonldap::NG::Portal constant
|
||||
sub setSessionInfo {
|
||||
my ( $self, $req ) = @_;
|
||||
$req->{sessionInfo}->{_dn} = $req->data->{dn};
|
||||
|
||||
my %vars = ( %{ $self->conf->{exportedVars} },
|
||||
%{ $self->conf->{ldapExportedVars} } );
|
||||
while ( my ( $k, $v ) = each %vars ) {
|
||||
|
||||
# getLdapValue returns an empty string for missing attribute
|
||||
# but we really want to return undef so they don't get stored in session
|
||||
$req->sessionInfo->{$k} =
|
||||
$self->ldap->getLdapValue( $req->data->{ldapentry}, $v ) || undef;
|
||||
}
|
||||
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
# Load all groups in $groups.
|
||||
# @return Lemonldap::NG::Portal constant
|
||||
sub setGroups {
|
||||
my ( $self, $req ) = @_;
|
||||
my $groups = $req->{sessionInfo}->{groups};
|
||||
my $hGroups = $req->{sessionInfo}->{hGroups};
|
||||
|
||||
if ( $self->conf->{ldapGroupBase} ) {
|
||||
|
||||
# Get value for group search
|
||||
my $group_value = $self->ldap->getLdapValue( $req->data->{ldapentry},
|
||||
$self->conf->{ldapGroupAttributeNameUser} );
|
||||
|
||||
if ( $self->conf->{ldapGroupDecodeSearchedValue} ) {
|
||||
utf8::decode($group_value);
|
||||
}
|
||||
|
||||
$self->logger->debug( "Searching LDAP groups in "
|
||||
. $self->conf->{ldapGroupBase}
|
||||
. " for $group_value" );
|
||||
|
||||
# Call searchGroups
|
||||
my $ldapGroups = $self->ldap->searchGroups(
|
||||
$self->conf->{ldapGroupBase},
|
||||
$self->conf->{ldapGroupAttributeName},
|
||||
$group_value,
|
||||
$self->ldapGroupAttributeNameSearch,
|
||||
$req->{ldapGroupDuplicateCheck}
|
||||
);
|
||||
|
||||
foreach ( keys %$ldapGroups ) {
|
||||
my $groupName = $_;
|
||||
$hGroups->{$groupName} = $ldapGroups->{$groupName};
|
||||
my $groupValues = [];
|
||||
foreach ( @{ $self->ldapGroupAttributeNameSearch } ) {
|
||||
next if $_ =~ /^name$/;
|
||||
my $firstValue = $ldapGroups->{$groupName}->{$_}->[0];
|
||||
push @$groupValues, $firstValue;
|
||||
}
|
||||
$groups .= $self->conf->{multiValuesSeparator} if $groups;
|
||||
$groups .= join( '|', @$groupValues );
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
$req->{sessionInfo}->{groups} = $groups;
|
||||
$req->{sessionInfo}->{hGroups} = $hGroups;
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
1;
|
||||
@ -1,20 +0,0 @@
|
||||
--- /usr/share/perl5/Lemonldap/NG/Portal/UserDB/LDAP.pm.old 2019-12-11 12:05:54.000000000 +0100
|
||||
+++ /usr/share/perl5/Lemonldap/NG/Portal/UserDB/LDAP.pm 2021-01-05 10:54:19.188732119 +0100
|
||||
@@ -40,10 +40,15 @@
|
||||
%{ $self->conf->{ldapExportedVars} } );
|
||||
while ( my ( $k, $v ) = each %vars ) {
|
||||
|
||||
+ my $value = $self->ldap->getLdapValue( $req->data->{ldapentry}, $v );
|
||||
+
|
||||
# getLdapValue returns an empty string for missing attribute
|
||||
# but we really want to return undef so they don't get stored in session
|
||||
- $req->sessionInfo->{$k} =
|
||||
- $self->ldap->getLdapValue( $req->data->{ldapentry}, $v ) || undef;
|
||||
+ # This has to be a string comparison because "0" is a valid attribute
|
||||
+ # value. See #2403
|
||||
+ $value = undef if ( $value eq "" );
|
||||
+
|
||||
+ $req->sessionInfo->{$k} = $value;
|
||||
}
|
||||
|
||||
PE_OK;
|
||||
@ -1,12 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
|
||||
[[ $(CreoleGet activerLemon non) == "non" ]] && exit 0
|
||||
|
||||
# Updating Configuration cache
|
||||
|
||||
cmd="/usr/share/lemonldap-ng/bin/lemonldap-ng-cli update-cache"
|
||||
opt="update-cache"
|
||||
[ "$(CreoleGet activerLemon non)" = 'oui' ] || exit 0
|
||||
|
||||
# Updating Configuration cache
|
||||
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli update-cache 2>&1
|
||||
|
||||
@ -1,12 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# vérifie si le patch est déjà appliqué
|
||||
grep -q 2403 /usr/share/perl5/Lemonldap/NG/Portal/UserDB/LDAP.pm && exit 0
|
||||
|
||||
# copie de sauvegarde
|
||||
cp -a /usr/share/perl5/Lemonldap/NG/Portal/UserDB/LDAP.pm /usr/share/eole/lemonldap-ng/
|
||||
|
||||
# application du patch
|
||||
patch -d / -p 0 < /usr/share/eole/lemonldap-ng/LDAP.pm.patch
|
||||
|
||||
exit 0
|
||||
@ -23,7 +23,8 @@ server {
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen 443;
|
||||
ssl on;
|
||||
%if %%cert_type == "letsencrypt"
|
||||
ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
|
||||
ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
|
||||
@ -61,7 +62,7 @@ server {
|
||||
deny all;
|
||||
|
||||
# Uncomment this if you use https only
|
||||
add_header Strict-Transport-Security "max-age=15768000";
|
||||
#add_header Strict-Transport-Security "max-age=15768000";
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -36,7 +36,7 @@
|
||||
;
|
||||
; 1 - Defined logging level
|
||||
; Set here one of error, warn, notice, info or debug
|
||||
logLevel = %%lm_loglevel
|
||||
logLevel = debug
|
||||
; Note that this has no effect for Apache2 logging: Apache LogLevel is used
|
||||
; instead
|
||||
;
|
||||
@ -65,9 +65,9 @@ logLevel = %%lm_loglevel
|
||||
; 2.1 - Using Syslog
|
||||
;
|
||||
; For Syslog logging, you can also overwrite facilities. Default values:
|
||||
logger = Lemonldap::NG::Common::Logger::Syslog
|
||||
syslogFacility = daemon
|
||||
userSyslogFacility = auth
|
||||
;logger = Lemonldap::NG::Common::Logger::Syslog
|
||||
;syslogFacility = daemon
|
||||
;userSyslogFacility = auth
|
||||
;
|
||||
; 2.2 - Using Log4perl
|
||||
;
|
||||
|
||||
443
tmpl/lmConf-1.js
443
tmpl/lmConf-1.js
@ -1,443 +0,0 @@
|
||||
%set %%ssoFilters = %%getSSOFilters
|
||||
{
|
||||
"ldapGroupAttributeNameUser": "dn",
|
||||
"cfgAuthorIP": "172.16.0.1",
|
||||
"samlSPMetaDataXML": null,
|
||||
"facebookAuthnLevel": 1,
|
||||
"mailConfirmSubject": "[LemonLDAP::NG] Password reset confirmation",
|
||||
"secureTokenAttribute": "uid",
|
||||
"singleSession": 0,
|
||||
"registerConfirmSubject": "[LemonLDAP::NG] Account register confirmation",
|
||||
"CAS_pgtFile": "/tmp/pgt.txt",
|
||||
"cookieName": "lemonldap",
|
||||
"slaveExportedVars": {},
|
||||
"whatToTrace": "_whatToTrace",
|
||||
"oidcRPMetaDataOptions": {},
|
||||
"notifyDeleted": 1,
|
||||
"useRedirectOnError": 1,
|
||||
"samlSPMetaDataExportedAttributes": null,
|
||||
"ldapPwdEnc": "utf-8",
|
||||
"openIdSPList": "0;",
|
||||
"samlNameIDFormatMapEmail": "mail",
|
||||
"samlSPMetaDataOptions": null,
|
||||
"issuerDBOpenIDRule": 1,
|
||||
"casStorageOptions": {},
|
||||
"mailFrom": "noreply@%%nom_domaine_local",
|
||||
"timeoutActivity": 0,
|
||||
"oidcRPMetaDataExportedVars": {},
|
||||
"issuerDBSAMLActivation": 0,
|
||||
"issuerDBCASPath": "^/%%casFolder/",
|
||||
"randomPasswordRegexp": "[A-Z]{3}[a-z]{5}.\\d{2}",
|
||||
"samlIDPSSODescriptorSingleSignOnServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;",
|
||||
"samlSPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
|
||||
"exportedHeaders": {
|
||||
"test1.%%nom_domaine_local": {
|
||||
"Auth-User": "$uid"
|
||||
},
|
||||
"test2.%%nom_domaine_local": {
|
||||
"Auth-User": "$uid"
|
||||
},
|
||||
"%%managerWebName": {}
|
||||
},
|
||||
"vhostOptions": {
|
||||
"%%managerWebName": {
|
||||
"vhostHttps" : "1"
|
||||
},
|
||||
"test1.%%nom_domaine_local": {},
|
||||
"test2.%%nom_domaine_local": {}
|
||||
},
|
||||
"radiusAuthnLevel": 3,
|
||||
"dbiAuthnLevel": 2,
|
||||
"ldapPasswordResetAttribute": "pwdReset",
|
||||
"ldapGroupObjectClass": "groupOfNames",
|
||||
"apacheAuthnLevel": 4,
|
||||
"samlNameIDFormatMapKerberos": "uid",
|
||||
"groups": {},
|
||||
"securedCookie": 0,
|
||||
"httpOnly": 1,
|
||||
"yubikeyAuthnLevel": 3,
|
||||
"ADPwdMaxAge": 0,
|
||||
"samlUseQueryStringSpecific": 0,
|
||||
"loginHistoryEnabled": 1,
|
||||
"samlSPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;",
|
||||
"failedLoginNumber": 5,
|
||||
"samlServicePrivateKeyEncPwd": "",
|
||||
"portalForceAuthnInterval": 0,
|
||||
"cfgLog": "",
|
||||
"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
|
||||
"exportedVars": {
|
||||
"UA": "HTTP_USER_AGENT",
|
||||
%for att in %%casAttribute
|
||||
"%%att": "%%att",
|
||||
%end for
|
||||
%set %%idx = 0
|
||||
%set %%size = %%len(%%ssoFilters) - 1
|
||||
%for key,value in %%ssoFilters
|
||||
%if %%idx == %%size
|
||||
"%%key": "%%value"
|
||||
%else
|
||||
"%%key": "%%value",
|
||||
%end if
|
||||
%set %%idx += 1
|
||||
%end for
|
||||
},
|
||||
"notificationStorage": "File",
|
||||
"applicationList": {
|
||||
"1sample": {
|
||||
"test2": {
|
||||
"options": {
|
||||
"name": "Application Test 2",
|
||||
"logo": "thumbnail.png",
|
||||
"uri": "https://test2.%%nom_domaine_local/",
|
||||
"display": "auto",
|
||||
"description": "The same simple application displaying authenticated user"
|
||||
},
|
||||
"type": "application"
|
||||
},
|
||||
"type": "category",
|
||||
"catname": "Sample applications",
|
||||
"test1": {
|
||||
"type": "application",
|
||||
"options": {
|
||||
"description": "A simple application displaying authenticated user",
|
||||
"uri": "https://test1.%%nom_domaine_local/",
|
||||
"logo": "demo.png",
|
||||
"display": "auto",
|
||||
"name": "Application Test 1"
|
||||
}
|
||||
}
|
||||
},
|
||||
"2administration": {
|
||||
"notifications": {
|
||||
"options": {
|
||||
"name": "Notifications explorer",
|
||||
"display": "auto",
|
||||
"description": "Explore WebSSO notifications",
|
||||
"uri": "https://%%managerWebName/notifications.pl",
|
||||
"logo": "database.png"
|
||||
},
|
||||
"type": "application"
|
||||
},
|
||||
"manager": {
|
||||
"options": {
|
||||
"uri": "https://%%managerWebName/",
|
||||
"display": "auto",
|
||||
"description": "Configure LemonLDAP::NG WebSSO",
|
||||
"logo": "configure.png",
|
||||
"name": "WebSSO Manager"
|
||||
},
|
||||
"type": "application"
|
||||
},
|
||||
"type": "category",
|
||||
"sessions": {
|
||||
"type": "application",
|
||||
"options": {
|
||||
"description": "Explore WebSSO sessions",
|
||||
"uri": "https://%%managerWebName/sessions.pl",
|
||||
"logo": "database.png",
|
||||
"display": "auto",
|
||||
"name": "Sessions explorer"
|
||||
}
|
||||
},
|
||||
"catname": "Administration"
|
||||
},
|
||||
"3documentation": {
|
||||
"catname": "Documentation",
|
||||
"officialwebsite": {
|
||||
"type": "application",
|
||||
"options": {
|
||||
"name": "Offical Website",
|
||||
"description": "Official LemonLDAP::NG Website",
|
||||
"logo": "network.png",
|
||||
"display": "on",
|
||||
"uri": "http://lemonldap-ng.org/"
|
||||
}
|
||||
},
|
||||
"type": "category",
|
||||
"localdoc": {
|
||||
"options": {
|
||||
"logo": "help.png",
|
||||
"description": "Documentation supplied with LemonLDAP::NG",
|
||||
"display": "on",
|
||||
"uri": "https://%%managerWebName/doc/",
|
||||
"name": "Local documentation"
|
||||
},
|
||||
"type": "application"
|
||||
}
|
||||
}
|
||||
},
|
||||
"userControl": "^[\\w\\.\\-@]+$",
|
||||
"timeout": 72000,
|
||||
"portalAntiFrame": 1,
|
||||
"SMTPServer": "",
|
||||
"ldapTimeout": 120,
|
||||
"samlAuthnContextMapPasswordProtectedTransport": 3,
|
||||
"ldapUsePasswordResetAttribute": 1,
|
||||
"ldapPpolicyControl": 0,
|
||||
"casAttributes": {
|
||||
%for att in %%casAttribute
|
||||
"%%att": "%%att.casLDAPAttribute",
|
||||
%end for
|
||||
%set %%idx = 0
|
||||
%set %%size = %%len(%%ssoFilters) - 1
|
||||
%for key,value in %%ssoFilters
|
||||
%if %%idx == %%size
|
||||
"%%key": "%%key"
|
||||
%else
|
||||
"%%key": "%%key",
|
||||
%end if
|
||||
%set %%idx += 1
|
||||
%end for
|
||||
},
|
||||
"issuerDBSAMLPath": "^/saml/",
|
||||
"samlAttributeAuthorityDescriptorAttributeServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;",
|
||||
"portalDisplayAppslist": 1,
|
||||
"confirmFormMethod": "post",
|
||||
"domain": "%%nom_domaine_local",
|
||||
"cfgNum": "1",
|
||||
"authentication": "LDAP",
|
||||
"samlNameIDFormatMapWindows": "uid",
|
||||
"authChoiceModules": {},
|
||||
"ldapGroupAttributeName": "member",
|
||||
"samlServicePrivateKeySigPwd": "",
|
||||
"googleAuthnLevel": 1,
|
||||
"successLoginNumber": 5,
|
||||
"localSessionStorageOptions": {
|
||||
"cache_root": "/tmp",
|
||||
"namespace": "lemonldap-ng-sessions",
|
||||
"default_expires_in": 600,
|
||||
"directory_umask": "007",
|
||||
"cache_depth": 3
|
||||
},
|
||||
"samlSPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
|
||||
"portalRequireOldPassword": 1,
|
||||
"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;",
|
||||
"ADPwdExpireWarning": 0,
|
||||
"yubikeyPublicIDSize": 12,
|
||||
"ldapGroupAttributeNameGroup": "dn",
|
||||
"oidcRPMetaDataOptionsExtraClaims": null,
|
||||
"ldapGroupRecursive": 0,
|
||||
"mailSubject": "[LemonLDAP::NG] Your new password",
|
||||
"nginxCustomHandlers": {},
|
||||
"samlSPSSODescriptorAuthnRequestsSigned": 1,
|
||||
%if %%llResetPassword == "oui"
|
||||
"portalDisplayResetPassword": 1,
|
||||
%else
|
||||
"portalDisplayResetPassword": 0,
|
||||
%end if
|
||||
"openIdSreg_timezone": "_timezone",
|
||||
"infoFormMethod": "get",
|
||||
"openIdAuthnLevel": 1,
|
||||
"openIdSreg_nickname": "uid",
|
||||
"samlServicePublicKeyEnc": "",
|
||||
"userDB": "LDAP",
|
||||
"grantSessionRules": {},
|
||||
"remoteGlobalStorage": "Lemonldap::NG::Common::Apache::Session::SOAP",
|
||||
"reloadUrls": {
|
||||
"%%reloadWebName": "https://%%reloadWebName/reload"
|
||||
},
|
||||
"registerTimeout": 0,
|
||||
"samlIDPSSODescriptorSingleSignOnServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;",
|
||||
"slaveAuthnLevel": 2,
|
||||
"samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
|
||||
"Soap": 1,
|
||||
%set %%RegisterDB=%%getVar('llRegisterDB', 'Demo')
|
||||
%if %%RegisterDB == "Custom"
|
||||
"registerDB": "Null",
|
||||
%else
|
||||
"registerDB": "%%RegisterDB",
|
||||
%end if
|
||||
"locationRules": {
|
||||
"%%managerWebName": {
|
||||
"default": "$uid eq \"%%lemonAdmin\""
|
||||
},
|
||||
"test1.%%nom_domaine_local": {
|
||||
"default": "accept",
|
||||
"^/logout": "logout_sso"
|
||||
},
|
||||
"test2.%%nom_domaine_local": {
|
||||
"default": "accept",
|
||||
"^/logout": "logout_sso"
|
||||
}
|
||||
},
|
||||
"portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/",
|
||||
"hideOldPassword": 0,
|
||||
%if %%is_file(%%ldapBindUserPassword)
|
||||
"managerPassword": "%%readPass("", %%ldapBindUserPassword)",
|
||||
%else
|
||||
"managerPassword": "%%ldapBindUserPassword",
|
||||
%end if
|
||||
"authChoiceParam": "lmAuth",
|
||||
"lwpSslOpts": {},
|
||||
"portalSkinRules": {},
|
||||
"issuerDBOpenIDPath": "^/openidserver/",
|
||||
"redirectFormMethod": "get",
|
||||
"portalDisplayRegister": 1,
|
||||
"secureTokenMemcachedServers": "127.0.0.1:11211",
|
||||
"notificationStorageOptions": {
|
||||
"dirName": "/var/lib/lemonldap-ng/notifications"
|
||||
},
|
||||
"browserIdAuthnLevel": 1,
|
||||
"portalUserAttr": "_user",
|
||||
"ldapVersion": 3,
|
||||
"sessionDataToRemember": {},
|
||||
"samlNameIDFormatMapX509": "mail",
|
||||
"managerDn": "%%ldapBindUserDN",
|
||||
"mailSessionKey": "mail",
|
||||
"openIdSreg_email": "mail",
|
||||
"localSessionStorage": "Cache::FileCache",
|
||||
"persistentStorage": "Apache::Session::File",
|
||||
"mailOnPasswordChange": 0,
|
||||
"captchaStorage": "Apache::Session::File",
|
||||
"remoteGlobalStorageOptions": {
|
||||
"proxy": "https://%%authWebName/index.pl/sessions",
|
||||
"ns": "https://%%authWebName/Lemonldap/NG/Common/CGI/SOAPService"
|
||||
},
|
||||
"passwordDB": "LDAP",
|
||||
"captcha_size": 6,
|
||||
"mailCharset": "utf-8",
|
||||
"facebookExportedVars": {},
|
||||
"nullAuthnLevel": 2,
|
||||
"singleIP": 0,
|
||||
"dbiExportedVars": {},
|
||||
"portalSkin": "bootstrap",
|
||||
"storePassword": 0,
|
||||
"hiddenAttributes": "_password",
|
||||
"samlServicePrivateKeySig": "",
|
||||
"globalStorage": "Apache::Session::File",
|
||||
"notificationWildcard": "allusers",
|
||||
"portalForceAuthn": 0,
|
||||
"samlMetadataForceUTF8": 1,
|
||||
"secureTokenUrls": ".*",
|
||||
"secureTokenAllowOnError": 1,
|
||||
"samlAuthnContextMapTLSClient": 5,
|
||||
"ldapAllowResetExpiredPassword": 0,
|
||||
"oidcOPMetaDataExportedVars": {},
|
||||
"notifyOther": 0,
|
||||
"secureTokenExpiration": 60,
|
||||
"captcha_mail_enabled": 0,
|
||||
"samlStorageOptions": {},
|
||||
"samlOrganizationDisplayName": "Example",
|
||||
"trustedProxies": "",
|
||||
"secureTokenHeader": "Auth-Token",
|
||||
"issuerDBCASActivation": 1,
|
||||
"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;",
|
||||
"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
|
||||
"samlIDPMetaDataXML": {},
|
||||
"oidcStorageOptions": {},
|
||||
"cfgDate": 1519998069,
|
||||
"samlAuthnContextMapPassword": 2,
|
||||
"portalDisplayLoginHistory": 1,
|
||||
"ldapPasswordResetAttributeValue": "TRUE",
|
||||
"ldapServer": "%%ldapScheme://%%ldapServer",
|
||||
"samlIDPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;",
|
||||
"samlIDPMetaDataExportedAttributes": null,
|
||||
"samlServicePrivateKeyEnc": "",
|
||||
"useRedirectOnForbidden": 0,
|
||||
"captcha_login_enabled": 0,
|
||||
"https": 0,
|
||||
"checkXSS": 1,
|
||||
"ldapSetPassword": 0,
|
||||
"portalPingInterval": 60000,
|
||||
"captchaStorageOptions": {
|
||||
"Directory": "/var/lib/lemonldap-ng/captcha/"
|
||||
},
|
||||
"useSafeJail": 1,
|
||||
"registerDoneSubject": "[LemonLDAP::NG] Your new account",
|
||||
"issuerDBCASRule": 1,
|
||||
"samlAuthnContextMapKerberos": 4,
|
||||
"ldapGroupAttributeNameSearch": "cn",
|
||||
"logoutServices": {},
|
||||
"samlIDPSSODescriptorWantAuthnRequestsSigned": 1,
|
||||
"portalDisplayLogout": 1,
|
||||
"issuerDBGetParameters": {},
|
||||
"googleExportedVars": {},
|
||||
"openIdSreg_fullname": "cn",
|
||||
"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact",
|
||||
"demoExportedVars": {
|
||||
"mail": "mail",
|
||||
"uid": "uid",
|
||||
"cn": "cn"
|
||||
},
|
||||
"oidcOPMetaDataJSON": null,
|
||||
"samlIdPResolveCookie": "lemonldapidp",
|
||||
"samlRelayStateTimeout": 600,
|
||||
"samlOrganizationURL": "https://auth.%%nom_domaine_local",
|
||||
"globalStorageOptions": {
|
||||
"Directory": "/var/lib/lemonldap-ng/sessions",
|
||||
"LockDirectory": "/var/lib/lemonldap-ng/sessions/lock"
|
||||
},
|
||||
"ldapExportedVars": {
|
||||
"mail": "mail",
|
||||
"cn": "cn",
|
||||
"uid": "uid"
|
||||
},
|
||||
"webIDExportedVars": {},
|
||||
"activeTimer": 1,
|
||||
"cda": 0,
|
||||
"samlServicePublicKeySig": "",
|
||||
%if %%llCheckLogins == "oui"
|
||||
"portalCheckLogins": 1,
|
||||
%else
|
||||
"portalCheckLogins": 0,
|
||||
%end if
|
||||
"CAS_authnLevel": 1,
|
||||
"macros": {
|
||||
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
|
||||
},
|
||||
"samlIDPMetaDataOptions": null,
|
||||
"twitterAuthnLevel": 1,
|
||||
"openIdExportedVars": {},
|
||||
"captcha_register_enabled": 1,
|
||||
"oidcOPMetaDataJWKS": null,
|
||||
"webIDAuthnLevel": 1,
|
||||
"issuerDBOpenIDActivation": "1",
|
||||
%if %%llResetPassword == "oui"
|
||||
%if %%is_empty(%%llResetUrl)
|
||||
"mailUrl": "https://%%authWebName/mail.pl",
|
||||
%else
|
||||
"mailUrl": "%%llResetUrl",
|
||||
%end if
|
||||
%end if
|
||||
"maintenance": 0,
|
||||
"jsRedirect": 0,
|
||||
"cfgAuthor": "Cadoles",
|
||||
"persistentStorageOptions": {
|
||||
"LockDirectory": "/var/lib/lemonldap-ng/psessions/lock",
|
||||
"Directory": "/var/lib/lemonldap-ng/psessions"
|
||||
},
|
||||
"SSLAuthnLevel": 5,
|
||||
"oidcServiceMetaDataAuthnContext": {},
|
||||
"samlIDPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
|
||||
"notification": 1,
|
||||
"ldapChangePasswordAsUser": 0,
|
||||
"CAS_proxiedServices": {},
|
||||
"key": "e\"bTCt3*eU9^\\V%b",
|
||||
"portal": "https://%%authWebName/",
|
||||
"singleSessionUserByIP": 0,
|
||||
"portalOpenLinkInNewWindow": 0,
|
||||
"post": {
|
||||
"test2.%%nom_domaine_local": {},
|
||||
"test1.%%nom_domaine_local": {},
|
||||
"%%managerWebName": {}
|
||||
},
|
||||
"samlSPSSODescriptorAssertionConsumerServiceHTTPPost": "0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost",
|
||||
"issuerDBSAMLRule": 1,
|
||||
"samlCommonDomainCookieActivation": 0,
|
||||
"syslog": "",
|
||||
"ldapBase": "%%ldapUserBaseDN",
|
||||
"ldapAuthnLevel": 2,
|
||||
"mailTimeout": 0,
|
||||
"samlEntityID": "#PORTAL#/saml/metadata",
|
||||
"oidcOPMetaDataOptions": null,
|
||||
"samlSPSSODescriptorWantAssertionsSigned": 1,
|
||||
"samlOrganizationName": "%%samlOrganizationName",
|
||||
%if %%RegisterDB == "Custom"
|
||||
"registerUrl": "%%llRegisterURL",
|
||||
%else
|
||||
"registerUrl": "https://%%authWebName/register.pl",
|
||||
%end if
|
||||
"casAccessControlPolicy": "none",
|
||||
"multiValuesSeparator": ";",
|
||||
"ldapPort": %%ldapServerPort
|
||||
}
|
||||
@ -1,30 +1,20 @@
|
||||
%set %%boolean = {'oui': 1, 'non': 0}
|
||||
%set %%ssoFilters = %%getSSOFilters
|
||||
%set %%ldapAttributes = {"uid": "uid", "mail": "mail", "cn":"cn"}
|
||||
%set %%exported_vars = ['"UA": "HTTP_USER_AGENT"']
|
||||
%set %%cas_attributes = []
|
||||
%set %%ldap_attributes = {}
|
||||
%for %%attr in %%casAttribute
|
||||
%silent %%exported_vars.append('"' + %%attr + '": "' + %%attr.casLDAPAttribute + '"')
|
||||
%silent %%cas_attributes.append('"' + %%attr + '": "' + %%attr.casLDAPAttribute + '"')
|
||||
%set %%ldap_attributes[%%attr.casLDAPAttribute] = %%attr.casLDAPAttribute
|
||||
%silent %%exported_vars.append('"' + %%attr + '": "' + %%attr + '.casLDAPAttribute"')
|
||||
%silent %%cas_attributes.append('"' + %%attr + '": "' + %%attr + '.casLDAPAttribute"')
|
||||
%end for
|
||||
%for %%key, %%value in %%ssoFilters
|
||||
%silent %%exported_vars.append('"' + %%key + '": "' + %%value + '"')
|
||||
%silent %%cas_attributes.append('"' + %%key + '": "' + %%value + '"')
|
||||
%set %%ldap_attributes[%%value] = %%value
|
||||
%end for
|
||||
%silent %%exported_vars.sort()
|
||||
%silent %%cas_attributes.sort()
|
||||
%set %%ldapAttr = []
|
||||
%for %%k, %%v in %%ldap_attributes.items()
|
||||
%silent %%ldapAttr.append('"' + %%k + '": "' + %%v + '"')
|
||||
%end for
|
||||
{
|
||||
%if %%lemon_user_db == "AD"
|
||||
"ADPwdExpireWarning": %%llADPasswordExpireWarn,
|
||||
"ADPwdMaxAge": %%llADPasswordMaxAge,
|
||||
%end if
|
||||
"ADPwdExpireWarning": 0,
|
||||
"ADPwdMaxAge": 0,
|
||||
"CAS_authnLevel": 1,
|
||||
"CAS_pgtFile": "/tmp/pgt.txt",
|
||||
"CAS_proxiedServices": {},
|
||||
@ -179,15 +169,31 @@
|
||||
%end if
|
||||
"ldapAuthnLevel": 2,
|
||||
"ldapSearchDeref": "find",
|
||||
%if %%eole_module == "scribe"
|
||||
"ldapBase": "cn=Users,dc=%echo ",dc=".join(%%ad_domain.split('.')) + '",'
|
||||
"ldapExportedVars": {
|
||||
"cn": "cn",
|
||||
"mail": "mail",
|
||||
"uid": "cn"
|
||||
},
|
||||
"ldapGroupAttributeName": "memberUid",
|
||||
"ldapGroupAttributeNameGroup": "dn",
|
||||
"ldapGroupAttributeNameSearch": "cn",
|
||||
"ldapGroupAttributeNameUser": "cn",
|
||||
"ldapGroupObjectClass": "group",
|
||||
%else
|
||||
"ldapBase": "%%ldapUserBaseDN",
|
||||
"ldapExportedVars": {
|
||||
%%custom_join(%%ldapAttr, ',\n ')
|
||||
"cn": "cn",
|
||||
"mail": "mail",
|
||||
"uid": "uid"
|
||||
},
|
||||
"ldapGroupAttributeName": "memberUid",
|
||||
"ldapGroupAttributeNameGroup": "dn",
|
||||
"ldapGroupAttributeNameSearch": "cn",
|
||||
"ldapGroupAttributeNameUser": "uid",
|
||||
"ldapGroupObjectClass": "eolegroupe",
|
||||
%end if
|
||||
"ldapGroupRecursive": 0,
|
||||
"ldapPasswordResetAttribute": "pwdReset",
|
||||
"ldapPasswordResetAttributeValue": "TRUE",
|
||||
@ -196,9 +202,9 @@
|
||||
"ldapServer": "%%ldapScheme://%%ldapServer",
|
||||
%if %%ldapScheme == "ldaps"
|
||||
%if %%lmldapverify == "oui"
|
||||
"ldapVerify": "Require",
|
||||
"ldapVerify": "required",
|
||||
%else
|
||||
"ldapVerify": "None",
|
||||
"ldapVerify": "none",
|
||||
%end if
|
||||
%end if
|
||||
"ldapSetPassword": 0,
|
||||
@ -224,13 +230,6 @@
|
||||
"macros": {
|
||||
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
|
||||
},
|
||||
"samlIDPMetaDataOptions": null,
|
||||
"twitterAuthnLevel": 1,
|
||||
"openIdExportedVars": {},
|
||||
"captcha_register_enabled": 1,
|
||||
"oidcOPMetaDataJWKS": null,
|
||||
"webIDAuthnLevel": 1,
|
||||
"issuerDBOpenIDActivation": "1",
|
||||
"mailCharset": "utf-8",
|
||||
"mailConfirmSubject": "[LemonLDAP::NG] Password reset confirmation",
|
||||
"mailFrom": "noreply@%%nom_domaine_local",
|
||||
@ -246,7 +245,11 @@
|
||||
%end if
|
||||
%end if
|
||||
"maintenance": 0,
|
||||
%if %%eole_module == "scribe"
|
||||
"managerDn": "cn=%%ldapBindUserDN,cn=Users,dc=%echo ",dc=".join(%%ad_domain.split('.')) + '",'
|
||||
%else
|
||||
"managerDn": "%%ldapBindUserDN",
|
||||
%end if
|
||||
%if %%is_file(%%ldapBindUserPassword)
|
||||
"managerPassword": "%%readPass("", %%ldapBindUserPassword)",
|
||||
%else
|
||||
@ -292,7 +295,7 @@
|
||||
"portalDisplayChangePassword": "$_auth =~ /^(AD|LDAP|DBI|Demo)$/",
|
||||
"portalDisplayLoginHistory": 1,
|
||||
"portalDisplayLogout": 1,
|
||||
"portalDisplayRegister": %%boolean[%%llRegisterAccount],
|
||||
"portalDisplayRegister": 1,
|
||||
"portalDisplayResetPassword": %%boolean[%%llResetPassword],
|
||||
"portalForceAuthn": 0,
|
||||
"portalForceAuthnInterval": 0,
|
||||
|
||||
@ -5,7 +5,8 @@ server {
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen 443;
|
||||
ssl on;
|
||||
%if %%cert_type == "letsencrypt"
|
||||
ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
|
||||
ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
|
||||
@ -69,8 +70,8 @@ server {
|
||||
|
||||
# DEBIAN
|
||||
# If install was made with USEDEBIANLIBS (official releases), uncomment this
|
||||
location /javascript/ {
|
||||
alias /usr/share/javascript/;
|
||||
}
|
||||
#location /javascript/ {
|
||||
# alias /usr/share/javascript/;
|
||||
#}
|
||||
|
||||
}
|
||||
|
||||
@ -15,7 +15,8 @@ server {
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen 443;
|
||||
ssl on;
|
||||
%if %%cert_type == "letsencrypt"
|
||||
ssl_certificate %%le_config_dir/live/%%authWebName/cert.pem;
|
||||
ssl_certificate_key %%le_config_dir/live/%%authWebName/privkey.pem;
|
||||
@ -82,7 +83,7 @@ server {
|
||||
|
||||
# DEBIAN
|
||||
# If install was made with USEDEBIANLIBS (official releases), uncomment this
|
||||
location /javascript/ {
|
||||
alias /usr/share/javascript/;
|
||||
}
|
||||
#location /javascript/ {
|
||||
# alias /usr/share/javascript/;
|
||||
#}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user