%set %%boolean = {'oui': 1, 'non': 0} %set %%ssoFilters = %%getSSOFilters %set %%ldapAttributes = {"uid": "uid", "mail": "mail", "cn":"cn"} %set %%exported_vars = ['"UA": "HTTP_USER_AGENT"'] %set %%cas_attributes = [] %set %%ldap_attributes = {} %for %%attr in %%casAttribute %silent %%exported_vars.append('"' + %%attr + '": "' + %%attr.casLDAPAttribute + '"') %silent %%cas_attributes.append('"' + %%attr + '": "' + %%attr.casLDAPAttribute + '"') %set %%ldap_attributes[%%attr.casLDAPAttribute] = %%attr.casLDAPAttribute %end for %for %%key, %%value in %%ssoFilters %silent %%exported_vars.append('"' + %%key + '": "' + %%value + '"') %silent %%cas_attributes.append('"' + %%key + '": "' + %%value + '"') %set %%ldap_attributes[%%value] = %%value %end for %silent %%exported_vars.sort() %silent %%cas_attributes.sort() %set %%ldapAttr = [] %for %%k, %%v in %%ldap_attributes.items() %silent %%ldapAttr.append('"' + %%k + '": "' + %%v + '"') %end for { %if %%lemon_user_db == "AD" "ADPwdExpireWarning": %%llADPasswordExpireWarn, "ADPwdMaxAge": %%llADPasswordMaxAge, %end if "CAS_authnLevel": 1, "CAS_pgtFile": "/tmp/pgt.txt", "CAS_proxiedServices": {}, "SMTPServer": "", "SSLAuthnLevel": 5, "Soap": 1, "activeTimer": 1, "apacheAuthnLevel": 4, "applicationList": { "1administration": { "catname": "Administration", "manager": { "options": { "description": "Configure LemonLDAP::NG WebSSO", "display": "auto", "logo": "configure.png", "name": "WebSSO Manager", "uri": "https://%%managerWebName/" }, "type": "application" }, "notifications": { "options": { "description": "Explore WebSSO notifications", "display": "auto", "logo": "database.png", "name": "Notifications explorer", "uri": "https://%%managerWebName/notifications.pl" }, "type": "application" }, "sessions": { "options": { "description": "Explore WebSSO sessions", "display": "auto", "logo": "database.png", "name": "Sessions explorer", "uri": "https://%%managerWebName/sessions.pl" }, "type": "application" }, "type": "category" }, "2documentation": { "catname": "Documentation", "localdoc": { "options": { "description": "Documentation supplied with LemonLDAP::NG", "display": "on", "logo": "help.png", "name": "Local documentation", "uri": "http://%%managerWebName/doc/" }, "type": "application" }, "officialwebsite": { "options": { "description": "Official LemonLDAP::NG Website", "display": "on", "logo": "network.png", "name": "Offical Website", "uri": "http://lemonldap-ng.org/" }, "type": "application" }, "type": "category" } }, "authChoiceModules": {}, "authChoiceParam": "lmAuth", "authentication": "%%lemon_user_db", "browserIdAuthnLevel": 1, "captchaStorage": "Apache::Session::File", "captchaStorageOptions": { "Directory": "/var/lib/lemonldap-ng/captcha/" }, "captcha_login_enabled": 0, "captcha_mail_enabled": 0, "captcha_register_enabled": 1, "captcha_size": 6, "casAccessControlPolicy": "none", "casAttributes": { %%custom_join(%%cas_attributes, ',\n ') }, "casStorageOptions": {}, "cda": 0, "cfgAuthor": "EOLE", "cfgAuthorIP": "127.0.0.1", "cfgDate": 1600257889, "cfgLog": "", "cfgNum": "1", "checkXSS": 1, "confirmFormMethod": "post", "cookieName": "lemonldap", "dbiAuthnLevel": 2, "dbiExportedVars": {}, "demoExportedVars": { "cn": "cn", "mail": "mail", "uid": "uid" }, "domain": "%%nom_domaine_local", "exportedHeaders": { "%%managerWebName": {} }, "exportedVars": { %%custom_join(%%exported_vars, ',\n ') }, "facebookAuthnLevel": 1, "facebookExportedVars": {}, "failedLoginNumber": 5, "globalStorage": "Apache::Session::File", "globalStorageOptions": { "Directory": "/var/lib/lemonldap-ng/sessions", "LockDirectory": "/var/lib/lemonldap-ng/sessions/lock" }, "googleAuthnLevel": 1, "googleExportedVars": {}, "grantSessionRules": {}, "groups": {}, "hiddenAttributes": "_password", "hideOldPassword": 0, "httpOnly": 1, "https": 0, "infoFormMethod": "get", "issuerDBCASActivation": 1, "issuerDBCASPath": "^/%%casFolder/", "issuerDBCASRule": 1, "issuerDBGetParameters": {}, "issuerDBOpenIDActivation": "1", "issuerDBOpenIDPath": "^/openidserver/", "issuerDBOpenIDRule": 1, "issuerDBSAMLActivation": 0, "issuerDBSAMLPath": "^/saml/", "issuerDBSAMLRule": 1, "jsRedirect": 0, "key": "e\"bTCt3*eU9^\\V%b", %if %%llResetPassword == "oui" %if %%llResetExpiredPassword == "oui" %if %%lemon_user_db == "AD" "ldapPpolicyControl": 0, %else "ldapPpolicyControl": 1, %end if "ldapAllowResetExpiredPassword": 1, "ldapChangePasswordAsUser": 1, %else "ldapPpolicyControl": 0, "ldapAllowResetExpiredPassword": 0, "ldapChangePasswordAsUser": 1, %end if %end if "ldapAuthnLevel": 2, "ldapSearchDeref": "find", "ldapBase": "%%ldapUserBaseDN", "ldapExportedVars": { %%custom_join(%%ldapAttr, ',\n ') }, "ldapGroupAttributeName": "memberUid", "ldapGroupAttributeNameGroup": "dn", "ldapGroupAttributeNameSearch": "cn", "ldapGroupAttributeNameUser": "uid", "ldapGroupObjectClass": "eolegroupe", "ldapGroupRecursive": 0, "ldapPasswordResetAttribute": "pwdReset", "ldapPasswordResetAttributeValue": "TRUE", "ldapPort": "%%ldapServerPort", "ldapPwdEnc": "utf-8", "ldapServer": "%%ldapScheme://%%ldapServer", %if %%ldapScheme == "ldaps" %if %%lmldapverify == "oui" "ldapVerify": "Require", %else "ldapVerify": "None", %end if %end if "ldapSetPassword": 0, "ldapTimeout": 120, "ldapUsePasswordResetAttribute": 1, "ldapVersion": 3, "localSessionStorage": "Cache::FileCache", "localSessionStorageOptions": { "cache_depth": 3, "cache_root": "/tmp", "default_expires_in": 600, "directory_umask": "007", "namespace": "lemonldap-ng-sessions" }, "locationRules": { "%%managerWebName": { "default": "$uid eq \"%%lemonAdmin\"" } }, "loginHistoryEnabled": 1, "logoutServices": {}, "lwpSslOpts": {}, "macros": { "_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\"" }, "samlIDPMetaDataOptions": null, "twitterAuthnLevel": 1, "openIdExportedVars": {}, "captcha_register_enabled": 1, "oidcOPMetaDataJWKS": null, "webIDAuthnLevel": 1, "issuerDBOpenIDActivation": "1", "mailCharset": "utf-8", "mailConfirmSubject": "[LemonLDAP::NG] Password reset confirmation", "mailFrom": "noreply@%%nom_domaine_local", "mailOnPasswordChange": 0, "mailSessionKey": "mail", "mailSubject": "[LemonLDAP::NG] Your new password", "mailTimeout": 0, %if %%llResetPassword == "oui" %if %%is_empty(%%llResetUrl) "mailUrl": "https://%%authWebName/resetpwd", %else "mailUrl": "%%llResetUrl", %end if %end if "maintenance": 0, "managerDn": "%%ldapBindUserDN", %if %%is_file(%%ldapBindUserPassword) "managerPassword": "%%readPass("", %%ldapBindUserPassword)", %else "managerPassword": "%%ldapBindUserPassword", %end if "multiValuesSeparator": ";", "nginxCustomHandlers": {}, "notification": 1, "notificationStorage": "File", "notificationStorageOptions": { "dirName": "/var/lib/lemonldap-ng/notifications" }, "notificationWildcard": "allusers", "notifyDeleted": 1, "notifyOther": 0, "nullAuthnLevel": 2, "oidcOPMetaDataExportedVars": {}, "oidcOPMetaDataJSON": null, "oidcOPMetaDataJWKS": null, "oidcOPMetaDataOptions": null, "oidcRPMetaDataExportedVars": {}, "oidcRPMetaDataOptions": {}, "oidcRPMetaDataOptionsExtraClaims": null, "oidcServiceMetaDataAuthnContext": {}, "oidcStorageOptions": {}, "openIdAuthnLevel": 1, "openIdExportedVars": {}, "openIdSPList": "0;", "openIdSreg_email": "mail", "openIdSreg_fullname": "cn", "openIdSreg_nickname": "uid", "openIdSreg_timezone": "_timezone", "passwordDB": "%%lemon_user_db", "persistentStorage": "Apache::Session::File", "persistentStorageOptions": { "Directory": "/var/lib/lemonldap-ng/psessions", "LockDirectory": "/var/lib/lemonldap-ng/psessions/lock" }, "portal": "https://%%authWebName/", "portalAntiFrame": 1, "portalCheckLogins": %%boolean[%%llCheckLogins], "portalDisplayAppslist": 1, "portalDisplayChangePassword": "$_auth =~ /^(AD|LDAP|DBI|Demo)$/", "portalDisplayLoginHistory": 1, "portalDisplayLogout": 1, "portalDisplayRegister": %%boolean[%%llRegisterAccount], "portalDisplayResetPassword": %%boolean[%%llResetPassword], "portalForceAuthn": 0, "portalForceAuthnInterval": 0, "portalOpenLinkInNewWindow": 0, "portalPingInterval": 60000, "portalRequireOldPassword": 1, "portalSkin": "bootstrap", "portalSkinRules": {}, "portalUserAttr": "_user", "post": { "%%managerWebName": {} }, "radiusAuthnLevel": 3, "randomPasswordRegexp": "[A-Z]{3}[a-z]{5}.\\d{2}", "redirectFormMethod": "get", "registerConfirmSubject": "[LemonLDAP::NG] Account register confirmation", %set %%register_db = %%getVar('llRegisterDB', 'Demo') %if %%register_db == 'Custom' "registerDB": "Null", "registerUrl": "%%llRegisterURL", %else "registerDB": "%%register_db", "registerUrl": "https://%%authWebName/register.pl", %end if "registerDoneSubject": "[LemonLDAP::NG] Your new account", "registerTimeout": 0, "reloadUrls": { "%%reloadWebName": "https://%%reloadWebName/reload" }, "remoteGlobalStorage": "Lemonldap::NG::Common::Apache::Session::SOAP", "remoteGlobalStorageOptions": { "ns": "https://%%authWebName/Lemonldap/NG/Common/CGI/SOAPService", "proxy": "https://%%authWebName/index.pl/sessions" }, "samlAttributeAuthorityDescriptorAttributeServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;", "samlAuthnContextMapKerberos": 4, "samlAuthnContextMapPassword": 2, "samlAuthnContextMapPasswordProtectedTransport": 3, "samlAuthnContextMapTLSClient": 5, "samlCommonDomainCookieActivation": 0, "samlEntityID": "#PORTAL#/saml/metadata", "samlIDPMetaDataExportedAttributes": null, "samlIDPMetaDataOptions": null, "samlIDPMetaDataXML": {}, "samlIDPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact", "samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn", "samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn", "samlIDPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;", "samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;", "samlIDPSSODescriptorSingleSignOnServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;", "samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;", "samlIDPSSODescriptorSingleSignOnServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;", "samlIDPSSODescriptorWantAuthnRequestsSigned": 1, "samlIdPResolveCookie": "lemonldapidp", "samlMetadataForceUTF8": 1, "samlNameIDFormatMapEmail": "mail", "samlNameIDFormatMapKerberos": "uid", "samlNameIDFormatMapWindows": "uid", "samlNameIDFormatMapX509": "mail", "samlOrganizationDisplayName": "Example", "samlOrganizationName": "%%samlOrganizationName", "samlOrganizationURL": "https://auth.%%nom_domaine_local", "samlRelayStateTimeout": 600, "samlSPMetaDataExportedAttributes": null, "samlSPMetaDataOptions": null, "samlSPMetaDataXML": null, "samlSPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact", "samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact", "samlSPSSODescriptorAssertionConsumerServiceHTTPPost": "0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost", "samlSPSSODescriptorAuthnRequestsSigned": 1, "samlSPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn", "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn", "samlSPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;", "samlSPSSODescriptorWantAssertionsSigned": 1, "samlServicePrivateKeyEnc": "", "samlServicePrivateKeyEncPwd": "", "samlServicePrivateKeySig": "", "samlServicePrivateKeySigPwd": "", "samlServicePublicKeyEnc": "", "samlServicePublicKeySig": "", "samlStorageOptions": {}, "samlUseQueryStringSpecific": 0, "secureTokenAllowOnError": 1, "secureTokenAttribute": "uid", "secureTokenExpiration": 60, "secureTokenHeader": "Auth-Token", "secureTokenMemcachedServers": "127.0.0.1:11211", "secureTokenUrls": ".*", "securedCookie": 0, "sessionDataToRemember": {}, "singleIP": 0, "singleSession": 0, "singleSessionUserByIP": 0, "slaveAuthnLevel": 2, "slaveExportedVars": {}, "storePassword": 0, "successLoginNumber": 5, "syslog": "", "timeout": 72000, "timeoutActivity": 0, "trustedProxies": "", "twitterAuthnLevel": 1, "useRedirectOnError": 1, "useRedirectOnForbidden": 0, "useSafeJail": 1, "userControl": "^[\\w\\.\\-@]+$", "userDB": "%%lemon_user_db", "vhostOptions": { "%%managerWebName": { "vhostHttps": "1" } }, "webIDAuthnLevel": 1, "webIDExportedVars": {}, "whatToTrace": "_whatToTrace", "yubikeyAuthnLevel": 3, "yubikeyPublicIDSize": 12 }