;============================================================================== ; LemonLDAP::NG local configuration parameters ; ; This file is dedicated to configuration parameters override ; You can set here configuration parameters that will be used only by ; local LemonLDAP::NG elements ; ; Section "all" is always read first before "portal", "handler" ; and "manager" ; ; Section "configuration" is used to load global configuration and set cache ; (replace old storage.conf file) ; ; Section "apply" is read by Manager to reload handlers ; (replace old apply.conf file) ; ; Other section are only read by the specific LemonLDAP::NG component ;============================================================================== [all] ; CUSTOM FUNCTION ; If you want to create customFunctions in rules, declare them here: ;customFunctions = function1 function2 ;customFunctions = Package::func1 Package::func2 ; CROSS-DOMAIN ; If you have some handlers that are not registered on the main domain, ; uncomment this ;cda = 1 ; SAFE JAIL ; Uncomment this to disable Safe jail. ; Warning: this can allow malicious code in custom functions or rules ;useSafeJail = 0 [configuration] ; GLOBAL CONFIGURATION ACCESS TYPE ; (File, SOAP, RDBI/CDBI, LDAP) ; Set here the parameters needed to access to LemonLDAP::NG configuration. ; You have to set "type" to one of the followings : ; ; * File: you have to set 'dirName' parameter. Example: ; ; type = File ; dirName = /var/lib/lemonldap-ng/conf ; ; * RDBI/CDBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword' ; if needed. Example: ; ; type = RDBI ; ;type = CDBI ; dbiChain = DBI:mysql:database=lemonldap-ng;host=1.2.3.4 ; dbiUser = lemonldap ; dbiPassword = password ; ; * SOAP: SOAP configuration access is a sort of proxy: the portal is ; configured to use the real session storage type (DBI or File for ; example). ; You have to set 'proxy' parameter. Example: ; ; type = SOAP ; proxy = https://auth.example.com/index.pl/config ; proxyOptions = { timeout => 5 } ; User = lemonldap ; Password = mypassword ; ; * LDAP: you have to set ldapServer, ldapConfBase, ldapBindDN and ldapBindPassword. ; ; type = LDAP ; ldapServer = ldap://localhost ; ldapConfBase = ou=conf,ou=applications,dc=example,dc=com ; ldapBindDN = cn=manager,dc=example,dc=com ; ldapBindPassword = secret ; ldapObjectClass = applicationProcess ; ldapAttributeId = cn ; ldapAttributeContent = description type=File dirName = /var/lib/lemonldap-ng/conf ; LOCAL CACHE CONFIGURATION ; ; To increase performances, use a local cache for the configuration. You have ; to choose a Cache::Cache module and set its parameters. Example: ; ; localStorage = Cache::FileCache ; localStorageOptions={ \ ; 'namespace' => 'lemonldap-ng-config',\ ; 'default_expires_in' => 600, \ ; 'directory_umask' => '007', \ ; 'cache_root' => '/tmp', \ ; 'cache_depth' => 0, \ ; } localStorage=Cache::FileCache localStorageOptions={ \ 'namespace' => 'lemonldap-ng-config',\ 'default_expires_in' => 600, \ 'directory_umask' => '007', \ 'cache_root' => '/tmp', \ 'cache_depth' => 0, \ } [portal] ; PERFORMANCES ; By setting useLocalConf, Portal will use only local cached configuration ; To refresh it, you must have an handler on the same server or you have to ; restart your server. This increase performances ;useLocalConf = 1 ; staticPrefix: relative (or URL) location of static HTML components staticPrefix = /static ; location of HTML templates directory templateDir = /usr/share/lemonldap-ng/portal/templates ; languages: available languages for portal interface languages = fr, en ; PORTAL CUSTOMIZATION ; Name of the skin portalSkin = %%llSkin ; Modules displayed ;portalDisplayLogout = 1 %if %%llResetPassword == "oui" portalDisplayResetPassword = 1 %else portalDisplayResetPassword = 0 %end if ;portalDisplayChangePassword = 1 ;portalDisplayAppslist = 1 ;portalDisplayLoginHistory = 1 ; Require the old password when changing password ;portalRequireOldPassword = 1 ; Attribute displayed as connected user ;portalUserAttr = mail ; Old menu HTML code ; Enable it if you use old templates ;useOldMenuItems=1 ; Override error codes ;error_0 = You are well authenticated! ; Custom template parameters ; For example to use ;tpl_myparam = test ; LOG ; By default, all is logged in Apache file. To log user actions by ; syslog, just set syslog facility here: ;syslog = auth ; SOAP FUNCTIONS ; Remove comment to activate SOAP Functions getCookies(user,pwd) and ; error(language, code) ;Soap = 1 ; Note that getAttibutes() will be activated but on a different URI ; (http://auth.example.com/index.pl/sessions) ; You can also restrict attributes and macros exported by getAttributes ;exportedAttr = uid mail ; PASSWORD POLICY ; Remove comment to use LDAP Password Policy ;ldapPpolicyControl = 1 ; Remove comment to store password in session (use with caution) ;storePassword = 1 ; Remove comment to use LDAP modify password extension ; (beware of compatibility with LDAP Password Policy) ;ldapSetPassword = 1 ; RESET PASSWORD BY MAIL ; SMTP server (default to localhost), set to '' to use default mail service ;SMTPServer = localhost ; SMTP auth user ;SMTPAuthUser = toto ; SMTP auth password ;SMTPAuthPass = secret ; Mail From address ;mailFrom = noreply@example.com ; Reply To ;mailReplyTo = noreply@example.com ; Mail confirmation URL ;mailUrl = http://reset.example.com ; Mail subject for confirmation message ;mailConfirmSubject = [LemonLDAP::NG] Password reset confirmation ; Mail body for confiramtion (can use $url for confirmation URL, and other session ; infos, like $cn). Keep comment to use HTML templates ;mailConfirmBody = Hello $cn,\n\nClick here to receive your new password: $url ; Mail subject for new password message ;mailSubject = [LemonLDAP::NG] Your new password ; Mail body for new password (can use $password for generated password, and other session ; infos, like $cn). Keep comment to use HTML templates ;mailBody = Hello $cn,\n\nYour new password is $password ; LDAP filter to use ;mailLDAPFilter = '(&(mail=$mail)(objectClass=inetOrgPerson))' ; Random regexp for password generation ;randomPasswordRegexp = [A-Z]{3}[a-z]{5}.\d{2} ; LDAP GROUPS ; Set the base DN of your groups branch ;ldapGroupBase = ou=groups,dc=example,dc=com ; Objectclass used by groups ;ldapGroupObjectClass = groupOfUniqueNames ; Attribute used by groups to store member ;ldapGroupAttributeName = uniqueMember ; Attribute used by user to link to groups ;ldapGroupAttributeNameUser = dn ; Attribute used to identify a group. The group will be displayed as ; cn|mail|status, where cn, mail and status will be replaced by their ; values. ;ldapGroupAttributeNameSearch = cn mail ; NOTIFICATIONS SERVICE ; Use it to be able to notify messages during authentication ;notification = 1 ; Note that the SOAP function newNotification will be activated on ; http://auth.example.com/index.pl/notification ; If you want to hide this, just protect "/index.pl/notification" in ; your Apache configuration file ; XSS protection bypass ; By default, the portal refuse redirections that comes from sites not ; registered in the configuration (manager) except for those coming ; from trusted domains. By default, trustedDomains contains the domain ; declared in the manager. You can set trustedDomains to empty value so ; that, undeclared sites will be rejected. You can also set here a list ; of trusted domains or hosts separated by spaces. This is usefull if ; your website use LemonLDAP::NG without handler with SOAP functions. ;trustedDomains = my.trusted.host example2.com ; Check XSS ; Set to 0 to disable error on XSS attack detection ;checkXSS = 0 [handler] ; Handler cache configuration ; You can overwrite here local session cache settings in manager: ; localSessionStorage=Cache::FileCache ; localSessionStorageOptions={ \ ; 'namespace' => 'lemonldap-ng-sessions', \ ; 'default_expires_in' => 600, \ ; 'directory_umask' => '007', \ ; 'cache_root' => '/tmp', \ ; 'cache_depth' => 3, \ ; } ; Set https to 1 if your handler protect a https website (used only for ; redirections to the portal) ;https = 0 ; Set port if your your hanlder protect a website on a non standard port ; - 80 for http, 443 for https (used only for redirections to the portal) ;port = 8080 ; Set status to 1 if you want to have the report of activity (used for ; example to inform MRTG) status = 0 ; Set useRedirectOnForbidden to 1 if you want to use REDIRECT and not FORBIDDEN ; when a user is not allowed by Handler ;useRedirectOnForbidden = 1 ; Hide LemonLDAP::NG Handler in Apache Server Signature ;hideSignature = 1 useRedirectOnError = 1 ; Zimbra Handler parameters ;zimbraPreAuthKey = XXXX ;zimbraAccountKey = uid ;zimbraBy =id ;zimbraUrl = /service/preauth ;zimbraSsoUrl = ^/zimbrasso$ [manager] ; Manager protection: by default, the manager is protected by a demo account. ; You can protect it : ; * by Apache itself, ; * by the parameter 'protection' which can take one of the following ; values : ; * authenticate : all authenticated users can access ; * manager : manager is protected like other virtual hosts: you ; have to set rules in the corresponding virtual host ; * : you can set here directly the rule to apply ; * none : no protection protection = manager ; logLevel. Set here one of error, warn, notice, info or debug logLevel = warn ; staticPrefix: relative (or URL) location of static HTML components staticPrefix = /static ; ; location of HTML templates directory templateDir = /usr/share/lemonldap-ng/manager/htdocs/templates ; languages: available languages for manager interface languages = fr, en ; Manager modules enabled ; Set here the list of modules you want to see in manager interface ; The first will be used as default module displayed enabledModules = conf, sessions, notifications