Cadoles/eole-lemonldap
21
0
Fork 0
Code Issues 11 Pull Requests Releases Wiki Activity
eole-lemonldap/dicos/70_lemonldap_ng.xml
Philippe Caseiro 200c9c41e9 Using Active Directory (samba4) instead of OpenLDAP 
Moving to Active Directory the actual auth LDAP server

The password is updated in the Samba4 directory so we
need to use this one and not the OpenLDAP one
2020-12-03 16:52:33 +01:00

209 lines
11 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<creole>
<files>
<file filelist='lemonldap' name='/etc/lemonldap-ng/lemonldap-ng.ini' mkdir='True' rm='True'/>
<file filelist='lemonldap' name='/var/lib/lemonldap-ng/conf/lmConf-1.json' mkdir='True' rm='True'/>
<file filelist='lemonldap' name='/etc/default/lemonldap-ng-fastcgi-server' mkdir='True' rm='True'/>
<file filelist='lemonldap-nginx' name='/etc/lemonldap-ng/manager-nginx.conf' mkdir='True' rm='True'/>
<file filelist='lemonldap-nginx' name='/etc/lemonldap-ng/handler-nginx.conf' mkdir='True' rm='True'/>
<file filelist='lemonldap-nginx' name='/etc/lemonldap-ng/portal-nginx.conf' mkdir='True' rm='True'/>
<file filelist='lemonldap-apache' name='/etc/lemonldap-ng/manager-apache2.X.conf' mkdir='True' rm='True'/>
<file filelist='lemonldap-apache' name='/etc/lemonldap-ng/handler-apache2.X.conf' mkdir='True' rm='True'/>
<file filelist='lemonldap-apache' name='/etc/lemonldap-ng/portal-apache2.X.conf' mkdir='True' rm='True'/>
<service servicelist="sllemon">lemonldap-ng-fastcgi-server</service>
<service method='apache' servicelist='lemonldap-apache'>manager-apache2</service>
<service method='apache' servicelist='lemonldap-apache'>portal-apache2</service>
<service method='apache' servicelist='lemonldap-apache'>handler-apache2</service>
<service_access service='nginx'>
<port service_accesslist="saLemon">80</port>
<port service_accesslist="saLemon">443</port>
</service_access>
</files>
<variables>
<family name='eole-sso'>
<variable name='eolesso_cas_folder' redefine="True" exists='True'>
<value>/cas</value>
</variable>
<variable name='eolesso_port' redefine="True" exists='True'>
<value>443</value>
</variable>
</family>
<family name='Services'>
<variable name='activerLemon' type='oui/non' description="Activer LemonLDAP::NG">
<value>non</value>
</variable>
</family>
<family name='LemonLDAP' icon='lemon'>
<variable name='managerWebName' type='string' description="Nom DNS du manager LemonLDAP-NG"/>
<variable name='authWebName' type='string' description="Nom DNS du service d'authentification LemonLDAP-NG"/>
<variable name='reloadWebName' type='string' description="Nom DNS du service Reload de LemonLDAP-NG" mode="expert"/>
<variable name='lemon_user_db' type='string' description="Backend pour les comptes utilisateurs" mode="expert">
<value>LDAP</value>
</variable>
<variable name='ldapScheme' type='string' description="Protocole LDAP à utiliser" mandatory='True'/>
<variable name='ldapServer' type='string' description="Adresse du Serveur LDAP utilisé par LemonLDAP::NG" mandatory="True"/>
<variable name='ldapServerPort' type='number' description="Port d'écoute du LDAP utilisé par LemonLDAP::NG" mandatory='True'/>
<variable name='ldapUserBaseDN' type='string' description="Base DN des utilisateurs dans l'annuaire" mandatory='True'/>
<variable name='ldapBindUserDN' type='string' description="Utilisateur de connection à l'annuaire" mandatory="True"/>
<variable name='ldapBindUserPassword' type='password' description="Mot de passe de l'utilisateur de connection à l'annuaire" mandatory="True"/>
<variable name="samlOrganizationName" type='string' description="Nom de l'organisation SAML" mode='expert'/>
<variable name='lmldapverify' type='oui/non' description="Vérifier les certificats SSL du serveur LDAP">
<value>oui</value>
</variable>
<variable name="lemonproc" type='number' description="Nombre de processus dédié à Lemon (équivalent au nombre de processeurs)" mandatory="True">
<value>4</value>
</variable>
<variable name="lm_loglevel" type='string' description="Verbosité des journaux" mode='expert'>
<value>info</value>
</variable>
<variable name="lemonAdmin" type='string' description="LemonLDAP Administrator username" mode='expert'>
<value>admin</value>
</variable>
<variable name="casAttribute" description="Nom de l'attribut CAS" type="string" mode="expert" multi="True"/>
<variable name="casLDAPAttribute" description="Attribut LDAP équivalent" type="string" mode="expert"/>
<variable name="casFolder" description="Endpoint du service cas" type="string" mode="expert">
<value>cas</value>
</variable>
<variable name='cas_send_logout' type='oui/non' description="Activer le logout centralisé du serveur SSO" hidden='True' exists='False'>
<value>oui</value>
</variable>
<variable name='ssoCALocation' type='string' description="Chemin de l'autorité de certification (ou rien)" mode="expert"/>
<variable name='llSkin' type='string' description="Skin utilisé par LemonLDAP::NG">
<value>bootstrap</value>
</variable>
<variable name='llCheckLogins' type='oui/non' description="Permettre aux utilisateurs d'afficher l'historique de connection">
<value>non</value>
</variable>
<variable name='llResetPassword' type='oui/non' description="Permettre aux utilisateurs de réinitialiser leurs mots de passe">
<value>oui</value>
</variable>
<variable name='llResetExpiredPassword' type='oui/non' description="Autoriser le renouvellement des mots de passe expirés">
<value>oui</value>
</variable>
<variable name='llResetUrl' type='string' description="Adresse de l'application pour réinitialiser leurs mots de passe" />
<variable name='llRegisterAccount' type='oui/non' description="Permettre aux utilisateurs de créer un compte">
<value>oui</value>
</variable>
<variable name='llRegisterDB' type='string' description="Base de comptes pour l'enregistrement"/>
<variable name='llRegisterURL' type='string' description="Adresse de l'application de création de compte"/>
<variable name='llCSPTargets' type='domain' description="Domaines vers lesquels le forumaire peut renvoyer" multi='True'/>
</family>
<separators>
<separator name="managerWebName">Configuration DNS</separator>
<separator name="ldapScheme">Configuration LDAP</separator>
<separator name="casAttribute">Configuration CAS</separator>
<separator name="llSkin">Personnalisation de la mire SSO</separator>
</separators>
</variables>
<constraints>
<fill name='concat' target='managerWebName'>
<param>manager.</param>
<param type='eole'>nom_domaine_local</param>
</fill>
<fill name='concat' target='authWebName'>
<param>auth.</param>
<param type='eole'>nom_domaine_local</param>
</fill>
<fill name='concat' target='reloadWebName'>
<param>reload.</param>
<param type='eole'>nom_domaine_local</param>
</fill>
<fill name='concat' target='samlOrganizationName'>
<param>SAML</param>
<param type='eole'>nom_domaine_local</param>
</fill>
<check name="valid_enum" target="ldapScheme">
<param>['ldaps','ldap']</param>
</check>
<check name="valid_enum" target="lemon_user_db">
<param>['LDAP','AD']</param>
</check>
<check name='valid_enum' target="lm_loglevel">
<param>['info','notice','warn','error','debug']</param>
</check>
<check name="valid_enum" target="llRegisterDB">
<param>['LDAP','Demo','Custom']</param>
</check>
<group master="casAttribute">
<slave>casLDAPAttribute</slave>
</group>
<condition name='disabled_if_in' source='activerLemon'>
<param>non</param>
<target type='filelist'>lemonldap</target>
<target type='filelist'>lemonldap-nginx</target>
<target type='filelist'>lemonldap-apache</target>
<target type='servicelist'>lemonldap-apache</target>
<target type='servicelist'>sllemon</target>
<target type='family'>LemonLDAP</target>
<target type='service_accesslist'>saLemon</target>
</condition>
<condition name="disabled_if_in" source="activer_nginx_web" fallback="True">
<param>non</param>
<target type='filelist'>lemonldap-nginx</target>
</condition>
<condition name="disabled_if_in" source="activer_apache" fallback="True">
<param>non</param>
<target type='filelist'>lemonldap-apache</target>
<target type='servicelist'>lemonldap-apache</target>
</condition>
<condition name='disabled_if_in' source='llRegisterAccount'>
<param>non</param>
<target type='variable'>llRegisterDB</target>
</condition>
<condition name='disabled_if_not_in' source='llRegisterDB'>
<param>Custom</param>
<target type='variable'>llRegisterURL</target>
</condition>
<condition name='disabled_if_in' source='llResetPassword'>
<param>non</param>
<target type='variable'>llResetUrl</target>
<target type='variable'>llResetExpiredPassword</target>
</condition>
<check name='valid_enum' target='llSkin'>
<param>['bootstrap','dark','impact','pastel']</param>
<param name="checkval">False</param>
</check>
</constraints>
<help>
<family name='LemonLDAP'>Configuration de la solution d'authentification unique LemonLDAP::NG</family>
<variable name='activerLemon'>Activer le service LemonLDAP::NG sur ce serveur</variable>
<variable name='managerWebName'>Nom DNS de l'application de gestion de LemonLDAP::NG ex:manager.example.fr</variable>
<variable name='authWebName'>Nom DNS de service d'authentification de LemonLDAP::NG ex:auth.example.fr</variable>
<variable name='ldapUserBaseDN'>DN de base de l'emplactement des utilisateurs dans l'annuaire (ex: ou=users,o=gouv,c=fr)</variable>
<variable name='ldapBindUserDN'>DN de l'utilisateur de connection en lecture à l'annuaire (ex: cn=reader,o=gouv,c=fr)</variable>
<variable name='llCheckLogins'>Affiche une case à cocher sur la mire SSO qui permet a l'utilisateur de voir l'historique de connection de son compte avant d'être redirigé vers le service demandé</variable>
<variable name='llCSPTargets'>Liste des domaines à ajouter à la directive form-action.</variable>
</help>
</creole>
Reference in New Issue View Git Blame Copy Permalink