Philippe Caseiro
d3897f1e4a
We need to provide what EoleSSO provides. For me this 3 new template have to be placed in a dedicated package like eole-sso-client, this templates are not necessary for the server only usefull for the clients.
100 lines
5.4 KiB
XML
100 lines
5.4 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<creole>
|
|
<files>
|
|
<!-- Je suis un commentaire -->
|
|
<file filelist='lemon' name='/etc/nginx/sites-available/manager-nginx.conf' mkdir='True' rm='True'/>
|
|
<file filelist='lemon' name='/etc/nginx/sites-available/handler-nginx.conf' mkdir='True' rm='True'/>
|
|
<file filelist='lemon' name='/etc/nginx/sites-available/portal-nginx.conf' mkdir='True' rm='True'/>
|
|
<file filelist='lemon' name='/etc/nginx/sites-available/test-nginx.conf' mkdir='True' rm='True'/>
|
|
<file filelist='lemon' name='/var/lib/lemonldap-ng/conf/lmConf-1.js' mkdir='True' rm='True'/>
|
|
<file filelist='lemonCAS' name='/usr/share/php/configCAS/cas.inc.php' source='cas.inc.php.tmpl' mkdir='True'/>
|
|
<file filelist='lemonCAS' name='/usr/share/php/CAS/eoleCASConfig.php' source='eoleCASConfig.php.tmpl' mkdir='True'/>
|
|
<file filelist='lemonCAS' name='/etc/pam_cas.conf' source="pam_cas_auth.conf"/>
|
|
<service>lemonldap-ng-fastcgi-server</service>
|
|
<service_access service='nginx'>
|
|
<port service_accesslist="saLemon">80</port>
|
|
<port service_accesslist="saLemon">443</port>
|
|
</service_access>
|
|
</files>
|
|
<variables>
|
|
<family name='Services'>
|
|
<variable name='activerLemon' type='oui/non' description="Activer LemonLDAP::NG">
|
|
<value>non</value>
|
|
</variable>
|
|
</family>
|
|
<family name='LemonLDAP'>
|
|
<variable name='managerWebName' type='string' description="Nom DNS du manager LemonLDAP-NG"/>
|
|
<variable name='authWebName' type='string' description="Nom DNS du service d'authentification LemonLDAP-NG"/>
|
|
<variable name='reloadWebName' type='string' description="Nom DNS du service Reload de LemonLDAP-NG" mode="expert"/>
|
|
<variable name='ldapScheme' type='string' description="Protocole LDAP à utiliser" mandatory='True'/> -->
|
|
<variable name='ldapServer' type='string' description="Adresse du Serveur LDAP utilisé par LemonLDAP::NG" mandatory="True"/>
|
|
<variable name='ldapServerPort' type='number' description="Port d'écoute du LDAP utilisé par LemonLDAP::NG" mandatory='True'/>
|
|
<variable name='ldapUserBaseDN' type='string' description="Base DN des utilisateurs dans l'annuaire" mandatory='True'/>
|
|
<variable name='ldapBindUserDN' type='string' description="Utilisateur de connection à l'annuaire" mandatory="True"/>
|
|
<variable name='ldapBindUserPassword' type='string' description="Mot de passe de l'utilisateur de connection à l'annuaire" mandatory="True"/>
|
|
<variable name="samlOrganizationName" type='string' description="Nom de l'organisation SAML" mode='expert'/>
|
|
<variable name="lemonAdmin" type='string' description="LemonLDAP Administrator username" mode='expert'>
|
|
<value>admin</value>
|
|
</variable>
|
|
<variable name="nginxBucketSize" type='number' description="Taille du hash des noms de serveur pour NGINX" mode='expert'>
|
|
<value>64</value>
|
|
</variable>
|
|
<variable name="casAttribute" description="Nom de l'attribut CAS" type="string" mode="expert" multi="True"/>
|
|
<variable name="casLDAPAttribute" description="Attribut LDAP équivalent" type="string" mode="expert"/>
|
|
<variable name="casFolder" description="Endpoint du service cas" type="string" mode="expert">
|
|
<value>cas</value>
|
|
</variable>
|
|
<variable name='cas_send_logout' type='oui/non' description="Activer le logout centralisé du serveur SSO" hidden='True'>
|
|
<value>oui</value>
|
|
</variable>
|
|
<variable name='ssoCALocation' type='string' description="Chemin de l'autorité de certification (ou rien)" mode="expert"/>
|
|
<variable name='ssoDebug' type='string' description="Activer le Debug pour la lib php-CAS" mode="expert">
|
|
<value>non</value>
|
|
</variable>
|
|
</family>
|
|
<separators>
|
|
<separator name="managerWebName">Configuration DNS</separator>
|
|
<separator name="ldapScheme">Configuration LDAP</separator>
|
|
<separator name="casAttribute">Configuration CAS</separator>
|
|
</separators>
|
|
</variables>
|
|
<constraints>
|
|
<fill name='concat' target='managerWebName'>
|
|
<param>manager.</param>
|
|
<param type='eole'>nom_domaine_local</param>
|
|
</fill>
|
|
<fill name='concat' target='authWebName'>
|
|
<param>auth.</param>
|
|
<param type='eole'>nom_domaine_local</param>
|
|
</fill>
|
|
<fill name='concat' target='reloadWebName'>
|
|
<param>reload.</param>
|
|
<param type='eole'>nom_domaine_local</param>
|
|
</fill>
|
|
<fill name='concat' target='samlOrganizationName'>
|
|
<param>SAML</param>
|
|
<param type='eole'>nom_domaine_local</param>
|
|
</fill>
|
|
<check name="valid_enum" target="ldapScheme">
|
|
<param>['ldaps','ldap']</param>
|
|
</check>
|
|
<group master="casAttribute">
|
|
<slave>casLDAPAttribute</slave>
|
|
</group>
|
|
<condition name='disabled_if_in' source='activerLemon'>
|
|
<param>non</param>
|
|
<target type='filelist'>lemon</target>
|
|
<target type='filelist'>lemonCAS</target>
|
|
<target type='family'>LemonLDAP</target>
|
|
<target type='service_accesslist'>saLemon</target>
|
|
</condition>
|
|
</constraints>
|
|
<help>
|
|
<variable name='activerLemon'>Activer l'hébergement d'une place de marché HTTP pour OpenNebula</variable>
|
|
<variable name='managerWebName'>Nom DNS de l'application de gestion de LemonLDAP::NG ex:manager.cadoles.com</variable>
|
|
<variable name='authWebName'>Nom DNS de service d'authentification de LemonLDAP::NG ex:auth.cadoles.com</variable>
|
|
<variable name='ldapUserBaseDN'>DN de l'utilisateur de connection en lecture à l'annuaire (ex: cn=reader,o=gouv,c=fr)</variable>
|
|
<variable name='nginxBucketSize'>server_names_hash_bucket_size Taille du hash des noms de serveur pour NGINX</variable>
|
|
</help>
|
|
</creole>
|