eole-lemonldap/tmpl/lemonldap-ng.ini

295 lines
11 KiB
INI

;==============================================================================
; LemonLDAP::NG local configuration parameters
;
; This file is dedicated to configuration parameters override
; You can set here configuration parameters that will be used only by
; local LemonLDAP::NG elements
;
; Section "all" is always read first before "portal", "handler"
; and "manager"
;
; Section "configuration" is used to load global configuration and set cache
; (replace old storage.conf file)
;
; Section "apply" is read by Manager to reload handlers
; (replace old apply.conf file)
;
; Other section are only read by the specific LemonLDAP::NG component
;==============================================================================
[all]
; CUSTOM FUNCTION
; If you want to create customFunctions in rules, declare them here:
;customFunctions = function1 function2
;customFunctions = Package::func1 Package::func2
; CROSS-DOMAIN
; If you have some handlers that are not registered on the main domain,
; uncomment this
;cda = 1
; SAFE JAIL
; Uncomment this to disable Safe jail.
; Warning: this can allow malicious code in custom functions or rules
;useSafeJail = 0
[configuration]
; GLOBAL CONFIGURATION ACCESS TYPE
; (File, SOAP, RDBI/CDBI, LDAP)
; Set here the parameters needed to access to LemonLDAP::NG configuration.
; You have to set "type" to one of the followings :
;
; * File: you have to set 'dirName' parameter. Example:
;
; type = File
; dirName = /var/lib/lemonldap-ng/conf
;
; * RDBI/CDBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword'
; if needed. Example:
;
; type = RDBI
; ;type = CDBI
; dbiChain = DBI:mysql:database=lemonldap-ng;host=1.2.3.4
; dbiUser = lemonldap
; dbiPassword = password
;
; * SOAP: SOAP configuration access is a sort of proxy: the portal is
; configured to use the real session storage type (DBI or File for
; example).
; You have to set 'proxy' parameter. Example:
;
; type = SOAP
; proxy = https://auth.example.com/index.pl/config
; proxyOptions = { timeout => 5 }
; User = lemonldap
; Password = mypassword
;
; * LDAP: you have to set ldapServer, ldapConfBase, ldapBindDN and ldapBindPassword.
;
; type = LDAP
; ldapServer = ldap://localhost
; ldapConfBase = ou=conf,ou=applications,dc=example,dc=com
; ldapBindDN = cn=manager,dc=example,dc=com
; ldapBindPassword = secret
; ldapObjectClass = applicationProcess
; ldapAttributeId = cn
; ldapAttributeContent = description
type=File
dirName = /var/lib/lemonldap-ng/conf
; LOCAL CACHE CONFIGURATION
;
; To increase performances, use a local cache for the configuration. You have
; to choose a Cache::Cache module and set its parameters. Example:
;
; localStorage = Cache::FileCache
; localStorageOptions={ \
; 'namespace' => 'lemonldap-ng-config',\
; 'default_expires_in' => 600, \
; 'directory_umask' => '007', \
; 'cache_root' => '/tmp', \
; 'cache_depth' => 0, \
; }
localStorage=Cache::FileCache
localStorageOptions={ \
'namespace' => 'lemonldap-ng-config',\
'default_expires_in' => 600, \
'directory_umask' => '007', \
'cache_root' => '/tmp', \
'cache_depth' => 0, \
}
[portal]
; PERFORMANCES
; By setting useLocalConf, Portal will use only local cached configuration
; To refresh it, you must have an handler on the same server or you have to
; restart your server. This increase performances
;useLocalConf = 1
; staticPrefix: relative (or URL) location of static HTML components
staticPrefix = /static
; location of HTML templates directory
templateDir = /usr/share/lemonldap-ng/portal/templates
; languages: available languages for portal interface
languages = fr, en
; PORTAL CUSTOMIZATION
; Name of the skin
portalSkin = %%llSkin
; Modules displayed
;portalDisplayLogout = 1
%if %%llResetPassword == "oui"
portalDisplayResetPassword = 1
%else
portalDisplayResetPassword = 0
%end if
;portalDisplayChangePassword = 1
;portalDisplayAppslist = 1
;portalDisplayLoginHistory = 1
; Require the old password when changing password
;portalRequireOldPassword = 1
; Attribute displayed as connected user
;portalUserAttr = mail
; Old menu HTML code
; Enable it if you use old templates
;useOldMenuItems=1
; Override error codes
;error_0 = You are well authenticated!
; Custom template parameters
; For example to use <TMPL_VAR NAME="myparam">
;tpl_myparam = test
; LOG
; By default, all is logged in Apache file. To log user actions by
; syslog, just set syslog facility here:
;syslog = auth
; SOAP FUNCTIONS
; Remove comment to activate SOAP Functions getCookies(user,pwd) and
; error(language, code)
;Soap = 1
; Note that getAttibutes() will be activated but on a different URI
; (http://auth.example.com/index.pl/sessions)
; You can also restrict attributes and macros exported by getAttributes
;exportedAttr = uid mail
; PASSWORD POLICY
; Remove comment to use LDAP Password Policy
;ldapPpolicyControl = 1
; Remove comment to store password in session (use with caution)
;storePassword = 1
; Remove comment to use LDAP modify password extension
; (beware of compatibility with LDAP Password Policy)
;ldapSetPassword = 1
; RESET PASSWORD BY MAIL
; SMTP server (default to localhost), set to '' to use default mail service
;SMTPServer = localhost
; SMTP auth user
;SMTPAuthUser = toto
; SMTP auth password
;SMTPAuthPass = secret
; Mail From address
;mailFrom = noreply@example.com
; Reply To
;mailReplyTo = noreply@example.com
; Mail confirmation URL
;mailUrl = http://reset.example.com
; Mail subject for confirmation message
;mailConfirmSubject = [LemonLDAP::NG] Password reset confirmation
; Mail body for confiramtion (can use $url for confirmation URL, and other session
; infos, like $cn). Keep comment to use HTML templates
;mailConfirmBody = Hello $cn,\n\nClick here to receive your new password: $url
; Mail subject for new password message
;mailSubject = [LemonLDAP::NG] Your new password
; Mail body for new password (can use $password for generated password, and other session
; infos, like $cn). Keep comment to use HTML templates
;mailBody = Hello $cn,\n\nYour new password is $password
; LDAP filter to use
;mailLDAPFilter = '(&(mail=$mail)(objectClass=inetOrgPerson))'
; Random regexp for password generation
;randomPasswordRegexp = [A-Z]{3}[a-z]{5}.\d{2}
; LDAP GROUPS
; Set the base DN of your groups branch
;ldapGroupBase = ou=groups,dc=example,dc=com
; Objectclass used by groups
;ldapGroupObjectClass = groupOfUniqueNames
; Attribute used by groups to store member
;ldapGroupAttributeName = uniqueMember
; Attribute used by user to link to groups
;ldapGroupAttributeNameUser = dn
; Attribute used to identify a group. The group will be displayed as
; cn|mail|status, where cn, mail and status will be replaced by their
; values.
;ldapGroupAttributeNameSearch = cn mail
; NOTIFICATIONS SERVICE
; Use it to be able to notify messages during authentication
;notification = 1
; Note that the SOAP function newNotification will be activated on
; http://auth.example.com/index.pl/notification
; If you want to hide this, just protect "/index.pl/notification" in
; your Apache configuration file
; XSS protection bypass
; By default, the portal refuse redirections that comes from sites not
; registered in the configuration (manager) except for those coming
; from trusted domains. By default, trustedDomains contains the domain
; declared in the manager. You can set trustedDomains to empty value so
; that, undeclared sites will be rejected. You can also set here a list
; of trusted domains or hosts separated by spaces. This is usefull if
; your website use LemonLDAP::NG without handler with SOAP functions.
;trustedDomains = my.trusted.host example2.com
; Check XSS
; Set to 0 to disable error on XSS attack detection
;checkXSS = 0
[handler]
; Handler cache configuration
; You can overwrite here local session cache settings in manager:
; localSessionStorage=Cache::FileCache
; localSessionStorageOptions={ \
; 'namespace' => 'lemonldap-ng-sessions', \
; 'default_expires_in' => 600, \
; 'directory_umask' => '007', \
; 'cache_root' => '/tmp', \
; 'cache_depth' => 3, \
; }
; Set https to 1 if your handler protect a https website (used only for
; redirections to the portal)
;https = 0
; Set port if your your hanlder protect a website on a non standard port
; - 80 for http, 443 for https (used only for redirections to the portal)
;port = 8080
; Set status to 1 if you want to have the report of activity (used for
; example to inform MRTG)
status = 0
; Set useRedirectOnForbidden to 1 if you want to use REDIRECT and not FORBIDDEN
; when a user is not allowed by Handler
;useRedirectOnForbidden = 1
; Hide LemonLDAP::NG Handler in Apache Server Signature
;hideSignature = 1
useRedirectOnError = 1
; Zimbra Handler parameters
;zimbraPreAuthKey = XXXX
;zimbraAccountKey = uid
;zimbraBy =id
;zimbraUrl = /service/preauth
;zimbraSsoUrl = ^/zimbrasso$
[manager]
; Manager protection: by default, the manager is protected by a demo account.
; You can protect it :
; * by Apache itself,
; * by the parameter 'protection' which can take one of the following
; values :
; * authenticate : all authenticated users can access
; * manager : manager is protected like other virtual hosts: you
; have to set rules in the corresponding virtual host
; * <rule> : you can set here directly the rule to apply
; * none : no protection
protection = manager
; logLevel. Set here one of error, warn, notice, info or debug
logLevel = warn
; staticPrefix: relative (or URL) location of static HTML components
staticPrefix = /static
;
; location of HTML templates directory
templateDir = /usr/share/lemonldap-ng/manager/htdocs/templates
; languages: available languages for manager interface
languages = fr, en
; Manager modules enabled
; Set here the list of modules you want to see in manager interface
; The first will be used as default module displayed
enabledModules = conf, sessions, notifications