diff --git a/portal/install/etc/lemonldap-ng/lemonldap-ng.ini b/portal/install/etc/lemonldap-ng/lemonldap-ng.ini new file mode 100644 index 0000000..a999e2f --- /dev/null +++ b/portal/install/etc/lemonldap-ng/lemonldap-ng.ini @@ -0,0 +1,420 @@ +;============================================================================== +; LemonLDAP::NG local configuration parameters +; +; This file is dedicated to configuration parameters override +; You can set here configuration parameters that will be used only by +; local LemonLDAP::NG elements +; +; Section "all" is always read first before "portal", "handler" +; and "manager" +; +; Section "configuration" is used to load global configuration and set cache +; (replace old storage.conf file) +; +; Other section are only read by the specific LemonLDAP::NG component +;============================================================================== + +[all] +userLogger = Lemonldap::NG::Common::Logger::Std +logger = Lemonldap::NG::Common::Logger::Std + +; CUSTOM FUNCTION +; If you want to create customFunctions in rules, declare them here: +;require = Package +; Prevent Portal to crash if Perl module is not found +;requireDontDie = 1 +;customFunctions = function1 function2 +;customFunctions = Package::func1 Package::func2 + +; CROSS-DOMAIN +; If you have some handlers that are not registered on the main domain, +; uncomment this +;cda = 1 + +; SAFE JAIL +; Comment this to configure Safe jail with Manager. +; It can also be disabled from here by setting value to 0. +; Warning: this can allow malicious code in custom functions or rules +useSafeJail = 1 + +; LOGGING +; +; 1 - Defined logging level +; Set here one of error, warn, notice, info or debug +logLevel=info +; Note that this has no effect for Apache2 logging: Apache LogLevel is used +; instead +; +; 2 - Change logger +; +; By default, logging is set to: +; - Lemonldap::NG::Common::Logger::Apache2 for ApacheMP2 handlers +; - Lemonldap::NG::Common::Logger::Syslog for FastCGI (Nginx) +; - Lemonldap::NG::Common::Logger::Std for PSGI applications (manager, +; portal,...) when they are not +; launched by FastCGI server +; Other loggers availables: +; - Lemonldap::NG::Common::Logger::Log4perl to use Log4perl +; +; "Std" is redirected to the web server logs for Apache. For Nginx, only if +; request failed +; +; You can overload this in this section (for all) or in another section if +; you want to change logger for a specified app. +; +; LLNG uses 2 loggers: 1 for technical logs (logger), 1 for user actions +; (userLogger). "userLogger" uses the same class as "logger" if not set. +;logger = Lemonldap::NG::Common::Logger::Syslog +;userLogger = Lemonldap::NG::Common::Logger::Log4perl +; +; 2.1 - Using Syslog +; +; For Syslog logging, you can also overwrite facilities. Default values: +;logger = Lemonldap::NG::Common::Logger::Syslog +;syslogFacility = daemon +;syslogOptions = cons,pid,ndelay +;userSyslogFacility = auth +;userSyslogOptions = cons,pid,ndelay +; +; 2.2 - Using Log4perl +; +; If you want to use Log4perl, you can set these parameters. Here are default +; values: +;logger = Lemonldap::NG::Common::Logger::Log4perl +;log4perlConfFile = /etc/log4perl.conf +;log4perlLogger = LLNG +;log4perlUserLogger = LLNGuser +; +; Here, Log4perl configuration is read from /etc/log4perl.conf. The "LLNG" +; value points to the logger class. Example: +; log4perl.logger.LLNG = WARN, File1 +; log4perl.logger.LLNGuser = INFO, File2 +; ... + +; CONFIGURATION CHECK +; +; LLNG checks configuration at server start. If you use "reload" mechanism, +; local cache will be updated. Configuration is checked locally every +; 10 minutes by each LLNG component. You can change this value using +; `checkTime` (time in seconds). +; To increase performances, you should comment this parameter and rely on cache. +checkTime = 1 + +[configuration] + +; confTimeout: maximum time to get configuration (default 10) +;confTimeout = 5 + +; GLOBAL CONFIGURATION ACCESS TYPE +; (File, REST, SOAP, CDBI/RDBI, LDAP, YAMLFile) +; Set here the parameters needed to access to LemonLDAP::NG configuration. +; You have to set "type" to one of the followings : +; +; * File/YAMLFile: you have to set 'dirName' parameter. Example: +; +; type = File ; or type = YAMLFile +; dirName = /var/lib/lemonldap-ng/conf +; ; Optimize JSON for readability instead of performance +; prettyPrint = 1 +; +; * CDBI/RDBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword' +; if needed. Example: +; +; type = CDBI +; ;type = RDBI +; dbiChain = DBI:MariaDB:database=lemonldap-ng;host=1.2.3.4 +; dbiUser = lemonldap +; dbiPassword = password +; +; * REST: REST configuration access is a sort of proxy: the portal is +; configured to use the real session storage type (DBI or File for +; example). +; You have to set 'baseUrl' parameter. Example: +; +; type = REST +; baseUrl = https://auth.example.com/config +; lwpOpts = { timeout => 5 } +; lwpSslOpts = { SSL_ca_file => "..." } +; user = lemonldap +; password = mypassword +; realm = myrealm +; +; * LDAP: you have to set ldapServer, ldapConfBase, ldapBindDN and ldapBindPassword. +; +; type = LDAP +; ldapServer = ldap://localhost +; ldapConfBase = ou=conf,ou=applications,dc=example,dc=com +; ldapBindDN = cn=manager,dc=example,dc=com +; ldapBindPassword = secret +; ldapObjectClass = applicationProcess +; ldapAttributeId = cn +; ldapAttributeContent = description + +type = Overlay +overlayRealtype = File +overlayDirectory = /over + +dirName = /var/lib/lemonldap-ng/conf +; Optimize for readability instead of performance +prettyPrint = 1 + +; LOCAL CACHE CONFIGURATION +; +; To increase performances, use a local cache for the configuration. You have +; to choose a Cache::Cache module and set its parameters. Example: +; +; localStorage = Cache::FileCache +; localStorageOptions={ \ +; 'namespace' => 'lemonldap-ng-config',\ +; 'default_expires_in' => 600, \ +; 'directory_umask' => '007', \ +; 'cache_root' => '/var/cache/lemonldap-ng', \ +; 'cache_depth' => 3, \ +; } +localStorage=Cache::FileCache +localStorageOptions={ \ + 'namespace' => 'lemonldap-ng-config',\ + 'default_expires_in' => 600, \ + 'directory_umask' => '007', \ + 'cache_root' => '/var/cache/lemonldap-ng', \ + 'cache_depth' => 3, \ +} + +[apply] + +; reload URLs for distant Hanlders + + +[portal] + +; PORTAL CUSTOMIZATION + +; I - Required parameters + +; staticPrefix: relative (or URL) location of static HTML components +staticPrefix = /static + +; location of HTML templates directory +templateDir = /usr/share/lemonldap-ng/portal/templates + +; languages: available languages for portal interface +languages = en, fr, vi, ru, mfe, it, ar, de, fi, tr, pl, zh_TW, es, pt_BR, he, ru + +; II - Optional parameters (overwrite configuration) + +; Name of the skin +;portalSkin = pastel +; Modules displayed +;portalDisplayLogout = 1 +;portalDisplayResetPassword = 1 +;portalDisplayChangePassword = 1 +;portalDisplayAppslist = 1 +;portalDisplayLoginHistory = 1 +; Require the old password when changing password +;portalRequireOldPassword = 1 +; Attribute displayed as connected user +;portalUserAttr = mail +; Old menu HTML code +; Enable it if you use old templates +;useOldMenuItems=1 +; Override error codes +;error_0 = You are well authenticated! +; Custom template parameters +; For example to use +;tpl_myparam = test + +; COMBINATION FORMS +; If you want to fix forms to display, you can use this; +;combinationForms = standardform, yubikeyform + +;syslog = auth +; SOAP FUNCTIONS +; Remove comment to activate SOAP Functions getCookies(user,pwd) and +; error(language, code) +;Soap = 1 +; Note that getAttibutes() will be activated but on a different URI +; (http://auth.example.com/sessions) +; You can also restrict attributes and macros exported by getAttributes +;exportedAttr = uid mail + +; PASSWORD POLICY +; Remove comment to use LDAP Password Policy +;ldapPpolicyControl = 1 +; Remove comment to store password in session (use with caution) +;storePassword = 1 +; Remove comment to use LDAP modify password extension +; (beware of compatibility with LDAP Password Policy) +;ldapSetPassword = 1 +; RESET PASSWORD BY MAIL +; SMTP server (default to localhost), set to '' to use default mail service +;SMTPServer = localhost +; SMTP auth user +;SMTPAuthUser = toto +; SMTP auth password +;SMTPAuthPass = secret +; Mail From address +;mailFrom = noreply@example.com +; Reply To +;mailReplyTo = noreply@example.com +; Mail confirmation URL +;mailUrl = http://reset.example.com +; Mail subject for confirmation message +;mailConfirmSubject = [LemonLDAP::NG] Password reset confirmation +; Mail body for confiramtion (can use $url for confirmation URL, and other session +; infos, like $cn). Keep comment to use HTML templates +;mailConfirmBody = Hello $cn,\n\nClick here to receive your new password: $url +; Mail subject for new password message +;mailSubject = [LemonLDAP::NG] Your new password +; Mail body for new password (can use $password for generated password, and other session +; infos, like $cn). Keep comment to use HTML templates +;mailBody = Hello $cn,\n\nYour new password is $password +; LDAP filter to use +;mailLDAPFilter = '(&(mail=$mail)(objectClass=inetOrgPerson))' +; Random regexp for password generation +;randomPasswordRegexp = [A-Z]{3}[a-z]{5}.\d{2} +; LDAP GROUPS +; Set the base DN of your groups branch +;ldapGroupBase = ou=groups,dc=example,dc=com +; Objectclass used by groups +;ldapGroupObjectClass = groupOfUniqueNames +; Attribute used by groups to store member +;ldapGroupAttributeName = uniqueMember +; Attribute used by user to link to groups +;ldapGroupAttributeNameUser = dn +; Attribute used to identify a group. The group will be displayed as +; cn|mail|status, where cn, mail and status will be replaced by their +; values. +;ldapGroupAttributeNameSearch = cn mail + +; NOTIFICATIONS SERVICE +; Use it to be able to notify messages during authentication +;notification = 1 +; Note that the SOAP function newNotification will be activated on +; http://auth.example.com/notification +; If you want to hide this, just protect "/index.fcgi/notification" in +; your Apache configuration file +; XSS protection bypass +; By default, the portal refuses redirections that come from sites not +; registered in the configuration (manager) except for those coming +; from trusted domains. By default, trustedDomains contains the domain +; declared in the manager. You can set trustedDomains to empty value so +; that, undeclared sites will be rejected. You can also set here a list +; of trusted domains or hosts separated by spaces. This is usefull if +; your website use LemonLDAP::NG without handler with SOAP functions. +;trustedDomains = my.trusted.host example2.com + +; Check XSS +; Set to 0 to disable error on XSS attack detection +;checkXSS = 0 + +; pdata cookie domain +; pdata cookie could not be sent with cross domains AJAX request +; Null is default value +;pdataDomain = example.com + +; CUSTOM PLUGINS +; If you want to add custom plugins, set list here (comma separated) +; Read Lemonldap::NG::Portal::Main::Plugin(3pm) man page. +;customPlugins = ::My::Package1, ::My::Package2 + +; To avoid bad/expired OTT if "authssl" and "auth" are served by different Load Balancers +; you can override OTT configuration to store Upgrade or Issuer OTT into global storage +;forceGlobalStorageUpgradeOTT = 1 +;forceGlobalStorageIssuerOTT = 1 + +[handler] + +; Handler cache configuration +; You can overwrite here local session cache settings in manager: +; localSessionStorage=Cache::FileCache +; localSessionStorageOptions={ \ +; 'namespace' => 'lemonldap-ng-sessions', \ +; 'default_expires_in' => 600, \ +; 'directory_umask' => '007', \ +; 'cache_root' => '/var/cache/lemonldap-ng', \ +; 'cache_depth' => 3, \ +; } + +; Set https to 1 if your handler protect a https website (used only for +; redirections to the portal) +;https = 0 +; Set port if your handler protects a website on a non standard port +; - 80 for http, 443 for https (used only for redirections to the portal) +;port = 8080 +; Set status to 1 if you want to have the report of activity (used for +; example to inform MRTG) +status = 0 +; Set useRedirectOnForbidden to 1 if you want to use REDIRECT and not FORBIDDEN +; when a user is not allowed by Handler +;useRedirectOnForbidden = 1 +; Hide LemonLDAP::NG Handler in Apache Server Signature +;hideSignature = 1 +; Set ServiceToken timeout +;handlerServiceTokenTTL = 30 +; Set Impersonation/ContextSwitching prefix +; impersonationPrefix = real_ +useRedirectOnError = 1 + +; Zimbra Handler parameters +;zimbraPreAuthKey = XXXX +;zimbraAccountKey = uid +;zimbraBy =id +;zimbraUrl = /service/preauth +;zimbraSsoUrl = ^/zimbrasso$ + +[manager] + +; Manager protection: by default, the manager is protected by a demo account. +; You can protect it : +; * by Apache itself, +; * by the parameter 'protection' which can take one of the following +; values : +; * authenticate : all authenticated users can access +; * manager : manager is protected like other virtual hosts: you +; have to set rules in the corresponding virtual host +; * : you can set here directly the rule to apply +; * none : no protection +protection = manager + +; staticPrefix: relative (or URL) location of static HTML components +staticPrefix = /static +; docPrefix: relative (or URL) location of embedded documentation +docPrefix = /doc + +; instanceName: Display LLNG instance name +;instanceName = Demo +; customCSS: CSS file to customize Manager +;customCSS = css/custom.css +; customPortalUrl: Override Portal drop-down menu links +;customPortalUrl = http://external-portal.internal.com + +; location of HTML templates directory +templateDir = /usr/share/lemonldap-ng/manager/htdocs/templates + +; languages: available languages for manager interface +languages = en, fr, it, vi, ar, tr, pl, zh_TW, es, he, pt_BR, ru + +; Manager modules enabled +; Set here the list of modules you want to see in manager interface +; The first will be used as default module displayed +;enabledModules = conf, sessions, notifications, 2ndFA, viewer +enabledModules = conf, sessions, notifications, 2ndFA + +; To avoid restricted users to edit configuration, defaulModule MUST be different than 'conf' +; 'conf' is set by default +;defaultModule = viewer + +; Viewer module allows us to edit configuration in read-only mode +; Options can be set with specific rules like this : +;viewerAllowBrowser = $uid eq 'dwho' +;viewerAllowDiff = $uid ne 'dwho' +; +; Viewer options - Default values +;viewerHiddenKeys = samlIDPMetaDataNodes samlSPMetaDataNodes managerPassword ManagerDn globalStorageOptions persistentStorageOptions +;viewerAllowBrowser = 0 +;viewerAllowDiff = 0 + +;[node-handler] +; +;This section is for node-lemonldap-ng-handler +;nodeVhosts = test3.example.com, test4.example.com diff --git a/portal/mfe.patch b/portal/mfe.patch index a9a7bca..cb0c3fd 100644 --- a/portal/mfe.patch +++ b/portal/mfe.patch @@ -1,14 +1,3 @@ ---- a/etc/lemonldap-ng/lemonldap-ng.ini -+++ b/etc/lemonldap-ng/lemonldap-ng.ini -@@ -198,7 +198,7 @@ staticPrefix = /static - templateDir = /usr/share/lemonldap-ng/portal/templates - - ; languages: available languages for portal interface --languages = en, fr, vi, it, ar, de, fi, tr, pl, zh_TW, es, pt_BR, he, ru -+languages = en, fr, vi, it, ar, de, fi, tr, pl, zh_TW, es, pt_BR, he, ru, mfe - - ; II - Optional parameters (overwrite configuration) - --- /dev/null +++ b/usr/share/lemonldap-ng/portal/htdocs/static/languages/mfe.json @@ -0,0 +1,388 @@ diff --git a/uwsgi-portal/install/etc/lemonldap-ng/lemonldap-ng.ini b/uwsgi-portal/install/etc/lemonldap-ng/lemonldap-ng.ini new file mode 100644 index 0000000..a999e2f --- /dev/null +++ b/uwsgi-portal/install/etc/lemonldap-ng/lemonldap-ng.ini @@ -0,0 +1,420 @@ +;============================================================================== +; LemonLDAP::NG local configuration parameters +; +; This file is dedicated to configuration parameters override +; You can set here configuration parameters that will be used only by +; local LemonLDAP::NG elements +; +; Section "all" is always read first before "portal", "handler" +; and "manager" +; +; Section "configuration" is used to load global configuration and set cache +; (replace old storage.conf file) +; +; Other section are only read by the specific LemonLDAP::NG component +;============================================================================== + +[all] +userLogger = Lemonldap::NG::Common::Logger::Std +logger = Lemonldap::NG::Common::Logger::Std + +; CUSTOM FUNCTION +; If you want to create customFunctions in rules, declare them here: +;require = Package +; Prevent Portal to crash if Perl module is not found +;requireDontDie = 1 +;customFunctions = function1 function2 +;customFunctions = Package::func1 Package::func2 + +; CROSS-DOMAIN +; If you have some handlers that are not registered on the main domain, +; uncomment this +;cda = 1 + +; SAFE JAIL +; Comment this to configure Safe jail with Manager. +; It can also be disabled from here by setting value to 0. +; Warning: this can allow malicious code in custom functions or rules +useSafeJail = 1 + +; LOGGING +; +; 1 - Defined logging level +; Set here one of error, warn, notice, info or debug +logLevel=info +; Note that this has no effect for Apache2 logging: Apache LogLevel is used +; instead +; +; 2 - Change logger +; +; By default, logging is set to: +; - Lemonldap::NG::Common::Logger::Apache2 for ApacheMP2 handlers +; - Lemonldap::NG::Common::Logger::Syslog for FastCGI (Nginx) +; - Lemonldap::NG::Common::Logger::Std for PSGI applications (manager, +; portal,...) when they are not +; launched by FastCGI server +; Other loggers availables: +; - Lemonldap::NG::Common::Logger::Log4perl to use Log4perl +; +; "Std" is redirected to the web server logs for Apache. For Nginx, only if +; request failed +; +; You can overload this in this section (for all) or in another section if +; you want to change logger for a specified app. +; +; LLNG uses 2 loggers: 1 for technical logs (logger), 1 for user actions +; (userLogger). "userLogger" uses the same class as "logger" if not set. +;logger = Lemonldap::NG::Common::Logger::Syslog +;userLogger = Lemonldap::NG::Common::Logger::Log4perl +; +; 2.1 - Using Syslog +; +; For Syslog logging, you can also overwrite facilities. Default values: +;logger = Lemonldap::NG::Common::Logger::Syslog +;syslogFacility = daemon +;syslogOptions = cons,pid,ndelay +;userSyslogFacility = auth +;userSyslogOptions = cons,pid,ndelay +; +; 2.2 - Using Log4perl +; +; If you want to use Log4perl, you can set these parameters. Here are default +; values: +;logger = Lemonldap::NG::Common::Logger::Log4perl +;log4perlConfFile = /etc/log4perl.conf +;log4perlLogger = LLNG +;log4perlUserLogger = LLNGuser +; +; Here, Log4perl configuration is read from /etc/log4perl.conf. The "LLNG" +; value points to the logger class. Example: +; log4perl.logger.LLNG = WARN, File1 +; log4perl.logger.LLNGuser = INFO, File2 +; ... + +; CONFIGURATION CHECK +; +; LLNG checks configuration at server start. If you use "reload" mechanism, +; local cache will be updated. Configuration is checked locally every +; 10 minutes by each LLNG component. You can change this value using +; `checkTime` (time in seconds). +; To increase performances, you should comment this parameter and rely on cache. +checkTime = 1 + +[configuration] + +; confTimeout: maximum time to get configuration (default 10) +;confTimeout = 5 + +; GLOBAL CONFIGURATION ACCESS TYPE +; (File, REST, SOAP, CDBI/RDBI, LDAP, YAMLFile) +; Set here the parameters needed to access to LemonLDAP::NG configuration. +; You have to set "type" to one of the followings : +; +; * File/YAMLFile: you have to set 'dirName' parameter. Example: +; +; type = File ; or type = YAMLFile +; dirName = /var/lib/lemonldap-ng/conf +; ; Optimize JSON for readability instead of performance +; prettyPrint = 1 +; +; * CDBI/RDBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword' +; if needed. Example: +; +; type = CDBI +; ;type = RDBI +; dbiChain = DBI:MariaDB:database=lemonldap-ng;host=1.2.3.4 +; dbiUser = lemonldap +; dbiPassword = password +; +; * REST: REST configuration access is a sort of proxy: the portal is +; configured to use the real session storage type (DBI or File for +; example). +; You have to set 'baseUrl' parameter. Example: +; +; type = REST +; baseUrl = https://auth.example.com/config +; lwpOpts = { timeout => 5 } +; lwpSslOpts = { SSL_ca_file => "..." } +; user = lemonldap +; password = mypassword +; realm = myrealm +; +; * LDAP: you have to set ldapServer, ldapConfBase, ldapBindDN and ldapBindPassword. +; +; type = LDAP +; ldapServer = ldap://localhost +; ldapConfBase = ou=conf,ou=applications,dc=example,dc=com +; ldapBindDN = cn=manager,dc=example,dc=com +; ldapBindPassword = secret +; ldapObjectClass = applicationProcess +; ldapAttributeId = cn +; ldapAttributeContent = description + +type = Overlay +overlayRealtype = File +overlayDirectory = /over + +dirName = /var/lib/lemonldap-ng/conf +; Optimize for readability instead of performance +prettyPrint = 1 + +; LOCAL CACHE CONFIGURATION +; +; To increase performances, use a local cache for the configuration. You have +; to choose a Cache::Cache module and set its parameters. Example: +; +; localStorage = Cache::FileCache +; localStorageOptions={ \ +; 'namespace' => 'lemonldap-ng-config',\ +; 'default_expires_in' => 600, \ +; 'directory_umask' => '007', \ +; 'cache_root' => '/var/cache/lemonldap-ng', \ +; 'cache_depth' => 3, \ +; } +localStorage=Cache::FileCache +localStorageOptions={ \ + 'namespace' => 'lemonldap-ng-config',\ + 'default_expires_in' => 600, \ + 'directory_umask' => '007', \ + 'cache_root' => '/var/cache/lemonldap-ng', \ + 'cache_depth' => 3, \ +} + +[apply] + +; reload URLs for distant Hanlders + + +[portal] + +; PORTAL CUSTOMIZATION + +; I - Required parameters + +; staticPrefix: relative (or URL) location of static HTML components +staticPrefix = /static + +; location of HTML templates directory +templateDir = /usr/share/lemonldap-ng/portal/templates + +; languages: available languages for portal interface +languages = en, fr, vi, ru, mfe, it, ar, de, fi, tr, pl, zh_TW, es, pt_BR, he, ru + +; II - Optional parameters (overwrite configuration) + +; Name of the skin +;portalSkin = pastel +; Modules displayed +;portalDisplayLogout = 1 +;portalDisplayResetPassword = 1 +;portalDisplayChangePassword = 1 +;portalDisplayAppslist = 1 +;portalDisplayLoginHistory = 1 +; Require the old password when changing password +;portalRequireOldPassword = 1 +; Attribute displayed as connected user +;portalUserAttr = mail +; Old menu HTML code +; Enable it if you use old templates +;useOldMenuItems=1 +; Override error codes +;error_0 = You are well authenticated! +; Custom template parameters +; For example to use +;tpl_myparam = test + +; COMBINATION FORMS +; If you want to fix forms to display, you can use this; +;combinationForms = standardform, yubikeyform + +;syslog = auth +; SOAP FUNCTIONS +; Remove comment to activate SOAP Functions getCookies(user,pwd) and +; error(language, code) +;Soap = 1 +; Note that getAttibutes() will be activated but on a different URI +; (http://auth.example.com/sessions) +; You can also restrict attributes and macros exported by getAttributes +;exportedAttr = uid mail + +; PASSWORD POLICY +; Remove comment to use LDAP Password Policy +;ldapPpolicyControl = 1 +; Remove comment to store password in session (use with caution) +;storePassword = 1 +; Remove comment to use LDAP modify password extension +; (beware of compatibility with LDAP Password Policy) +;ldapSetPassword = 1 +; RESET PASSWORD BY MAIL +; SMTP server (default to localhost), set to '' to use default mail service +;SMTPServer = localhost +; SMTP auth user +;SMTPAuthUser = toto +; SMTP auth password +;SMTPAuthPass = secret +; Mail From address +;mailFrom = noreply@example.com +; Reply To +;mailReplyTo = noreply@example.com +; Mail confirmation URL +;mailUrl = http://reset.example.com +; Mail subject for confirmation message +;mailConfirmSubject = [LemonLDAP::NG] Password reset confirmation +; Mail body for confiramtion (can use $url for confirmation URL, and other session +; infos, like $cn). Keep comment to use HTML templates +;mailConfirmBody = Hello $cn,\n\nClick here to receive your new password: $url +; Mail subject for new password message +;mailSubject = [LemonLDAP::NG] Your new password +; Mail body for new password (can use $password for generated password, and other session +; infos, like $cn). Keep comment to use HTML templates +;mailBody = Hello $cn,\n\nYour new password is $password +; LDAP filter to use +;mailLDAPFilter = '(&(mail=$mail)(objectClass=inetOrgPerson))' +; Random regexp for password generation +;randomPasswordRegexp = [A-Z]{3}[a-z]{5}.\d{2} +; LDAP GROUPS +; Set the base DN of your groups branch +;ldapGroupBase = ou=groups,dc=example,dc=com +; Objectclass used by groups +;ldapGroupObjectClass = groupOfUniqueNames +; Attribute used by groups to store member +;ldapGroupAttributeName = uniqueMember +; Attribute used by user to link to groups +;ldapGroupAttributeNameUser = dn +; Attribute used to identify a group. The group will be displayed as +; cn|mail|status, where cn, mail and status will be replaced by their +; values. +;ldapGroupAttributeNameSearch = cn mail + +; NOTIFICATIONS SERVICE +; Use it to be able to notify messages during authentication +;notification = 1 +; Note that the SOAP function newNotification will be activated on +; http://auth.example.com/notification +; If you want to hide this, just protect "/index.fcgi/notification" in +; your Apache configuration file +; XSS protection bypass +; By default, the portal refuses redirections that come from sites not +; registered in the configuration (manager) except for those coming +; from trusted domains. By default, trustedDomains contains the domain +; declared in the manager. You can set trustedDomains to empty value so +; that, undeclared sites will be rejected. You can also set here a list +; of trusted domains or hosts separated by spaces. This is usefull if +; your website use LemonLDAP::NG without handler with SOAP functions. +;trustedDomains = my.trusted.host example2.com + +; Check XSS +; Set to 0 to disable error on XSS attack detection +;checkXSS = 0 + +; pdata cookie domain +; pdata cookie could not be sent with cross domains AJAX request +; Null is default value +;pdataDomain = example.com + +; CUSTOM PLUGINS +; If you want to add custom plugins, set list here (comma separated) +; Read Lemonldap::NG::Portal::Main::Plugin(3pm) man page. +;customPlugins = ::My::Package1, ::My::Package2 + +; To avoid bad/expired OTT if "authssl" and "auth" are served by different Load Balancers +; you can override OTT configuration to store Upgrade or Issuer OTT into global storage +;forceGlobalStorageUpgradeOTT = 1 +;forceGlobalStorageIssuerOTT = 1 + +[handler] + +; Handler cache configuration +; You can overwrite here local session cache settings in manager: +; localSessionStorage=Cache::FileCache +; localSessionStorageOptions={ \ +; 'namespace' => 'lemonldap-ng-sessions', \ +; 'default_expires_in' => 600, \ +; 'directory_umask' => '007', \ +; 'cache_root' => '/var/cache/lemonldap-ng', \ +; 'cache_depth' => 3, \ +; } + +; Set https to 1 if your handler protect a https website (used only for +; redirections to the portal) +;https = 0 +; Set port if your handler protects a website on a non standard port +; - 80 for http, 443 for https (used only for redirections to the portal) +;port = 8080 +; Set status to 1 if you want to have the report of activity (used for +; example to inform MRTG) +status = 0 +; Set useRedirectOnForbidden to 1 if you want to use REDIRECT and not FORBIDDEN +; when a user is not allowed by Handler +;useRedirectOnForbidden = 1 +; Hide LemonLDAP::NG Handler in Apache Server Signature +;hideSignature = 1 +; Set ServiceToken timeout +;handlerServiceTokenTTL = 30 +; Set Impersonation/ContextSwitching prefix +; impersonationPrefix = real_ +useRedirectOnError = 1 + +; Zimbra Handler parameters +;zimbraPreAuthKey = XXXX +;zimbraAccountKey = uid +;zimbraBy =id +;zimbraUrl = /service/preauth +;zimbraSsoUrl = ^/zimbrasso$ + +[manager] + +; Manager protection: by default, the manager is protected by a demo account. +; You can protect it : +; * by Apache itself, +; * by the parameter 'protection' which can take one of the following +; values : +; * authenticate : all authenticated users can access +; * manager : manager is protected like other virtual hosts: you +; have to set rules in the corresponding virtual host +; * : you can set here directly the rule to apply +; * none : no protection +protection = manager + +; staticPrefix: relative (or URL) location of static HTML components +staticPrefix = /static +; docPrefix: relative (or URL) location of embedded documentation +docPrefix = /doc + +; instanceName: Display LLNG instance name +;instanceName = Demo +; customCSS: CSS file to customize Manager +;customCSS = css/custom.css +; customPortalUrl: Override Portal drop-down menu links +;customPortalUrl = http://external-portal.internal.com + +; location of HTML templates directory +templateDir = /usr/share/lemonldap-ng/manager/htdocs/templates + +; languages: available languages for manager interface +languages = en, fr, it, vi, ar, tr, pl, zh_TW, es, he, pt_BR, ru + +; Manager modules enabled +; Set here the list of modules you want to see in manager interface +; The first will be used as default module displayed +;enabledModules = conf, sessions, notifications, 2ndFA, viewer +enabledModules = conf, sessions, notifications, 2ndFA + +; To avoid restricted users to edit configuration, defaulModule MUST be different than 'conf' +; 'conf' is set by default +;defaultModule = viewer + +; Viewer module allows us to edit configuration in read-only mode +; Options can be set with specific rules like this : +;viewerAllowBrowser = $uid eq 'dwho' +;viewerAllowDiff = $uid ne 'dwho' +; +; Viewer options - Default values +;viewerHiddenKeys = samlIDPMetaDataNodes samlSPMetaDataNodes managerPassword ManagerDn globalStorageOptions persistentStorageOptions +;viewerAllowBrowser = 0 +;viewerAllowDiff = 0 + +;[node-handler] +; +;This section is for node-lemonldap-ng-handler +;nodeVhosts = test3.example.com, test4.example.com diff --git a/uwsgi-portal/mfe.patch b/uwsgi-portal/mfe.patch index a9a7bca..cb0c3fd 100644 --- a/uwsgi-portal/mfe.patch +++ b/uwsgi-portal/mfe.patch @@ -1,14 +1,3 @@ ---- a/etc/lemonldap-ng/lemonldap-ng.ini -+++ b/etc/lemonldap-ng/lemonldap-ng.ini -@@ -198,7 +198,7 @@ staticPrefix = /static - templateDir = /usr/share/lemonldap-ng/portal/templates - - ; languages: available languages for portal interface --languages = en, fr, vi, it, ar, de, fi, tr, pl, zh_TW, es, pt_BR, he, ru -+languages = en, fr, vi, it, ar, de, fi, tr, pl, zh_TW, es, pt_BR, he, ru, mfe - - ; II - Optional parameters (overwrite configuration) - --- /dev/null +++ b/usr/share/lemonldap-ng/portal/htdocs/static/languages/mfe.json @@ -0,0 +1,388 @@