lemonldap-ng/lemonldap-ng-common/lemonldap-ng.ini

#==============================================================================
# LemonLDAP::NG local configuration parameters
#
# This file is dedicated to configuration parameters override
# You can set here configuration parameters that will be used only by
# local LemonLDAP::NG elements
#
# Section "all" is always read first before "portal", "handler"
# and "manager"
#
# Section "configuration" is used to load global configuration and set cache
# (replace old storage.conf file)
#
# Section "apply" is read by Manager to reload handlers
# (replace old apply.conf file)
#
# Other section are only read by the specific LemonLDAP::NG component
#==============================================================================

[all]

# CUSTOM FUNCTION
# If you want to create customFunctions in rules, declare them here:
;customFunctions = function1 function2
;customFunctions = Package::func1 Package::func2

# CROSS-DOMAIN
# If you have some handlers that are not registered on the main domain,
# uncomment this
;cda = 1

# SAFE JAIL
# Uncomment this to disable Safe jail.
# Warning: this can allow malicious code in custom functions or rules
;useSafeJail = 0

[configuration]

# GLOBAL CONFIGURATION ACCESS TYPE
# (File, SOAP, RDBI/CDBI, LDAP)
# Set here the parameters needed to access to LemonLDAP::NG configuration.
# You have to set "type" to one of the followings :
#
# * File: you have to set 'dirName' parameter. Example:
#
#           type = File
#           dirName = /var/lib/lemonldap-ng/conf
#
# * RDBI/CDBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword'
#         if needed. Example:
#
#           type        = RDBI
#          ;type        = CDBI 
#           dbiChain    = DBI:mysql:database=lemonldap-ng;host=1.2.3.4
#           dbiUser     = lemonldap
#           dbiPassword = password
#
# * SOAP: SOAP configuration access is a sort of proxy: the portal is
#         configured to use the real session storage type (DBI or File for
#         example).
#         You have to set 'proxy' parameter. Example:
#
#           type         = SOAP
#           proxy        = https://auth.example.com/index.pl/config
#           proxyOptions = { timeout => 5 }
#           User         = lemonldap
#           Password     = mypassword
#
# * LDAP: you have to set ldapServer, ldapConfBranch, ldapBindDN and ldapBindPassword.
#
#           type             = LDAP
#           ldapServer       = ldap://localhost
#           ldapConfBase     = ou=conf,ou=applications,dc=example,dc=com
#           ldapBindDN       = cn=manager,dc=example,dc=com
#           ldapBindPassword = secret
type=File
dirName=/var/lib/lemonldap-ng/conf

# LOCAL CACHE CONFIGURATION
#
# To increase performances, use a local cache for the configuration. You have
# to choose a Cache::Cache module and set it's parameters (1 line). Example:
#
#           localStorage = Cache::FileCache
#           localStorageOptions={                      \
#               'namespace'          => 'lemonldap-ng',\
#               'default_expires_in' => 600,           \
#               'directory_umask'    => '007',         \
#               'cache_root'         => '/tmp',        \
#               'cache_depth'        => 5,             \
#           }
localStorage=Cache::FileCache
localStorageOptions={                      \
    'namespace'          => 'lemonldap-ng',\
    'default_expires_in' => 600,           \
    'directory_umask'    => '007',         \
    'cache_root'         => '/tmp',        \
    'cache_depth'        => 5,             \
}

[portal]

# PORTAL CUSTOMIZATION
# Name of the skin
;portalSkin = pastel
# Modules displayed
;portalDisplayLogout = 1
;portalDisplayResetPassword = 1
;portalDisplayChangePassword = 1
;portalDisplayAppslist = 1
;portalDisplayLoginHistory = 1
# Allow password autocompletion (passwords stored in user web browsers)
;portalAutocomplete = 1
# Require the old password when changing password
;portalRequireOldPassword = 1
# Attribute displayed as connected user
;portalUserAttr = mail
# Old menu HTML code
# Enable it if you use old templates
;useOldMenuItems=1

# LOG
# By default, all is logged in Apache file. To log user actions by
# syslog, just set syslog facility here:
;syslog = auth
# SOAP FUNCTIONS
# Remove comment to activate SOAP Functions getCookies(user,pwd) and
# error(language, code)
;Soap = 1
# Note that getAttibutes() will be activated but on a different URI
# (http://auth.example.com/index.pl/sessions)
# You can also restrict attributes and macros exported by getAttributes
;exportedAttr = uid mail

# PASSWORD POLICY
# Remove comment to use LDAP Password Policy
;ldapPpolicyControl = 1
# Remove comment to store password in session (use with caution)
;storePassword = 1
# Remove comment to use LDAP modify password extension
# (beware of compatibility with LDAP Password Policy)
;ldapSetPassword    = 1
# RESET PASSWORD BY MAIL
# SMTP server (default to localhost), set to '' to use default mail service
;SMTPServer = localhost
# SMTP auth user
;SMTPAuthUser = toto
# SMTP auth password
;SMTPAuthPass = secret
# Mail From address
;mailFrom = noreply@test.com
# Reply To
;mailReplyTo = noreply@test.com
# Mail confirmation URL
;mailUrl = http://reset.example.com
# Mail subject for confirmation message
;mailConfirmSubject = [LemonLDAP::NG] Password reset confirmation
# Mail body for confiramtion (can use $url for confirmation URL, and other session
# infos, like $cn). Keep comment to use HTML templates
;mailConfirmBody = Hello $cn,\n\nClick here to receive your new password: $url
# Mail subject for new password message
;mailSubject = [LemonLDAP::NG] Your new password
# Mail body for new password (can use $password for generated password, and other session
# infos, like $cn). Keep comment to use HTML templates
;mailBody = Hello $cn,\n\nYour new password is $password
# LDAP filter to use
;mailLDAPFilter = '(&(mail=$mail)(objectClass=inetOrgPerson))'
# Random regexp for password generation
;randomPasswordRegexp = [A-Z]{3}[a-z]{5}.\d{2}
# LDAP GROUPS
# Set the base DN of your groups branch
;ldapGroupBase = ou=groups,dc=example,dc=com
# Objectclass used by groups
;ldapGroupObjectClass = groupOfUniqueNames
# Attribute used by groups to store member
;ldapGroupAttributeName = uniqueMember
# Attribute used by user to link to groups
;ldapGroupAttributeNameUser = dn
# Attribute used to identify a group. The group will be displayed as
# cn|mail|status, where cn, mail and status will be replaced by their
# values.
;ldapGroupAttributeNameSearch = cn mail

# NOTIFICATIONS SERVICE
# Use it to be able to notify messages during authentication
;notification = 1
# Note that the SOAP function newNotification will be activated on
# http://auth.example.com/index.pl/notification
# If you want to hide this, just protect "/index.pl/notification" in
# your Apache configuration file
# XSS protection bypass
# By default, the portal refuse redirections that comes from sites not
# registered in the configuration (manager) except for those coming
# from trusted domains. By default, trustedDomains contains the domain
# declared in the manager. You can set trustedDomains to empty value so
# that, undeclared sites will be rejected. You can also set here a list
# of trusted domains or hosts separated by spaces. This is usefull if
# your website use LemonLDAP::NG without handler with SOAP functions.
;trustedDomains = my.trusted.host example2.com

# Check XSS
# Set to 0 to disable error on XSS attack detection
;checkXSS = 0

[handler]

# Set https to 1 if your handler protect a https website (used only for
# redirections to the portal)
;https = 0
# Set port if your your hanlder protect a website on a non standard port
# - 80 for http, 443 for https (used only for redirections ti the portal)
;port = 8080
# Set status to 1 if you want to have the report of activity (used for
# example to inform MRTG)
status = 0
# Set useRedirectOnForbidden to 1 if you want to use REDIRECT and not FORBIDDEN
# when a user is not allowed by Handler
;useRedirectOnForbidden = 1
# Hide LemonLDAP::NG Handler in Apache Server Signature
;hideSignature = 1
useRedirectOnError = 1

# Zimbra Handler parameters
;zimbraPreAuthKey = XXXX
;zimbraAccountKey = uid
;zimbraBy =id
;zimbraUrl = /service/preauth
;zimbraSsoUrl = ^/zimbrasso$

[manager]

# Manager protection: by default, the manager is protected by a demo account.
# You can protect it :
# * by Apache itself,
# * by the parameter 'protection' which can take one of the following
# values :
#   * authenticate : all authenticated users can access
#   * manager      : manager is protected like other virtual hosts: you
#                    have to set rules in the corresponding virtual host
#   * rule: <rule> : you can set here directly the rule to apply
#   * none         : no protection
protection = manager

# When using "SetHandler cgi-script" instead of using ModPerl::Registry,
# Apache LogLevel parameter does not work for LemonLDAP::NG debugging.
# Use one of the following to modify error output:
;hideLogLevels = debug|info
;hideLogLevels = debug
;hideLogLevels =

[sessionsExplorer]

# Sessions explorer inherits from manager section. You can override here
# some parameters like 'protection'
;protection = authenticate

[apply]

# Configuration reload URLS defined in manager can be overridden here
;reload.__DNSDOMAIN__ = http://reload.__DNSDOMAIN__/reload