dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Manager: restore last changes...

Browse Source
This commit is contained in:
Clément Oudot 2010-03-15 20:24:02 +00:00
parent 85054c3638
commit 96519790ab
1 changed files with 196 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

304
modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
View File

@ -98,42 +98,42 @@ sub struct {
###################### ######################
generalParameters => { generalParameters => {
_nodes => [ _nodes => [
qw(portalParams n:authParams logParams cookieParams sessionParams n:advancedParams) qw(n:portalParams n:authParams n:logParams n:cookieParams n:sessionParams n:advancedParams)
], ],
_help => 'default', _help => 'default',
# PORTAL PARAMETERS # PORTAL PARAMETERS
portalParams => { portalParams => {
_nodes => [qw(portal n:portalModules n:portalCustomization)], _nodes => [qw(portal n:portalModules n:portalCustomization)],
_help => 'portalParams', _help => 'portalParams',
portal => 'text:/portal', portal => 'text:/portal',
portalModules => { portalModules => {
_nodes => [ _nodes => [
qw(portalDisplayLogout portalDisplayResetPassword portalDisplayChangePassword portalDisplayAppslist) qw(portalDisplayLogout portalDisplayResetPassword portalDisplayChangePassword portalDisplayAppslist)
], ],
portalDisplayLogout => 'text:/portalDisplayLogout', portalDisplayLogout => 'text:/portalDisplayLogout',
portalDisplayResetPassword => portalDisplayResetPassword =>
'text:/portalDisplayResetPassword', 'text:/portalDisplayResetPassword',
portalDisplayChangePassword => portalDisplayChangePassword =>
'text:/portalDisplayChangePassword', 'text:/portalDisplayChangePassword',
portalDisplayAppslist => 'text:/portalDisplayAppslist', portalDisplayAppslist => 'text:/portalDisplayAppslist',
}, },
portalCustomization => { portalCustomization => {
_nodes => [ _nodes => [
qw(portalSkin portalAutocomplete portalRequireOldPassword portalUserAttr portalOpenLinkInNewWindow) qw(portalSkin portalAutocomplete portalRequireOldPassword portalUserAttr portalOpenLinkInNewWindow)
], ],
portalSkin => 'text:/portalSkin', portalSkin => 'text:/portalSkin',
portalAutocomplete => 'bool:/portalAutocomplete', portalAutocomplete => 'bool:/portalAutocomplete',
portalRequireOldPassword => portalRequireOldPassword =>
'bool:/portalRequireOldPassword', 'bool:/portalRequireOldPassword',
portalUserAttr => 'text:/portalUserAttr', portalUserAttr => 'text:/portalUserAttr',
portalOpenLinkInNewWindow => portalOpenLinkInNewWindow =>
'bool:/portalOpenLinkInNewWindow', 'bool:/portalOpenLinkInNewWindow',
}, },
}, },
# AUTHENTICATION AND USERDB PARAMETERS # AUTHENTICATION AND USERDB PARAMETERS
@ -146,15 +146,28 @@ sub struct {
|| $self->defaultConf()->{authentication}; || $self->defaultConf()->{authentication};
my $udb = $self->conf->{userDB} my $udb = $self->conf->{userDB}
|| $self->defaultConf()->{userDB}; || $self->defaultConf()->{userDB};
my $pdb = $self->conf->{passwordDB}
|| $self->defaultConf()->{passwordDB};
$auth = lc($auth); $auth = lc($auth);
$udb = lc($udb); $udb = lc($udb);
$pdb = lc($pdb);
my %res; my %res;
foreach my $mod ( ( $auth, ( $auth ne $udb ? $udb : () ) ) )
foreach my $mod (
(
$auth,
( $udb ne ( $auth or $pdb ) ? $udb : () ),
( $pdb ne ( $auth or $udb ) ? $pdb : () )
)
)
{ {
my $tmp = { my $tmp = {
ldap => ['ldapParams'], ldap => ['ldapParams'],
ssl => [qw(ldapParams SSLRequired)], ssl => [qw(ldapParams sslParams)],
openid => ['openIdParams'], cas => ['casParams'],
remote => ['remoteParams'],
proxy => ['proxyParams'],
openid => ['openIdParams'],
twitter => ['twitterParams'], twitter => ['twitterParams'],
}->{$mod}; }->{$mod};
if ($tmp) { if ($tmp) {
@ -163,7 +176,8 @@ sub struct {
} }
my @u = keys %res; my @u = keys %res;
# Add authentication and userDB nodes at the beginning # Add authentication, userDB and passwordDB nodes at the beginning
unshift( @u, "passwordDB" );
unshift( @u, "userDB" ); unshift( @u, "userDB" );
unshift( @u, "authentication" ); unshift( @u, "authentication" );
@ -171,64 +185,100 @@ sub struct {
return \@u; return \@u;
}, },
_help => 'authParams', _help => 'authParams',
authentication => 'text:/authentication:authParams:authParams', authentication => 'text:/authentication:authParams:authParams',
userDB => 'text:/userDB:authParams:authParams', userDB => 'text:/userDB:authParams:authParams',
passwordDB => 'text:/passwordDB:authParams:authParams',
# LDAP # LDAP
ldapParams => { ldapParams => {
_nodes => [ _nodes => [
qw(n:ldapConnection n:ldapFilters n:ldapGroups n:ldapPassword) qw(n:ldapConnection n:ldapFilters n:ldapGroups n:ldapPassword)
], ],
_help => 'ldap', _help => 'ldap',
ldapConnection => { ldapConnection => {
_nodes => [ _nodes => [
qw(ldapServer ldapPort ldapBase managerDn managerPassword) qw(ldapServer ldapPort ldapBase managerDn managerPassword)
], ],
ldapServer => 'text:/ldapServer', ldapServer => 'text:/ldapServer',
ldapPort => 'int:/ldapPort', ldapPort => 'int:/ldapPort',
ldapBase => 'text:/ldapBase', ldapBase => 'text:/ldapBase',
managerDn => 'text:/managerDn', managerDn => 'text:/managerDn',
managerPassword => 'text:/managerPassword', managerPassword => 'text:/managerPassword',
}, },
ldapFilters => { ldapFilters => {
_nodes => _nodes =>
[qw(LDAPFilter AuthLDAPFilter mailLDAPFilter)], [qw(LDAPFilter AuthLDAPFilter mailLDAPFilter)],
LDAPFilter => 'text:/LDAPFilter', LDAPFilter => 'text:/LDAPFilter',
AuthLDAPFilter => 'text:/AuthLDAPFilter', AuthLDAPFilter => 'text:/AuthLDAPFilter',
mailLDAPFilter => 'text:/mailLDAPFilter', mailLDAPFilter => 'text:/mailLDAPFilter',
}, },
ldapGroups => { ldapGroups => {
_nodes => [ _nodes => [
qw(ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupRecursive ldapGroupAttributeNameGroup) qw(ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupRecursive ldapGroupAttributeNameGroup)
], ],
ldapGroupBase => 'text:/ldapGroupBase', ldapGroupBase => 'text:/ldapGroupBase',
ldapGroupObjectClass => 'text:/ldapGroupObjectClass', ldapGroupObjectClass => 'text:/ldapGroupObjectClass',
ldapGroupAttributeName => ldapGroupAttributeName =>
'text:/ldapGroupAttributeName', 'text:/ldapGroupAttributeName',
ldapGroupAttributeNameUser => ldapGroupAttributeNameUser =>
'text:/ldapGroupAttributeNameUser', 'text:/ldapGroupAttributeNameUser',
ldapGroupAttributeNameSearch => ldapGroupAttributeNameSearch =>
'text:/ldapGroupAttributeNameSearch', 'text:/ldapGroupAttributeNameSearch',
ldapGroupRecursive => 'bool:/ldapGroupRecursive', ldapGroupRecursive => 'bool:/ldapGroupRecursive',
ldapGroupAttributeNameGroup => ldapGroupAttributeNameGroup =>
'text:/ldapGroupAttributeNameGroup', 'text:/ldapGroupAttributeNameGroup',
}, },
ldapPassword => { ldapPassword => {
_nodes => [qw(ldapPpolicyControl ldapSetPassword)], _nodes => [qw(ldapPpolicyControl ldapSetPassword)],
ldapPpolicyControl => 'bool:/ldapPpolicyControl', ldapPpolicyControl => 'bool:/ldapPpolicyControl',
ldapSetPassword => 'bool:/ldapSetPassword', ldapSetPassword => 'bool:/ldapSetPassword',
}, },
}, },
# SSL # SSL
SSLRequired => 'bool:/SSLRequired', sslParams => {
_nodes => [qw(SSLVar SSLLDAPField SSLRequire)],
SSLVar => 'text:/SSLVar',
SSLLDAPField => 'text:/SSLLDAPField',
SSLRequire => 'bool:/SSLRequire',
},
# CAS
casParams => {
_nodes =>
[qw(CAS_url CAS_loginUrl CAS_validationUrl CAS_CAFile)],
CAS_url => 'text:/CAS_url',
CAS_loginUrl => 'text:/CAS_loginUrl',
CAS_validationUrl => 'text:/CAS_validationUrl',
CAS_CAFile => 'text:/CAS_CAFile',
},
# Remote
remoteParams => {
_nodes => [
qw(remotePortal remoteGlobalStorage remoteGlobalStorageOptions)
],
remotePortal => 'text:/remotePortal',
remoteGlobalStorage => 'text:/remoteGlobalStorage',
remoteGlobalStorageOptions =>
{ _nodes => ['hash:/remoteGlobalStorageOptions'], },
},
# Proxy
proxyParams => {
_nodes =>
[qw(soapAuthService remoteCookieName soapSessionService)],
soapAuthService => 'text:/soapAuthService',
remoteCookieName => 'text:/remoteCookieName',
soapSessionService => 'text:/soapSessionService',
},
# OpenID # OpenID
openIdParams => { openIdParams => {
@ -269,9 +319,14 @@ sub struct {
# SESSIONS PARAMETERS # SESSIONS PARAMETERS
sessionParams => { sessionParams => {
_nodes => [ _nodes => [
qw(sessionStorage grantSessionRule singleSession singleIP singleUserByIP notifyDeleted notifyOther timeout storePassword) qw(grantSessionRule storePassword timeout n:sessionStorage n:multipleSessions)
], ],
_help => 'storage', _help => 'storage',
grantSessionRule => 'textarea:/grantSessionRule',
storePassword => 'bool:/storePassword',
timeout => 'text:/timeout:timeout:text',
sessionStorage => { sessionStorage => {
_nodes => [qw(globalStorage globalStorageOptions)], _nodes => [qw(globalStorage globalStorageOptions)],
globalStorage => 'text:/globalStorage', globalStorage => 'text:/globalStorage',
@ -280,14 +335,17 @@ sub struct {
_js => 'hashRoot' _js => 'hashRoot'
}, },
}, },
singleSession => 'bool:/singleSession',
singleIP => 'bool:/singleIP', multipleSessions => {
singleUserByIP => 'bool:/singleUserByIP', _nodes => [
notifyDeleted => 'bool:/notifyDeleted', qw(singleSession singleIP singleUserByIP notifyDeleted notifyOther)
notifyOther => 'bool:/notifyOther', ],
storePassword => 'bool:/storePassword', singleSession => 'bool:/singleSession',
timeout => 'text:/timeout:timeout:text', singleIP => 'bool:/singleIP',
grantSessionRule => 'text:/grantSessionRule', singleUserByIP => 'bool:/singleUserByIP',
notifyDeleted => 'bool:/notifyDeleted',
notifyOther => 'bool:/notifyOther',
},
}, },
# OTHER PARAMETERS # OTHER PARAMETERS
@ -296,12 +354,12 @@ sub struct {
qw(n:soap n:notifications n:passwordManagement n:security) qw(n:soap n:notifications n:passwordManagement n:security)
], ],
soap => { soap => {
_nodes => [qw(Soap exportedAttr trustedDomains)], _nodes => [qw(Soap exportedAttr trustedDomains)],
Soap => 'bool:/Soap', Soap => 'bool:/Soap',
exportedAttr => 'text:/exportedAttr', exportedAttr => 'text:/exportedAttr',
trustedDomains => 'text:/trustedDomains', trustedDomains => 'text:/trustedDomains',
}, },
notifications => { notifications => {
_nodes => [ _nodes => [
@ -318,9 +376,8 @@ sub struct {
passwordManagement => { passwordManagement => {
_nodes => [ _nodes => [
qw(passwordDB SMTPServer mailUrl mailFrom mailSubject mailBody mailConfirmSubject mailConfirmBody randomPasswordRegexp) qw(SMTPServer mailUrl mailFrom mailSubject mailBody mailConfirmSubject mailConfirmBody randomPasswordRegexp)
], ],
passwordDB => 'text:/passwordDB',
SMTPServer => 'text:/SMTPServer', SMTPServer => 'text:/SMTPServer',
mailUrl => 'text:/mailUrl', mailUrl => 'text:/mailUrl',
mailFrom => 'text:/mailFrom', mailFrom => 'text:/mailFrom',
@ -331,13 +388,13 @@ sub struct {
randomPasswordRegexp => 'text:/randomPasswordRegexp', randomPasswordRegexp => 'text:/randomPasswordRegexp',
}, },
security => { security => {
_nodes => [qw(https userControl portalForceAuthn)], _nodes => [qw(https userControl portalForceAuthn)],
https => 'bool:/https', https => 'bool:/https',
userControl => 'text:/userControl:userControl:text', userControl => 'text:/userControl:userControl:text',
portalForceAuthn => portalForceAuthn =>
'bool:/portalForceAuthn:portalForceAuthn:bool', 'bool:/portalForceAuthn:portalForceAuthn:bool',
}, },
} }
}, },
@ -699,7 +756,7 @@ sub testStruct {
ldapGroupAttributeNameUser => $testNotDefined, ldapGroupAttributeNameUser => $testNotDefined,
ldapGroupAttributeNameSearch => $testNotDefined, ldapGroupAttributeNameSearch => $testNotDefined,
ldapGroupAttributeNameGroup => $testNotDefined, ldapGroupAttributeNameGroup => $testNotDefined,
locationRules => { locationRules => {
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/, keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
msgFail => 'Bad virtual host name', msgFail => 'Bad virtual host name',
'*' => { '*' => {
@ -788,7 +845,6 @@ sub testStruct {
singleIP => $boolean, singleIP => $boolean,
singleUserByIP => $boolean, singleUserByIP => $boolean,
Soap => $boolean, Soap => $boolean,
SSLRequired => $boolean,
storePassword => $boolean, storePassword => $boolean,
syslog => { syslog => {
test => qw/^(?:auth|authpriv|daemon|local\d|user)?$/, test => qw/^(?:auth|authpriv|daemon|local\d|user)?$/,
@ -874,6 +930,33 @@ sub testStruct {
samlIDPSSODescriptorManageNameIDServiceHTTP => $testNotDefined, samlIDPSSODescriptorManageNameIDServiceHTTP => $testNotDefined,
samlIDPSSODescriptorManageNameIDServiceSOAP => $testNotDefined, samlIDPSSODescriptorManageNameIDServiceSOAP => $testNotDefined,
# SSL
SSLVar => $testNotDefined,
SSLLDAPField => $testNotDefined,
SSLRequire => $boolean,
# CAS
CAS_url => $testNotDefined,
CAS_loginUrl => $testNotDefined,
CAS_validationUrl => $testNotDefined,
CAS_CAFile => $testNotDefined,
# Remote
remotePortal => $testNotDefined,
remoteGlobalStorage => {
test => qr/^[\w:]+$/,
msgFail => 'Bad module name',
},
remoteGlobalStorageOptions => {
keyTest => qr/^\w+$/,
keyMsgFail => 'Bad parameter',
},
# Proxy
soapAuthService => $testNotDefined,
remoteCookieName => $testNotDefined,
soapSessionService => $testNotDefined,
# OpenID # OpenID
openIdSecret => $testNotDefined, openIdSecret => $testNotDefined,
@ -910,25 +993,26 @@ sub defaultConf {
notificationStorage => 'File', notificationStorage => 'File',
notificationStorageOptions => notificationStorageOptions =>
{ dirName => '/var/lib/lemonldap-ng/notifications', }, { dirName => '/var/lib/lemonldap-ng/notifications', },
notifyDeleted => '1', notifyDeleted => '1',
notifyOther => '1', notifyOther => '1',
portal => 'http://auth.example.com/', portal => 'http://auth.example.com/',
portalSkin => 'pastel', portalSkin => 'pastel',
portalUserAttr => '_user', portalUserAttr => '_user',
protection => 'none', protection => 'none',
securedCookie => '0', remoteGlobalStorage => 'Lemonldap::NG::Common::Apache::Session::SOAP',
singleSession => '0', securedCookie => '0',
singleIP => '0', singleSession => '0',
singleUserByIP => '0', singleIP => '0',
Soap => '1', singleUserByIP => '0',
SSLRequired => '0', Soap => '1',
storePassword => '0', SSLRequired => '0',
syslog => '', storePassword => '0',
timeout => '7200', syslog => '',
userControl => '^[\w\.\-@]+$', timeout => '7200',
userDB => 'LDAP', userControl => '^[\w\.\-@]+$',
useXForwardedForIP => '0', userDB => 'LDAP',
whatToTrace => '$uid', useXForwardedForIP => '0',
whatToTrace => '$uid',
######## ########
# SAML # # SAML #
######## ########
@ -1008,10 +1092,14 @@ sub defaultConf {
sub subDefaultConf { sub subDefaultConf {
return { return {
locationRules => { default => 'deny' }, locationRules => { default => 'deny' },
exportedHeaders => { 'Auth-User' => '$uid' }, exportedHeaders => { 'Auth-User' => '$uid' },
samlIDPMetaDataXML => { {} }, remoteGlobalStorageOptions => {
samlIDPMetaDataExportedAttributes => { 'uid' => '0;uid;;' }, 'proxy' => 'https://remote/index.pl/sessions',
'ns' => 'https://remote/Lemonldap/NG/Common/CGI/SOAPService',
},
samlIDPMetaDataXML => { {} },
samlIDPMetaDataExportedAttributes => { 'uid' => '0;uid;;' },
samlIDPMetaDataOptions => { samlIDPMetaDataOptions => {
'samlIDPMetaDataOptionsNameIDFormat' => '', 'samlIDPMetaDataOptionsNameIDFormat' => '',
'samlIDPMetaDataOptionsForceAuthn' => '0', 'samlIDPMetaDataOptionsForceAuthn' => '0',