From cb71f77f4d3471e2dc20327d4462705faaff865a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= Date: Thu, 28 Jan 2010 17:39:34 +0000 Subject: [PATCH] Portal: move configuration documentation from script to ini file --- build/lemonldap-ng/Makefile | 10 +- modules/lemonldap-ng-common/lemonldap-ng.ini | 104 ++++++++++++++++- .../lemonldap-ng-portal/example/index_skin.pl | 108 ------------------ 3 files changed, 102 insertions(+), 120 deletions(-) diff --git a/build/lemonldap-ng/Makefile b/build/lemonldap-ng/Makefile index a71f1146e..000eddd87 100644 --- a/build/lemonldap-ng/Makefile +++ b/build/lemonldap-ng/Makefile @@ -257,7 +257,6 @@ install_site: install_manager_site install_portal_site install_handler_site inst @echo "3 - Run 'make postconf' as root to update /etc/hosts" if your DNS service does not known auth.$(DNSDOMAIN) and manager.$(DNSDOMAIN) @echo @echo "4 - Use the manager at http://manager.${DNSDOMAIN}/ (after Apache restart) to modify LemonLDAP::NG configuration." - @echo " Edit ${RCONFDIR}/apps/apps-list.xml to modify the menu." @echo @echo "5 - Try to connect to http://test1.${DNSDOMAIN}/ or http://test2.${DNSDOMAIN}/" @if [ ! "$(APACHEUSER)" ]; then \ @@ -317,11 +316,6 @@ install_portal_site: install_conf_dir ln -s $(PORTALSKINSDIR)/$$skin $(RPORTALDIR)/skins/$$skin; \ done; \ fi - # Applications list install if erase configuration is needed - @if [ "$(ERASECONFIG)" -eq "1" ]; then \ - cp --remove-destination _example/etc/apps-list* $(RCONFDIR); \ - fi - @$(PERL) -i -pe 's/__DNSDOMAIN__/$(DNSDOMAIN)/g' $(RCONFDIR)/apps-list.xml # L-A portal install @cp -pR --remove-destination ${SRCPORTALDIR}/example/AuthLA/* $(RLASPPORTALDIR) @$(PERL) -i -pe 's#__DIR__#$(LASPPORTALDIR)/#g' $(RLASPPORTALDIR)/index.pl @@ -361,9 +355,7 @@ install_examples_site: $(REXAMPLESDIR)/manager/images \ @rm -rf $$(find $(REXAMPLESDIR) -type d -name .svn) @$(PERL) -i -pe 's#__DIR__#$(LASPPORTALDIR)#g' $(REXAMPLESDIR)/portal/AuthLA/index.pl - @$(PERL) -i -pe 's#__SKINDIR__#$(PORTALDIR)/skins#; \ - s#__APPSXMLFILE__#$(CONFDIR)/apps-list.xml#; \ - s#__SESSIONDIR__#$(APACHESESSIONFILEDIR)/#g;' $(REXAMPLESDIR)/portal/*.pl + @$(PERL) -i -pe 's#__SESSIONDIR__#$(APACHESESSIONFILEDIR)/#g;' $(REXAMPLESDIR)/portal/*.pl install_doc_site: @install -v -d $(RDOCDIR) diff --git a/modules/lemonldap-ng-common/lemonldap-ng.ini b/modules/lemonldap-ng-common/lemonldap-ng.ini index 08a071b45..492667e40 100644 --- a/modules/lemonldap-ng-common/lemonldap-ng.ini +++ b/modules/lemonldap-ng-common/lemonldap-ng.ini @@ -18,7 +18,15 @@ #============================================================================== [all] -;cda = 1 +# CUSTOM FUNCTION +# If you want to create customFunctions in rules, declare them here: +;customFunctions => 'function1 function2', +;customFunctions => 'Package::func1 Package::func2', + +# CROSS-DOMAIN +# If you have some handlers that are not registered on the main domain, +# uncomment this +;cda => 1, [configuration] # GLOBAL CONFIGURATION ACCESS TYPE @@ -57,6 +65,7 @@ # ldapConfBase = ou=conf,ou=applications,dc=example,dc=com # ldapBindDN = cn=manager,dc=example,dc=com # ldapBindPassword = secret + type = File dirName = /var/lib/lemonldap-ng/conf @@ -72,8 +81,97 @@ localStorage = Cache::FileCache localStorageOptions = { 'namespace' => 'MyNamespace', 'default_expires_in' => 600, 'directory_umask' => '007', 'cache_root' => '/tmp', 'cache_depth' => 5, } [portal] -portalDisplayResetPassword = 0 -notifyDeleted = 1 +# PORTAL CUSTOMIZATION +# Name of the skin +;portalSkin = pastel +# Modules displayed +;portalDisplayLogout = 1 +;portalDisplayResetPassword = 1 +;portalDisplayChangePassword = 1 +;portalDisplayAppslist => 1 +# Allow password autocompletion (passwords stored in user web browsers) +;portalAutocomplete = 1 +# Require the old password when changing password +;portalRequireOldPassword = 1 +# Attribute displayed as connected user +;portalUserAttr => "mail", + +# LOG +# By default, all is logged in Apache file. To log user actions by +# syslog, just set syslog facility here: +;syslog = auth + +# SOAP FUNCTIONS +# Remove comment to activate SOAP Functions getCookies(user,pwd) and +# error(language, code) +;Soap = 1 +# Note that getAttibutes() will be activated but on a different URI +# (http://auth.example.com/index.pl/sessions) +# You can also restrict attributes and macros exported by getAttributes +;exportedAttr => uid mail + +# PASSWORD POLICY +# Remove comment to use LDAP Password Policy +;ldapPpolicyControl = 1 +# Remove comment to store password in session (use with caution) +;storePassword = 1 +# Remove comment to use LDAP modify password extension +# (beware of compatibility with LDAP Password Policy) +;ldapSetPassword = 1 + +# RESET PASSWORD BY MAIL +# SMTP server (default to localhost), set to '' to use default mail service +;SMTPServer = localhost +# Mail From address +;mailFrom = noreply@test.com +# Mail confirmation URL +;mailUrl = http://reset.example.com +# Mail subject for confirmation message +;mailConfirmSubject = [LemonLDAP::NG] Password reset confirmation +# Mail body for confiramtion (can use $url for confirmation URL, and other session +# infos, like $cn). Keep comment to use HTML templates +;mailConfirmBody = Hello $cn,\n\nClick here to receive your new password: $url +# Mail subject for new password message +;mailSubject = [LemonLDAP::NG] Your new password +# Mail body for new password (can use $password for generated password, and other session +# infos, like $cn). Keep comment to use HTML templates +;mailBody = Hello $cn,\n\nYour new password is $password +# LDAP filter to use +;mailLDAPFilter = '(&(mail=$mail)(objectClass=inetOrgPerson))' +# Random regexp for password generation +;randomPasswordRegexp = [A-Z]{3}[a-z]{5}.\d{2} + +# LDAP GROUPS +# Set the base DN of your groups branch +;ldapGroupBase = ou=groups,dc=example,dc=com +# Objectclass used by groups +;ldapGroupObjectClass = groupOfUniqueNames +# Attribute used by groups to store member +;ldapGroupAttributeName = uniqueMember +# Attribute used by user to link to groups +;ldapGroupAttributeNameUser = dn +# Attribute used to identify a group. The group will be displayed as +# cn|mail|status, where cn, mail and status will be replaced by their +# values. +;ldapGroupAttributeNameSearch = ['cn'] + +# NOTIFICATIONS SERVICE +# Use it to be able to notify messages during authentication +;notification = 1 +# Note that the SOAP function newNotification will be activated on +# http://auth.example.com/index.pl/notification +# If you want to hide this, just protect "/index.pl/notification" in +# your Apache configuration file + +# XSS protection bypass +# By default, the portal refuse redirections that comes from sites not +# registered in the configuration (manager) except for those coming +# from trusted domains. By default, trustedDomains contains the domain +# declared in the manager. You can set trustedDomains to empty value so +# that, undeclared sites will be rejected. You can also set here a list +# of trusted domains or hosts separated by spaces. This is usefull if +# your website use Lemonldap::NG without handler with SOAP functions. +;trustedDomains => 'my.trusted.host example2.com', [handler] https = 0 diff --git a/modules/lemonldap-ng-portal/example/index_skin.pl b/modules/lemonldap-ng-portal/example/index_skin.pl index 9eafc6b37..5450b850b 100755 --- a/modules/lemonldap-ng-portal/example/index_skin.pl +++ b/modules/lemonldap-ng-portal/example/index_skin.pl @@ -21,113 +21,6 @@ my $portal = Lemonldap::NG::Portal::SharedConf->new( # Note that YOU HAVE TO SET configStorage here if you've declared this # portal as SOAP configuration server in the manager - # PORTAL CUSTOMIZATION - # * Skin - # portalSkin => 'pastel', - # * Modules displayed - # portalDisplayLogout => 1, - # portalDisplayResetPassword => 1, - # portalDisplayChangePassword => 1, - # portalDisplayAppslist => 1, - # * Allow password autocompletion - # (passwords stored in user web browsers) - # portalAutocomplete => "on", - # * Require the old password when changing password - # portalRequireOldPassword => 1, - # * Attribute displayed as connected user - # portalUserAttr => "mail", - - # LOG - # By default, all is logged in Apache file. To log user actions by - # syslog, just set syslog facility here: - #syslog => 'auth', - - # SOAP FUNCTIONS - # Remove comment to activate SOAP Functions getCookies(user,pwd) and - # error(language, code) - Soap => 1, - - # Note that getAttibutes() will be activated but on a different URI - # (http://auth.example.com/index.pl/sessions) - # You can also restrict attributes and macros exported by getAttributes - #exportedAttr => 'uid mail', - - # PASSWORD POLICY - # Remove comment to use LDAP Password Policy - #ldapPpolicyControl => 1, - - # Remove comment to store password in session (use with caution) - #storePassword => 1, - - # Remove comment to use LDAP modify password extension - # (beware of compatibility with LDAP Password Policy) - #ldapSetPassword => 1, - - # RESET PASSWORD BY MAIL - # SMTP server (default to localhost), set to '' to use default mail - # service - #SMTPServer => "localhost", - - # Mail From address - #mailFrom => "noreply@test.com", - - # Mail subject - #mailSubject => "Password reset", - - # Mail body (can use $password for generated password, and other session - # infos, like $cn) - #mailBody => 'Hello $cn,\n\nYour new password is $password', - - # LDAP filter to use - #mailLDAPFilter => '(&(mail=$mail)(objectClass=inetOrgPerson))', - - # Random regexp - #randomPasswordRegexp => '[A-Z]{3}[a-z]{5}.\d{2}', - - # LDAP GROUPS - # Set the base DN of your groups branch - #ldapGroupBase => 'ou=groups,dc=example,dc=com', - # Objectclass used by groups - #ldapGroupObjectClass => 'groupOfUniqueNames', - # Attribute used by groups to store member - #ldapGroupAttributeName => 'uniqueMember', - # Attribute used by user to link to groups - #ldapGroupAttributeNameUser => 'dn', - # Attribute used to identify a group. The group will be displayed as - # cn|mail|status, where cn, mail and status will be replaced by their - # values. - #ldapGroupAttributeNameSearch => ['cn'], - - # CUSTOM FUNCTION - # If you want to create customFunctions in rules, declare them here: - #customFunctions => 'function1 function2', - #customFunctions => 'Package::func1 Package::func2', - - # NOTIFICATIONS SERVICE - # Use it to be able to notify messages during authentication - #notification => 1, - # Note that the SOAP function newNotification will be activated on - # http://auth.example.com/index.pl/notification - # If you want to hide this, just protect "/index.pl/notification" in - # your Apache configuration file - - # CROSS-DOMAIN - # If you have some handlers that are not registered on the main domain, - # uncomment this - #cda => 1, - - # XSS protection bypass - # By default, the portal refuse redirections that comes from sites not - # registered in the configuration (manager) except for those coming - # from trusted domains. By default, trustedDomains contains the domain - # declared in the manager. You can set trustedDomains to empty value so - # that, undeclared sites will be rejected. You can also set here a list - # of trusted domains or hosts separated by spaces. This is usefull if - # your website use Lemonldap::NG without handler with SOAP functions. - # Exemples : - #trustedDomains => 'my.trusted.host example2.com', - #trustedDomains => '', - # OTHERS # You can also overload any parameter issued from manager # configuration. Example: @@ -138,7 +31,6 @@ my $portal = Lemonldap::NG::Portal::SharedConf->new( #}, # Note that YOU HAVE TO SET globalStorage here if you've declared this # portal as SOAP session server in the manager - #}, } );