Update lemonldap-ng.ini for new manager
This commit is contained in:
parent
fae7ac1fab
commit
d5bf23a8cf
|
@ -1,99 +1,99 @@
|
|||
#==============================================================================
|
||||
# LemonLDAP::NG local configuration parameters
|
||||
#
|
||||
# This file is dedicated to configuration parameters override
|
||||
# You can set here configuration parameters that will be used only by
|
||||
# local LemonLDAP::NG elements
|
||||
#
|
||||
# Section "all" is always read first before "portal", "handler"
|
||||
# and "manager"
|
||||
#
|
||||
# Section "configuration" is used to load global configuration and set cache
|
||||
# (replace old storage.conf file)
|
||||
#
|
||||
# Section "apply" is read by Manager to reload handlers
|
||||
# (replace old apply.conf file)
|
||||
#
|
||||
# Other section are only read by the specific LemonLDAP::NG component
|
||||
#==============================================================================
|
||||
;==============================================================================
|
||||
; LemonLDAP::NG local configuration parameters
|
||||
;
|
||||
; This file is dedicated to configuration parameters override
|
||||
; You can set here configuration parameters that will be used only by
|
||||
; local LemonLDAP::NG elements
|
||||
;
|
||||
; Section "all" is always read first before "portal", "handler"
|
||||
; and "manager"
|
||||
;
|
||||
; Section "configuration" is used to load global configuration and set cache
|
||||
; (replace old storage.conf file)
|
||||
;
|
||||
; Section "apply" is read by Manager to reload handlers
|
||||
; (replace old apply.conf file)
|
||||
;
|
||||
; Other section are only read by the specific LemonLDAP::NG component
|
||||
;==============================================================================
|
||||
|
||||
[all]
|
||||
|
||||
# CUSTOM FUNCTION
|
||||
# If you want to create customFunctions in rules, declare them here:
|
||||
; CUSTOM FUNCTION
|
||||
; If you want to create customFunctions in rules, declare them here:
|
||||
;customFunctions = function1 function2
|
||||
;customFunctions = Package::func1 Package::func2
|
||||
|
||||
# CROSS-DOMAIN
|
||||
# If you have some handlers that are not registered on the main domain,
|
||||
# uncomment this
|
||||
; CROSS-DOMAIN
|
||||
; If you have some handlers that are not registered on the main domain,
|
||||
; uncomment this
|
||||
;cda = 1
|
||||
|
||||
# SAFE JAIL
|
||||
# Uncomment this to disable Safe jail.
|
||||
# Warning: this can allow malicious code in custom functions or rules
|
||||
; SAFE JAIL
|
||||
; Uncomment this to disable Safe jail.
|
||||
; Warning: this can allow malicious code in custom functions or rules
|
||||
;useSafeJail = 0
|
||||
|
||||
[configuration]
|
||||
|
||||
# GLOBAL CONFIGURATION ACCESS TYPE
|
||||
# (File, SOAP, RDBI/CDBI, LDAP)
|
||||
# Set here the parameters needed to access to LemonLDAP::NG configuration.
|
||||
# You have to set "type" to one of the followings :
|
||||
#
|
||||
# * File: you have to set 'dirName' parameter. Example:
|
||||
#
|
||||
# type = File
|
||||
# dirName = /var/lib/lemonldap-ng/conf
|
||||
#
|
||||
# * JSONFile: you have to set 'dirName' parameter. Example:
|
||||
#
|
||||
# type = JSONFile
|
||||
# dirName = /var/lib/lemonldap-ng/conf
|
||||
#
|
||||
# * RDBI/CDBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword'
|
||||
# if needed. Example:
|
||||
#
|
||||
# type = RDBI
|
||||
# ;type = CDBI
|
||||
# dbiChain = DBI:mysql:database=lemonldap-ng;host=1.2.3.4
|
||||
# dbiUser = lemonldap
|
||||
# dbiPassword = password
|
||||
#
|
||||
# * SOAP: SOAP configuration access is a sort of proxy: the portal is
|
||||
# configured to use the real session storage type (DBI or File for
|
||||
# example).
|
||||
# You have to set 'proxy' parameter. Example:
|
||||
#
|
||||
# type = SOAP
|
||||
# proxy = https://auth.example.com/index.pl/config
|
||||
# proxyOptions = { timeout => 5 }
|
||||
# User = lemonldap
|
||||
# Password = mypassword
|
||||
#
|
||||
# * LDAP: you have to set ldapServer, ldapConfBranch, ldapBindDN and ldapBindPassword.
|
||||
#
|
||||
# type = LDAP
|
||||
# ldapServer = ldap://localhost
|
||||
# ldapConfBase = ou=conf,ou=applications,dc=example,dc=com
|
||||
# ldapBindDN = cn=manager,dc=example,dc=com
|
||||
# ldapBindPassword = secret
|
||||
; GLOBAL CONFIGURATION ACCESS TYPE
|
||||
; (File, SOAP, RDBI/CDBI, LDAP)
|
||||
; Set here the parameters needed to access to LemonLDAP::NG configuration.
|
||||
; You have to set "type" to one of the followings :
|
||||
;
|
||||
; * File: you have to set 'dirName' parameter. Example:
|
||||
;
|
||||
; type = File
|
||||
; dirName = /var/lib/lemonldap-ng/conf
|
||||
;
|
||||
; * JSONFile: you have to set 'dirName' parameter. Example:
|
||||
;
|
||||
; type = JSONFile
|
||||
; dirName = /var/lib/lemonldap-ng/conf
|
||||
;
|
||||
; * RDBI/CDBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword'
|
||||
; if needed. Example:
|
||||
;
|
||||
; type = RDBI
|
||||
; ;type = CDBI
|
||||
; dbiChain = DBI:mysql:database=lemonldap-ng;host=1.2.3.4
|
||||
; dbiUser = lemonldap
|
||||
; dbiPassword = password
|
||||
;
|
||||
; * SOAP: SOAP configuration access is a sort of proxy: the portal is
|
||||
; configured to use the real session storage type (DBI or File for
|
||||
; example).
|
||||
; You have to set 'proxy' parameter. Example:
|
||||
;
|
||||
; type = SOAP
|
||||
; proxy = https://auth.example.com/index.pl/config
|
||||
; proxyOptions = { timeout => 5 }
|
||||
; User = lemonldap
|
||||
; Password = mypassword
|
||||
;
|
||||
; * LDAP: you have to set ldapServer, ldapConfBranch, ldapBindDN and ldapBindPassword.
|
||||
;
|
||||
; type = LDAP
|
||||
; ldapServer = ldap://localhost
|
||||
; ldapConfBase = ou=conf,ou=applications,dc=example,dc=com
|
||||
; ldapBindDN = cn=manager,dc=example,dc=com
|
||||
; ldapBindPassword = secret
|
||||
type=File
|
||||
dirName=/var/lib/lemonldap-ng/conf
|
||||
|
||||
# LOCAL CACHE CONFIGURATION
|
||||
#
|
||||
# To increase performances, use a local cache for the configuration. You have
|
||||
# to choose a Cache::Cache module and set its parameters. Example:
|
||||
#
|
||||
# localStorage = Cache::FileCache
|
||||
# localStorageOptions={ \
|
||||
# 'namespace' => 'lemonldap-ng-config',\
|
||||
# 'default_expires_in' => 600, \
|
||||
# 'directory_umask' => '007', \
|
||||
# 'cache_root' => '/tmp', \
|
||||
# 'cache_depth' => 0, \
|
||||
# }
|
||||
; LOCAL CACHE CONFIGURATION
|
||||
;
|
||||
; To increase performances, use a local cache for the configuration. You have
|
||||
; to choose a Cache::Cache module and set its parameters. Example:
|
||||
;
|
||||
; localStorage = Cache::FileCache
|
||||
; localStorageOptions={ \
|
||||
; 'namespace' => 'lemonldap-ng-config',\
|
||||
; 'default_expires_in' => 600, \
|
||||
; 'directory_umask' => '007', \
|
||||
; 'cache_root' => '/tmp', \
|
||||
; 'cache_depth' => 0, \
|
||||
; }
|
||||
localStorage=Cache::FileCache
|
||||
localStorageOptions={ \
|
||||
'namespace' => 'lemonldap-ng-config',\
|
||||
|
@ -105,149 +105,149 @@ localStorageOptions={ \
|
|||
|
||||
[portal]
|
||||
|
||||
# PERFORMANCES
|
||||
# By setting useLocalConf, Portal will use only local cached configuration
|
||||
# To refresh it, you must have an handler on the same server or you have to
|
||||
# restart your server. This increase performances
|
||||
; PERFORMANCES
|
||||
; By setting useLocalConf, Portal will use only local cached configuration
|
||||
; To refresh it, you must have an handler on the same server or you have to
|
||||
; restart your server. This increase performances
|
||||
;useLocalConf = 1
|
||||
|
||||
# PORTAL CUSTOMIZATION
|
||||
# Name of the skin
|
||||
; PORTAL CUSTOMIZATION
|
||||
; Name of the skin
|
||||
;portalSkin = pastel
|
||||
# Modules displayed
|
||||
; Modules displayed
|
||||
;portalDisplayLogout = 1
|
||||
;portalDisplayResetPassword = 1
|
||||
;portalDisplayChangePassword = 1
|
||||
;portalDisplayAppslist = 1
|
||||
;portalDisplayLoginHistory = 1
|
||||
# Allow password autocompletion (passwords stored in user web browsers)
|
||||
; Allow password autocompletion (passwords stored in user web browsers)
|
||||
;portalAutocomplete = 1
|
||||
# Require the old password when changing password
|
||||
; Require the old password when changing password
|
||||
;portalRequireOldPassword = 1
|
||||
# Attribute displayed as connected user
|
||||
; Attribute displayed as connected user
|
||||
;portalUserAttr = mail
|
||||
# Old menu HTML code
|
||||
# Enable it if you use old templates
|
||||
; Old menu HTML code
|
||||
; Enable it if you use old templates
|
||||
;useOldMenuItems=1
|
||||
# Override error codes
|
||||
; Override error codes
|
||||
;error_0 = You are well authenticated!
|
||||
# Custom template parameters
|
||||
# For example to use <TMPL_VAR NAME="myparam">
|
||||
; Custom template parameters
|
||||
; For example to use <TMPL_VAR NAME="myparam">
|
||||
;tpl_myparam = test
|
||||
|
||||
# LOG
|
||||
# By default, all is logged in Apache file. To log user actions by
|
||||
# syslog, just set syslog facility here:
|
||||
; LOG
|
||||
; By default, all is logged in Apache file. To log user actions by
|
||||
; syslog, just set syslog facility here:
|
||||
;syslog = auth
|
||||
# SOAP FUNCTIONS
|
||||
# Remove comment to activate SOAP Functions getCookies(user,pwd) and
|
||||
# error(language, code)
|
||||
; SOAP FUNCTIONS
|
||||
; Remove comment to activate SOAP Functions getCookies(user,pwd) and
|
||||
; error(language, code)
|
||||
;Soap = 1
|
||||
# Note that getAttibutes() will be activated but on a different URI
|
||||
# (http://auth.example.com/index.pl/sessions)
|
||||
# You can also restrict attributes and macros exported by getAttributes
|
||||
; Note that getAttibutes() will be activated but on a different URI
|
||||
; (http://auth.example.com/index.pl/sessions)
|
||||
; You can also restrict attributes and macros exported by getAttributes
|
||||
;exportedAttr = uid mail
|
||||
|
||||
# PASSWORD POLICY
|
||||
# Remove comment to use LDAP Password Policy
|
||||
; PASSWORD POLICY
|
||||
; Remove comment to use LDAP Password Policy
|
||||
;ldapPpolicyControl = 1
|
||||
# Remove comment to store password in session (use with caution)
|
||||
; Remove comment to store password in session (use with caution)
|
||||
;storePassword = 1
|
||||
# Remove comment to use LDAP modify password extension
|
||||
# (beware of compatibility with LDAP Password Policy)
|
||||
; Remove comment to use LDAP modify password extension
|
||||
; (beware of compatibility with LDAP Password Policy)
|
||||
;ldapSetPassword = 1
|
||||
# RESET PASSWORD BY MAIL
|
||||
# SMTP server (default to localhost), set to '' to use default mail service
|
||||
; RESET PASSWORD BY MAIL
|
||||
; SMTP server (default to localhost), set to '' to use default mail service
|
||||
;SMTPServer = localhost
|
||||
# SMTP auth user
|
||||
; SMTP auth user
|
||||
;SMTPAuthUser = toto
|
||||
# SMTP auth password
|
||||
; SMTP auth password
|
||||
;SMTPAuthPass = secret
|
||||
# Mail From address
|
||||
; Mail From address
|
||||
;mailFrom = noreply@test.com
|
||||
# Reply To
|
||||
; Reply To
|
||||
;mailReplyTo = noreply@test.com
|
||||
# Mail confirmation URL
|
||||
; Mail confirmation URL
|
||||
;mailUrl = http://reset.example.com
|
||||
# Mail subject for confirmation message
|
||||
; Mail subject for confirmation message
|
||||
;mailConfirmSubject = [LemonLDAP::NG] Password reset confirmation
|
||||
# Mail body for confiramtion (can use $url for confirmation URL, and other session
|
||||
# infos, like $cn). Keep comment to use HTML templates
|
||||
; Mail body for confiramtion (can use $url for confirmation URL, and other session
|
||||
; infos, like $cn). Keep comment to use HTML templates
|
||||
;mailConfirmBody = Hello $cn,\n\nClick here to receive your new password: $url
|
||||
# Mail subject for new password message
|
||||
; Mail subject for new password message
|
||||
;mailSubject = [LemonLDAP::NG] Your new password
|
||||
# Mail body for new password (can use $password for generated password, and other session
|
||||
# infos, like $cn). Keep comment to use HTML templates
|
||||
; Mail body for new password (can use $password for generated password, and other session
|
||||
; infos, like $cn). Keep comment to use HTML templates
|
||||
;mailBody = Hello $cn,\n\nYour new password is $password
|
||||
# LDAP filter to use
|
||||
; LDAP filter to use
|
||||
;mailLDAPFilter = '(&(mail=$mail)(objectClass=inetOrgPerson))'
|
||||
# Random regexp for password generation
|
||||
; Random regexp for password generation
|
||||
;randomPasswordRegexp = [A-Z]{3}[a-z]{5}.\d{2}
|
||||
# LDAP GROUPS
|
||||
# Set the base DN of your groups branch
|
||||
; LDAP GROUPS
|
||||
; Set the base DN of your groups branch
|
||||
;ldapGroupBase = ou=groups,dc=example,dc=com
|
||||
# Objectclass used by groups
|
||||
; Objectclass used by groups
|
||||
;ldapGroupObjectClass = groupOfUniqueNames
|
||||
# Attribute used by groups to store member
|
||||
; Attribute used by groups to store member
|
||||
;ldapGroupAttributeName = uniqueMember
|
||||
# Attribute used by user to link to groups
|
||||
; Attribute used by user to link to groups
|
||||
;ldapGroupAttributeNameUser = dn
|
||||
# Attribute used to identify a group. The group will be displayed as
|
||||
# cn|mail|status, where cn, mail and status will be replaced by their
|
||||
# values.
|
||||
; Attribute used to identify a group. The group will be displayed as
|
||||
; cn|mail|status, where cn, mail and status will be replaced by their
|
||||
; values.
|
||||
;ldapGroupAttributeNameSearch = cn mail
|
||||
|
||||
# NOTIFICATIONS SERVICE
|
||||
# Use it to be able to notify messages during authentication
|
||||
; NOTIFICATIONS SERVICE
|
||||
; Use it to be able to notify messages during authentication
|
||||
;notification = 1
|
||||
# Note that the SOAP function newNotification will be activated on
|
||||
# http://auth.example.com/index.pl/notification
|
||||
# If you want to hide this, just protect "/index.pl/notification" in
|
||||
# your Apache configuration file
|
||||
# XSS protection bypass
|
||||
# By default, the portal refuse redirections that comes from sites not
|
||||
# registered in the configuration (manager) except for those coming
|
||||
# from trusted domains. By default, trustedDomains contains the domain
|
||||
# declared in the manager. You can set trustedDomains to empty value so
|
||||
# that, undeclared sites will be rejected. You can also set here a list
|
||||
# of trusted domains or hosts separated by spaces. This is usefull if
|
||||
# your website use LemonLDAP::NG without handler with SOAP functions.
|
||||
; Note that the SOAP function newNotification will be activated on
|
||||
; http://auth.example.com/index.pl/notification
|
||||
; If you want to hide this, just protect "/index.pl/notification" in
|
||||
; your Apache configuration file
|
||||
; XSS protection bypass
|
||||
; By default, the portal refuse redirections that comes from sites not
|
||||
; registered in the configuration (manager) except for those coming
|
||||
; from trusted domains. By default, trustedDomains contains the domain
|
||||
; declared in the manager. You can set trustedDomains to empty value so
|
||||
; that, undeclared sites will be rejected. You can also set here a list
|
||||
; of trusted domains or hosts separated by spaces. This is usefull if
|
||||
; your website use LemonLDAP::NG without handler with SOAP functions.
|
||||
;trustedDomains = my.trusted.host example2.com
|
||||
|
||||
# Check XSS
|
||||
# Set to 0 to disable error on XSS attack detection
|
||||
; Check XSS
|
||||
; Set to 0 to disable error on XSS attack detection
|
||||
;checkXSS = 0
|
||||
|
||||
[handler]
|
||||
|
||||
# Handler cache configuration
|
||||
# You can overwrite here local session cache settings in manager:
|
||||
# localSessionStorage=Cache::FileCache
|
||||
# localSessionStorageOptions={ \
|
||||
# 'namespace' => 'lemonldap-ng-sessions', \
|
||||
# 'default_expires_in' => 600, \
|
||||
# 'directory_umask' => '007', \
|
||||
# 'cache_root' => '/tmp', \
|
||||
# 'cache_depth' => 3, \
|
||||
# }
|
||||
; Handler cache configuration
|
||||
; You can overwrite here local session cache settings in manager:
|
||||
; localSessionStorage=Cache::FileCache
|
||||
; localSessionStorageOptions={ \
|
||||
; 'namespace' => 'lemonldap-ng-sessions', \
|
||||
; 'default_expires_in' => 600, \
|
||||
; 'directory_umask' => '007', \
|
||||
; 'cache_root' => '/tmp', \
|
||||
; 'cache_depth' => 3, \
|
||||
; }
|
||||
|
||||
# Set https to 1 if your handler protect a https website (used only for
|
||||
# redirections to the portal)
|
||||
; Set https to 1 if your handler protect a https website (used only for
|
||||
; redirections to the portal)
|
||||
;https = 0
|
||||
# Set port if your your hanlder protect a website on a non standard port
|
||||
# - 80 for http, 443 for https (used only for redirections to the portal)
|
||||
; Set port if your your hanlder protect a website on a non standard port
|
||||
; - 80 for http, 443 for https (used only for redirections to the portal)
|
||||
;port = 8080
|
||||
# Set status to 1 if you want to have the report of activity (used for
|
||||
# example to inform MRTG)
|
||||
; Set status to 1 if you want to have the report of activity (used for
|
||||
; example to inform MRTG)
|
||||
status = 0
|
||||
# Set useRedirectOnForbidden to 1 if you want to use REDIRECT and not FORBIDDEN
|
||||
# when a user is not allowed by Handler
|
||||
; Set useRedirectOnForbidden to 1 if you want to use REDIRECT and not FORBIDDEN
|
||||
; when a user is not allowed by Handler
|
||||
;useRedirectOnForbidden = 1
|
||||
# Hide LemonLDAP::NG Handler in Apache Server Signature
|
||||
; Hide LemonLDAP::NG Handler in Apache Server Signature
|
||||
;hideSignature = 1
|
||||
useRedirectOnError = 1
|
||||
|
||||
# Zimbra Handler parameters
|
||||
; Zimbra Handler parameters
|
||||
;zimbraPreAuthKey = XXXX
|
||||
;zimbraAccountKey = uid
|
||||
;zimbraBy =id
|
||||
|
@ -256,32 +256,31 @@ useRedirectOnError = 1
|
|||
|
||||
[manager]
|
||||
|
||||
# Manager protection: by default, the manager is protected by a demo account.
|
||||
# You can protect it :
|
||||
# * by Apache itself,
|
||||
# * by the parameter 'protection' which can take one of the following
|
||||
# values :
|
||||
# * authenticate : all authenticated users can access
|
||||
# * manager : manager is protected like other virtual hosts: you
|
||||
# have to set rules in the corresponding virtual host
|
||||
# * rule: <rule> : you can set here directly the rule to apply
|
||||
# * none : no protection
|
||||
protection = manager
|
||||
; Manager protection: by default, the manager is protected by a demo account.
|
||||
; You can protect it :
|
||||
; * by Apache itself,
|
||||
; * by the parameter 'protection' which can take one of the following
|
||||
; values :
|
||||
; * authenticate : all authenticated users can access
|
||||
; * manager : manager is protected like other virtual hosts: you
|
||||
; have to set rules in the corresponding virtual host
|
||||
; * rule: <rule> : you can set here directly the rule to apply
|
||||
; * none : no protection
|
||||
protection = manager
|
||||
|
||||
# When using "SetHandler cgi-script" instead of using ModPerl::Registry,
|
||||
# Apache LogLevel parameter does not work for LemonLDAP::NG debugging.
|
||||
# Use one of the following to modify error output:
|
||||
;hideLogLevels = debug|info
|
||||
;hideLogLevels = debug
|
||||
;hideLogLevels =
|
||||
; logLevel. Set here one of error, warn, notice, info or debug
|
||||
logLevel = warn
|
||||
|
||||
[sessionsExplorer]
|
||||
; staticPrefix: relative (or URL) location of static HTML components
|
||||
staticPrefix = __MANAGERSTATICPREFIX__
|
||||
;
|
||||
; location of HTML templates directory
|
||||
templateDir = __MANAGERTEMPLATESDIR__
|
||||
|
||||
# Sessions explorer inherits from manager section. You can override here
|
||||
# some parameters like 'protection'
|
||||
;protection = authenticate
|
||||
; languages: available languages for manager interface
|
||||
languages = fr, en
|
||||
|
||||
[apply]
|
||||
|
||||
# Configuration reload URLS defined in manager can be overridden here
|
||||
; Configuration reload URLS defined in manager can be overridden here
|
||||
;reload.__DNSDOMAIN__ = http://reload.__DNSDOMAIN__/reload
|
||||
|
|
Loading…
Reference in New Issue
Block a user