Merge branch 'master' into manager-SFA-module

This commit is contained in:
Christophe Maudoux 2018-03-14 22:09:45 +01:00
commit e3b839ee95
33 changed files with 188 additions and 125 deletions

View File

@ -13,7 +13,7 @@ Copyright: 2005-2018, Xavier Guimard <x.guimard@free.fr>
2012-2015, David Coutadeur <david.coutadeur@gmail.com>
2018, Christophe Maudoux <chrmdx@gmail.com>
2006-2015, LINAGORA <info@linagora.com>
2015-2017, Savoir-faire Linux <contac@savoirfairelinux.com>
2015-2018, Savoir-faire Linux <contac@savoirfairelinux.com>
License: GPL-2+
Files: lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/PAM.pm

12
RELEASE
View File

@ -21,16 +21,22 @@ Before release
--------------
- Update documentation:
$ make documentation
$ ./script/parameters-for-wiki.pl >/tmp/prmlist.txt
Replace https://lemonldap-ng.org/documentation/X.X/parameterlist by
/tmp/prmlist.txt content
$ make documentation
- Translate documentation
$ make fr-doc
$ make fr-doc
- Update debian/changelog
launch just `dch -r` and force save (":w" and ot ":x")
- Check Debian packages quality
$ cme check dpkg
$ cme check dpkg
For minor release
-----------------

View File

@ -1,3 +1,4 @@
* Minimal authn level system (choice only)
* (2ndF/OTP mail)
* Combination/Choice for password (using session data)

View File

@ -46,7 +46,7 @@ Log : $conf->{cfgLog}
sub updateCache {
my $self = shift;
my $conf = $self->confAccess->getConf( { noCache => 1, raw => 1 } );
my $conf = $self->confAccess->getConf( { noCache => 2 } );
die "Must not be launched as root" unless ($>);
print STDERR
qq{Cache updated to configuration $conf->{cfgNum} for user $>\n};

View File

@ -200,7 +200,7 @@ sub getConf {
# Store modified configuration in cache
$self->setLocalConf($r)
if ( $self->{refLocalStorage}
and not( $args->{noCache} or $args->{raw} ) );
and not( $args->{noCache} == 1 or $args->{raw} ) );
}
}

View File

@ -211,7 +211,7 @@ sub virtualHosts {
}
return $self->sendJSONresponse( $req, $resp );
}
elsif ( $query =~ /^vhost(?:(?:Aliase|Http)s|Maintenance|Port|Type)$/ ) {
elsif ( $query =~ qr/^$virtualHostKeys$/o ) {
$self->logger->debug("Query for $vh/$query key");
# TODO: verify how this is done actually

View File

@ -98,10 +98,11 @@ sub unserialize {
unless ( utf8::is_utf8($v) ) {
$v = encode( 'UTF-8', $v );
}
$conf->{$k} =
( $v =~ /./
$conf->{$k} = (
$v =~ /./
? eval { from_json( $v, { allow_nonref => 1 } ) }
: {} );
: {}
);
if ($@) {
$Lemonldap::NG::Common::Conf::msg .=
"Unable to decode $k, switching to old format.\n";

View File

@ -93,7 +93,7 @@ sub statusInit {
open STDOUT, ">&$fdout";
my $perl_exec = ( $^X =~ /perl/ ) ? $^X : 'perl';
exec $perl_exec, '-MLemonldap::NG::Handler::Lib::Status',
map( {"-I$_"} @INC ),
map( { "-I$_" } @INC ),
'-e &Lemonldap::NG::Handler::Lib::Status::run()';
}
}

View File

@ -84,14 +84,18 @@ sub init {
my $portal = $conf->{portal};
$portal =~ s#https?://([^/]*).*#$1#;
$self->csp(
"default-src 'self' $portal;frame-ancestors 'none';form-action 'self';"
"default-src 'self' $portal;frame-ancestors 'none';form-action 'self';"
);
$self->defaultRoute( $working[0]->defaultRoute );
# Find out more glyphicones at https://www.w3schools.com/icons/bootstrap_icons_glyphicons.asp
my $linksIcons =
{ 'conf' => 'cog', 'sessions' => 'duplicate', 'notifications' => 'bell', '2ndFA' => 'wrench' };
my $linksIcons = {
'conf' => 'cog',
'sessions' => 'duplicate',
'notifications' => 'bell',
'2ndFA' => 'wrench'
};
$self->links( [] );
for ( my $i = 0 ; $i < @links ; $i++ ) {

View File

@ -62,7 +62,6 @@ sub addRoutes {
$self->{hiddenAttributes} //= "_password";
}
###################
# II. 2FA METHODS #
###################
@ -84,18 +83,17 @@ sub delete2FAKey {
return $self->deleteTOTPKey( $req, $session, $skey );
}
else {
return $self->sendError( $req, undef, 666 );
return $self->sendError( $req, undef, 400 );
}
}
sub add2FAKey {
my ( $self, $req, $session, $skey ) = @_;
my ( $self, $req, $session, $skey ) = @_;
eval 'use Crypt::U2F::Server::Simple';
if ($@) {
$self->error("Can't load U2F library: $@");
return 0;
}
@ -129,7 +127,7 @@ sub sfa {
my $Key = $params->{sessionType};
my $res;
# Case 2: list of sessions
my $whatToTrace = Lemonldap::NG::Handler::PSGI::Main->tsv->{whatToTrace};

View File

@ -227,7 +227,7 @@ sub attributes {
},
localStorageOptions => {
type => 'keyTextContainer',
documentation => 'Local cache',
documentation => 'Local cache parameters',
flags => 'hmp',
},
cfgNum => {
@ -824,7 +824,7 @@ sub attributes {
localSessionStorage => {
type => 'PerlModule',
default => 'Cache::FileCache',
documentation => 'Sessions cache module',
documentation => 'Local sessions cache module',
},
localSessionStorageOptions => {
type => 'keyTextContainer',
@ -1411,8 +1411,12 @@ sub attributes {
},
# CAS IDP
casAttr => { type => 'text', },
casAttributes => { type => 'keyTextContainer', },
casAttr =>
{ type => 'text', documentation => 'Pivot attribute for CAS', },
casAttributes => {
type => 'keyTextContainer',
documentation => 'CAS exported attributes',
},
casAccessControlPolicy => {
type => 'select',
select => [
@ -1423,9 +1427,13 @@ sub attributes {
default => 'none',
documentation => 'CAS access control policy',
},
casStorage => { type => 'PerlModule', },
casStorage => {
type => 'PerlModule',
documentation => 'Apache::Session module to store CAS user data',
},
casStorageOptions => {
type => 'keyTextContainer',
type => 'keyTextContainer',
documentation => 'Apache::Session module parameters',
},
issuerDBCASActivation => {
default => 0,
@ -1444,7 +1452,10 @@ sub attributes {
},
# Partners
casAppMetaDataOptions => { type => 'subContainer', },
casAppMetaDataOptions => {
type => 'subContainer',
documentation => 'Root of CAS app options',
},
casAppMetaDataExportedVars => {
type => 'keyTextContainer',
default => { cn => 'cn', mail => 'mail', uid => 'uid', },
@ -1605,8 +1616,14 @@ sub attributes {
type => 'bool',
documentation => 'SAML force metadata UTF8 conversion',
},
samlStorage => { type => 'PerlModule', },
samlStorageOptions => { type => 'keyTextContainer', },
samlStorage => {
type => 'PerlModule',
documentation => 'Apache::Session module to store SAML user data',
},
samlStorageOptions => {
type => 'keyTextContainer',
documentation => 'Apache::Session module parameters',
},
samlAuthnContextMapPassword => {
type => 'int',
default => 2,
@ -2231,9 +2248,12 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
default => 'find',
documentation => '"deref" param of Net::LDAP::search()',
},
mailLDAPFilter => { type => 'text', },
LDAPFilter => { type => 'text', },
AuthLDAPFilter => { type => 'text', },
mailLDAPFilter =>
{ type => 'text', documentation => 'LDAP filter for mail search' },
LDAPFilter =>
{ type => 'text', documentation => 'Default LDAP filter' },
AuthLDAPFilter =>
{ type => 'text', documentation => 'LDAP filter for auth search' },
ldapGroupRecursive => {
default => 0,
type => 'bool',
@ -2312,7 +2332,10 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
default => { cn => 'cn', mail => 'mail', uid => 'uid', },
documentation => 'CAS exported variables',
},
casSrvMetaDataOptions => { type => 'subContainer', },
casSrvMetaDataOptions => {
type => 'subContainer',
documentation => 'Root of CAS server options',
},
casSrvMetaDataOptionsGateway => { type => 'bool', },
casSrvMetaDataOptionsProxiedServices => {
type => 'keyTextContainer',
@ -2385,7 +2408,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
ns =>
'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService',
},
documentation => 'Demo exported variables',
documentation => 'Apache::Session module parameters',
},
# Proxy
@ -2649,6 +2672,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
{ k => 'Custom', v => 'customModule' },
]
],
documentation => 'Hash list of Choice strings',
},
# Combination
@ -2831,8 +2855,14 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
default => 0,
documentation => 'OpenID Connect allow hybrid flow',
},
oidcStorage => { type => 'PerlModule', },
oidcStorageOptions => { type => 'keyTextContainer', },
oidcStorage => {
type => 'PerlModule',
documentation => 'Apache::Session module to store OIDC user data',
},
oidcStorageOptions => {
type => 'keyTextContainer',
documentation => 'Apache::Session module parameters',
},
# OpenID Connect metadata nodes
oidcOPMetaDataNodes => {

View File

@ -342,16 +342,7 @@ llapp.controller 'TreeCtrl', [
$scope.showModal('prompt.html', name).then ->
n= $scope.result
if n
node = $scope.addTemplateNode n, 'virtualHost'
delete node.nodes[0].cnodes
node.nodes[0].nodes = [
id: "virtualHosts/new__#{n}/locationRules/default",
type: "rule",
title: "default",
comment: "",
re: "default",
data: "deny"
]
$scope.addTemplateNode n, 'virtualHost'
$scope.duplicateVhost = ->
name = if $scope.domain then ".#{$scope.domain.data}" else '.example.com'
@ -398,10 +389,22 @@ llapp.controller 'TreeCtrl', [
title: name
type: type
nodes: templates type, "new__#{name}"
setDefault t.nodes
cs.$modelValue.nodes.push t
cs.expand()
return t
setDefault = (node) ->
for n in node
if n.cnodes and n.default
delete n.cnodes
n._nodes = n.default
if n._nodes
setDefault n._nodes
else if n.default or n.default == 0
n.data = n.default
node
_getAll = (node) ->
d = $q.defer()
d2 = $q.defer()

View File

@ -1,4 +1,4 @@
// Generated by CoffeeScript 1.10.0
// Generated by CoffeeScript 1.12.7
/*
LemonLDAP::NG Manager client
@ -23,7 +23,7 @@ This file contains:
llapp.controller('TreeCtrl', [
'$scope', '$http', '$location', '$q', '$uibModal', '$translator', '$cookies', '$htmlParams', function($scope, $http, $location, $q, $uibModal, $translator, $cookies, $htmlParams) {
var _checkSaveResponse, _download, _getAll, _stoggle, c, id, pathEvent, readError, setHelp;
var _checkSaveResponse, _download, _getAll, _stoggle, c, id, pathEvent, readError, setDefault, setHelp;
$scope.links = window.links;
$scope.menu = $htmlParams.menu;
$scope.menulinks = window.menulinks;
@ -405,21 +405,10 @@ This file contains:
field: 'hostname'
};
return $scope.showModal('prompt.html', name).then(function() {
var n, node;
var n;
n = $scope.result;
if (n) {
node = $scope.addTemplateNode(n, 'virtualHost');
delete node.nodes[0].cnodes;
return node.nodes[0].nodes = [
{
id: "virtualHosts/new__" + n + "/locationRules/default",
type: "rule",
title: "default",
comment: "",
re: "default",
data: "deny"
}
];
return $scope.addTemplateNode(n, 'virtualHost');
}
});
};
@ -479,10 +468,27 @@ This file contains:
type: type,
nodes: templates(type, "new__" + name)
};
setDefault(t.nodes);
cs.$modelValue.nodes.push(t);
cs.expand();
return t;
};
setDefault = function(node) {
var len, n, o;
for (o = 0, len = node.length; o < len; o++) {
n = node[o];
if (n.cnodes && n["default"]) {
delete n.cnodes;
n._nodes = n["default"];
}
if (n._nodes) {
setDefault(n._nodes);
} else if (n["default"] || n["default"] === 0) {
n.data = n["default"];
}
}
return node;
};
_getAll = function(node) {
var d, d2;
d = $q.defer();

File diff suppressed because one or more lines are too long

View File

@ -1,4 +1,4 @@
// Generated by CoffeeScript 1.9.3
// Generated by CoffeeScript 1.12.7
/*
* Session explorer

View File

@ -106,10 +106,11 @@ sub verify {
# Prepare args
my $args;
foreach my $k ( keys %{ $self->{vrfyAttrs} } ) {
$args->{$k} =
( $k eq 'code'
$args->{$k} = (
$k eq 'code'
? $code
: $req->sessionInfo->{ $self->{vrfyAttrs}->{$k} } );
: $req->sessionInfo->{ $self->{vrfyAttrs}->{$k} }
);
}
# Launch REST request

View File

@ -137,24 +137,16 @@ sub selfRegister {
}
);
}
# Get or generate master key
elsif ( $action eq 'unregister' ) {
$self->p->updatePersistentSession( $req,
{ _totp2fSecret => '' }
);
# Get or generate master key
elsif ( $action eq 'unregister' ) {
$self->p->updatePersistentSession( $req, { _totp2fSecret => '' } );
$self->userLogger->notice('TOTP unregistration succeed');
return [ 200, [ 'Content-Type' => 'application/json' ],
['{"result":1}'] ];
}
}
1;

View File

@ -74,18 +74,16 @@ sub run {
return [ 200, [ 'Content-Type' => 'application/json' ], [$challenge] ];
}
if ( $action eq 'unregistration' ) {
$self->p->updatePersistentSession(
$req,
{
_u2fKeyHandle => '',
_u2fUserKey => ''
}
);
$self->userLogger->notice('U2F key unregistration succeed');
return [
200, [ 'Content-Type' => 'application/json' ],
['{"result":1}']
];
$self->p->updatePersistentSession(
$req,
{
_u2fKeyHandle => '',
_u2fUserKey => ''
}
);
$self->userLogger->notice('U2F key unregistration succeed');
return [ 200, [ 'Content-Type' => 'application/json' ],
['{"result":1}'] ];
my $err = Crypt::U2F::Server::Simple::lastError();
$self->userLogger->warn("U2F Unregistration failed: $err");
return $self->p->sendError( $req, $err, 200 );
@ -117,6 +115,7 @@ sub run {
}
my $res =
( $req->datas->{crypter}->authenticationVerify($resp) ? 1 : 0 );
#$self->userLogger->notice("res=$res");
return [
200, [ 'Content-Type' => 'application/json' ],

View File

@ -85,6 +85,7 @@ sub verify {
return $self->fail($req);
}
$self->logger->debug("Get challenge: $challenge");
#eval { $challenge = JSON::from_json($challenge)->{challenge} };
if ( not $req->datas->{crypter}->setChallenge($challenge) ) {
$self->logger->error(

View File

@ -177,8 +177,7 @@ sub try {
# On error, restart authentication with next scheme
if ( $res > PE_OK ) {
$self->logger->info(
qq'Scheme "$name" returned $res, trying next');
$self->logger->info(qq'Scheme "$name" returned $res, trying next');
$req->datas->{dataKeep}->{combinationTry}++;
$req->steps( [ @{ $req->datas->{combinationSteps} } ] );
$req->continue(1);

View File

@ -33,6 +33,13 @@ sub init {
sub extractFormInfo {
my ( $self, $req ) = @_;
if ( $req->datas->{_krbUser} ) {
$self->logger->debug( 'Kerberos ticket already validated for '
. $req->datas->{_krbUser} );
return PE_OK;
}
my $auth = $req->env->{HTTP_AUTHORIZATION};
unless ($auth) {
@ -138,7 +145,7 @@ sub extractFormInfo {
return PE_ERROR;
}
$self->userLogger->notice("$client_name authentified by Kerberos");
$req->{_krbUser} = $client_name;
$req->datas->{_krbUser} = $client_name;
if ( $self->conf->{krbRemoveDomain} ) {
$client_name =~ s/^(.*)@.*$/$1/;
}
@ -157,7 +164,7 @@ sub authLogout {
sub setAuthSessionInfo {
my ( $self, $req ) = @_;
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{krbAuthnLevel};
$req->{sessionInfo}->{_krbUser} = $req->{_krbUser};
$req->{sessionInfo}->{_krbUser} = $req->datas->{_krbUser};
PE_OK;
}

View File

@ -733,7 +733,7 @@ sub extractFormInfo {
my $res = $self->p->deleteSession($req);
return (
$res eq PE_LOGOUT_OK ? PE_SENDRESPONSE : $res );
}
}
]
);

View File

@ -901,7 +901,7 @@ sub token {
unless ($codeSession) {
$self->logger->error("Unable to find OIDC session $code");
$self->p->sendError( $req, 'invalid_request', 400 );
return $self->p->sendError( $req, 'invalid_request', 400 );
}
# Check we have the same redirect_uri value
@ -909,7 +909,7 @@ sub token {
{
$self->userLogger->error( "Provided redirect_uri is different from "
. $codeSession->{redirect_uri} );
$self->p->sendError( $req, 'invalid_request', 400 );
return $self->p->sendError( $req, 'invalid_request', 400 );
}
# Get user identifier
@ -921,7 +921,7 @@ sub token {
$self->userLogger->error(
"Unable to find user session linked to OIDC session $code");
$codeSession->remove();
$self->p->sendError( $req, 'invalid_request', 400 );
return $self->p->sendError( $req, 'invalid_request', 400 );
}
my $user_id_attribute =
@ -947,7 +947,7 @@ sub token {
$self->userLogger->error(
"Unable to create OIDC session for access_token");
$codeSession->remove();
$self->p->sendError( $req, 'invalid_request', 400 );
return $self->p->sendError( $req, 'invalid_request', 400 );
}
my $access_token = $accessTokenSession->id;
@ -1102,7 +1102,7 @@ sub registration {
# Check dynamic registration is allowed
unless ( $self->conf->{oidcServiceAllowDynamicRegistration} ) {
$self->logger->error("Dynamic registration is not allowed");
$self->p->sendError( $req, 'server_error' );
return $self->p->sendError( $req, 'server_error' );
}
# Get client metadata

View File

@ -97,6 +97,7 @@ sub bind {
unless ($self->ldap
and $self->ldap->root_dse( attrs => ['supportedLDAPVersion'] ) )
{
$self->ldap->DESTROY if ( $self->ldap );
$self->ldap( $self->newLdap );
}
return undef unless ( $self->ldap );

View File

@ -95,7 +95,7 @@ sub getToken {
$self->logger->notice("Bad (or expired) token $id");
return undef;
}
$self->cache->remove($id) unless($keep);
$self->cache->remove($id) unless ($keep);
return from_json( $data, { allow_nonref => 1 } );
}
else {

View File

@ -178,24 +178,32 @@ sub sregHook {
# else build message and return 0
else {
my (@mopt,@mreq);
my ( @mopt, @mreq );
# No choice for requested parameters: just an information
foreach my $k (@req) {
utf8::decode( $msg{req}->{$k} );
push @mreq, {k=>$k,m=>$msg{req}->{$k}};
push @mreq, { k => $k, m => $msg{req}->{$k} };
}
# For optional parameters: checkboxes are displayed
foreach my $k (@opt) {
utf8::decode( $msg{opt}->{$k} );
push @mopt,{k=>$k,m=>$msg{opt}->{$k},c=>( $ag{$k} ? 'checked' : '' )};
push @mopt,
{
k => $k,
m => $msg{opt}->{$k},
c => ( $ag{$k} ? 'checked' : '' )
};
}
$req->datas->{_openIdTrustExtMsg} .= $self->loadTemplate('openIdTrust',params => {
required => \@mreq,
optional => \@mopt,
});
$req->datas->{_openIdTrustExtMsg} .= $self->loadTemplate(
'openIdTrust',
params => {
required => \@mreq,
optional => \@mopt,
}
);
$self->logger->debug('Building validation form');
return ( 0, $prm );

View File

@ -101,7 +101,7 @@ sub _redirect {
# Restore urldc if auth doesn't need to dial with browser
$self->restoreRequest( $req, $ir );
return $self->run( @_, @path );
}
}
]
);
}

View File

@ -24,9 +24,10 @@ sub init {
if ( my $rules = $self->conf->{autoSigninRules} ) {
my $safe = Safe->new;
foreach my $id ( sort keys %$rules ) {
my $sub = $safe->reval('sub{my($env)=@_;return ('.$rules->{$id}.')}');
my $sub =
$safe->reval( 'sub{my($env)=@_;return (' . $rules->{$id} . ')}' );
if ($@) {
$self->error('Bad Autologin rule "'.$rules->{$id}.': $@');
$self->error( 'Bad Autologin rule "' . $rules->{$id} . ': $@' );
return 0;
}
$id =~ s/^\s*([\w\-\@]+)\s*/$1/;

View File

@ -24,8 +24,12 @@ SKIP: {
skip 'DBD::SQLite not found', $maintests;
}
my $dbh = DBI->connect("dbi:SQLite:dbname=t/userdb.db");
$dbh->do('CREATE TABLE users (user text,password text,name text,uid text,cn text,mail text)');
$dbh->do("INSERT INTO users VALUES ('dwho','dwho','Doctor who','dwho','Doctor who','dwho\@badwolf.org')");
$dbh->do(
'CREATE TABLE users (user text,password text,name text,uid text,cn text,mail text)'
);
$dbh->do(
"INSERT INTO users VALUES ('dwho','dwho','Doctor who','dwho','Doctor who','dwho\@badwolf.org')"
);
# Initialization
ok( $issuer = issuer(), 'Issuer portal' );

View File

@ -37,11 +37,12 @@ SKIP: {
krbByJs => 1,
}
}
);
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Simple access' );
ok( $res->[2]->[0] =~ /script.*kerberos\.js/s, 'Found Kerberos JS' );
my ( $host, $url, $query ) = expectForm( $res, '#');
# TODO
);
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Simple access' );
ok( $res->[2]->[0] =~ /script.*kerberos\.js/s, 'Found Kerberos JS' );
my ( $host, $url, $query ) = expectForm( $res, '#' );
# TODO
}
count($maintests);
clean_sessions();

View File

@ -83,7 +83,7 @@ SKIP: {
$pwd = $2;
ok( $user eq 'fbar', 'Get good login' );
my $postString = 'user='.$user.'&password='.$pwd;
my $postString = 'user=' . $user . '&password=' . $pwd;
ok(
$res = $client->_post(
'/', IO::String->new($postString),

View File

@ -34,10 +34,10 @@ SKIP: {
authentication => 'LDAP',
userDB => 'Same',
passwordDB => 'LDAP',
ldapServer => 'ldap://127.0.0.1:19389/',
ldapBase => 'ou=users,dc=example,dc=com',
managerDn => 'cn=admin,dc=example,dc=com',
managerPassword => 'admin',
ldapServer => 'ldap://127.0.0.1:19389/',
ldapBase => 'ou=users,dc=example,dc=com',
managerDn => 'cn=admin,dc=example,dc=com',
managerPassword => 'admin',
captcha_mail_enabled => 0,
portalDisplayResetPassword => 1,
}

View File

@ -7,7 +7,7 @@ require './lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm';
require './lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm';
my $rmg =
"^(?:(?:$Lemonldap::NG::Common::Conf::ReConstants::virtualHostKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::casAppMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::casSrvMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::oidcOPMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::oidcRPMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::samlIDPMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::samlSPMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::specialNodeKeys)|(.*Options))\$";
"^(?:(?:$Lemonldap::NG::Common::Conf::ReConstants::virtualHostKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::casAppMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::casSrvMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::oidcOPMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::oidcRPMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::samlIDPMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::samlSPMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::specialNodeKeys))\$";
$rmg = qr/$rmg/;
my $ignore = qr/^(?:virtualHosts)$/;