#!/usr/bin/perl use Lemonldap::NG::Portal::SharedConf; use HTML::Template; use strict; # Menu configuration my $skin_dir = "__SKINDIR__"; my $appsxmlfile = "__APPSXMLFILE__"; my $appsimgpath = "apps/"; my $portal = Lemonldap::NG::Portal::SharedConf->new( { # ACCESS TO CONFIGURATION # By default, Lemonldap::NG uses the default lemonldap-ng.ini file to # know where to find its configuration # (generaly /etc/lemonldap-ng/lemonldap-ng.ini) # You can specify by yourself this file : #configStorage => { confFile => '/path/to/my/file' }, # or set explicitely parameters : #configStorage => { # type => 'File', # dirName => '/usr/local/lemonldap-ng/data//conf' #}, # Note that YOU HAVE TO SET configStorage here if you've declared this # portal as SOAP configuration server in the manager # PORTAL CUSTOMIZATION # * Skin # portalSkin => 'pastel', # * Modules displayed # portalDisplayLogout => 1, # portalDisplayResetPassword => 1, # portalDisplayChangePassword => 1, # portalDisplayAppslist => 1, # * Allow password autocompletion # (passwords stored in user web browsers) # portalAutocomplete => "on", # * Require the old password when changing password # portalRequireOldPassword => 1, # * Attribute displayed as connected user # portalUserAttr => "mail", # LOG # By default, all is logged in Apache file. To log user actions by # syslog, just set syslog facility here: #syslog => 'auth', # SOAP FUNCTIONS # Remove comment to activate SOAP Functions getCookies(user,pwd) and # error(language, code) Soap => 1, # Note that getAttibutes() will be activated but on a different URI # (http://auth.example.com/index.pl/sessions) # You can also restrict attributes and macros exported by getAttributes #exportedAttr => 'uid mail', # PASSWORD POLICY # Remove comment to use LDAP Password Policy #ldapPpolicyControl => 1, # Remove comment to store password in session (use with caution) #storePassword => 1, # Remove comment to use LDAP modify password extension # (beware of compatibility with LDAP Password Policy) #ldapSetPassword => 1, # RESET PASSWORD BY MAIL # SMTP server (default to localhost), set to '' to use default mail # service #SMTPServer => "localhost", # Mail From address #mailFrom => "noreply@test.com", # Mail subject #mailSubject => "Password reset", # Mail body (can use $password for generated password, and other session # infos, like $cn) #mailBody => 'Hello $cn,\n\nYour new password is $password', # LDAP filter to use #mailLDAPFilter => '(&(mail=$mail)(objectClass=inetOrgPerson))', # Random regexp #randomPasswordRegexp => '[A-Z]{3}[a-z]{5}.\d{2}', # LDAP GROUPS # Set the base DN of your groups branch #ldapGroupBase => 'ou=groups,dc=example,dc=com', # Objectclass used by groups #ldapGroupObjectClass => 'groupOfUniqueNames', # Attribute used by groups to store member #ldapGroupAttributeName => 'uniqueMember', # Attribute used by user to link to groups #ldapGroupAttributeNameUser => 'dn', # Attribute used to identify a group. The group will be displayed as # cn|mail|status, where cn, mail and status will be replaced by their # values. #ldapGroupAttributeNameSearch => ['cn'], # CUSTOM FUNCTION # If you want to create customFunctions in rules, declare them here: #customFunctions => 'function1 function2', #customFunctions => 'Package::func1 Package::func2', # NOTIFICATIONS SERVICE # Use it to be able to notify messages during authentication #notification => 1, # Note that the SOAP function newNotification will be activated on # http://auth.example.com/index.pl/notification # If you want to hide this, just protect "/index.pl/notification" in # your Apache configuration file # CROSS-DOMAIN # If you have some handlers that are not registered on the main domain, # uncomment this #cda => 1, # XSS protection bypass # By default, the portal refuse redirections that comes from sites not # registered in the configuration (manager) except for those coming # from trusted domains. By default, trustedDomains contains the domain # declared in the manager. You can set trustedDomains to empty value so # that, undeclared sites will be rejected. You can also set here a list # of trusted domains or hosts separated by spaces. This is usefull if # your website use Lemonldap::NG without handler with SOAP functions. # Exemples : #trustedDomains => 'my.trusted.host example2.com', #trustedDomains => '', # OTHERS # You can also overload any parameter issued from manager # configuration. Example: #globalStorage => 'Apache::Session::File', #globalStorageOptions => { # 'Directory' => '/var/lib/lemonldap-ng/sessions/', # 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/', #}, # Note that YOU HAVE TO SET globalStorage here if you've declared this # portal as SOAP session server in the manager #}, } ); # Get skin value my $skin = $portal->{portalSkin}; # 1. Case well authenticated if ( $portal->process() ) { # Case there is a message to display if ( my $info = $portal->info() ) { my $template = HTML::Template->new( filename => "$skin_dir/$skin/info.tpl", die_on_bad_params => 0, cache => 0, filter => sub { $portal->translate_template(@_) } ); $template->param( AUTH_ERROR_TYPE => $portal->error_type ); $template->param( MSG => $info ); $template->param( SKIN => $skin ); $template->param( URL => $portal->{urldc} ); print $portal->header('text/html; charset=utf-8'); print $template->output; } else { # HTML::Template object creation my $template = HTML::Template->new( filename => "$skin_dir/$skin/menu.tpl", die_on_bad_params => 0, cache => 0, filter => sub { $portal->translate_template(@_) } ); # Menu creation use Lemonldap::NG::Portal::Menu; my $menu = Lemonldap::NG::Portal::Menu->new( { portalObject => $portal, apps => { xmlfile => "$appsxmlfile", imgpath => "$appsimgpath", }, modules => { appslist => $portal->{portalDisplayAppslist}, password => $portal->{portalDisplayChangePassword}, logout => $portal->{portalDisplayLogout}, }, } ); $template->param( AUTH_USER => $portal->{sessionInfo}->{ $portal->{portalUserAttr} } ); $template->param( AUTOCOMPLETE => $portal->{portalAutocomplete} ); $template->param( SKIN => $skin ); $template->param( AUTH_ERROR => $menu->error ); $template->param( AUTH_ERROR_TYPE => $menu->error_type ); $template->param( DISPLAY_APPSLIST => $menu->displayModule("appslist") ); $template->param( DISPLAY_PASSWORD => $menu->displayModule("password") ); $template->param( DISPLAY_LOGOUT => $menu->displayModule("logout") ); $template->param( DISPLAY_TAB => $menu->displayTab ); $template->param( LOGOUT_URL => "$ENV{SCRIPT_NAME}?logout=1" ); $template->param( REQUIRE_OLDPASSWORD => $portal->{portalRequireOldPassword} ); if ( $menu->displayModule("appslist") ) { $template->param( APPSLIST_MENU => $menu->appslistMenu ); $template->param( APPSLIST_DESC => $menu->appslistDescription ); } print $portal->header('text/html; charset=utf-8'); print $template->output; } } elsif ( my $notif = $portal->notification ) { # HTML::Template object creation my $template = HTML::Template->new( filename => "$skin_dir/$skin/notification.tpl", die_on_bad_params => 0, cache => 0, filter => sub { $portal->translate_template(@_) } ); $template->param( AUTH_ERROR_TYPE => $portal->error_type ); $template->param( NOTIFICATION => $notif ); $template->param( SKIN => $skin ); print $portal->header('text/html; charset=utf-8'); print $template->output; } elsif ( $portal->{error} == PE_CONFIRM ) { my $msg = $portal->info(); # HTML::Template object creation my $template = HTML::Template->new( filename => "$skin_dir/$skin/confirm.tpl", die_on_bad_params => 0, cache => 0, filter => sub { $portal->translate_template(@_) } ); $template->param( AUTH_ERROR => $portal->error ); $template->param( AUTH_ERROR_TYPE => $portal->error_type ); $template->param( AUTH_URL => $portal->get_url ); $template->param( MSG => $msg ); $template->param( SKIN => $skin ); print $portal->header('text/html; charset=utf-8'); print $template->output; } else { # HTML::Template object creation my $template = HTML::Template->new( filename => "$skin_dir/$skin/login.tpl", die_on_bad_params => 0, cache => 0, filter => sub { $portal->translate_template(@_) } ); $template->param( AUTH_ERROR => $portal->error ); $template->param( AUTH_ERROR_TYPE => $portal->error_type ); $template->param( AUTH_URL => $portal->get_url ); $template->param( LOGIN => $portal->get_user ); $template->param( AUTOCOMPLETE => $portal->{portalAutocomplete} ); $template->param( SKIN => $skin ); $template->param( DISPLAY_RESETPASSWORD => $portal->{portalDisplayResetPassword} ); $template->param( DISPLAY_FORM => 1 ); # Adapt template if password policy error if ( $portal->{portalDisplayChangePassword} and ( $portal->{error} == PE_PP_CHANGE_AFTER_RESET or $portal->{error} == PE_PP_MUST_SUPPLY_OLD_PASSWORD or $portal->{error} == PE_PP_INSUFFICIENT_PASSWORD_QUALITY or $portal->{error} == PE_PP_PASSWORD_TOO_SHORT or $portal->{error} == PE_PP_PASSWORD_TOO_YOUNG or $portal->{error} == PE_PP_PASSWORD_IN_HISTORY or $portal->{error} == PE_PASSWORD_MISMATCH or $portal->{error} == PE_BADOLDPASSWORD ) ) { $template->param( REQUIRE_OLDPASSWORD => 1 ); $template->param( DISPLAY_PASSWORD => 1 ); $template->param( DISPLAY_RESETPASSWORD => 0 ); $template->param( DISPLAY_FORM => 0 ); } # Adapt template if external authentication error if ( $portal->{error} == PE_BADCERTIFICATE or $portal->{error} == PE_CERTIFICATEREQUIRED or $portal->{error} == PE_ERROR ) { $template->param( DISPLAY_RESETPASSWORD => 0 ); $template->param( DISPLAY_FORM => 0 ); } print $portal->header('text/html; charset=utf-8'); print $template->output; }