#============================================================================== # LemonLDAP::NG local configuration parameters # # This file is dedicated to configuration parameters override # You can set here configuration parameters that will be used only by # local LemonLDAP::NG elements # # Section "all" is always read first before "portal", "handler" # and "manager" # # Section "configuration" is used to load global configuration and set cache # (replace old storage.conf file) # # Section "apply" is read by Manager to reload handlers # (replace old apply.conf file) # # Other section are only read by the specific LemonLDAP::NG component #============================================================================== [all] # CUSTOM FUNCTION # If you want to create customFunctions in rules, declare them here: ;customFunctions = function1 function2 ;customFunctions = Package::func1 Package::func2 # CROSS-DOMAIN # If you have some handlers that are not registered on the main domain, # uncomment this ;cda = 1 [configuration] # GLOBAL CONFIGURATION ACCESS TYPE # (File, SOAP, DBI, LDAP) # Set here the parameters needed to access to Lemonldap::NG configuration. # You have to set "type" to one of the followings : # # * File: you have to set 'dirName' parameter. Example: # # type = File # dirName = /var/lib/lemonldap-ng/conf # # * DBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword' # if needed. Example: # # type = DBI # dbiChain = DBI:mysql:database=lemonldap-ng;host=1.2.3.4 # dbiUser = lemonldap # dbiPassword = password # # * SOAP: SOAP configuration access is a sort of proxy: the portal is # configured to use the real session storage type (DBI or File for # example). # You have to set 'proxy' parameter. Example: # # type = SOAP # proxy = https://auth.example.com/index.pl/config # proxyOptions = { timeout => 5 } # User = lemonldap # Password = mypassword # # * LDAP: you have to set ldapServer, ldapConfBranch, ldapBindDN and ldapBindPassword. # # type = LDAP # ldapServer = ldap://localhost # ldapConfBase = ou=conf,ou=applications,dc=example,dc=com # ldapBindDN = cn=manager,dc=example,dc=com # ldapBindPassword = secret type=File dirName=/var/lib/lemonldap-ng/conf # LOCAL CACHE CONFIGURATION # # To increase performances, use a local cache for the configuration. You have # to choose a Cache::Cache module and set it's parameters (1 line). Example: # # localStorage = Cache::FileCache # localStorageOptions = { 'namespace' => 'MyNamespace', 'default_expires_in' => 600, 'directory_umask' => '007', 'cache_root' => '/tmp', 'cache_depth' => 5, } localStorage=Cache::FileCache localStorageOptions={ 'namespace' => 'MyNamespace', 'default_expires_in' => 600, 'directory_umask' => '007', 'cache_root' => '/tmp', 'cache_depth' => 5, } [portal] # PORTAL CUSTOMIZATION # Name of the skin ;portalSkin = pastel # Modules displayed ;portalDisplayLogout = 1 ;portalDisplayResetPassword = 1 ;portalDisplayChangePassword = 1 ;portalDisplayAppslist = 1 # Allow password autocompletion (passwords stored in user web browsers) ;portalAutocomplete = 1 # Require the old password when changing password ;portalRequireOldPassword = 1 # Attribute displayed as connected user ;portalUserAttr = mail # LOG # By default, all is logged in Apache file. To log user actions by # syslog, just set syslog facility here: ;syslog = auth # SOAP FUNCTIONS # Remove comment to activate SOAP Functions getCookies(user,pwd) and # error(language, code) ;Soap = 1 # Note that getAttibutes() will be activated but on a different URI # (http://auth.example.com/index.pl/sessions) # You can also restrict attributes and macros exported by getAttributes ;exportedAttr = uid mail # PASSWORD POLICY # Remove comment to use LDAP Password Policy ;ldapPpolicyControl = 1 # Remove comment to store password in session (use with caution) ;storePassword = 1 # Remove comment to use LDAP modify password extension # (beware of compatibility with LDAP Password Policy) ;ldapSetPassword = 1 # RESET PASSWORD BY MAIL # SMTP server (default to localhost), set to '' to use default mail service ;SMTPServer = localhost # Mail From address ;mailFrom = noreply@test.com # Mail confirmation URL ;mailUrl = http://reset.example.com # Mail subject for confirmation message ;mailConfirmSubject = [LemonLDAP::NG] Password reset confirmation # Mail body for confiramtion (can use $url for confirmation URL, and other session # infos, like $cn). Keep comment to use HTML templates ;mailConfirmBody = Hello $cn,\n\nClick here to receive your new password: $url # Mail subject for new password message ;mailSubject = [LemonLDAP::NG] Your new password # Mail body for new password (can use $password for generated password, and other session # infos, like $cn). Keep comment to use HTML templates ;mailBody = Hello $cn,\n\nYour new password is $password # LDAP filter to use ;mailLDAPFilter = '(&(mail=$mail)(objectClass=inetOrgPerson))' # Random regexp for password generation ;randomPasswordRegexp = [A-Z]{3}[a-z]{5}.\d{2} # LDAP GROUPS # Set the base DN of your groups branch ;ldapGroupBase = ou=groups,dc=example,dc=com # Objectclass used by groups ;ldapGroupObjectClass = groupOfUniqueNames # Attribute used by groups to store member ;ldapGroupAttributeName = uniqueMember # Attribute used by user to link to groups ;ldapGroupAttributeNameUser = dn # Attribute used to identify a group. The group will be displayed as # cn|mail|status, where cn, mail and status will be replaced by their # values. ;ldapGroupAttributeNameSearch = cn mail # NOTIFICATIONS SERVICE # Use it to be able to notify messages during authentication ;notification = 1 # Note that the SOAP function newNotification will be activated on # http://auth.example.com/index.pl/notification # If you want to hide this, just protect "/index.pl/notification" in # your Apache configuration file # XSS protection bypass # By default, the portal refuse redirections that comes from sites not # registered in the configuration (manager) except for those coming # from trusted domains. By default, trustedDomains contains the domain # declared in the manager. You can set trustedDomains to empty value so # that, undeclared sites will be rejected. You can also set here a list # of trusted domains or hosts separated by spaces. This is usefull if # your website use Lemonldap::NG without handler with SOAP functions. ;trustedDomains = my.trusted.host example2.com # MENU applicationList={'1sample' => { catname => 'Sample applications',type => 'category', 'test1' => { type => 'application', options => { name => 'Application Test 1', uri => 'http://test1.__DNSDOMAIN__/', description => 'A simple application displaying authenticated user', logo => 'wheels.png', display => 'auto', }, },'test2' => { type => 'application', options => { name => 'Application Test 2', uri => 'http://test2.__DNSDOMAIN__/', description => 'The same simple application displaying authenticated user', logo => 'wheels.png', display => 'auto', }, }, },'2administration' => { catname => 'Administration', type => 'category', 'manager' => { type => 'application', options => { name => 'WebSSO Manager', uri => 'http://manager.__DNSDOMAIN__/', description => 'Configure LemonLDAP::NG WebSSO', logo => 'tools.png', display => 'on', }, },'sessions' => { type => 'application', options => { name => 'Sessions explorer', uri => 'http://manager.__DNSDOMAIN__/sessions.pl', description => 'Explore WebSSO sessions', logo => 'tools.png', display => 'on', }, }, }, '3documentation' => { catname => 'Documentation', type => 'category', 'localdoc' => { type => 'application', options => { name => 'Local documentation', uri => 'http://manager.__DNSDOMAIN__/doc/', description => 'Documentation supplied with LemonLDAP::NG', logo => 'docs.png', display => 'on', }, },'officialwebsite' => { type => 'application', options => { name => 'Offical Website', uri => 'http://lemonldap.objectweb.org/', description => 'Official LemonLDAP::NG Website', logo => 'web.png', display => 'on', }, }, }, } [handler] # Set https to 1 if your handler protect a https website (used only for # redirections to the portal) ;https = 0 # Set port if your your hanlder protect a website on a non standard port # - 80 for http, 443 for https (used only for redirections ti the portal) ;port = 8080 # Set status to 1 if you want to have the report of activity (used for # example to inform MRTG) status = 0 # Zimbra Handler parameters ;zimbraPreAuthKey = XXXX ;zimbraAccountKey = uid ;zimbraBy =id ;zimbraUrl = /service/preauth ;zimbraSsoUrl = ^/zimbrasso$ [manager] # Manager protection: by default, the manager isn't protected. You can # protect it : # * by Apache itself, # * by the parameter 'protection' which can take one of the following # values : # * 'authenticate' : all authenticated users can access # * 'manager' : manager is protected like other virtual hosts: you # have to set rules in the corresponding virtual host # * 'rule: : you can set here directly the rule to apply ;protection = manager [apply] # URL used to reload configuration reload.__DNSDOMAIN__ = http://reload.__DNSDOMAIN__/reload