#============================================================================== # LemonLDAP::NG local configuration parameters # # This file is dedicated to configuration parameters override # You can set here configuration parameters that will be used only by # local LemonLDAP::NG elements # # Section "all" is always read first before "portal", "handler" # and "manager" # # Section "configuration" is used to load global configuration and set cache # (replace old storage.conf file) # # Section "apply" is read by Manager to reload handlers # (replace old apply.conf file) # # Other section are only read by the specific LemonLDAP::NG component #============================================================================== [all] # CUSTOM FUNCTION # If you want to create customFunctions in rules, declare them here: ;customFunctions = function1 function2 ;customFunctions = Package::func1 Package::func2 # CROSS-DOMAIN # If you have some handlers that are not registered on the main domain, # uncomment this ;cda = 1 # SAFE JAIL # Uncomment this to disable Safe jail. # Warning: this can allow malicious code in custom functions or rules ;useSafeJail = 0 [configuration] # GLOBAL CONFIGURATION ACCESS TYPE # (File, SOAP, RDBI/CDBI, LDAP) # Set here the parameters needed to access to LemonLDAP::NG configuration. # You have to set "type" to one of the followings : # # * File: you have to set 'dirName' parameter. Example: # # type = File # dirName = /var/lib/lemonldap-ng/conf # # * RDBI/CDBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword' # if needed. Example: # # type = RDBI # ;type = CDBI # dbiChain = DBI:mysql:database=lemonldap-ng;host=1.2.3.4 # dbiUser = lemonldap # dbiPassword = password # # * SOAP: SOAP configuration access is a sort of proxy: the portal is # configured to use the real session storage type (DBI or File for # example). # You have to set 'proxy' parameter. Example: # # type = SOAP # proxy = https://auth.example.com/index.pl/config # proxyOptions = { timeout => 5 } # User = lemonldap # Password = mypassword # # * LDAP: you have to set ldapServer, ldapConfBranch, ldapBindDN and ldapBindPassword. # # type = LDAP # ldapServer = ldap://localhost # ldapConfBase = ou=conf,ou=applications,dc=example,dc=com # ldapBindDN = cn=manager,dc=example,dc=com # ldapBindPassword = secret type=File dirName=/var/lib/lemonldap-ng/conf # LOCAL CACHE CONFIGURATION # # To increase performances, use a local cache for the configuration. You have # to choose a Cache::Cache module and set it's parameters (1 line). Example: # # localStorage = Cache::FileCache # localStorageOptions = { 'namespace' => 'MyNamespace', 'default_expires_in' => 600, 'directory_umask' => '007', 'cache_root' => '/tmp', 'cache_depth' => 5, } localStorage=Cache::FileCache localStorageOptions={ 'namespace' => 'MyNamespace', 'default_expires_in' => 600, 'directory_umask' => '007', 'cache_root' => '/tmp', 'cache_depth' => 5, } [portal] # PORTAL CUSTOMIZATION # Name of the skin ;portalSkin = pastel # Modules displayed ;portalDisplayLogout = 1 ;portalDisplayResetPassword = 1 ;portalDisplayChangePassword = 1 ;portalDisplayAppslist = 1 # Allow password autocompletion (passwords stored in user web browsers) ;portalAutocomplete = 1 # Require the old password when changing password ;portalRequireOldPassword = 1 # Attribute displayed as connected user ;portalUserAttr = mail # Old menu HTML code # Enable it if you use old templates ;useOldMenuItems=1 # LOG # By default, all is logged in Apache file. To log user actions by # syslog, just set syslog facility here: ;syslog = auth # SOAP FUNCTIONS # Remove comment to activate SOAP Functions getCookies(user,pwd) and # error(language, code) ;Soap = 1 # Note that getAttibutes() will be activated but on a different URI # (http://auth.example.com/index.pl/sessions) # You can also restrict attributes and macros exported by getAttributes ;exportedAttr = uid mail # PASSWORD POLICY # Remove comment to use LDAP Password Policy ;ldapPpolicyControl = 1 # Remove comment to store password in session (use with caution) ;storePassword = 1 # Remove comment to use LDAP modify password extension # (beware of compatibility with LDAP Password Policy) ;ldapSetPassword = 1 # RESET PASSWORD BY MAIL # SMTP server (default to localhost), set to '' to use default mail service ;SMTPServer = localhost # SMTP auth user ;SMTPAuthUser = toto # SMTP auth password ;SMTPAuthPass = secret # Mail From address ;mailFrom = noreply@test.com # Reply To ;mailReplyTo = noreply@test.com # Mail confirmation URL ;mailUrl = http://reset.example.com # Mail subject for confirmation message ;mailConfirmSubject = [LemonLDAP::NG] Password reset confirmation # Mail body for confiramtion (can use $url for confirmation URL, and other session # infos, like $cn). Keep comment to use HTML templates ;mailConfirmBody = Hello $cn,\n\nClick here to receive your new password: $url # Mail subject for new password message ;mailSubject = [LemonLDAP::NG] Your new password # Mail body for new password (can use $password for generated password, and other session # infos, like $cn). Keep comment to use HTML templates ;mailBody = Hello $cn,\n\nYour new password is $password # LDAP filter to use ;mailLDAPFilter = '(&(mail=$mail)(objectClass=inetOrgPerson))' # Random regexp for password generation ;randomPasswordRegexp = [A-Z]{3}[a-z]{5}.\d{2} # LDAP GROUPS # Set the base DN of your groups branch ;ldapGroupBase = ou=groups,dc=example,dc=com # Objectclass used by groups ;ldapGroupObjectClass = groupOfUniqueNames # Attribute used by groups to store member ;ldapGroupAttributeName = uniqueMember # Attribute used by user to link to groups ;ldapGroupAttributeNameUser = dn # Attribute used to identify a group. The group will be displayed as # cn|mail|status, where cn, mail and status will be replaced by their # values. ;ldapGroupAttributeNameSearch = cn mail # NOTIFICATIONS SERVICE # Use it to be able to notify messages during authentication ;notification = 1 # Note that the SOAP function newNotification will be activated on # http://auth.example.com/index.pl/notification # If you want to hide this, just protect "/index.pl/notification" in # your Apache configuration file # XSS protection bypass # By default, the portal refuse redirections that comes from sites not # registered in the configuration (manager) except for those coming # from trusted domains. By default, trustedDomains contains the domain # declared in the manager. You can set trustedDomains to empty value so # that, undeclared sites will be rejected. You can also set here a list # of trusted domains or hosts separated by spaces. This is usefull if # your website use LemonLDAP::NG without handler with SOAP functions. ;trustedDomains = my.trusted.host example2.com [handler] # Set https to 1 if your handler protect a https website (used only for # redirections to the portal) ;https = 0 # Set port if your your hanlder protect a website on a non standard port # - 80 for http, 443 for https (used only for redirections ti the portal) ;port = 8080 # Set status to 1 if you want to have the report of activity (used for # example to inform MRTG) status = 0 # Set useRedirectOnForbidden to 1 if you want to use REDIRECT and not FORBIDDEN # when a user is not allowed by Handler ;useRedirectOnForbidden = 1 # Hide LemonLDAP::NG Handler in Apache Server Signature ;hideSignature = 1 useRedirectOnError = 1 # Zimbra Handler parameters ;zimbraPreAuthKey = XXXX ;zimbraAccountKey = uid ;zimbraBy =id ;zimbraUrl = /service/preauth ;zimbraSsoUrl = ^/zimbrasso$ [manager] # Manager protection: by default, the manager isn't protected. You can # protect it : # * by Apache itself, # * by the parameter 'protection' which can take one of the following # values : # * 'authenticate' : all authenticated users can access # * 'manager' : manager is protected like other virtual hosts: you # have to set rules in the corresponding virtual host # * 'rule: : you can set here directly the rule to apply ;protection = manager # When using "SetHandler cgi-script" instead of using ModPerl::Registry, # Apache LogLevel parameter does not work for LemonLDAP::NG debugging. # Use one of the following to modify error output: ;hideLogLevels = debug|info ;hideLogLevels = debug ;hideLogLevels = [sessionsExplorer] # Sessions explorer inherits from manager section. You can override here # some parameters like 'protection' ;protection = authenticate [apply] # URL used to reload configuration reload.__DNSDOMAIN__ = http://reload.__DNSDOMAIN__/reload