dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5d35b3271f
lemonldap-ng/po-doc/fr/pages/documentation/current/applications/obm.html
Xavier Guimard 79e65f5607 Update documentation
2017-02-07 16:35:26 +00:00

405 lines
21 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="fr" dir="ltr">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta charset="utf-8" />
<title>documentation:2.0:applications:obm</title><!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else --><!-- //endif -->
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,obm"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="obm.html"/>
<link rel="contents" href="obm.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:obm","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script><!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script><!-- //endif --><!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script><!-- //endif -->
</head>
<body>
<div class="dokuwiki export container"><!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Présentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#obm1">OBM</a></div></li>
<li class="level2"><div class="li"><a href="#llng">LL::NG</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#attributes_and_macros">Attributs et macros</a></div></li>
<li class="level3"><div class="li"><a href="#virtual_host">Hôte virtuel</a></div></li>
<li class="level3"><div class="li"><a href="#other">Autres</a></div></li>
</ul></li>
</ul></li>
</ul>
</div>
</div><!-- TOC END -->
<h1 class="sectionedit1" id="obm">OBM</h1>
<div class="level1">
<p>
<a href="obm_logo.png_documentation_2.0_applications_obm.html" class="media" title="applications:obm_logo.png"><img src="obm_logo.png" class="mediacenter" alt="" /></a>
</p>
</div><!-- EDIT1 SECTION "OBM" [1-54] -->
<h2 class="sectionedit2" id="presentation">Présentation</h2>
<div class="level2">
<p>
<a href="http://obm.org" class="urlextern" title="http://obm.org" rel="nofollow">OBM</a> est une plateforme collaborative et de messagerie pour entreprises ou groupes de travail comprenant plusieurs milliers d'utilisateurs. OBM inclut un groupware, un serveur de messagerie, un CRM, un annuaire LDAP, un domaine Windows, un dispositif de synchronisation pour smartphone et PDA…
</p>
<p>
OBM est livré avec un composant <abbr title="LemonLDAP::NG">LL::NG</abbr> apportant les fonctionnalités suivantes :
</p>
<ul>
<li class="level1"><div class="li"> <abbr title="Authentification unique (Single Sign On)">SSO</abbr> sur l'interface web d'OBM</div>
</li>
<li class="level1"><div class="li"> Déconnexion</div>
</li>
<li class="level1"><div class="li"> Importation des comptes utilisateurs (auto-création à la première connexion)</div>
</li>
</ul>
</div><!-- EDIT2 SECTION "Presentation" [55-488] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div><!-- EDIT3 SECTION "Configuration" [489-515] -->
<h3 class="sectionedit4" id="obm1">OBM</h3>
<div class="level3">
<p>
Pour activer le composant d'authentification <abbr title="LemonLDAP::NG">LL::NG</abbr>, aller dans <code>/etc/obm/obm_conf.inc</code>:
</p>
<pre class="code file php"><span class="re0">$auth_kind</span> <span class="sy0">=</span> <span class="st_h">'LemonLDAP'</span><span class="sy0">;</span>
&nbsp;
<span class="re0">$lemonldap_config</span> <span class="sy0">=</span> <a href="http://www.php.net/array"><span class="kw3">Array</span></a><span class="br0">(</span>
<span class="st0">"auto_update"</span> <span class="sy0">=&gt;</span> <span class="kw4">true</span><span class="sy0">,</span>
<span class="st0">"auto_update_force_user"</span> <span class="sy0">=&gt;</span> <span class="kw4">true</span><span class="sy0">,</span>
<span class="st0">"auto_update_force_group"</span> <span class="sy0">=&gt;</span> <span class="kw4">false</span><span class="sy0">,</span>
<span class="st0">"url_logout"</span> <span class="sy0">=&gt;</span> <span class="st0">"https://OBMURL/logout"</span><span class="sy0">,</span>
<span class="st0">"server_ip_address"</span> <span class="sy0">=&gt;</span> <span class="st0">"localhost"</span><span class="sy0">,</span>
<span class="st0">"server_ip_check"</span> <span class="sy0">=&gt;</span> <span class="kw4">false</span><span class="sy0">,</span>
<span class="st0">"debug_level"</span> <span class="sy0">=&gt;</span> <span class="st0">"NONE"</span><span class="sy0">,</span>
<span class="co1">// "debug_header_name" =&gt; "HTTP_OBM_UID",</span>
<span class="co1">// "group_header_name" =&gt; "HTTP_OBM_GROUPS",</span>
<span class="st0">"headers_map"</span> <span class="sy0">=&gt;</span> <a href="http://www.php.net/array"><span class="kw3">Array</span></a><span class="br0">(</span>
<span class="co1">//"userobm_gid" =&gt; "HTTP_OBM_GID",</span>
<span class="co1">//"userobm_domain_id" =&gt; ,</span>
<span class="st0">"userobm_login"</span> <span class="sy0">=&gt;</span> <span class="st0">"HTTP_OBM_UID"</span><span class="sy0">,</span>
<span class="st0">"userobm_password"</span> <span class="sy0">=&gt;</span> <span class="st0">"HTTP_OBM_USERPASSWORD"</span><span class="sy0">,</span>
<span class="co1">//"userobm_password_type" =&gt; ,</span>
<span class="st0">"userobm_perms"</span> <span class="sy0">=&gt;</span> <span class="st0">"HTTP_OBM_PERMS"</span><span class="sy0">,</span>
<span class="co1">//"userobm_kind" =&gt; ,</span>
<span class="st0">"userobm_lastname"</span> <span class="sy0">=&gt;</span> <span class="st0">"HTTP_OBM_SN"</span><span class="sy0">,</span>
<span class="st0">"userobm_firstname"</span> <span class="sy0">=&gt;</span> <span class="st0">"HTTP_OBM_GIVENNAME"</span><span class="sy0">,</span>
<span class="co1">// "userobm_title" =&gt; "HTTP_OBM_TITLE",</span>
<span class="st0">"userobm_email"</span> <span class="sy0">=&gt;</span> <span class="st0">"HTTP_OBM_MAIL"</span><span class="sy0">,</span>
<span class="st0">"userobm_datebegin"</span> <span class="sy0">=&gt;</span> <span class="st0">"HTTP_OBM_DATEBEGIN"</span><span class="sy0">,</span>
<span class="co1">//"userobm_account_dateexp" =&gt; ,</span>
<span class="co1">//"userobm_delegation_target" =&gt; ,</span>
<span class="co1">//"userobm_delegation" =&gt; ,</span>
<span class="st0">"userobm_description"</span> <span class="sy0">=&gt;</span> <span class="st0">"HTTP_OBM_DESCRIPTION"</span><span class="sy0">,</span>
<span class="co1">//"userobm_archive" =&gt; ,</span>
<span class="co1">//"userobm_hidden" =&gt; ,</span>
<span class="co1">//"userobm_status" =&gt; ,</span>
<span class="co1">//"userobm_local" =&gt; ,</span>
<span class="co1">//"userobm_photo_id" =&gt; ,</span>
<span class="st0">"userobm_phone"</span> <span class="sy0">=&gt;</span> <span class="st0">"HTTP_OBM_TELEPHONENUMBER"</span><span class="sy0">,</span>
<span class="co1">//"userobom_phone2" =&gt; ,</span>
<span class="co1">//"userobm_mobile" =&gt; ,</span>
<span class="st0">"userobm_fax"</span> <span class="sy0">=&gt;</span> <span class="st0">"HTTP_OBM_FACSIMILETELEPHONENUMBER"</span><span class="sy0">,</span>
<span class="co1">//"userobm_fax2" =&gt; ,</span>
<span class="st0">"userobm_company"</span> <span class="sy0">=&gt;</span> <span class="st0">"HTTP_OBM_O"</span><span class="sy0">,</span>
<span class="co1">//"userobm_direction" =&gt; ,</span>
<span class="st0">"userobm_service"</span> <span class="sy0">=&gt;</span> <span class="st0">"HTTP_OBM_OU"</span><span class="sy0">,</span>
<span class="st0">"userobm_address1"</span> <span class="sy0">=&gt;</span> <span class="st0">"HTTP_OBM_POSTALADDRESS"</span><span class="sy0">,</span>
<span class="co1">//"userobm_address2" =&gt; ,</span>
<span class="co1">//"userobm_address3" =&gt; ,</span>
<span class="st0">"userobm_zipcode"</span> <span class="sy0">=&gt;</span> <span class="st0">"HTTP_OBM_POSTALCODE"</span><span class="sy0">,</span>
<span class="st0">"userobm_town"</span> <span class="sy0">=&gt;</span> <span class="st0">"HTTP_OBM_L"</span><span class="sy0">,</span>
<span class="st0">"userobm_zipcode"</span> <span class="sy0">=&gt;</span> <span class="st0">"HTTP_OBM_POSTALCODE"</span><span class="sy0">,</span>
<span class="st0">"userobm_town"</span> <span class="sy0">=&gt;</span> <span class="st0">"HTTP_OBM_L"</span><span class="sy0">,</span>
<span class="co1">//"userobm_expresspostal" =&gt; ,</span>
<span class="co1">//"userobm_host_id" =&gt; ,</span>
<span class="co1">//"userobm_web_perms" =&gt; ,</span>
<span class="co1">//"userobm_web_list" =&gt; ,</span>
<span class="co1">//"userobm_web_all" =&gt; ,</span>
<span class="co1">//"userobm_mail_perms" =&gt; ,</span>
<span class="co1">//"userobm_mail_ext_perms" =&gt; ,</span>
<span class="co1">//"userobm_mail_server_id" =&gt; ,</span>
<span class="co1">//"userobm_mail_server_hostname" =&gt; ,</span>
<span class="st0">"userobm_mail_quota"</span> <span class="sy0">=&gt;</span> <span class="st0">"HTTP_OBM_MAILQUOTA"</span><span class="sy0">,</span>
<span class="co1">//"userobm_nomade_perms" =&gt; ,</span>
<span class="co1">//"userobm_nomade_enable" =&gt; ,</span>
<span class="co1">//"userobm_nomade_local_copy" =&gt; ,</span>
<span class="co1">//"userobm_email_nomade" =&gt; ,</span>
<span class="co1">//"userobm_vacation_enable" =&gt; ,</span>
<span class="co1">//"userobm_vacation_datebegin" =&gt; ,</span>
<span class="co1">//"userobm_vacation_dateend" =&gt; ,</span>
<span class="co1">//"userobm_vacation_message" =&gt; ,</span>
<span class="co1">//"userobm_samba_perms" =&gt; ,</span>
<span class="co1">//"userobm_samba_home" =&gt; ,</span>
<span class="co1">//"userobm_samba_home_drive" =&gt; ,</span>
<span class="co1">//"userobm_samba_logon_script" =&gt; ,</span>
<span class="co1">// ---- Unused values ? ----</span>
<span class="st0">"userobm_ext_id"</span> <span class="sy0">=&gt;</span> <span class="st0">"HTTP_OBM_SERIALNUMBER"</span><span class="sy0">,</span>
<span class="co1">//"userobm_system" =&gt; ,</span>
<span class="co1">//"userobm_nomade_datebegin" =&gt; ,</span>
<span class="co1">//"userobm_nomade_dateend" =&gt; ,</span>
<span class="co1">//"userobm_location" =&gt; ,</span>
<span class="co1">//"userobm_education" =&gt; ,</span>
<span class="br0">)</span><span class="sy0">,</span>
<span class="br0">)</span><span class="sy0">;</span></pre>
<p>
Paramètres:
</p>
<ul>
<li class="level1"><div class="li"> <strong>url_logout</strong>: <abbr title="Uniform Resource Locator">URL</abbr> utilisée par OBM pour les déconnexions, sera appelée par <abbr title="LemonLDAP::NG">LL::NG</abbr></div>
</li>
<li class="level1"><div class="li"> <strong>headers_map</strong>: établit la correspondance entre les champs internes d'OBM et les en-têtes <abbr title="LemonLDAP::NG">LL::NG</abbr></div>
</li>
</ul>
<p>
Éditer également la configuration d'OBM pour activer le « handler » <abbr title="LemonLDAP::NG">LL::NG</abbr> :
</p>
<ul>
<li class="level1"><div class="li"> Pour Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> obm.example.com
&nbsp;
<span class="co1"># Protection SSO</span>
PerlHeaderParserHandler Lemonldap::NG::Handler
&nbsp;
<span class="kw1">DocumentRoot</span> /usr/share/obm/php
&nbsp;
...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> Pour Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
listen 80;
server_name obm.example.com;
root /usr/share/obm/php;
# Requête interne d'authentification
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Ignorer les données postées
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH "";
# Conserver le nom d'hôte original
fastcgi_param HOST $http_host;
# Conserver la requête originale (le serveur LLNG va recevoir /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Requêtes clients
location ~ \.php$ {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
...
&nbsp;
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}</pre>
</div><!-- EDIT4 SECTION "OBM" [516-7008] -->
<h3 class="sectionedit5" id="llng">LL::NG</h3>
<div class="level3">
</div>
<h4 id="attributes_and_macros">Attributs et macros</h4>
<div class="level4">
<p>
Il faut collecter tous les attributs nécessaires pour créer un compte OBM :
</p>
<ul>
<li class="level1"><div class="li"> Prénom</div>
</li>
<li class="level1"><div class="li"> Nom</div>
</li>
<li class="level1"><div class="li"> login</div>
</li>
<li class="level1"><div class="li"> Mail</div>
</li>
<li class="level1"><div class="li"></div>
</li>
</ul>
<p>
Pour ajouter ces attributs, aller dans le manager, <code>Variables</code> » <code>Variables exportées</code>.
</p>
<div class="noteimportant">S'il est prévu de transmettre le mot-de-passe utilisateur à OBM, <a href="../passwordstore.html" class="wikilink1" title="documentation:2.0:passwordstore">conserver le mot-de-passe dans la session</a>.
</div>
<p>
Il est également possible de créer ces macros pour gérer le compte administrateur OBM (<code>Variables</code> » <code>Macros</code>):
</p>
<div class="table sectionedit6"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0">champ </th><th class="col1">valeur </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> uidR </td><td class="col1 leftalign"> ($uid =~ /^admin0/i)[0] ? "admin0\@global.virt" : $uid </td>
</tr>
<tr class="row2 roweven">
<td class="col0 leftalign"> mailR </td><td class="col1 leftalign"> ($uid =~ /^admin0/i)[0] ? "" : ($mail =~ /^([^@]+)/)[0] . "\@example.com" </td>
</tr>
</table></div><!-- EDIT6 TABLE [7522-7701] -->
</div>
<h4 id="virtual_host">Hôte virtuel</h4>
<div class="level4">
<p>
Créer l'hôte virtuel OBM (par exemple obm.example.com) dans la configuration <abbr title="LemonLDAP::NG">LL::NG</abbr> : <code>Hôtes virtuels</code> » <code>Nouvel hôte virtuel</code>.
</p>
<p>
Éditer ensuite les règles et en-têtes.
</p>
</div>
<h5 id="rules">Règles</h5>
<div class="level5">
<p>
Definir au moins :
</p>
<ul>
<li class="level1"><div class="li"> <strong>Règle default</strong> : qui peut accéder à l'application</div>
</li>
<li class="level1"><div class="li"> <strong>Règle logout</strong> : intercepter la déconnexion OBM</div>
</li>
<li class="level1"><div class="li"> <strong>Exceptions</strong> : autoriser l'accès anonyme pour les URLs spécifiques (connecteurs, etc.)</div>
</li>
</ul>
<div class="table sectionedit7"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0">champ </th><th class="col1">valeur </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0">^/logout</td><td class="col1">logout_sso</td>
</tr>
<tr class="row2 roweven">
<td class="col0">^/obm-sync</td><td class="col1">unprotect</td>
</tr>
<tr class="row3 rowodd">
<td class="col0">^/minig</td><td class="col1">unprotect</td>
</tr>
<tr class="row4 roweven">
<td class="col0">^/Microsoft-Server-ActiveSync</td><td class="col1">unprotect</td>
</tr>
<tr class="row5 rowodd">
<td class="col0">^/caldav</td><td class="col1">unprotect</td>
</tr>
<tr class="row6 roweven">
<td class="col0">default</td><td class="col1">accept (ou la valeur désirée)</td>
</tr>
</table></div><!-- EDIT7 TABLE [8083-8306] -->
</div>
<h5 id="headers">En-têtes</h5>
<div class="level5">
<p>
Definir les en-têtes utilisés pour les correspondances OBM, par exemple :
</p>
<div class="table sectionedit8"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0">champ </th><th class="col1">valeur </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0">OBM_GIVENNAME</td><td class="col1">$givenName</td>
</tr>
<tr class="row2 roweven">
<td class="col0">OBM_GROUPS</td><td class="col1">$groups</td>
</tr>
<tr class="row3 rowodd">
<td class="col0">OBM_UID</td><td class="col1">$uidR</td>
</tr>
<tr class="row4 roweven">
<td class="col0">OBM_MAIL</td><td class="col1">$mailR</td>
</tr>
<tr class="row5 rowodd">
<td class="col0">OBM_USERPASSWORD</td><td class="col1">$_password</td>
</tr>
</table></div><!-- EDIT8 TABLE [8372-8500] -->
</div>
<h4 id="other">Autres</h4>
<div class="level4">
<p>
Ne pas oblier d'ajouter OBM dans le <a href="../portalmenu.html#categories_and_applications" class="wikilink1" title="documentation:2.0:portalmenu">menu des applications</a>.
</p>
</div><!-- EDIT5 SECTION "LL::NG" [7009-] -->
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink