initial commit of file from CVS for smeserver-lemonldap-ng on Sat Sep 7 20:31:17 AEST 2024
4
.gitignore
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
*.rpm
|
||||
*.log
|
||||
*spec-20*
|
||||
*.tar.gz
|
21
Makefile
Normal file
@ -0,0 +1,21 @@
|
||||
# Makefile for source rpm: smeserver-lemonldap-ng
|
||||
# $Id: Makefile,v 1.1 2022/08/20 03:50:58 jpp Exp $
|
||||
NAME := smeserver-lemonldap-ng
|
||||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
define find-makefile-common
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||
|
||||
ifeq ($(MAKEFILE_COMMON),)
|
||||
# attept a checkout
|
||||
define checkout-makefile-common
|
||||
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
||||
endif
|
||||
|
||||
include $(MAKEFILE_COMMON)
|
17
README.md
@ -1,3 +1,16 @@
|
||||
# smeserver-lemonldap-ng
|
||||
# <img src="https://www.koozali.org/images/koozali/Logo/Png/Koozali_logo_2016.png" width="25%" vertical="auto" style="vertical-align:bottom"> smeserver-lemonldap-ng
|
||||
|
||||
SMEServer Koozali developed git repo for smeserver-lemonldap-ng smecontribs
|
||||
SMEServer Koozali developed git repo for smeserver-lemonldap-ng smecontribs
|
||||
|
||||
## Wiki
|
||||
<br />https://wiki.koozali.org/LemonLDAP-NG
|
||||
<br />https://wiki.koozali.org/LemonLDAP-NG/fr
|
||||
|
||||
## Bugzilla
|
||||
Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=smeserver-lemonldap-ng&product=SME%20Contribs&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
|
||||
|
||||
## Description
|
||||
|
||||
<br />*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.*
|
||||
*Once it has been checked, then this comment will be deleted*
|
||||
<br />
|
||||
|
3
additional/.tito/packages/.readme
Normal file
@ -0,0 +1,3 @@
|
||||
the .tito/packages directory contains metadata files
|
||||
named after their packages. Each file has the latest tagged
|
||||
version and the project's relative directory.
|
1
additional/.tito/packages/smeserver-lemonldap-ng
Normal file
@ -0,0 +1 @@
|
||||
0.2.20-1 ./
|
1
additional/.tito/releasers.conf
Symbolic link
@ -0,0 +1 @@
|
||||
../../tito_libs/releasers.conf
|
6
additional/.tito/tito.props
Normal file
@ -0,0 +1,6 @@
|
||||
[buildconfig]
|
||||
builder = tito.builder.Builder
|
||||
tagger = tito.tagger.VersionTagger
|
||||
changelog_do_not_remove_cherrypick = 0
|
||||
changelog_format = %s (%ae)
|
||||
lib_dir = ../tito_libs
|
204
additional/smeserver-lemonldap-ng.spec
Normal file
@ -0,0 +1,204 @@
|
||||
# Authority: vip-ire
|
||||
# Name: Daniel Berteaud
|
||||
|
||||
Summary: LemonLDAP NG is a web SSO solution
|
||||
%define name smeserver-lemonldap-ng
|
||||
Name: %{name}
|
||||
%define version 0.2.19
|
||||
%define release 1
|
||||
Version: 0.2.20
|
||||
Release: 1%{?dist}
|
||||
License: GPL
|
||||
Group: SME Server
|
||||
Source: %{name}-%{version}.tar.gz
|
||||
|
||||
BuildArchitectures: noarch
|
||||
|
||||
BuildRequires: e-smith-devtools
|
||||
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
|
||||
|
||||
Requires: e-smith-base >= 5.2.0-56
|
||||
Requires: e-smith-ldap
|
||||
Requires: smeserver-webapps-common >= 0.1-8
|
||||
Requires: lemonldap-ng >= 1.4.1
|
||||
Requires: lemonldap-ng-fr-doc
|
||||
Requires: perl(Authen::Captcha)
|
||||
|
||||
%description
|
||||
This package contains all the needed scripts and templates
|
||||
to run LemonLDAP NG on your SME Server. It uses LDAP as authentication source
|
||||
but can also use SSL auth (either optional with a fallback to LDAP, or SSL required)
|
||||
|
||||
%changelog
|
||||
* Tue Sep 03 2019 Daniel Berteaud <daniel@firewall-services.com> 0.2.20-1
|
||||
- Bump version
|
||||
|
||||
* Tue Sep 03 2019 Daniel Berteaud <daniel@firewall-services.com> 0.2.19-1
|
||||
- new package built with tito
|
||||
|
||||
* Wed Feb 15 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.19-1.sme
|
||||
- Set Access-Control-Allow-Origin on CAS endpoint, need for ticket renew in SOGo
|
||||
|
||||
* Mon Jan 9 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.18-1.sme
|
||||
- Update httpd template to read the Authentication prop of domain to load
|
||||
Lemonldap::NG handler
|
||||
|
||||
* Wed Dec 7 2016 Daniel Berteaud <daniel@firewall-services.com> 0.2.17-1.sme
|
||||
- Replace My::Package with Lemonldap::NG::Handler in default vhost templates
|
||||
|
||||
* Sat Jan 23 2016 Daniel Berteaud <daniel@firewall-services.com> 0.2.16-1.sme
|
||||
- Don't redirect to https for acme challenges
|
||||
|
||||
* Wed Oct 14 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.15-1.sme
|
||||
- Fix DL icon size
|
||||
|
||||
* Fri Sep 5 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.14-1.sme
|
||||
- Define localSessionStorage to prevent clashes between handlers
|
||||
|
||||
* Wed Jul 30 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.13-1.sme
|
||||
- Add icons for mailman and phplist
|
||||
|
||||
* Tue Jul 1 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.12-1.sme
|
||||
- Adapt for LL::NG 1.4.1 (1.4.0 was too buggy)
|
||||
|
||||
* Wed Dec 11 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.11-1.sme
|
||||
- Add an icon for DL
|
||||
|
||||
* Wed Nov 20 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.10-1.sme
|
||||
- Add an icon for pydio
|
||||
|
||||
* Mon Nov 18 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.9-1.sme
|
||||
- Add two new icons (rdv.png and survey.png)
|
||||
|
||||
* Wed Nov 13 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.8-1.sme
|
||||
- compatibility with SME9 (perl lib path)
|
||||
|
||||
* Mon Nov 4 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.7-1.sme
|
||||
- Requires perl(Authen::Captcha) for LL::NG 1.3.0
|
||||
|
||||
* Tue Sep 17 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.6-1.sme
|
||||
- Small modifications to support SOGo CAS auth
|
||||
- Enable CAS auth
|
||||
|
||||
* Wed Aug 21 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.5-1.sme
|
||||
- Move custom icons to the correct directory
|
||||
|
||||
* Wed Aug 21 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.4-1.sme
|
||||
- Add custom icons for the portal
|
||||
|
||||
* Tue Sep 4 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.3-1.sme
|
||||
- Use Authentication prop instead of LemonLDAP
|
||||
|
||||
* Wed Jun 20 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.2-1.sme
|
||||
- Redirect to HTTPS on port 443
|
||||
|
||||
* Wed Jun 20 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.1-1.sme
|
||||
- Add optional floating menu per vhost
|
||||
|
||||
* Wed Jun 20 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.0-1.sme
|
||||
- Import in GIT
|
||||
- Remove the grantSessionRule param
|
||||
- Log via syslog (auth)
|
||||
|
||||
* Mon Dec 19 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-22.sme
|
||||
- Change SSL Auth to work with LocationMatch, so CAS proxy can work with
|
||||
SSL Auth enabled
|
||||
|
||||
* Wed Jul 13 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-21.sme
|
||||
- Disable password reset form
|
||||
|
||||
* Wed Jul 13 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-20.sme
|
||||
- Fix uninitilized values in lemonldap conf templates
|
||||
|
||||
* Mon Jul 11 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-19.sme
|
||||
- reserve /lm-reload
|
||||
|
||||
* Sun Jul 10 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-18.sme
|
||||
- Fix notification check
|
||||
|
||||
* Sat Jul 09 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-17.sme
|
||||
- Don't force notifications on
|
||||
|
||||
* Fri Jul 08 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-16.sme
|
||||
- Enable and configure notifications
|
||||
|
||||
* Thu Jun 30 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-15.sme
|
||||
- Manage some configuration from the DB
|
||||
|
||||
* Fri Mar 11 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-14.sme
|
||||
- Make LemonLDAP compatible with ocsinventory-ng
|
||||
|
||||
* Mon Mar 7 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-13.sme
|
||||
- Add support for SSL Auth on the portal
|
||||
- Use a separated vhost for SOAP requests
|
||||
|
||||
* Tue Feb 1 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-12.sme
|
||||
- Requires recent version of smeserver-webapps-common
|
||||
- Switch to LDAP based auth to protect the manager
|
||||
|
||||
* Tue Jan 25 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-11.sme
|
||||
- Fix a spacing issue in httpd templates
|
||||
|
||||
* Fri Jan 21 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-10.sme
|
||||
- Add SSLEngine directives in https virtualhosts
|
||||
|
||||
* Fri Jan 21 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-9.sme
|
||||
- Fix empty SoapPassword
|
||||
|
||||
* Thu Jan 06 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-8.sme
|
||||
- Fix Soap ressources authentication
|
||||
|
||||
* Mon Jan 03 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-7.sme
|
||||
- Run the manager as a perl script (instead of CGI mode)
|
||||
|
||||
* Mon Jan 03 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-6.sme
|
||||
- Use https links for error pages
|
||||
|
||||
* Thu Dec 30 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-5.sme
|
||||
- use only alphanumeric characters for soap password
|
||||
- use htpasswd to hash the password
|
||||
|
||||
* Tue Dec 28 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-4.sme
|
||||
- don't load mod_auth_external if not needed
|
||||
- move cache dir in /var/cache
|
||||
- Fix several hosts listed in SoapAllowFrom
|
||||
|
||||
* Fri Dec 24 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-3.sme
|
||||
- Use htpasswd file to protect SOAP services
|
||||
- Configure session storage in lemonldap-ng.ini
|
||||
- Support additionnal server reload URL
|
||||
|
||||
* Fri Dec 17 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-2.sme
|
||||
- Let the manager be self-protected if ManagerAuth eq self
|
||||
|
||||
* Thu Dec 16 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-1.sme
|
||||
- initial public release
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}
|
||||
|
||||
%build
|
||||
perl createlinks
|
||||
%{__mkdir_p} root/var/cache/lemonldap-ng
|
||||
%{__mkdir_p} root/var/lib/lemonldap-ng/notifications
|
||||
|
||||
%install
|
||||
/bin/rm -rf $RPM_BUILD_ROOT
|
||||
(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
|
||||
/bin/rm -f %{name}-%{version}-filelist
|
||||
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
|
||||
--dir /var/cache/lemonldap-ng 'attr(0770,root,www)' \
|
||||
--dir /var/lib/lemonldap-ng/notifications 'attr(0770,root,www)' \
|
||||
> %{name}-%{version}-filelist
|
||||
|
||||
%files -f %{name}-%{version}-filelist
|
||||
%defattr(-,root,root)
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%post
|
||||
|
||||
%preun
|
||||
|
||||
true
|
1
contriborbase
Normal file
@ -0,0 +1 @@
|
||||
contribs10
|
14
createlinks
Normal file
@ -0,0 +1,14 @@
|
||||
#!/usr/bin/perl -w
|
||||
|
||||
use esmith::Build::CreateLinks qw(:all);
|
||||
|
||||
templates2events("/etc/lemonldap-ng/lemonldap-ng.ini", qw/webapps-update bootstrap-console-save/);
|
||||
templates2events("/etc/lemonldap-ng/soap-htpasswd", qw/webapps-update bootstrap-console-save/);
|
||||
|
||||
event_link("lemonldap-init-domains", "webapps-update", "20");
|
||||
foreach my $event (qw/webapps-update network-create network-delete bootstrap-ldap-save remoteaccess-update/){
|
||||
event_link("lemonldap-update-conf", "$event", "25");
|
||||
}
|
||||
|
||||
safe_touch("root/etc/e-smith/templates/etc/lemonldap-ng/soap-htpasswd/template-begin");
|
||||
|
1
root/etc/e-smith/db/accounts/defaults/lm-reload/type
Normal file
@ -0,0 +1 @@
|
||||
url
|
@ -0,0 +1 @@
|
||||
enabled
|
@ -0,0 +1 @@
|
||||
service
|
14
root/etc/e-smith/db/configuration/migrate/90MigrateLemonLDAP
Normal file
@ -0,0 +1,14 @@
|
||||
{
|
||||
|
||||
use esmith::DomainsDB;
|
||||
my $d = esmith::DomainsDB->open() or die "Couldn't open DomainsDB\n";
|
||||
|
||||
foreach my $domain ($d->domains){
|
||||
my $llng = $domain->prop('LemonLDAP') || '';
|
||||
next unless $llng eq 'enabled';
|
||||
$domain->set_prop('Authentication', 'LemonLDAP');
|
||||
$domain->delete_prop('LemonLDAP');
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -0,0 +1,12 @@
|
||||
{
|
||||
|
||||
my $mp = $DB->get('modPerl') || $DB->new_record("modPerl", { type => "service", status => "enabled" });
|
||||
|
||||
if ( ($mp->prop('status') || 'disabled') eq 'enabled'){
|
||||
return "";
|
||||
}
|
||||
else{
|
||||
$DB->set_prop('modPerl', 'status', 'enabled');
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,13 @@
|
||||
{
|
||||
|
||||
my $rec = $DB->get('lemonldap')
|
||||
|| $DB->new_record('lemonldap', {type => 'service'});
|
||||
|
||||
my $pw = $rec->prop('SoapPassword');
|
||||
|
||||
if (not $pw){
|
||||
my $rand = `/usr/bin/openssl rand -base64 35 | tr -cd '[:alnum:]'`;
|
||||
$rec->set_prop('SoapPassword', "$rand");
|
||||
}
|
||||
|
||||
}
|
88
root/etc/e-smith/events/actions/lemonldap-init-domains
Normal file
@ -0,0 +1,88 @@
|
||||
#!/usr/bin/perl -w
|
||||
#----------------------------------------------------------------------
|
||||
# copyright (C) 2010 Firewall-Services
|
||||
# daniel@firewall-services.com
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
# Technical support for this program is available from Mitel Networks
|
||||
# Please visit our web site www.mitel.com/sme/ for details.
|
||||
#----------------------------------------------------------------------
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use esmith::DomainsDB;
|
||||
use esmith::ConfigDB;
|
||||
|
||||
my $d = esmith::DomainsDB->open or die "Couldn't open DomainsDB\n";
|
||||
my $c = esmith::ConfigDB->open_ro() or die "Couldn't open ConfigDB\n";
|
||||
|
||||
my $domain = $c->get('DomainName')->value;
|
||||
my $vhost;
|
||||
|
||||
$vhost = $d->get("sso-manager.$domain");
|
||||
|
||||
if (!$vhost){
|
||||
$d->new_record("sso-manager.$domain",{
|
||||
type => 'domain',
|
||||
Content => 'Primary',
|
||||
Description => "LemonLDAP-NG Manager",
|
||||
Nameservers => 'internet',
|
||||
TemplatePath => 'LemonLDAPManager',
|
||||
Removable => 'no',
|
||||
});
|
||||
|
||||
unless ( system("/sbin/e-smith/signal-event", "domain-create", "sso-manager.$domain") == 0 ){
|
||||
die "Failed to create domain sso-manager.$domain\n";
|
||||
}
|
||||
}
|
||||
|
||||
$vhost = $d->get("auth.$domain");
|
||||
|
||||
if (!$vhost){
|
||||
$d->new_record("auth.$domain",{
|
||||
type => 'domain',
|
||||
Content => 'Primary',
|
||||
Description => "LemonLDAP-NG Portal",
|
||||
Nameservers => 'internet',
|
||||
TemplatePath => 'LemonLDAPPortal',
|
||||
Removable => 'no',
|
||||
});
|
||||
|
||||
unless ( system("/sbin/e-smith/signal-event", "domain-create", "auth.$domain") == 0 ){
|
||||
die "Failed to create domain auth.$domain\n";
|
||||
}
|
||||
}
|
||||
|
||||
$vhost = $d->get("soapsso.$domain");
|
||||
|
||||
if (!$vhost){
|
||||
$d->new_record("soapsso.$domain",{
|
||||
type => 'domain',
|
||||
Content => 'Primary',
|
||||
Description => "LemonLDAP-NG SOAP Handler",
|
||||
Nameservers => 'internet',
|
||||
TemplatePath => 'LemonLDAPSoap',
|
||||
Removable => 'no',
|
||||
});
|
||||
|
||||
unless ( system("/sbin/e-smith/signal-event", "domain-create", "soapsso.$domain") == 0 ){
|
||||
die "Failed to create domain soapsso.$domain\n";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
exit 0;
|
||||
|
43
root/etc/e-smith/events/actions/lemonldap-update-conf
Normal file
@ -0,0 +1,43 @@
|
||||
#!/usr/bin/perl -w
|
||||
#----------------------------------------------------------------------
|
||||
# copyright (C) 2011 Firewall-Services
|
||||
# daniel@firewall-services.com
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
# Technical support for this program is available from Mitel Networks
|
||||
# Please visit our web site www.mitel.com/sme/ for details.
|
||||
#----------------------------------------------------------------------
|
||||
|
||||
use esmith::ConfigDB;
|
||||
use esmith::templates;
|
||||
|
||||
my $c = esmith::ConfigDB->open_ro or die "Error opening ConfigDB\n";
|
||||
my $llng = $c->get('lemonldap');
|
||||
|
||||
my $status = $llng->prop('status') || 'disabled';
|
||||
my $manual = $llng->prop('ManualConf') || 'disabled';
|
||||
|
||||
# Don't touch the configuration if it's set to be manual
|
||||
# or if the service is disabled
|
||||
exit (0) if ($manual eq 'enabled' or $status ne 'enabled');
|
||||
|
||||
processTemplate(
|
||||
{
|
||||
TEMPLATE_PATH => "/var/lib/lemonldap-ng/conf/lmConf",
|
||||
OUTPUT_FILENAME => "/var/lib/lemonldap-ng/conf/lmConf",
|
||||
});
|
||||
|
||||
exit (0);
|
@ -0,0 +1,3 @@
|
||||
PERMS=0640
|
||||
UID="root"
|
||||
GID="www"
|
@ -0,0 +1,3 @@
|
||||
PERMS=0640
|
||||
UID="root"
|
||||
GID="www"
|
@ -0,0 +1,3 @@
|
||||
PERMS=0640
|
||||
UID="www"
|
||||
GID="www"
|
@ -0,0 +1,34 @@
|
||||
#====================================================================
|
||||
# Apache configuration for LemonLDAP::NG Handler
|
||||
#====================================================================
|
||||
|
||||
# Load LemonLDAP::NG Handler
|
||||
PerlOptions +GlobalRequest
|
||||
PerlRequire Lemonldap/NG/Handler.pm
|
||||
|
||||
# Common error page and security parameters
|
||||
#ErrorDocument 403 http://auth.{$DomainName}/?lmError=403
|
||||
#ErrorDocument 500 http://auth.{$DomainName}/?lmError=500
|
||||
|
||||
|
||||
# Configuration reload mechanism (only 1 per physical server is
|
||||
# needed): choose your URL to avoid restarting Apache when
|
||||
# configuration change
|
||||
# Dummy Alias so apache allows access to /lm-reload
|
||||
Alias /lm-reload /etc/httpd/proxy/proxy.pac
|
||||
<Location /lm-reload>
|
||||
SSLRequireSSL on
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
Allow from {"$LocalIP $localAccess $externalSSLAccess";}
|
||||
PerlHeaderParserHandler Lemonldap::NG::Handler->refresh
|
||||
</Location>
|
||||
|
||||
# Uncomment this to activate status module
|
||||
#<Location /status>
|
||||
# Order deny,allow
|
||||
# Deny from all
|
||||
# Allow from 127.0.0.0/8
|
||||
# PerlHeaderParserHandler Lemonldap::NG::Handler->status
|
||||
#</Location>
|
||||
|
@ -0,0 +1,10 @@
|
||||
{
|
||||
use esmith::DomainsDB;
|
||||
# Convert the passed hash for the domain object back into an object.
|
||||
$domain = bless \%domain, 'esmith::DB::db::Record';
|
||||
|
||||
# Make scalars from some of the properties of the domain
|
||||
$virtualHost = $domain->key;
|
||||
$OUT = "";
|
||||
}
|
||||
|
@ -0,0 +1 @@
|
||||
ServerName {$virtualHost}
|
@ -0,0 +1,114 @@
|
||||
{
|
||||
|
||||
use esmith::util;
|
||||
|
||||
if ( $port ne ($modSSL{'TCPPort'} || '443')){
|
||||
$OUT .=<<"EOF";
|
||||
|
||||
#====================================================================
|
||||
# HTTPS redirection for LemonLDAP::NG Manager
|
||||
#====================================================================
|
||||
|
||||
RewriteEngine on
|
||||
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
|
||||
RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 \[L,R\]
|
||||
EOF
|
||||
}
|
||||
else{
|
||||
my $authtype = $lemonldap{'ManagerAuth'} || 'basic';
|
||||
my $auth = '';
|
||||
my $base = esmith::util::ldapBase($DomainName);
|
||||
|
||||
unless ( $authtype eq 'self' ) {
|
||||
$auth = "AuthName 'LemonLDAP NG Manager Interface'\n" .
|
||||
" AuthType Basic\n" .
|
||||
" AuthBasicProvider ldap\n" .
|
||||
" AuthLDAPURL ldap://localhost/ou=Users,$base?uid\n" .
|
||||
" AuthLDAPGroupAttribute memberUid\n" .
|
||||
" AuthLDAPGroupAttributeIsDN off\n" .
|
||||
" require ldap-user admin";
|
||||
}
|
||||
|
||||
$OUT .=<<"EOF";
|
||||
|
||||
SSLEngine On
|
||||
|
||||
PerlOptions +Parent
|
||||
|
||||
#====================================================================
|
||||
# Apache configuration for LemonLDAP::NG Manager
|
||||
#====================================================================
|
||||
|
||||
# DocumentRoot
|
||||
DocumentRoot /var/lib/lemonldap-ng/manager/
|
||||
<Directory /var/lib/lemonldap-ng/manager/>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
Allow from $localAccess $externalSSLAccess
|
||||
Options +ExecCGI +FollowSymlinks
|
||||
$auth
|
||||
Satisfy all
|
||||
</Directory>
|
||||
|
||||
# On-line documentation
|
||||
Alias /doc/ /var/lib/lemonldap-ng/doc/
|
||||
Alias /fr-doc/ /var/lib/lemonldap-ng/fr-doc/
|
||||
Alias /lib/ /var/lib/lemonldap-ng/doc/lib/
|
||||
<Directory /var/lib/lemonldap-ng/doc/>
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
ErrorDocument 404 /notfound.html
|
||||
Options +FollowSymlinks
|
||||
DirectoryIndex index.pl index.html
|
||||
</Directory>
|
||||
<Directory /var/lib/lemonldap-ng/fr-doc/>
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
ErrorDocument 404 /notfound.html
|
||||
Options +FollowSymlinks
|
||||
DirectoryIndex index.pl index.html
|
||||
</Directory>
|
||||
|
||||
# Perl script
|
||||
# Note: to avoid manager stay in memory, we don't use ModPerl::Registry
|
||||
# by default. Change this to increase manager performances
|
||||
<Files *.pl>
|
||||
#SetHandler cgi-script
|
||||
SetHandler perl-script
|
||||
PerlResponseHandler ModPerl::Registry
|
||||
</Files>
|
||||
|
||||
# Directory index
|
||||
<IfModule mod_dir.c>
|
||||
DirectoryIndex index.pl index.html
|
||||
</IfModule>
|
||||
|
||||
<Location />
|
||||
<IfModule mod_deflate.c>
|
||||
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
|
||||
SetOutputFilter DEFLATE
|
||||
BrowserMatch ^Mozilla/4 gzip-only-text/html
|
||||
BrowserMatch ^Mozilla/4\.0[678] no-gzip
|
||||
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
|
||||
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)\$ no-gzip dont-vary
|
||||
</IfModule>
|
||||
<IfModule mod_headers.c>
|
||||
Header append Vary User-Agent env=!dont-vary
|
||||
</IfModule>
|
||||
</Location>
|
||||
<Location /doc/>
|
||||
<IfModule mod_expires.c>
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 month"
|
||||
</IfModule>
|
||||
</Location>
|
||||
<Location /skins/>
|
||||
<IfModule mod_expires.c>
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 month"
|
||||
</IfModule>
|
||||
</Location>
|
||||
EOF
|
||||
}
|
||||
}
|
||||
|
@ -0,0 +1,2 @@
|
||||
|
||||
<VirtualHost {$ipAddress}:{$port}>
|
@ -0,0 +1,2 @@
|
||||
</VirtualHost>
|
||||
|
@ -0,0 +1,10 @@
|
||||
{
|
||||
use esmith::DomainsDB;
|
||||
# Convert the passed hash for the domain object back into an object.
|
||||
$domain = bless \%domain, 'esmith::DB::db::Record';
|
||||
|
||||
# Make scalars from some of the properties of the domain
|
||||
$virtualHost = $domain->key;
|
||||
$OUT = "";
|
||||
}
|
||||
|
@ -0,0 +1 @@
|
||||
ServerName {$virtualHost}
|
@ -0,0 +1,133 @@
|
||||
{
|
||||
|
||||
use esmith::AccountsDB;
|
||||
my $a = esmith::AccountsDB->open_ro() or die "Couldn't open AccountsDB\n";
|
||||
|
||||
if ( $port ne ($modSSL{'TCPPort'} || '443')){
|
||||
$OUT .=<<"EOF";
|
||||
|
||||
#====================================================================
|
||||
# HTTPS redirection for LemonLDAP::NG Portal
|
||||
#====================================================================
|
||||
|
||||
RewriteEngine on
|
||||
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
|
||||
RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 \[L,R\]
|
||||
|
||||
EOF
|
||||
}
|
||||
else{
|
||||
|
||||
# SSL Authentication
|
||||
my $SSLAuth = $lemonldap{'SSLAuth'} || 'disabled';
|
||||
my $sslDirectives = ' # SSL Auth is disabled';
|
||||
my $sogoWorkArround = '';
|
||||
if ((-e '/etc/pki/tls/certs/cacert.pem') &&
|
||||
($SSLAuth =~ m/^(require)|(optional)$/)) {
|
||||
$sslDirectives =<<"HERE";
|
||||
<LocationMatch "^/(\$|\\?url=.*|cas/login.*)">
|
||||
SSLVerifyClient $SSLAuth
|
||||
SSLVerifyDepth 1
|
||||
SSLOptions +StdEnvVars
|
||||
SSLUserName SSL_CLIENT_S_DN_CN
|
||||
</LocationMatch>
|
||||
HERE
|
||||
}
|
||||
if (-e '/usr/lib/perl5/site_perl/Apache/FilterChangeLength.pm' ||
|
||||
-e '/usr/share/perl5/vendor_perl/Apache/FilterChangeLength.pm'){
|
||||
# Looks like iPasserelle groupware is installed
|
||||
# SOPE doesn't supports chunked encoding
|
||||
# the following makes it happy
|
||||
# see http://sogo.nu/bugs/view.php?id=2408
|
||||
$sogoWorkArround =<<"HERE";
|
||||
<Location /cas>
|
||||
BrowserMatch "SOPE/" downgrade-1.0
|
||||
PerlOutputFilterHandler Apache::FilterChangeLength
|
||||
Header set Access-Control-Allow-Origin '*'
|
||||
</Location>
|
||||
HERE
|
||||
}
|
||||
|
||||
$OUT .=<<"EOF";
|
||||
|
||||
SSLEngine On
|
||||
|
||||
PerlOptions +Parent
|
||||
|
||||
#====================================================================
|
||||
# Apache configuration for LemonLDAP::NG Portal
|
||||
#====================================================================
|
||||
|
||||
# DocumentRoot
|
||||
DocumentRoot /var/lib/lemonldap-ng/portal/
|
||||
|
||||
<Perl>
|
||||
require Lemonldap::NG::Portal::SharedConf;
|
||||
Lemonldap::NG::Portal::SharedConf->compile(
|
||||
qw(delete header cache read_from_client cookie redirect unescapeHTML));
|
||||
# Uncomment this line if you use Lemonldap::NG menu
|
||||
require Lemonldap::NG::Portal::Menu;
|
||||
</Perl>
|
||||
|
||||
<Directory /var/lib/lemonldap-ng/portal/>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
Options +ExecCGI +FollowSymlinks
|
||||
</Directory>
|
||||
$sslDirectives
|
||||
$sogoWorkArround
|
||||
|
||||
# Perl script
|
||||
<Files *.pl>
|
||||
SetHandler perl-script
|
||||
PerlResponseHandler ModPerl::Registry
|
||||
</Files>
|
||||
|
||||
<IfModule mod_dir.c>
|
||||
DirectoryIndex index.pl index.html
|
||||
</IfModule>
|
||||
|
||||
# SAML2 Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
RewriteRule ^/saml/metadata /metadata.pl
|
||||
RewriteRule ^/saml/.* /index.pl
|
||||
</IfModule>
|
||||
|
||||
# CAS Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
RewriteRule ^/cas/.* /index.pl
|
||||
</IfModule>
|
||||
|
||||
# OpenID Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
RewriteRule ^/openidserver/.* /index.pl
|
||||
</IfModule>
|
||||
|
||||
<Location />
|
||||
<IfModule mod_deflate.c>
|
||||
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
|
||||
SetOutputFilter DEFLATE
|
||||
BrowserMatch ^Mozilla/4 gzip-only-text/html
|
||||
BrowserMatch ^Mozilla/4\.0[678] no-gzip
|
||||
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
|
||||
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)\$ no-gzip dont-vary
|
||||
</IfModule>
|
||||
<IfModule mod_headers.c>
|
||||
Header append Vary User-Agent env=!dont-vary
|
||||
</IfModule>
|
||||
</Location>
|
||||
<Location /skins/>
|
||||
<IfModule mod_expires.c>
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 month"
|
||||
</IfModule>
|
||||
</Location>
|
||||
|
||||
EOF
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -0,0 +1,2 @@
|
||||
|
||||
<VirtualHost {$ipAddress}:{$port}>
|
@ -0,0 +1,2 @@
|
||||
</VirtualHost>
|
||||
|
@ -0,0 +1,10 @@
|
||||
{
|
||||
use esmith::DomainsDB;
|
||||
# Convert the passed hash for the domain object back into an object.
|
||||
$domain = bless \%domain, 'esmith::DB::db::Record';
|
||||
|
||||
# Make scalars from some of the properties of the domain
|
||||
$virtualHost = $domain->key;
|
||||
$OUT = "";
|
||||
}
|
||||
|
@ -0,0 +1 @@
|
||||
ServerName {$virtualHost}
|
@ -0,0 +1,120 @@
|
||||
{
|
||||
|
||||
use esmith::AccountsDB;
|
||||
my $a = esmith::AccountsDB->open_ro() or die "Couldn't open AccountsDB\n";
|
||||
|
||||
if ( $port ne ($modSSL{'TCPPort'} || '443')){
|
||||
$OUT .=<<"EOF";
|
||||
|
||||
#====================================================================
|
||||
# HTTPS redirection for LemonLDAP::NG Portal
|
||||
#====================================================================
|
||||
|
||||
RewriteEngine on
|
||||
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
|
||||
RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 \[L,R\]
|
||||
|
||||
EOF
|
||||
}
|
||||
else{
|
||||
my $soapAllow = join (" ", split(/[;,]/, ($lemonldap{'SoapAllowFrom'} || '')));
|
||||
$soapAllow = ( $soapAllow eq '' ) ? '' : "Allow from $soapAllow\n ";
|
||||
my $soapPassword = $lemonldap{'SoapPassword'} || '';
|
||||
$soapAllow .= ($soapPassword eq '') ? '' :
|
||||
'AuthName "LemonLDAP SOAP interface"' . "\n " .
|
||||
'AuthType Basic' . "\n " .
|
||||
'AuthBasicProvider file' . "\n " .
|
||||
'AuthUserFile /etc/lemonldap-ng/soap-htpasswd' . "\n " .
|
||||
'Require valid-user' . "\n " .
|
||||
'Satisfy all';
|
||||
|
||||
$OUT .=<<"EOF";
|
||||
|
||||
SSLEngine On
|
||||
|
||||
PerlOptions +Parent
|
||||
|
||||
#====================================================================
|
||||
# Apache configuration for LemonLDAP::NG Portal
|
||||
#====================================================================
|
||||
|
||||
# DocumentRoot
|
||||
DocumentRoot /var/lib/lemonldap-ng/portal/
|
||||
|
||||
<Perl>
|
||||
require Lemonldap::NG::Portal::SharedConf;
|
||||
Lemonldap::NG::Portal::SharedConf->compile(
|
||||
qw(delete header cache read_from_client cookie redirect unescapeHTML));
|
||||
# Uncomment this line if you use portal SOAP capabilities
|
||||
require SOAP::Lite;
|
||||
</Perl>
|
||||
|
||||
<Directory /var/lib/lemonldap-ng/portal/>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
Options +ExecCGI +FollowSymlinks
|
||||
</Directory>
|
||||
|
||||
# Perl script
|
||||
<Files *.pl>
|
||||
SetHandler perl-script
|
||||
PerlResponseHandler ModPerl::Registry
|
||||
</Files>
|
||||
|
||||
<IfModule mod_dir.c>
|
||||
DirectoryIndex index.pl index.html
|
||||
</IfModule>
|
||||
|
||||
# SOAP functions for sessions management (disabled by default)
|
||||
<Location /index.pl/adminSessions>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
$soapAllow
|
||||
</Location>
|
||||
|
||||
# SOAP functions for sessions access (disabled by default)
|
||||
<Location /index.pl/sessions>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
$soapAllow
|
||||
</Location>
|
||||
|
||||
# SOAP functions for configuration access (disabled by default)
|
||||
<Location /index.pl/config>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
$soapAllow
|
||||
</Location>
|
||||
|
||||
# SOAP functions for notification insertion (disabled by default)
|
||||
<Location /index.pl/notification>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
$soapAllow
|
||||
</Location>
|
||||
|
||||
<Location />
|
||||
<IfModule mod_deflate.c>
|
||||
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
|
||||
SetOutputFilter DEFLATE
|
||||
BrowserMatch ^Mozilla/4 gzip-only-text/html
|
||||
BrowserMatch ^Mozilla/4\.0[678] no-gzip
|
||||
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
|
||||
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)\$ no-gzip dont-vary
|
||||
</IfModule>
|
||||
<IfModule mod_headers.c>
|
||||
Header append Vary User-Agent env=!dont-vary
|
||||
</IfModule>
|
||||
</Location>
|
||||
<Location /skins/>
|
||||
<IfModule mod_expires.c>
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 month"
|
||||
</IfModule>
|
||||
</Location>
|
||||
|
||||
EOF
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -0,0 +1,2 @@
|
||||
|
||||
<VirtualHost {$ipAddress}:{$port}>
|
@ -0,0 +1,2 @@
|
||||
</VirtualHost>
|
||||
|
@ -0,0 +1,21 @@
|
||||
{
|
||||
|
||||
my $auth = $domain->prop('Authentication') || 'none';
|
||||
|
||||
if (($modSSL{'TCPPort'} || '443') eq $port){
|
||||
if ($auth eq 'LemonLDAP'){
|
||||
$OUT .= " # This virtualhost is configured to be protected by LemonLDAP NG\n" .
|
||||
" PerlHeaderParserHandler Lemonldap::NG::Handler\n" .
|
||||
" ErrorDocument 403 https://auth.$DomainName/?lmError=403\n" .
|
||||
" ErrorDocument 500 https://auth.$DomainName/?lmError=500\n";
|
||||
if (($domain->prop('LemonLDAPMenu') || 'disabled') eq 'enabled'){
|
||||
$OUT .= " PerlOutputFilterHandler Lemonldap::NG::Handler::Menu\n";
|
||||
}
|
||||
}
|
||||
elsif ($auth eq 'LemonLDAPBasic'){
|
||||
$OUT .= " # This virtualhost is configured to be protected by LemonLDAP NG (basic auth)\n" .
|
||||
" PerlHeaderParserHandler Lemonldap::NG::Handler::Specific::AuthBasic\n";
|
||||
}
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,21 @@
|
||||
{
|
||||
|
||||
my $auth = $domain->prop('Authentication') || 'none';
|
||||
|
||||
if (($modSSL{'TCPPort'} || '443') eq $port){
|
||||
if ($auth eq 'LemonLDAP'){
|
||||
$OUT .= " # This virtualhost is configured to be protected by LemonLDAP NG\n" .
|
||||
" PerlHeaderParserHandler Lemonldap::NG::Handler\n" .
|
||||
" ErrorDocument 403 https://auth.$DomainName/?lmError=403\n" .
|
||||
" ErrorDocument 500 https://auth.$DomainName/?lmError=500\n";
|
||||
if (($domain->prop('LemonLDAPMenu') || 'disabled') eq 'enabled'){
|
||||
$OUT .= " PerlOutputFilterHandler Lemonldap::NG::Handler::Menu\n";
|
||||
}
|
||||
}
|
||||
elsif ($auth eq 'LemonLDAPBasic'){
|
||||
$OUT .= " # This virtualhost is configured to be protected by LemonLDAP NG (basic auth)\n" .
|
||||
" PerlHeaderParserHandler Lemonldap::NG::Handler::Specific::AuthBasic\n";
|
||||
}
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,19 @@
|
||||
#==============================================================================
|
||||
# LemonLDAP::NG local configuration parameters
|
||||
#
|
||||
# This file is dedicated to configuration parameters override
|
||||
# You can set here configuration parameters that will be used only by
|
||||
# local LemonLDAP::NG elements
|
||||
#
|
||||
# Section "all" is always read first before "portal", "handler"
|
||||
# and "manager"
|
||||
#
|
||||
# Section "configuration" is used to load global configuration and set cache
|
||||
# (replace old storage.conf file)
|
||||
#
|
||||
# Section "apply" is read by Manager to reload handlers
|
||||
# (replace old apply.conf file)
|
||||
#
|
||||
# Other section are only read by the specific LemonLDAP::NG component
|
||||
#==============================================================================
|
||||
|
@ -0,0 +1,7 @@
|
||||
|
||||
[all]
|
||||
globalStorage = Apache::Session::File
|
||||
globalStorageOptions = \{ 'Directory' => '/var/lib/lemonldap-ng/sessions/', 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/', \}
|
||||
localSessionStorage=Cache::FileCache
|
||||
localSessionStorageOptions=\{ 'namespace' => 'sessions', 'default_expires_in' => '600', 'directory_umask' => '007', 'cache_root' => '/var/cache/lemonldap-ng', 'cache_depth' => 3, \}
|
||||
|
@ -0,0 +1,11 @@
|
||||
|
||||
[configuration]
|
||||
|
||||
type=File
|
||||
dirName = /var/lib/lemonldap-ng/conf
|
||||
globalStorageOptions=\{ 'generateModule' => 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256' \}
|
||||
|
||||
localStorage=Cache::FileCache
|
||||
localStorageOptions=\{ 'namespace' => 'localcache', 'default_expires_in' => 600, 'directory_umask' => '007', 'cache_root' => '/var/cache/lemonldap-ng', 'cache_depth' => 5, \}
|
||||
|
||||
|
@ -0,0 +1,11 @@
|
||||
[apply]
|
||||
|
||||
{"$SystemName.$DomainName";} = https://{"$SystemName.$DomainName";}/lm-reload
|
||||
|
||||
{
|
||||
|
||||
foreach my $srv (split(/[;,]/, ($lemonldap{'Reload'} || ''))){
|
||||
my ($name,$url) = split(/=/, $srv);
|
||||
$OUT .= "$name = $url\n";
|
||||
}
|
||||
}
|
@ -0,0 +1,10 @@
|
||||
|
||||
[manager]
|
||||
{
|
||||
$OUT .= (($lemonldap{'ManagerAuth'} || 'basic') eq 'self') ?
|
||||
'protection = manager' : '';
|
||||
}
|
||||
|
||||
[sessionsExplorer]
|
||||
|
||||
|
@ -0,0 +1,6 @@
|
||||
[handler]
|
||||
|
||||
https = 1
|
||||
status = 0
|
||||
useRedirectOnError = 1
|
||||
|
@ -0,0 +1,3 @@
|
||||
|
||||
[portal]
|
||||
|
@ -0,0 +1,6 @@
|
||||
{
|
||||
my $pw = $lemonldap{'SoapPassword'} || 'secret';
|
||||
my $res = `/usr/bin/htpasswd -bnm lemonsoap $pw`;
|
||||
chomp($res);
|
||||
$OUT .= $res;
|
||||
}
|
@ -0,0 +1,31 @@
|
||||
{
|
||||
use esmith::ConfigDB;
|
||||
use esmith::DomainsDB;
|
||||
use esmith::NetworksDB;
|
||||
use esmith::util;
|
||||
use Lemonldap::NG::Common::Conf;
|
||||
|
||||
$c = esmith::ConfigDB->open_ro or die "Error opening ConfigDB\n";
|
||||
$d = esmith::DomainsDB->open_ro or die "Error opening DomainsDB\n";
|
||||
$n = esmith::NetworksDB->open_ro or die "Error opening NetworksDB\n";
|
||||
$domain = $c->get('DomainName')->value;
|
||||
$host = $c->get('SystemName')->value;
|
||||
$base = esmith::util::ldapBase ($domain);
|
||||
$ldap = $c->get('ldap') || die "Error reading ldap service entry\n";
|
||||
$port = $ldap->prop('TCPPort') || '389';
|
||||
$llng = $c->get('lemonldap');
|
||||
|
||||
$manual = $llng->prop('ManualConf') || 'disabled';
|
||||
|
||||
$confAccess = new Lemonldap::NG::Common::Conf(
|
||||
{
|
||||
type=>'File',
|
||||
dirName=>"/var/lib/lemonldap-ng/conf",
|
||||
},
|
||||
) or die "Unable to build Lemonldap::NG::Common::Conf, see Apache logs\n";
|
||||
|
||||
$conf = $confAccess->getConf();
|
||||
|
||||
$OUT = '';
|
||||
|
||||
}
|
@ -0,0 +1,15 @@
|
||||
{
|
||||
|
||||
# Global parameters
|
||||
$conf->{'domain'} = "$domain";
|
||||
$conf->{'portal'} = "https://auth.$domain/";
|
||||
$conf->{'storePassword'} = '0';
|
||||
$conf->{'portalUserAttr'} = 'cn' if (($conf->{'portalUserAttr'} || '_user') eq "_user");
|
||||
$conf->{'portalDisplayChangePassword'} = '0';
|
||||
$conf->{'syslog'} = 'auth';
|
||||
$conf->{'https'} = '1';
|
||||
$conf->{'port'} = '443';
|
||||
|
||||
$OUT .= '';
|
||||
|
||||
}
|
@ -0,0 +1,17 @@
|
||||
{
|
||||
|
||||
# LDAP parameters
|
||||
$conf->{'passwordDB'} = 'LDAP';
|
||||
$conf->{'userDB'} = 'LDAP';
|
||||
$conf->{'ldapServer'} = 'localhost';
|
||||
$conf->{'ldapPort'} = "$port";
|
||||
$conf->{'ldapVersion'} = '3';
|
||||
$conf->{'ldapBase'} = "ou=Users,$base";
|
||||
$conf->{'ldapGroupBase'} = "ou=Groups,$base";
|
||||
$conf->{'ldapGroupAttributeNameUser'} = 'uid';
|
||||
$conf->{'ldapGroupAttributeNameSearch'} = 'cn';
|
||||
$conf->{'ldapGroupAttributeName'} = 'memberUid';
|
||||
$conf->{'ldapGroupObjectClass'} = 'mailboxRelatedObject';
|
||||
|
||||
$OUT .= '';
|
||||
}
|
@ -0,0 +1,19 @@
|
||||
{
|
||||
|
||||
# SOAP
|
||||
if (($llng->prop('SoapAllowFrom') || '') ne ''){
|
||||
my $password = $llng->prop('SoapPassword') || 'secret';
|
||||
$conf->{'Soap'} = '1';
|
||||
$conf->{'globalStorage'} = 'Lemonldap::NG::Common::Apache::Session::SOAP';
|
||||
$conf->{'globalStorageOptions'} = {
|
||||
proxy => "https://lemonsoap:$password\@soapsso.$domain/index.pl/sessions",
|
||||
generateModule => 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256'
|
||||
};
|
||||
}
|
||||
else {
|
||||
$conf->{'Soap'} = '0';
|
||||
}
|
||||
|
||||
$OUT = '';
|
||||
|
||||
}
|
@ -0,0 +1,34 @@
|
||||
{
|
||||
|
||||
# SSL Auth
|
||||
my $ssl = $llng->prop('SSLAuth') || '';
|
||||
|
||||
if ($ssl eq 'optional' || $ssl eq 'require'){
|
||||
# SSL Auth is enabled
|
||||
# Configure common attributes
|
||||
$conf->{'SSLLDAPField'} = 'uid';
|
||||
$conf->{'SSLVar'} = 'SSL_CLIENT_S_DN_CN';
|
||||
$conf->{'SSLRequire'} = '1';
|
||||
|
||||
if ($ssl eq 'optional'){
|
||||
$conf->{'authentication'} = 'Multi SSL;LDAP';
|
||||
}
|
||||
else{
|
||||
$conf->{'authentication'} = 'SSL';
|
||||
}
|
||||
}
|
||||
else{
|
||||
$conf->{'authentication'} = 'LDAP';
|
||||
}
|
||||
|
||||
# Enable CAS issuer DB
|
||||
$conf->{'issuerDBCASActivation'} = 1;
|
||||
|
||||
# default cookie settings
|
||||
$conf->{'securedCookie'} = 1 unless ($conf->{'securedCookie'});
|
||||
$conf->{'httpOnly'} = 1 unless ($conf->{'httpOnly'});
|
||||
|
||||
|
||||
$OUT = '';
|
||||
|
||||
}
|
@ -0,0 +1,45 @@
|
||||
{
|
||||
|
||||
my $reg = '$ipAddr =~ /^';
|
||||
|
||||
# Build a regexp to check if the client IP
|
||||
# is part of a local network
|
||||
# Then, we can easily use this macro to restrict
|
||||
# access to local networks on some applications
|
||||
my @net = ();
|
||||
|
||||
foreach my $net ($n->networks){
|
||||
my $addr = $net->key;
|
||||
my $mask = $net->prop('Mask') || '255.255.255.255';
|
||||
foreach (esmith::util::computeAllLocalNetworkPrefixes($addr,$mask)){
|
||||
push @net, "($_)";
|
||||
}
|
||||
}
|
||||
|
||||
$reg .= join('|', @net);
|
||||
$reg .= '/';
|
||||
$reg =~ s/\./\\\./g;
|
||||
|
||||
$conf->{'macros'}->{'localAccess'} = '(' . $reg . ") ? '1':'0'";
|
||||
|
||||
$reg = '$ipAddr =~ /^';
|
||||
@net = ();
|
||||
|
||||
# Do the same for extenal SSL access
|
||||
foreach my $net (split(/[;,]/,(${'httpd-admin'}{'ValidFrom'} || ''))){
|
||||
my ($addr,$mask) = split(/\//,$net);
|
||||
foreach (esmith::util::computeAllLocalNetworkPrefixes($addr,$mask)){
|
||||
push @net, "($_)";
|
||||
}
|
||||
}
|
||||
|
||||
$reg .= join('|', @net);
|
||||
$reg .= '/';
|
||||
$reg =~ s/\./\\\./g;
|
||||
|
||||
$conf->{'macros'}->{'externalSSLAccess'} = '(' . $reg . ") ? '1':'0'";
|
||||
|
||||
$OUT = '';
|
||||
|
||||
}
|
||||
|
@ -0,0 +1,10 @@
|
||||
{
|
||||
|
||||
if (($conf->{'notification'} || '0') eq '1'){
|
||||
$conf->{'notificationStorage'} = 'File';
|
||||
$conf->{'notificationStorageOptions'} = {
|
||||
'dirName' => '/var/lib/lemonldap-ng/notifications'
|
||||
},
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,9 @@
|
||||
{
|
||||
|
||||
# Portal elements
|
||||
$conf->{'portalDisplayRegister'} = 0;
|
||||
$conf->{'portalDisplayResetPassword'} = 0;
|
||||
|
||||
$OUT = '';
|
||||
|
||||
}
|
@ -0,0 +1,16 @@
|
||||
{
|
||||
|
||||
# Now, update the configuration
|
||||
my $num = $confAccess->saveConf($conf);
|
||||
|
||||
if ($num > 0){
|
||||
esmith::util::chownFile('www', 'www', "/var/lib/lemonldap-ng/conf/lmConf-$num");
|
||||
chmod 0660, "/var/lib/lemonldap-ng/conf/lmConf-$num";
|
||||
}
|
||||
else {
|
||||
die "An error occured saving LemonLDAP::NG configuration: $num\n";
|
||||
}
|
||||
|
||||
$OUT = '# This is just a dummy config file';
|
||||
|
||||
}
|
After Width: | Height: | Size: 2.0 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/backup.png
Normal file
After Width: | Height: | Size: 3.6 KiB |
After Width: | Height: | Size: 1.2 KiB |
After Width: | Height: | Size: 2.6 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/camera.png
Normal file
After Width: | Height: | Size: 2.0 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/dl.png
Normal file
After Width: | Height: | Size: 860 B |
After Width: | Height: | Size: 4.2 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/freepbx.png
Normal file
After Width: | Height: | Size: 1.6 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/glpi.png
Normal file
After Width: | Height: | Size: 3.2 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/jappix.png
Normal file
After Width: | Height: | Size: 1.5 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/jenkins.png
Normal file
After Width: | Height: | Size: 3.3 KiB |
After Width: | Height: | Size: 1.5 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/mailman.png
Normal file
After Width: | Height: | Size: 1.9 KiB |
After Width: | Height: | Size: 2.7 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/nagios.png
Normal file
After Width: | Height: | Size: 2.5 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/ntop.png
Normal file
After Width: | Height: | Size: 1.4 KiB |
After Width: | Height: | Size: 3.6 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/pda.png
Normal file
After Width: | Height: | Size: 2.2 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/pfsense.png
Normal file
After Width: | Height: | Size: 3.3 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/phplist.png
Normal file
After Width: | Height: | Size: 1.5 KiB |
After Width: | Height: | Size: 3.7 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/power.png
Normal file
After Width: | Height: | Size: 2.0 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/pydio.png
Normal file
After Width: | Height: | Size: 709 B |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/rdv.png
Normal file
After Width: | Height: | Size: 2.5 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/redmine.png
Normal file
After Width: | Height: | Size: 3.1 KiB |
After Width: | Height: | Size: 3.0 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/survey.png
Normal file
After Width: | Height: | Size: 1.5 KiB |
After Width: | Height: | Size: 1.6 KiB |
After Width: | Height: | Size: 2.8 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/ttrss.png
Normal file
After Width: | Height: | Size: 2.3 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/zabbix.png
Normal file
After Width: | Height: | Size: 2.7 KiB |
211
smeserver-lemonldap-ng.spec
Normal file
@ -0,0 +1,211 @@
|
||||
# Authority: vip-ire
|
||||
# Name: Daniel Berteaud
|
||||
|
||||
Summary: LemonLDAP NG is a web SSO solution
|
||||
%define name smeserver-lemonldap-ng
|
||||
Name: %{name}
|
||||
%define version 0.2.19
|
||||
%define release 2
|
||||
Version: 0.2.20
|
||||
Release: 1%{?dist}
|
||||
License: GPL
|
||||
Group: SME Server
|
||||
Source: %{name}-%{version}.tar.xz
|
||||
|
||||
BuildArchitectures: noarch
|
||||
|
||||
BuildRequires: e-smith-devtools
|
||||
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
|
||||
|
||||
Requires: e-smith-base >= 5.2.0-56
|
||||
Requires: e-smith-ldap
|
||||
Requires: smeserver-webapps-common >= 0.1-8
|
||||
Requires: lemonldap-ng >= 1.4.1
|
||||
Requires: lemonldap-ng-fr-doc
|
||||
Requires: perl(Authen::Captcha)
|
||||
|
||||
%description
|
||||
This package contains all the needed scripts and templates
|
||||
to run LemonLDAP NG on your SME Server. It uses LDAP as authentication source
|
||||
but can also use SSL auth (either optional with a fallback to LDAP, or SSL required)
|
||||
|
||||
%changelog
|
||||
* Sat Sep 07 2024 cvs2git.sh aka Brian Read <brianr@koozali.org> 0.2.19-2.sme
|
||||
- Roll up patches and move to git repo [SME: 12338]
|
||||
|
||||
* Sat Sep 07 2024 BogusDateBot
|
||||
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
|
||||
by assuming the date is correct and changing the weekday.
|
||||
|
||||
* Tue Sep 03 2019 Daniel Berteaud <daniel@firewall-services.com> 0.2.20-1
|
||||
- Bump version
|
||||
|
||||
* Tue Sep 03 2019 Daniel Berteaud <daniel@firewall-services.com> 0.2.19-1
|
||||
- new package built with tito
|
||||
|
||||
* Wed Feb 15 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.19-1.sme
|
||||
- Set Access-Control-Allow-Origin on CAS endpoint, need for ticket renew in SOGo
|
||||
|
||||
* Mon Jan 9 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.18-1.sme
|
||||
- Update httpd template to read the Authentication prop of domain to load
|
||||
Lemonldap::NG handler
|
||||
|
||||
* Wed Dec 7 2016 Daniel Berteaud <daniel@firewall-services.com> 0.2.17-1.sme
|
||||
- Replace My::Package with Lemonldap::NG::Handler in default vhost templates
|
||||
|
||||
* Sat Jan 23 2016 Daniel Berteaud <daniel@firewall-services.com> 0.2.16-1.sme
|
||||
- Don't redirect to https for acme challenges
|
||||
|
||||
* Wed Oct 14 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.15-1.sme
|
||||
- Fix DL icon size
|
||||
|
||||
* Fri Sep 5 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.14-1.sme
|
||||
- Define localSessionStorage to prevent clashes between handlers
|
||||
|
||||
* Wed Jul 30 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.13-1.sme
|
||||
- Add icons for mailman and phplist
|
||||
|
||||
* Tue Jul 1 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.12-1.sme
|
||||
- Adapt for LL::NG 1.4.1 (1.4.0 was too buggy)
|
||||
|
||||
* Wed Dec 11 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.11-1.sme
|
||||
- Add an icon for DL
|
||||
|
||||
* Wed Nov 20 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.10-1.sme
|
||||
- Add an icon for pydio
|
||||
|
||||
* Mon Nov 18 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.9-1.sme
|
||||
- Add two new icons (rdv.png and survey.png)
|
||||
|
||||
* Wed Nov 13 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.8-1.sme
|
||||
- compatibility with SME9 (perl lib path)
|
||||
|
||||
* Mon Nov 4 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.7-1.sme
|
||||
- Requires perl(Authen::Captcha) for LL::NG 1.3.0
|
||||
|
||||
* Tue Sep 17 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.6-1.sme
|
||||
- Small modifications to support SOGo CAS auth
|
||||
- Enable CAS auth
|
||||
|
||||
* Wed Aug 21 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.5-1.sme
|
||||
- Move custom icons to the correct directory
|
||||
|
||||
* Wed Aug 21 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.4-1.sme
|
||||
- Add custom icons for the portal
|
||||
|
||||
* Tue Sep 4 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.3-1.sme
|
||||
- Use Authentication prop instead of LemonLDAP
|
||||
|
||||
* Wed Jun 20 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.2-1.sme
|
||||
- Redirect to HTTPS on port 443
|
||||
|
||||
* Wed Jun 20 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.1-1.sme
|
||||
- Add optional floating menu per vhost
|
||||
|
||||
* Wed Jun 20 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.0-1.sme
|
||||
- Import in GIT
|
||||
- Remove the grantSessionRule param
|
||||
- Log via syslog (auth)
|
||||
|
||||
* Mon Dec 19 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-22.sme
|
||||
- Change SSL Auth to work with LocationMatch, so CAS proxy can work with
|
||||
SSL Auth enabled
|
||||
|
||||
* Wed Jul 13 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-21.sme
|
||||
- Disable password reset form
|
||||
|
||||
* Wed Jul 13 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-20.sme
|
||||
- Fix uninitilized values in lemonldap conf templates
|
||||
|
||||
* Mon Jul 11 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-19.sme
|
||||
- reserve /lm-reload
|
||||
|
||||
* Sun Jul 10 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-18.sme
|
||||
- Fix notification check
|
||||
|
||||
* Sat Jul 09 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-17.sme
|
||||
- Don't force notifications on
|
||||
|
||||
* Fri Jul 08 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-16.sme
|
||||
- Enable and configure notifications
|
||||
|
||||
* Thu Jun 30 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-15.sme
|
||||
- Manage some configuration from the DB
|
||||
|
||||
* Fri Mar 11 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-14.sme
|
||||
- Make LemonLDAP compatible with ocsinventory-ng
|
||||
|
||||
* Mon Mar 7 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-13.sme
|
||||
- Add support for SSL Auth on the portal
|
||||
- Use a separated vhost for SOAP requests
|
||||
|
||||
* Tue Feb 1 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-12.sme
|
||||
- Requires recent version of smeserver-webapps-common
|
||||
- Switch to LDAP based auth to protect the manager
|
||||
|
||||
* Tue Jan 25 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-11.sme
|
||||
- Fix a spacing issue in httpd templates
|
||||
|
||||
* Fri Jan 21 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-10.sme
|
||||
- Add SSLEngine directives in https virtualhosts
|
||||
|
||||
* Fri Jan 21 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-9.sme
|
||||
- Fix empty SoapPassword
|
||||
|
||||
* Thu Jan 06 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-8.sme
|
||||
- Fix Soap ressources authentication
|
||||
|
||||
* Mon Jan 03 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-7.sme
|
||||
- Run the manager as a perl script (instead of CGI mode)
|
||||
|
||||
* Mon Jan 03 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-6.sme
|
||||
- Use https links for error pages
|
||||
|
||||
* Thu Dec 30 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-5.sme
|
||||
- use only alphanumeric characters for soap password
|
||||
- use htpasswd to hash the password
|
||||
|
||||
* Tue Dec 28 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-4.sme
|
||||
- don't load mod_auth_external if not needed
|
||||
- move cache dir in /var/cache
|
||||
- Fix several hosts listed in SoapAllowFrom
|
||||
|
||||
* Fri Dec 24 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-3.sme
|
||||
- Use htpasswd file to protect SOAP services
|
||||
- Configure session storage in lemonldap-ng.ini
|
||||
- Support additionnal server reload URL
|
||||
|
||||
* Fri Dec 17 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-2.sme
|
||||
- Let the manager be self-protected if ManagerAuth eq self
|
||||
|
||||
* Thu Dec 16 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-1.sme
|
||||
- initial public release
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}
|
||||
|
||||
%build
|
||||
perl createlinks
|
||||
%{__mkdir_p} root/var/cache/lemonldap-ng
|
||||
%{__mkdir_p} root/var/lib/lemonldap-ng/notifications
|
||||
|
||||
%install
|
||||
/bin/rm -rf $RPM_BUILD_ROOT
|
||||
(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
|
||||
/bin/rm -f %{name}-%{version}-filelist
|
||||
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
|
||||
--dir /var/cache/lemonldap-ng 'attr(0770,root,www)' \
|
||||
--dir /var/lib/lemonldap-ng/notifications 'attr(0770,root,www)' \
|
||||
> %{name}-%{version}-filelist
|
||||
|
||||
%files -f %{name}-%{version}-filelist
|
||||
%defattr(-,root,root)
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%post
|
||||
|
||||
%preun
|
||||
|
||||
true
|