diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..cbb3a13
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+*.rpm
+*.log
+*spec-20*
+*.tar.gz
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..aae781b
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,21 @@
+# Makefile for source rpm: smeserver-lemonldap-ng
+# $Id: Makefile,v 1.1 2022/08/20 03:50:58 jpp Exp $
+NAME := smeserver-lemonldap-ng
+SPECFILE = $(firstword $(wildcard *.spec))
+
+define find-makefile-common
+for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
+endef
+
+MAKEFILE_COMMON := $(shell $(find-makefile-common))
+
+ifeq ($(MAKEFILE_COMMON),)
+# attept a checkout
+define checkout-makefile-common
+test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
+endef
+
+MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
+endif
+
+include $(MAKEFILE_COMMON)
diff --git a/README.md b/README.md
index 18b6e6b..eca53b8 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,16 @@
-# smeserver-lemonldap-ng
+# 
smeserver-lemonldap-ng
-SMEServer Koozali developed git repo for smeserver-lemonldap-ng smecontribs
\ No newline at end of file
+SMEServer Koozali developed git repo for smeserver-lemonldap-ng smecontribs
+
+## Wiki
+
https://wiki.koozali.org/LemonLDAP-NG
+
https://wiki.koozali.org/LemonLDAP-NG/fr
+
+## Bugzilla
+Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=smeserver-lemonldap-ng&product=SME%20Contribs&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
+
+## Description
+
+
*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.*
+*Once it has been checked, then this comment will be deleted*
+
diff --git a/additional/.tito/packages/.readme b/additional/.tito/packages/.readme
new file mode 100644
index 0000000..b9411e2
--- /dev/null
+++ b/additional/.tito/packages/.readme
@@ -0,0 +1,3 @@
+the .tito/packages directory contains metadata files
+named after their packages. Each file has the latest tagged
+version and the project's relative directory.
diff --git a/additional/.tito/packages/smeserver-lemonldap-ng b/additional/.tito/packages/smeserver-lemonldap-ng
new file mode 100644
index 0000000..1590257
--- /dev/null
+++ b/additional/.tito/packages/smeserver-lemonldap-ng
@@ -0,0 +1 @@
+0.2.20-1 ./
diff --git a/additional/.tito/releasers.conf b/additional/.tito/releasers.conf
new file mode 120000
index 0000000..867c32f
--- /dev/null
+++ b/additional/.tito/releasers.conf
@@ -0,0 +1 @@
+../../tito_libs/releasers.conf
\ No newline at end of file
diff --git a/additional/.tito/tito.props b/additional/.tito/tito.props
new file mode 100644
index 0000000..3c97442
--- /dev/null
+++ b/additional/.tito/tito.props
@@ -0,0 +1,6 @@
+[buildconfig]
+builder = tito.builder.Builder
+tagger = tito.tagger.VersionTagger
+changelog_do_not_remove_cherrypick = 0
+changelog_format = %s (%ae)
+lib_dir = ../tito_libs
diff --git a/additional/smeserver-lemonldap-ng.spec b/additional/smeserver-lemonldap-ng.spec
new file mode 100644
index 0000000..58b1e12
--- /dev/null
+++ b/additional/smeserver-lemonldap-ng.spec
@@ -0,0 +1,204 @@
+# Authority: vip-ire
+# Name: Daniel Berteaud
+
+Summary: LemonLDAP NG is a web SSO solution
+%define name smeserver-lemonldap-ng
+Name: %{name}
+%define version 0.2.19
+%define release 1
+Version: 0.2.20
+Release: 1%{?dist}
+License: GPL
+Group: SME Server
+Source: %{name}-%{version}.tar.gz
+
+BuildArchitectures: noarch
+
+BuildRequires: e-smith-devtools
+BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
+
+Requires: e-smith-base >= 5.2.0-56
+Requires: e-smith-ldap
+Requires: smeserver-webapps-common >= 0.1-8
+Requires: lemonldap-ng >= 1.4.1
+Requires: lemonldap-ng-fr-doc
+Requires: perl(Authen::Captcha)
+
+%description
+This package contains all the needed scripts and templates
+to run LemonLDAP NG on your SME Server. It uses LDAP as authentication source
+but can also use SSL auth (either optional with a fallback to LDAP, or SSL required)
+
+%changelog
+* Tue Sep 03 2019 Daniel Berteaud 0.2.20-1
+- Bump version
+
+* Tue Sep 03 2019 Daniel Berteaud 0.2.19-1
+- new package built with tito
+
+* Wed Feb 15 2017 Daniel Berteaud 0.2.19-1.sme
+- Set Access-Control-Allow-Origin on CAS endpoint, need for ticket renew in SOGo
+
+* Mon Jan 9 2017 Daniel Berteaud 0.2.18-1.sme
+- Update httpd template to read the Authentication prop of domain to load
+ Lemonldap::NG handler
+
+* Wed Dec 7 2016 Daniel Berteaud 0.2.17-1.sme
+- Replace My::Package with Lemonldap::NG::Handler in default vhost templates
+
+* Sat Jan 23 2016 Daniel Berteaud 0.2.16-1.sme
+- Don't redirect to https for acme challenges
+
+* Wed Oct 14 2015 Daniel Berteaud 0.2.15-1.sme
+- Fix DL icon size
+
+* Fri Sep 5 2014 Daniel Berteaud 0.2.14-1.sme
+- Define localSessionStorage to prevent clashes between handlers
+
+* Wed Jul 30 2014 Daniel Berteaud 0.2.13-1.sme
+- Add icons for mailman and phplist
+
+* Tue Jul 1 2014 Daniel Berteaud 0.2.12-1.sme
+- Adapt for LL::NG 1.4.1 (1.4.0 was too buggy)
+
+* Wed Dec 11 2013 Daniel Berteaud 0.2.11-1.sme
+- Add an icon for DL
+
+* Wed Nov 20 2013 Daniel Berteaud 0.2.10-1.sme
+- Add an icon for pydio
+
+* Mon Nov 18 2013 Daniel Berteaud 0.2.9-1.sme
+- Add two new icons (rdv.png and survey.png)
+
+* Wed Nov 13 2013 Daniel Berteaud 0.2.8-1.sme
+- compatibility with SME9 (perl lib path)
+
+* Mon Nov 4 2013 Daniel Berteaud 0.2.7-1.sme
+- Requires perl(Authen::Captcha) for LL::NG 1.3.0
+
+* Tue Sep 17 2013 Daniel Berteaud 0.2.6-1.sme
+- Small modifications to support SOGo CAS auth
+- Enable CAS auth
+
+* Wed Aug 21 2013 Daniel Berteaud 0.2.5-1.sme
+- Move custom icons to the correct directory
+
+* Wed Aug 21 2013 Daniel Berteaud 0.2.4-1.sme
+- Add custom icons for the portal
+
+* Tue Sep 4 2012 Daniel Berteaud 0.2.3-1.sme
+- Use Authentication prop instead of LemonLDAP
+
+* Wed Jun 20 2012 Daniel Berteaud 0.2.2-1.sme
+- Redirect to HTTPS on port 443
+
+* Wed Jun 20 2012 Daniel Berteaud 0.2.1-1.sme
+- Add optional floating menu per vhost
+
+* Wed Jun 20 2012 Daniel Berteaud 0.2.0-1.sme
+- Import in GIT
+- Remove the grantSessionRule param
+- Log via syslog (auth)
+
+* Mon Dec 19 2011 Daniel Berteaud 0.1-22.sme
+- Change SSL Auth to work with LocationMatch, so CAS proxy can work with
+ SSL Auth enabled
+
+* Wed Jul 13 2011 Daniel Berteaud 0.1-21.sme
+- Disable password reset form
+
+* Wed Jul 13 2011 Daniel Berteaud 0.1-20.sme
+- Fix uninitilized values in lemonldap conf templates
+
+* Mon Jul 11 2011 Daniel Berteaud 0.1-19.sme
+- reserve /lm-reload
+
+* Sun Jul 10 2011 Daniel Berteaud 0.1-18.sme
+- Fix notification check
+
+* Sat Jul 09 2011 Daniel Berteaud 0.1-17.sme
+- Don't force notifications on
+
+* Fri Jul 08 2011 Daniel Berteaud 0.1-16.sme
+- Enable and configure notifications
+
+* Thu Jun 30 2011 Daniel Berteaud 0.1-15.sme
+- Manage some configuration from the DB
+
+* Fri Mar 11 2011 Daniel Berteaud 0.1-14.sme
+- Make LemonLDAP compatible with ocsinventory-ng
+
+* Mon Mar 7 2011 Daniel Berteaud 0.1-13.sme
+- Add support for SSL Auth on the portal
+- Use a separated vhost for SOAP requests
+
+* Tue Feb 1 2011 Daniel Berteaud 0.1-12.sme
+- Requires recent version of smeserver-webapps-common
+- Switch to LDAP based auth to protect the manager
+
+* Tue Jan 25 2011 Daniel Berteaud 0.1-11.sme
+- Fix a spacing issue in httpd templates
+
+* Fri Jan 21 2011 Daniel Berteaud 0.1-10.sme
+- Add SSLEngine directives in https virtualhosts
+
+* Fri Jan 21 2011 Daniel Berteaud 0.1-9.sme
+- Fix empty SoapPassword
+
+* Thu Jan 06 2011 Daniel Berteaud 0.1-8.sme
+- Fix Soap ressources authentication
+
+* Mon Jan 03 2011 Daniel Berteaud 0.1-7.sme
+- Run the manager as a perl script (instead of CGI mode)
+
+* Mon Jan 03 2011 Daniel Berteaud 0.1-6.sme
+- Use https links for error pages
+
+* Thu Dec 30 2010 Daniel Berteaud 0.1-5.sme
+- use only alphanumeric characters for soap password
+- use htpasswd to hash the password
+
+* Tue Dec 28 2010 Daniel Berteaud 0.1-4.sme
+- don't load mod_auth_external if not needed
+- move cache dir in /var/cache
+- Fix several hosts listed in SoapAllowFrom
+
+* Fri Dec 24 2010 Daniel Berteaud 0.1-3.sme
+- Use htpasswd file to protect SOAP services
+- Configure session storage in lemonldap-ng.ini
+- Support additionnal server reload URL
+
+* Fri Dec 17 2010 Daniel Berteaud 0.1-2.sme
+- Let the manager be self-protected if ManagerAuth eq self
+
+* Thu Dec 16 2010 Daniel Berteaud 0.1-1.sme
+- initial public release
+
+%prep
+%setup -q -n %{name}-%{version}
+
+%build
+perl createlinks
+%{__mkdir_p} root/var/cache/lemonldap-ng
+%{__mkdir_p} root/var/lib/lemonldap-ng/notifications
+
+%install
+/bin/rm -rf $RPM_BUILD_ROOT
+(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
+/bin/rm -f %{name}-%{version}-filelist
+/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
+ --dir /var/cache/lemonldap-ng 'attr(0770,root,www)' \
+ --dir /var/lib/lemonldap-ng/notifications 'attr(0770,root,www)' \
+ > %{name}-%{version}-filelist
+
+%files -f %{name}-%{version}-filelist
+%defattr(-,root,root)
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post
+
+%preun
+
+true
diff --git a/contriborbase b/contriborbase
new file mode 100644
index 0000000..9b7fd51
--- /dev/null
+++ b/contriborbase
@@ -0,0 +1 @@
+contribs10
diff --git a/createlinks b/createlinks
new file mode 100644
index 0000000..df27905
--- /dev/null
+++ b/createlinks
@@ -0,0 +1,14 @@
+#!/usr/bin/perl -w
+
+use esmith::Build::CreateLinks qw(:all);
+
+templates2events("/etc/lemonldap-ng/lemonldap-ng.ini", qw/webapps-update bootstrap-console-save/);
+templates2events("/etc/lemonldap-ng/soap-htpasswd", qw/webapps-update bootstrap-console-save/);
+
+event_link("lemonldap-init-domains", "webapps-update", "20");
+foreach my $event (qw/webapps-update network-create network-delete bootstrap-ldap-save remoteaccess-update/){
+ event_link("lemonldap-update-conf", "$event", "25");
+}
+
+safe_touch("root/etc/e-smith/templates/etc/lemonldap-ng/soap-htpasswd/template-begin");
+
diff --git a/root/etc/e-smith/db/accounts/defaults/lm-reload/type b/root/etc/e-smith/db/accounts/defaults/lm-reload/type
new file mode 100644
index 0000000..96cdd3b
--- /dev/null
+++ b/root/etc/e-smith/db/accounts/defaults/lm-reload/type
@@ -0,0 +1 @@
+url
diff --git a/root/etc/e-smith/db/configuration/defaults/lemonldap/status b/root/etc/e-smith/db/configuration/defaults/lemonldap/status
new file mode 100644
index 0000000..86981e6
--- /dev/null
+++ b/root/etc/e-smith/db/configuration/defaults/lemonldap/status
@@ -0,0 +1 @@
+enabled
diff --git a/root/etc/e-smith/db/configuration/defaults/lemonldap/type b/root/etc/e-smith/db/configuration/defaults/lemonldap/type
new file mode 100644
index 0000000..24e1098
--- /dev/null
+++ b/root/etc/e-smith/db/configuration/defaults/lemonldap/type
@@ -0,0 +1 @@
+service
diff --git a/root/etc/e-smith/db/configuration/migrate/90MigrateLemonLDAP b/root/etc/e-smith/db/configuration/migrate/90MigrateLemonLDAP
new file mode 100644
index 0000000..b1e36df
--- /dev/null
+++ b/root/etc/e-smith/db/configuration/migrate/90MigrateLemonLDAP
@@ -0,0 +1,14 @@
+{
+
+use esmith::DomainsDB;
+my $d = esmith::DomainsDB->open() or die "Couldn't open DomainsDB\n";
+
+foreach my $domain ($d->domains){
+ my $llng = $domain->prop('LemonLDAP') || '';
+ next unless $llng eq 'enabled';
+ $domain->set_prop('Authentication', 'LemonLDAP');
+ $domain->delete_prop('LemonLDAP');
+}
+
+}
+
diff --git a/root/etc/e-smith/db/configuration/migrate/lemonldap-enable-mod_perl b/root/etc/e-smith/db/configuration/migrate/lemonldap-enable-mod_perl
new file mode 100644
index 0000000..357b79f
--- /dev/null
+++ b/root/etc/e-smith/db/configuration/migrate/lemonldap-enable-mod_perl
@@ -0,0 +1,12 @@
+{
+
+ my $mp = $DB->get('modPerl') || $DB->new_record("modPerl", { type => "service", status => "enabled" });
+
+ if ( ($mp->prop('status') || 'disabled') eq 'enabled'){
+ return "";
+ }
+ else{
+ $DB->set_prop('modPerl', 'status', 'enabled');
+ }
+
+}
diff --git a/root/etc/e-smith/db/configuration/migrate/lemonldap-soappasswd b/root/etc/e-smith/db/configuration/migrate/lemonldap-soappasswd
new file mode 100644
index 0000000..2da183b
--- /dev/null
+++ b/root/etc/e-smith/db/configuration/migrate/lemonldap-soappasswd
@@ -0,0 +1,13 @@
+{
+
+my $rec = $DB->get('lemonldap')
+ || $DB->new_record('lemonldap', {type => 'service'});
+
+my $pw = $rec->prop('SoapPassword');
+
+if (not $pw){
+ my $rand = `/usr/bin/openssl rand -base64 35 | tr -cd '[:alnum:]'`;
+ $rec->set_prop('SoapPassword', "$rand");
+}
+
+}
diff --git a/root/etc/e-smith/events/actions/lemonldap-init-domains b/root/etc/e-smith/events/actions/lemonldap-init-domains
new file mode 100644
index 0000000..f6d7c38
--- /dev/null
+++ b/root/etc/e-smith/events/actions/lemonldap-init-domains
@@ -0,0 +1,88 @@
+#!/usr/bin/perl -w
+#----------------------------------------------------------------------
+# copyright (C) 2010 Firewall-Services
+# daniel@firewall-services.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+# Technical support for this program is available from Mitel Networks
+# Please visit our web site www.mitel.com/sme/ for details.
+#----------------------------------------------------------------------
+
+use strict;
+use warnings;
+use esmith::DomainsDB;
+use esmith::ConfigDB;
+
+my $d = esmith::DomainsDB->open or die "Couldn't open DomainsDB\n";
+my $c = esmith::ConfigDB->open_ro() or die "Couldn't open ConfigDB\n";
+
+my $domain = $c->get('DomainName')->value;
+my $vhost;
+
+$vhost = $d->get("sso-manager.$domain");
+
+if (!$vhost){
+ $d->new_record("sso-manager.$domain",{
+ type => 'domain',
+ Content => 'Primary',
+ Description => "LemonLDAP-NG Manager",
+ Nameservers => 'internet',
+ TemplatePath => 'LemonLDAPManager',
+ Removable => 'no',
+ });
+
+ unless ( system("/sbin/e-smith/signal-event", "domain-create", "sso-manager.$domain") == 0 ){
+ die "Failed to create domain sso-manager.$domain\n";
+ }
+}
+
+$vhost = $d->get("auth.$domain");
+
+if (!$vhost){
+ $d->new_record("auth.$domain",{
+ type => 'domain',
+ Content => 'Primary',
+ Description => "LemonLDAP-NG Portal",
+ Nameservers => 'internet',
+ TemplatePath => 'LemonLDAPPortal',
+ Removable => 'no',
+ });
+
+ unless ( system("/sbin/e-smith/signal-event", "domain-create", "auth.$domain") == 0 ){
+ die "Failed to create domain auth.$domain\n";
+ }
+}
+
+$vhost = $d->get("soapsso.$domain");
+
+if (!$vhost){
+ $d->new_record("soapsso.$domain",{
+ type => 'domain',
+ Content => 'Primary',
+ Description => "LemonLDAP-NG SOAP Handler",
+ Nameservers => 'internet',
+ TemplatePath => 'LemonLDAPSoap',
+ Removable => 'no',
+ });
+
+ unless ( system("/sbin/e-smith/signal-event", "domain-create", "soapsso.$domain") == 0 ){
+ die "Failed to create domain soapsso.$domain\n";
+ }
+}
+
+
+exit 0;
+
diff --git a/root/etc/e-smith/events/actions/lemonldap-update-conf b/root/etc/e-smith/events/actions/lemonldap-update-conf
new file mode 100644
index 0000000..217fa88
--- /dev/null
+++ b/root/etc/e-smith/events/actions/lemonldap-update-conf
@@ -0,0 +1,43 @@
+#!/usr/bin/perl -w
+#----------------------------------------------------------------------
+# copyright (C) 2011 Firewall-Services
+# daniel@firewall-services.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+# Technical support for this program is available from Mitel Networks
+# Please visit our web site www.mitel.com/sme/ for details.
+#----------------------------------------------------------------------
+
+use esmith::ConfigDB;
+use esmith::templates;
+
+my $c = esmith::ConfigDB->open_ro or die "Error opening ConfigDB\n";
+my $llng = $c->get('lemonldap');
+
+my $status = $llng->prop('status') || 'disabled';
+my $manual = $llng->prop('ManualConf') || 'disabled';
+
+# Don't touch the configuration if it's set to be manual
+# or if the service is disabled
+exit (0) if ($manual eq 'enabled' or $status ne 'enabled');
+
+processTemplate(
+ {
+ TEMPLATE_PATH => "/var/lib/lemonldap-ng/conf/lmConf",
+ OUTPUT_FILENAME => "/var/lib/lemonldap-ng/conf/lmConf",
+ });
+
+exit (0);
diff --git a/root/etc/e-smith/templates.metadata/etc/lemonldap-ng/lemonldap-ng.ini b/root/etc/e-smith/templates.metadata/etc/lemonldap-ng/lemonldap-ng.ini
new file mode 100644
index 0000000..bad4258
--- /dev/null
+++ b/root/etc/e-smith/templates.metadata/etc/lemonldap-ng/lemonldap-ng.ini
@@ -0,0 +1,3 @@
+PERMS=0640
+UID="root"
+GID="www"
diff --git a/root/etc/e-smith/templates.metadata/etc/lemonldap-ng/soap-htpasswd b/root/etc/e-smith/templates.metadata/etc/lemonldap-ng/soap-htpasswd
new file mode 100644
index 0000000..bad4258
--- /dev/null
+++ b/root/etc/e-smith/templates.metadata/etc/lemonldap-ng/soap-htpasswd
@@ -0,0 +1,3 @@
+PERMS=0640
+UID="root"
+GID="www"
diff --git a/root/etc/e-smith/templates.metadata/var/lib/lemonldap-ng/conf/lmConf-2 b/root/etc/e-smith/templates.metadata/var/lib/lemonldap-ng/conf/lmConf-2
new file mode 100644
index 0000000..7d87103
--- /dev/null
+++ b/root/etc/e-smith/templates.metadata/var/lib/lemonldap-ng/conf/lmConf-2
@@ -0,0 +1,3 @@
+PERMS=0640
+UID="www"
+GID="www"
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/97LemonLDAPHandler b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/97LemonLDAPHandler
new file mode 100644
index 0000000..7c54704
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/97LemonLDAPHandler
@@ -0,0 +1,34 @@
+#====================================================================
+# Apache configuration for LemonLDAP::NG Handler
+#====================================================================
+
+# Load LemonLDAP::NG Handler
+PerlOptions +GlobalRequest
+PerlRequire Lemonldap/NG/Handler.pm
+
+# Common error page and security parameters
+#ErrorDocument 403 http://auth.{$DomainName}/?lmError=403
+#ErrorDocument 500 http://auth.{$DomainName}/?lmError=500
+
+
+# Configuration reload mechanism (only 1 per physical server is
+# needed): choose your URL to avoid restarting Apache when
+# configuration change
+# Dummy Alias so apache allows access to /lm-reload
+Alias /lm-reload /etc/httpd/proxy/proxy.pac
+
+ SSLRequireSSL on
+ Order deny,allow
+ Deny from all
+ Allow from {"$LocalIP $localAccess $externalSSLAccess";}
+ PerlHeaderParserHandler Lemonldap::NG::Handler->refresh
+
+
+# Uncomment this to activate status module
+#
+# Order deny,allow
+# Deny from all
+# Allow from 127.0.0.0/8
+# PerlHeaderParserHandler Lemonldap::NG::Handler->status
+#
+
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/00Setup b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/00Setup
new file mode 100644
index 0000000..e00a95b
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/00Setup
@@ -0,0 +1,10 @@
+{
+ use esmith::DomainsDB;
+ # Convert the passed hash for the domain object back into an object.
+ $domain = bless \%domain, 'esmith::DB::db::Record';
+
+ # Make scalars from some of the properties of the domain
+ $virtualHost = $domain->key;
+ $OUT = "";
+}
+
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/10ServerName b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/10ServerName
new file mode 100644
index 0000000..38f4ddf
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/10ServerName
@@ -0,0 +1 @@
+ ServerName {$virtualHost}
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/80LemonLDAPManager b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/80LemonLDAPManager
new file mode 100644
index 0000000..316abce
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/80LemonLDAPManager
@@ -0,0 +1,114 @@
+{
+
+ use esmith::util;
+
+ if ( $port ne ($modSSL{'TCPPort'} || '443')){
+ $OUT .=<<"EOF";
+
+ #====================================================================
+ # HTTPS redirection for LemonLDAP::NG Manager
+ #====================================================================
+
+ RewriteEngine on
+ RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
+ RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 \[L,R\]
+EOF
+ }
+ else{
+ my $authtype = $lemonldap{'ManagerAuth'} || 'basic';
+ my $auth = '';
+ my $base = esmith::util::ldapBase($DomainName);
+
+ unless ( $authtype eq 'self' ) {
+ $auth = "AuthName 'LemonLDAP NG Manager Interface'\n" .
+ " AuthType Basic\n" .
+ " AuthBasicProvider ldap\n" .
+ " AuthLDAPURL ldap://localhost/ou=Users,$base?uid\n" .
+ " AuthLDAPGroupAttribute memberUid\n" .
+ " AuthLDAPGroupAttributeIsDN off\n" .
+ " require ldap-user admin";
+ }
+
+ $OUT .=<<"EOF";
+
+ SSLEngine On
+
+ PerlOptions +Parent
+
+ #====================================================================
+ # Apache configuration for LemonLDAP::NG Manager
+ #====================================================================
+
+ # DocumentRoot
+ DocumentRoot /var/lib/lemonldap-ng/manager/
+
+ Order deny,allow
+ Deny from all
+ Allow from $localAccess $externalSSLAccess
+ Options +ExecCGI +FollowSymlinks
+ $auth
+ Satisfy all
+
+
+ # On-line documentation
+ Alias /doc/ /var/lib/lemonldap-ng/doc/
+ Alias /fr-doc/ /var/lib/lemonldap-ng/fr-doc/
+ Alias /lib/ /var/lib/lemonldap-ng/doc/lib/
+
+ Order deny,allow
+ Allow from all
+ ErrorDocument 404 /notfound.html
+ Options +FollowSymlinks
+ DirectoryIndex index.pl index.html
+
+
+ Order deny,allow
+ Allow from all
+ ErrorDocument 404 /notfound.html
+ Options +FollowSymlinks
+ DirectoryIndex index.pl index.html
+
+
+ # Perl script
+ # Note: to avoid manager stay in memory, we don't use ModPerl::Registry
+ # by default. Change this to increase manager performances
+
+ #SetHandler cgi-script
+ SetHandler perl-script
+ PerlResponseHandler ModPerl::Registry
+
+
+ # Directory index
+
+ DirectoryIndex index.pl index.html
+
+
+
+
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
+ SetOutputFilter DEFLATE
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+ SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)\$ no-gzip dont-vary
+
+
+ Header append Vary User-Agent env=!dont-vary
+
+
+
+
+ ExpiresActive On
+ ExpiresDefault "access plus 1 month"
+
+
+
+
+ ExpiresActive On
+ ExpiresDefault "access plus 1 month"
+
+
+EOF
+ }
+}
+
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/template-begin b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/template-begin
new file mode 100644
index 0000000..b050035
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/template-begin
@@ -0,0 +1,2 @@
+
+
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/template-end b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/template-end
new file mode 100644
index 0000000..50d3d92
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/template-end
@@ -0,0 +1,2 @@
+
+
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/00Setup b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/00Setup
new file mode 100644
index 0000000..e00a95b
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/00Setup
@@ -0,0 +1,10 @@
+{
+ use esmith::DomainsDB;
+ # Convert the passed hash for the domain object back into an object.
+ $domain = bless \%domain, 'esmith::DB::db::Record';
+
+ # Make scalars from some of the properties of the domain
+ $virtualHost = $domain->key;
+ $OUT = "";
+}
+
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/10ServerName b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/10ServerName
new file mode 100644
index 0000000..38f4ddf
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/10ServerName
@@ -0,0 +1 @@
+ ServerName {$virtualHost}
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/80LemonLDAPPortal b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/80LemonLDAPPortal
new file mode 100644
index 0000000..5057863
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/80LemonLDAPPortal
@@ -0,0 +1,133 @@
+{
+
+use esmith::AccountsDB;
+my $a = esmith::AccountsDB->open_ro() or die "Couldn't open AccountsDB\n";
+
+if ( $port ne ($modSSL{'TCPPort'} || '443')){
+ $OUT .=<<"EOF";
+
+ #====================================================================
+ # HTTPS redirection for LemonLDAP::NG Portal
+ #====================================================================
+
+ RewriteEngine on
+ RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
+ RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 \[L,R\]
+
+EOF
+ }
+else{
+
+ # SSL Authentication
+ my $SSLAuth = $lemonldap{'SSLAuth'} || 'disabled';
+ my $sslDirectives = ' # SSL Auth is disabled';
+ my $sogoWorkArround = '';
+ if ((-e '/etc/pki/tls/certs/cacert.pem') &&
+ ($SSLAuth =~ m/^(require)|(optional)$/)) {
+ $sslDirectives =<<"HERE";
+
+ SSLVerifyClient $SSLAuth
+ SSLVerifyDepth 1
+ SSLOptions +StdEnvVars
+ SSLUserName SSL_CLIENT_S_DN_CN
+
+HERE
+ }
+ if (-e '/usr/lib/perl5/site_perl/Apache/FilterChangeLength.pm' ||
+ -e '/usr/share/perl5/vendor_perl/Apache/FilterChangeLength.pm'){
+ # Looks like iPasserelle groupware is installed
+ # SOPE doesn't supports chunked encoding
+ # the following makes it happy
+ # see http://sogo.nu/bugs/view.php?id=2408
+ $sogoWorkArround =<<"HERE";
+
+ BrowserMatch "SOPE/" downgrade-1.0
+ PerlOutputFilterHandler Apache::FilterChangeLength
+ Header set Access-Control-Allow-Origin '*'
+
+HERE
+ }
+
+ $OUT .=<<"EOF";
+
+ SSLEngine On
+
+ PerlOptions +Parent
+
+ #====================================================================
+ # Apache configuration for LemonLDAP::NG Portal
+ #====================================================================
+
+ # DocumentRoot
+ DocumentRoot /var/lib/lemonldap-ng/portal/
+
+
+ require Lemonldap::NG::Portal::SharedConf;
+ Lemonldap::NG::Portal::SharedConf->compile(
+ qw(delete header cache read_from_client cookie redirect unescapeHTML));
+ # Uncomment this line if you use Lemonldap::NG menu
+ require Lemonldap::NG::Portal::Menu;
+
+
+
+ Order allow,deny
+ Allow from all
+ Options +ExecCGI +FollowSymlinks
+
+$sslDirectives
+$sogoWorkArround
+
+ # Perl script
+
+ SetHandler perl-script
+ PerlResponseHandler ModPerl::Registry
+
+
+
+ DirectoryIndex index.pl index.html
+
+
+ # SAML2 Issuer
+
+ RewriteEngine On
+ RewriteRule ^/saml/metadata /metadata.pl
+ RewriteRule ^/saml/.* /index.pl
+
+
+ # CAS Issuer
+
+ RewriteEngine On
+ RewriteRule ^/cas/.* /index.pl
+
+
+ # OpenID Issuer
+
+ RewriteEngine On
+ RewriteRule ^/openidserver/.* /index.pl
+
+
+
+
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
+ SetOutputFilter DEFLATE
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+ SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)\$ no-gzip dont-vary
+
+
+ Header append Vary User-Agent env=!dont-vary
+
+
+
+
+ ExpiresActive On
+ ExpiresDefault "access plus 1 month"
+
+
+
+EOF
+ }
+}
+
+
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/template-begin b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/template-begin
new file mode 100644
index 0000000..b050035
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/template-begin
@@ -0,0 +1,2 @@
+
+
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/template-end b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/template-end
new file mode 100644
index 0000000..50d3d92
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/template-end
@@ -0,0 +1,2 @@
+
+
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/00Setup b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/00Setup
new file mode 100644
index 0000000..e00a95b
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/00Setup
@@ -0,0 +1,10 @@
+{
+ use esmith::DomainsDB;
+ # Convert the passed hash for the domain object back into an object.
+ $domain = bless \%domain, 'esmith::DB::db::Record';
+
+ # Make scalars from some of the properties of the domain
+ $virtualHost = $domain->key;
+ $OUT = "";
+}
+
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/10ServerName b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/10ServerName
new file mode 100644
index 0000000..38f4ddf
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/10ServerName
@@ -0,0 +1 @@
+ ServerName {$virtualHost}
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/80LemonLDAPSoap b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/80LemonLDAPSoap
new file mode 100644
index 0000000..db48acd
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/80LemonLDAPSoap
@@ -0,0 +1,120 @@
+{
+
+use esmith::AccountsDB;
+my $a = esmith::AccountsDB->open_ro() or die "Couldn't open AccountsDB\n";
+
+if ( $port ne ($modSSL{'TCPPort'} || '443')){
+ $OUT .=<<"EOF";
+
+ #====================================================================
+ # HTTPS redirection for LemonLDAP::NG Portal
+ #====================================================================
+
+ RewriteEngine on
+ RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
+ RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 \[L,R\]
+
+EOF
+ }
+else{
+ my $soapAllow = join (" ", split(/[;,]/, ($lemonldap{'SoapAllowFrom'} || '')));
+ $soapAllow = ( $soapAllow eq '' ) ? '' : "Allow from $soapAllow\n ";
+ my $soapPassword = $lemonldap{'SoapPassword'} || '';
+ $soapAllow .= ($soapPassword eq '') ? '' :
+ 'AuthName "LemonLDAP SOAP interface"' . "\n " .
+ 'AuthType Basic' . "\n " .
+ 'AuthBasicProvider file' . "\n " .
+ 'AuthUserFile /etc/lemonldap-ng/soap-htpasswd' . "\n " .
+ 'Require valid-user' . "\n " .
+ 'Satisfy all';
+
+ $OUT .=<<"EOF";
+
+ SSLEngine On
+
+ PerlOptions +Parent
+
+ #====================================================================
+ # Apache configuration for LemonLDAP::NG Portal
+ #====================================================================
+
+ # DocumentRoot
+ DocumentRoot /var/lib/lemonldap-ng/portal/
+
+
+ require Lemonldap::NG::Portal::SharedConf;
+ Lemonldap::NG::Portal::SharedConf->compile(
+ qw(delete header cache read_from_client cookie redirect unescapeHTML));
+ # Uncomment this line if you use portal SOAP capabilities
+ require SOAP::Lite;
+
+
+
+ Order allow,deny
+ Allow from all
+ Options +ExecCGI +FollowSymlinks
+
+
+ # Perl script
+
+ SetHandler perl-script
+ PerlResponseHandler ModPerl::Registry
+
+
+
+ DirectoryIndex index.pl index.html
+
+
+ # SOAP functions for sessions management (disabled by default)
+
+ Order deny,allow
+ Deny from all
+ $soapAllow
+
+
+ # SOAP functions for sessions access (disabled by default)
+
+ Order deny,allow
+ Deny from all
+ $soapAllow
+
+
+ # SOAP functions for configuration access (disabled by default)
+
+ Order deny,allow
+ Deny from all
+ $soapAllow
+
+
+ # SOAP functions for notification insertion (disabled by default)
+
+ Order deny,allow
+ Deny from all
+ $soapAllow
+
+
+
+
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
+ SetOutputFilter DEFLATE
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+ SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)\$ no-gzip dont-vary
+
+
+ Header append Vary User-Agent env=!dont-vary
+
+
+
+
+ ExpiresActive On
+ ExpiresDefault "access plus 1 month"
+
+
+
+EOF
+ }
+}
+
+
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/template-begin b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/template-begin
new file mode 100644
index 0000000..b050035
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/template-begin
@@ -0,0 +1,2 @@
+
+
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/template-end b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/template-end
new file mode 100644
index 0000000..50d3d92
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/template-end
@@ -0,0 +1,2 @@
+
+
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/05LemonLDAPHandler b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/05LemonLDAPHandler
new file mode 100644
index 0000000..dba812d
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/05LemonLDAPHandler
@@ -0,0 +1,21 @@
+{
+
+my $auth = $domain->prop('Authentication') || 'none';
+
+if (($modSSL{'TCPPort'} || '443') eq $port){
+ if ($auth eq 'LemonLDAP'){
+ $OUT .= " # This virtualhost is configured to be protected by LemonLDAP NG\n" .
+ " PerlHeaderParserHandler Lemonldap::NG::Handler\n" .
+ " ErrorDocument 403 https://auth.$DomainName/?lmError=403\n" .
+ " ErrorDocument 500 https://auth.$DomainName/?lmError=500\n";
+ if (($domain->prop('LemonLDAPMenu') || 'disabled') eq 'enabled'){
+ $OUT .= " PerlOutputFilterHandler Lemonldap::NG::Handler::Menu\n";
+ }
+ }
+ elsif ($auth eq 'LemonLDAPBasic'){
+ $OUT .= " # This virtualhost is configured to be protected by LemonLDAP NG (basic auth)\n" .
+ " PerlHeaderParserHandler Lemonldap::NG::Handler::Specific::AuthBasic\n";
+ }
+}
+
+}
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/05LemonLDAPHandler b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/05LemonLDAPHandler
new file mode 100644
index 0000000..dba812d
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/05LemonLDAPHandler
@@ -0,0 +1,21 @@
+{
+
+my $auth = $domain->prop('Authentication') || 'none';
+
+if (($modSSL{'TCPPort'} || '443') eq $port){
+ if ($auth eq 'LemonLDAP'){
+ $OUT .= " # This virtualhost is configured to be protected by LemonLDAP NG\n" .
+ " PerlHeaderParserHandler Lemonldap::NG::Handler\n" .
+ " ErrorDocument 403 https://auth.$DomainName/?lmError=403\n" .
+ " ErrorDocument 500 https://auth.$DomainName/?lmError=500\n";
+ if (($domain->prop('LemonLDAPMenu') || 'disabled') eq 'enabled'){
+ $OUT .= " PerlOutputFilterHandler Lemonldap::NG::Handler::Menu\n";
+ }
+ }
+ elsif ($auth eq 'LemonLDAPBasic'){
+ $OUT .= " # This virtualhost is configured to be protected by LemonLDAP NG (basic auth)\n" .
+ " PerlHeaderParserHandler Lemonldap::NG::Handler::Specific::AuthBasic\n";
+ }
+}
+
+}
diff --git a/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/00header b/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/00header
new file mode 100644
index 0000000..3e401fc
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/00header
@@ -0,0 +1,19 @@
+#==============================================================================
+# LemonLDAP::NG local configuration parameters
+#
+# This file is dedicated to configuration parameters override
+# You can set here configuration parameters that will be used only by
+# local LemonLDAP::NG elements
+#
+# Section "all" is always read first before "portal", "handler"
+# and "manager"
+#
+# Section "configuration" is used to load global configuration and set cache
+# (replace old storage.conf file)
+#
+# Section "apply" is read by Manager to reload handlers
+# (replace old apply.conf file)
+#
+# Other section are only read by the specific LemonLDAP::NG component
+#==============================================================================
+
diff --git a/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/05All b/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/05All
new file mode 100644
index 0000000..6c56932
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/05All
@@ -0,0 +1,7 @@
+
+[all]
+globalStorage = Apache::Session::File
+globalStorageOptions = \{ 'Directory' => '/var/lib/lemonldap-ng/sessions/', 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/', \}
+localSessionStorage=Cache::FileCache
+localSessionStorageOptions=\{ 'namespace' => 'sessions', 'default_expires_in' => '600', 'directory_umask' => '007', 'cache_root' => '/var/cache/lemonldap-ng', 'cache_depth' => 3, \}
+
diff --git a/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/10configuration b/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/10configuration
new file mode 100644
index 0000000..49ee965
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/10configuration
@@ -0,0 +1,11 @@
+
+[configuration]
+
+type=File
+dirName = /var/lib/lemonldap-ng/conf
+globalStorageOptions=\{ 'generateModule' => 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256' \}
+
+localStorage=Cache::FileCache
+localStorageOptions=\{ 'namespace' => 'localcache', 'default_expires_in' => 600, 'directory_umask' => '007', 'cache_root' => '/var/cache/lemonldap-ng', 'cache_depth' => 5, \}
+
+
diff --git a/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/15apply b/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/15apply
new file mode 100644
index 0000000..5d44fe4
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/15apply
@@ -0,0 +1,11 @@
+[apply]
+
+{"$SystemName.$DomainName";} = https://{"$SystemName.$DomainName";}/lm-reload
+
+{
+
+foreach my $srv (split(/[;,]/, ($lemonldap{'Reload'} || ''))){
+ my ($name,$url) = split(/=/, $srv);
+ $OUT .= "$name = $url\n";
+}
+}
diff --git a/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/20manager b/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/20manager
new file mode 100644
index 0000000..466001f
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/20manager
@@ -0,0 +1,10 @@
+
+[manager]
+{
+ $OUT .= (($lemonldap{'ManagerAuth'} || 'basic') eq 'self') ?
+ 'protection = manager' : '';
+}
+
+[sessionsExplorer]
+
+
diff --git a/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/25handler b/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/25handler
new file mode 100644
index 0000000..0be2cb2
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/25handler
@@ -0,0 +1,6 @@
+[handler]
+
+https = 1
+status = 0
+useRedirectOnError = 1
+
diff --git a/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/30portal b/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/30portal
new file mode 100644
index 0000000..2787e6a
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng.ini/30portal
@@ -0,0 +1,3 @@
+
+[portal]
+
diff --git a/root/etc/e-smith/templates/etc/lemonldap-ng/soap-htpasswd/05lemonsoap b/root/etc/e-smith/templates/etc/lemonldap-ng/soap-htpasswd/05lemonsoap
new file mode 100644
index 0000000..807ffd0
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/lemonldap-ng/soap-htpasswd/05lemonsoap
@@ -0,0 +1,6 @@
+{
+ my $pw = $lemonldap{'SoapPassword'} || 'secret';
+ my $res = `/usr/bin/htpasswd -bnm lemonsoap $pw`;
+ chomp($res);
+ $OUT .= $res;
+}
diff --git a/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/000open b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/000open
new file mode 100644
index 0000000..f595815
--- /dev/null
+++ b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/000open
@@ -0,0 +1,31 @@
+{
+use esmith::ConfigDB;
+use esmith::DomainsDB;
+use esmith::NetworksDB;
+use esmith::util;
+use Lemonldap::NG::Common::Conf;
+
+$c = esmith::ConfigDB->open_ro or die "Error opening ConfigDB\n";
+$d = esmith::DomainsDB->open_ro or die "Error opening DomainsDB\n";
+$n = esmith::NetworksDB->open_ro or die "Error opening NetworksDB\n";
+$domain = $c->get('DomainName')->value;
+$host = $c->get('SystemName')->value;
+$base = esmith::util::ldapBase ($domain);
+$ldap = $c->get('ldap') || die "Error reading ldap service entry\n";
+$port = $ldap->prop('TCPPort') || '389';
+$llng = $c->get('lemonldap');
+
+$manual = $llng->prop('ManualConf') || 'disabled';
+
+$confAccess = new Lemonldap::NG::Common::Conf(
+ {
+ type=>'File',
+ dirName=>"/var/lib/lemonldap-ng/conf",
+ },
+) or die "Unable to build Lemonldap::NG::Common::Conf, see Apache logs\n";
+
+$conf = $confAccess->getConf();
+
+$OUT = '';
+
+}
diff --git a/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/005global b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/005global
new file mode 100644
index 0000000..c3f06ee
--- /dev/null
+++ b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/005global
@@ -0,0 +1,15 @@
+{
+
+# Global parameters
+$conf->{'domain'} = "$domain";
+$conf->{'portal'} = "https://auth.$domain/";
+$conf->{'storePassword'} = '0';
+$conf->{'portalUserAttr'} = 'cn' if (($conf->{'portalUserAttr'} || '_user') eq "_user");
+$conf->{'portalDisplayChangePassword'} = '0';
+$conf->{'syslog'} = 'auth';
+$conf->{'https'} = '1';
+$conf->{'port'} = '443';
+
+$OUT .= '';
+
+}
diff --git a/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/010ldap b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/010ldap
new file mode 100644
index 0000000..d5e2cd5
--- /dev/null
+++ b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/010ldap
@@ -0,0 +1,17 @@
+{
+
+# LDAP parameters
+$conf->{'passwordDB'} = 'LDAP';
+$conf->{'userDB'} = 'LDAP';
+$conf->{'ldapServer'} = 'localhost';
+$conf->{'ldapPort'} = "$port";
+$conf->{'ldapVersion'} = '3';
+$conf->{'ldapBase'} = "ou=Users,$base";
+$conf->{'ldapGroupBase'} = "ou=Groups,$base";
+$conf->{'ldapGroupAttributeNameUser'} = 'uid';
+$conf->{'ldapGroupAttributeNameSearch'} = 'cn';
+$conf->{'ldapGroupAttributeName'} = 'memberUid';
+$conf->{'ldapGroupObjectClass'} = 'mailboxRelatedObject';
+
+$OUT .= '';
+}
diff --git a/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/015soap b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/015soap
new file mode 100644
index 0000000..e0c61ea
--- /dev/null
+++ b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/015soap
@@ -0,0 +1,19 @@
+{
+
+# SOAP
+if (($llng->prop('SoapAllowFrom') || '') ne ''){
+ my $password = $llng->prop('SoapPassword') || 'secret';
+ $conf->{'Soap'} = '1';
+ $conf->{'globalStorage'} = 'Lemonldap::NG::Common::Apache::Session::SOAP';
+ $conf->{'globalStorageOptions'} = {
+ proxy => "https://lemonsoap:$password\@soapsso.$domain/index.pl/sessions",
+ generateModule => 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256'
+ };
+}
+else {
+ $conf->{'Soap'} = '0';
+}
+
+$OUT = '';
+
+}
diff --git a/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/020auth b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/020auth
new file mode 100644
index 0000000..d0871a2
--- /dev/null
+++ b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/020auth
@@ -0,0 +1,34 @@
+{
+
+# SSL Auth
+my $ssl = $llng->prop('SSLAuth') || '';
+
+if ($ssl eq 'optional' || $ssl eq 'require'){
+ # SSL Auth is enabled
+ # Configure common attributes
+ $conf->{'SSLLDAPField'} = 'uid';
+ $conf->{'SSLVar'} = 'SSL_CLIENT_S_DN_CN';
+ $conf->{'SSLRequire'} = '1';
+
+ if ($ssl eq 'optional'){
+ $conf->{'authentication'} = 'Multi SSL;LDAP';
+ }
+ else{
+ $conf->{'authentication'} = 'SSL';
+ }
+}
+else{
+ $conf->{'authentication'} = 'LDAP';
+}
+
+# Enable CAS issuer DB
+$conf->{'issuerDBCASActivation'} = 1;
+
+# default cookie settings
+$conf->{'securedCookie'} = 1 unless ($conf->{'securedCookie'});
+$conf->{'httpOnly'} = 1 unless ($conf->{'httpOnly'});
+
+
+$OUT = '';
+
+}
diff --git a/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/025localnet b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/025localnet
new file mode 100644
index 0000000..fd76a08
--- /dev/null
+++ b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/025localnet
@@ -0,0 +1,45 @@
+{
+
+my $reg = '$ipAddr =~ /^';
+
+# Build a regexp to check if the client IP
+# is part of a local network
+# Then, we can easily use this macro to restrict
+# access to local networks on some applications
+my @net = ();
+
+foreach my $net ($n->networks){
+ my $addr = $net->key;
+ my $mask = $net->prop('Mask') || '255.255.255.255';
+ foreach (esmith::util::computeAllLocalNetworkPrefixes($addr,$mask)){
+ push @net, "($_)";
+ }
+}
+
+$reg .= join('|', @net);
+$reg .= '/';
+$reg =~ s/\./\\\./g;
+
+$conf->{'macros'}->{'localAccess'} = '(' . $reg . ") ? '1':'0'";
+
+$reg = '$ipAddr =~ /^';
+@net = ();
+
+# Do the same for extenal SSL access
+foreach my $net (split(/[;,]/,(${'httpd-admin'}{'ValidFrom'} || ''))){
+ my ($addr,$mask) = split(/\//,$net);
+ foreach (esmith::util::computeAllLocalNetworkPrefixes($addr,$mask)){
+ push @net, "($_)";
+ }
+}
+
+$reg .= join('|', @net);
+$reg .= '/';
+$reg =~ s/\./\\\./g;
+
+$conf->{'macros'}->{'externalSSLAccess'} = '(' . $reg . ") ? '1':'0'";
+
+$OUT = '';
+
+}
+
diff --git a/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/030notifications b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/030notifications
new file mode 100644
index 0000000..5f42906
--- /dev/null
+++ b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/030notifications
@@ -0,0 +1,10 @@
+{
+
+if (($conf->{'notification'} || '0') eq '1'){
+ $conf->{'notificationStorage'} = 'File';
+ $conf->{'notificationStorageOptions'} = {
+ 'dirName' => '/var/lib/lemonldap-ng/notifications'
+ },
+}
+
+}
diff --git a/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/035portal b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/035portal
new file mode 100644
index 0000000..a7068a9
--- /dev/null
+++ b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/035portal
@@ -0,0 +1,9 @@
+{
+
+# Portal elements
+$conf->{'portalDisplayRegister'} = 0;
+$conf->{'portalDisplayResetPassword'} = 0;
+
+$OUT = '';
+
+}
diff --git a/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/template-end b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/template-end
new file mode 100644
index 0000000..14bc02a
--- /dev/null
+++ b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/template-end
@@ -0,0 +1,16 @@
+{
+
+# Now, update the configuration
+my $num = $confAccess->saveConf($conf);
+
+if ($num > 0){
+ esmith::util::chownFile('www', 'www', "/var/lib/lemonldap-ng/conf/lmConf-$num");
+ chmod 0660, "/var/lib/lemonldap-ng/conf/lmConf-$num";
+}
+else {
+ die "An error occured saving LemonLDAP::NG configuration: $num\n";
+}
+
+$OUT = '# This is just a dummy config file';
+
+}
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/ajaxplorer.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/ajaxplorer.png
new file mode 100644
index 0000000..4da5373
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/ajaxplorer.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/backup.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/backup.png
new file mode 100644
index 0000000..44491f5
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/backup.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/backuppc.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/backuppc.png
new file mode 100644
index 0000000..28d175b
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/backuppc.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/calendar.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/calendar.png
new file mode 100644
index 0000000..988bb02
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/calendar.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/camera.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/camera.png
new file mode 100644
index 0000000..f889325
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/camera.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/dl.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/dl.png
new file mode 100644
index 0000000..b9a71cd
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/dl.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/dokuwiki.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/dokuwiki.png
new file mode 100644
index 0000000..45b4175
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/dokuwiki.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/freepbx.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/freepbx.png
new file mode 100644
index 0000000..03f54aa
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/freepbx.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/glpi.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/glpi.png
new file mode 100644
index 0000000..0855f94
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/glpi.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/jappix.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/jappix.png
new file mode 100644
index 0000000..2822a03
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/jappix.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/jenkins.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/jenkins.png
new file mode 100644
index 0000000..d539d10
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/jenkins.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/lemonldap.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/lemonldap.png
new file mode 100644
index 0000000..1306741
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/lemonldap.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/mailman.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/mailman.png
new file mode 100644
index 0000000..0d3482c
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/mailman.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/mediawiki.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/mediawiki.png
new file mode 100644
index 0000000..aca052c
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/mediawiki.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/nagios.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/nagios.png
new file mode 100644
index 0000000..c073b4f
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/nagios.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/ntop.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/ntop.png
new file mode 100644
index 0000000..2af60d5
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/ntop.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/openupload.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/openupload.png
new file mode 100644
index 0000000..0ed14a0
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/openupload.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/pda.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/pda.png
new file mode 100644
index 0000000..0e88c1a
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/pda.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/pfsense.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/pfsense.png
new file mode 100644
index 0000000..7d01a72
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/pfsense.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/phplist.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/phplist.png
new file mode 100644
index 0000000..796af32
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/phplist.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/phpmyadmin.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/phpmyadmin.png
new file mode 100644
index 0000000..6d4b686
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/phpmyadmin.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/power.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/power.png
new file mode 100644
index 0000000..0d3b40b
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/power.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/pydio.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/pydio.png
new file mode 100644
index 0000000..f1fd278
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/pydio.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/rdv.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/rdv.png
new file mode 100644
index 0000000..35f4206
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/rdv.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/redmine.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/redmine.png
new file mode 100644
index 0000000..d375f37
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/redmine.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/smeserver.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/smeserver.png
new file mode 100644
index 0000000..f141734
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/smeserver.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/survey.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/survey.png
new file mode 100644
index 0000000..fb95370
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/survey.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/telephone.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/telephone.png
new file mode 100644
index 0000000..36dc5c8
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/telephone.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/timezone.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/timezone.png
new file mode 100644
index 0000000..d15fd80
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/timezone.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/ttrss.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/ttrss.png
new file mode 100644
index 0000000..be1bf71
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/ttrss.png differ
diff --git a/root/usr/share/lemonldap-ng/portal-skins/common/apps/zabbix.png b/root/usr/share/lemonldap-ng/portal-skins/common/apps/zabbix.png
new file mode 100644
index 0000000..fa22a86
Binary files /dev/null and b/root/usr/share/lemonldap-ng/portal-skins/common/apps/zabbix.png differ
diff --git a/smeserver-lemonldap-ng.spec b/smeserver-lemonldap-ng.spec
new file mode 100644
index 0000000..744fab1
--- /dev/null
+++ b/smeserver-lemonldap-ng.spec
@@ -0,0 +1,211 @@
+# Authority: vip-ire
+# Name: Daniel Berteaud
+
+Summary: LemonLDAP NG is a web SSO solution
+%define name smeserver-lemonldap-ng
+Name: %{name}
+%define version 0.2.19
+%define release 2
+Version: 0.2.20
+Release: 1%{?dist}
+License: GPL
+Group: SME Server
+Source: %{name}-%{version}.tar.xz
+
+BuildArchitectures: noarch
+
+BuildRequires: e-smith-devtools
+BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
+
+Requires: e-smith-base >= 5.2.0-56
+Requires: e-smith-ldap
+Requires: smeserver-webapps-common >= 0.1-8
+Requires: lemonldap-ng >= 1.4.1
+Requires: lemonldap-ng-fr-doc
+Requires: perl(Authen::Captcha)
+
+%description
+This package contains all the needed scripts and templates
+to run LemonLDAP NG on your SME Server. It uses LDAP as authentication source
+but can also use SSL auth (either optional with a fallback to LDAP, or SSL required)
+
+%changelog
+* Sat Sep 07 2024 cvs2git.sh aka Brian Read 0.2.19-2.sme
+- Roll up patches and move to git repo [SME: 12338]
+
+* Sat Sep 07 2024 BogusDateBot
+- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
+ by assuming the date is correct and changing the weekday.
+
+* Tue Sep 03 2019 Daniel Berteaud 0.2.20-1
+- Bump version
+
+* Tue Sep 03 2019 Daniel Berteaud 0.2.19-1
+- new package built with tito
+
+* Wed Feb 15 2017 Daniel Berteaud 0.2.19-1.sme
+- Set Access-Control-Allow-Origin on CAS endpoint, need for ticket renew in SOGo
+
+* Mon Jan 9 2017 Daniel Berteaud 0.2.18-1.sme
+- Update httpd template to read the Authentication prop of domain to load
+ Lemonldap::NG handler
+
+* Wed Dec 7 2016 Daniel Berteaud 0.2.17-1.sme
+- Replace My::Package with Lemonldap::NG::Handler in default vhost templates
+
+* Sat Jan 23 2016 Daniel Berteaud 0.2.16-1.sme
+- Don't redirect to https for acme challenges
+
+* Wed Oct 14 2015 Daniel Berteaud 0.2.15-1.sme
+- Fix DL icon size
+
+* Fri Sep 5 2014 Daniel Berteaud 0.2.14-1.sme
+- Define localSessionStorage to prevent clashes between handlers
+
+* Wed Jul 30 2014 Daniel Berteaud 0.2.13-1.sme
+- Add icons for mailman and phplist
+
+* Tue Jul 1 2014 Daniel Berteaud 0.2.12-1.sme
+- Adapt for LL::NG 1.4.1 (1.4.0 was too buggy)
+
+* Wed Dec 11 2013 Daniel Berteaud 0.2.11-1.sme
+- Add an icon for DL
+
+* Wed Nov 20 2013 Daniel Berteaud 0.2.10-1.sme
+- Add an icon for pydio
+
+* Mon Nov 18 2013 Daniel Berteaud 0.2.9-1.sme
+- Add two new icons (rdv.png and survey.png)
+
+* Wed Nov 13 2013 Daniel Berteaud 0.2.8-1.sme
+- compatibility with SME9 (perl lib path)
+
+* Mon Nov 4 2013 Daniel Berteaud 0.2.7-1.sme
+- Requires perl(Authen::Captcha) for LL::NG 1.3.0
+
+* Tue Sep 17 2013 Daniel Berteaud 0.2.6-1.sme
+- Small modifications to support SOGo CAS auth
+- Enable CAS auth
+
+* Wed Aug 21 2013 Daniel Berteaud 0.2.5-1.sme
+- Move custom icons to the correct directory
+
+* Wed Aug 21 2013 Daniel Berteaud 0.2.4-1.sme
+- Add custom icons for the portal
+
+* Tue Sep 4 2012 Daniel Berteaud 0.2.3-1.sme
+- Use Authentication prop instead of LemonLDAP
+
+* Wed Jun 20 2012 Daniel Berteaud 0.2.2-1.sme
+- Redirect to HTTPS on port 443
+
+* Wed Jun 20 2012 Daniel Berteaud 0.2.1-1.sme
+- Add optional floating menu per vhost
+
+* Wed Jun 20 2012 Daniel Berteaud 0.2.0-1.sme
+- Import in GIT
+- Remove the grantSessionRule param
+- Log via syslog (auth)
+
+* Mon Dec 19 2011 Daniel Berteaud 0.1-22.sme
+- Change SSL Auth to work with LocationMatch, so CAS proxy can work with
+ SSL Auth enabled
+
+* Wed Jul 13 2011 Daniel Berteaud 0.1-21.sme
+- Disable password reset form
+
+* Wed Jul 13 2011 Daniel Berteaud 0.1-20.sme
+- Fix uninitilized values in lemonldap conf templates
+
+* Mon Jul 11 2011 Daniel Berteaud 0.1-19.sme
+- reserve /lm-reload
+
+* Sun Jul 10 2011 Daniel Berteaud 0.1-18.sme
+- Fix notification check
+
+* Sat Jul 09 2011 Daniel Berteaud 0.1-17.sme
+- Don't force notifications on
+
+* Fri Jul 08 2011 Daniel Berteaud 0.1-16.sme
+- Enable and configure notifications
+
+* Thu Jun 30 2011 Daniel Berteaud 0.1-15.sme
+- Manage some configuration from the DB
+
+* Fri Mar 11 2011 Daniel Berteaud 0.1-14.sme
+- Make LemonLDAP compatible with ocsinventory-ng
+
+* Mon Mar 7 2011 Daniel Berteaud 0.1-13.sme
+- Add support for SSL Auth on the portal
+- Use a separated vhost for SOAP requests
+
+* Tue Feb 1 2011 Daniel Berteaud 0.1-12.sme
+- Requires recent version of smeserver-webapps-common
+- Switch to LDAP based auth to protect the manager
+
+* Tue Jan 25 2011 Daniel Berteaud 0.1-11.sme
+- Fix a spacing issue in httpd templates
+
+* Fri Jan 21 2011 Daniel Berteaud 0.1-10.sme
+- Add SSLEngine directives in https virtualhosts
+
+* Fri Jan 21 2011 Daniel Berteaud 0.1-9.sme
+- Fix empty SoapPassword
+
+* Thu Jan 06 2011 Daniel Berteaud 0.1-8.sme
+- Fix Soap ressources authentication
+
+* Mon Jan 03 2011 Daniel Berteaud 0.1-7.sme
+- Run the manager as a perl script (instead of CGI mode)
+
+* Mon Jan 03 2011 Daniel Berteaud 0.1-6.sme
+- Use https links for error pages
+
+* Thu Dec 30 2010 Daniel Berteaud 0.1-5.sme
+- use only alphanumeric characters for soap password
+- use htpasswd to hash the password
+
+* Tue Dec 28 2010 Daniel Berteaud 0.1-4.sme
+- don't load mod_auth_external if not needed
+- move cache dir in /var/cache
+- Fix several hosts listed in SoapAllowFrom
+
+* Fri Dec 24 2010 Daniel Berteaud 0.1-3.sme
+- Use htpasswd file to protect SOAP services
+- Configure session storage in lemonldap-ng.ini
+- Support additionnal server reload URL
+
+* Fri Dec 17 2010 Daniel Berteaud 0.1-2.sme
+- Let the manager be self-protected if ManagerAuth eq self
+
+* Thu Dec 16 2010 Daniel Berteaud 0.1-1.sme
+- initial public release
+
+%prep
+%setup -q -n %{name}-%{version}
+
+%build
+perl createlinks
+%{__mkdir_p} root/var/cache/lemonldap-ng
+%{__mkdir_p} root/var/lib/lemonldap-ng/notifications
+
+%install
+/bin/rm -rf $RPM_BUILD_ROOT
+(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
+/bin/rm -f %{name}-%{version}-filelist
+/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
+ --dir /var/cache/lemonldap-ng 'attr(0770,root,www)' \
+ --dir /var/lib/lemonldap-ng/notifications 'attr(0770,root,www)' \
+ > %{name}-%{version}-filelist
+
+%files -f %{name}-%{version}-filelist
+%defattr(-,root,root)
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post
+
+%preun
+
+true