initial commit of file from CVS for smeserver-lemonldap-ng on Sat Sep 7 20:31:17 AEST 2024

root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/000open

@@ -0,0 +1,31 @@
+{
+use esmith::ConfigDB;
+use esmith::DomainsDB;
+use esmith::NetworksDB;
+use esmith::util;
+use Lemonldap::NG::Common::Conf;
+
+$c = esmith::ConfigDB->open_ro or die "Error opening ConfigDB\n";
+$d = esmith::DomainsDB->open_ro or die "Error opening DomainsDB\n";
+$n = esmith::NetworksDB->open_ro or die "Error opening NetworksDB\n";
+$domain = $c->get('DomainName')->value;
+$host = $c->get('SystemName')->value;
+$base = esmith::util::ldapBase ($domain);
+$ldap = $c->get('ldap') || die "Error reading ldap service entry\n";
+$port = $ldap->prop('TCPPort') || '389';
+$llng = $c->get('lemonldap');
+
+$manual = $llng->prop('ManualConf') || 'disabled';
+
+$confAccess = new Lemonldap::NG::Common::Conf(
+          {
+              type=>'File',
+              dirName=>"/var/lib/lemonldap-ng/conf",
+          },
+) or die "Unable to build Lemonldap::NG::Common::Conf, see Apache logs\n";
+
+$conf = $confAccess->getConf();
+
+$OUT = '';
+
+}

root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/005global

@@ -0,0 +1,15 @@
+{
+
+# Global parameters
+$conf->{'domain'} = "$domain";
+$conf->{'portal'} = "https://auth.$domain/";
+$conf->{'storePassword'} = '0';
+$conf->{'portalUserAttr'} = 'cn' if (($conf->{'portalUserAttr'} || '_user') eq "_user");
+$conf->{'portalDisplayChangePassword'} = '0';
+$conf->{'syslog'} = 'auth';
+$conf->{'https'} = '1';
+$conf->{'port'} = '443';
+
+$OUT .= '';
+
+}

root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/010ldap

@@ -0,0 +1,17 @@
+{
+
+# LDAP parameters
+$conf->{'passwordDB'} = 'LDAP';
+$conf->{'userDB'} = 'LDAP';
+$conf->{'ldapServer'} = 'localhost';
+$conf->{'ldapPort'} = "$port";
+$conf->{'ldapVersion'} = '3';
+$conf->{'ldapBase'} = "ou=Users,$base";
+$conf->{'ldapGroupBase'} = "ou=Groups,$base";
+$conf->{'ldapGroupAttributeNameUser'} = 'uid';
+$conf->{'ldapGroupAttributeNameSearch'} = 'cn';
+$conf->{'ldapGroupAttributeName'} = 'memberUid';
+$conf->{'ldapGroupObjectClass'} = 'mailboxRelatedObject';
+
+$OUT .= '';
+}

root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/015soap

@@ -0,0 +1,19 @@
+{
+
+# SOAP
+if (($llng->prop('SoapAllowFrom') || '') ne ''){
+    my $password = $llng->prop('SoapPassword') || 'secret';
+    $conf->{'Soap'} = '1';
+    $conf->{'globalStorage'} = 'Lemonldap::NG::Common::Apache::Session::SOAP';
+    $conf->{'globalStorageOptions'} = {
+        proxy          => "https://lemonsoap:$password\@soapsso.$domain/index.pl/sessions",
+        generateModule => 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256'
+    };
+}
+else {
+    $conf->{'Soap'} = '0';
+}
+
+$OUT = '';
+
+}

root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/020auth

@@ -0,0 +1,34 @@
+{
+
+# SSL Auth
+my $ssl = $llng->prop('SSLAuth') || '';
+
+if ($ssl eq 'optional' || $ssl eq 'require'){
+    # SSL Auth is enabled
+    # Configure common attributes
+    $conf->{'SSLLDAPField'} = 'uid';
+    $conf->{'SSLVar'} = 'SSL_CLIENT_S_DN_CN';
+    $conf->{'SSLRequire'} = '1';
+
+    if ($ssl eq 'optional'){
+         $conf->{'authentication'} = 'Multi SSL;LDAP';
+    }
+    else{
+         $conf->{'authentication'} = 'SSL';
+    }
+}
+else{
+    $conf->{'authentication'} = 'LDAP';
+}
+
+# Enable CAS issuer DB
+$conf->{'issuerDBCASActivation'} = 1;
+
+# default cookie settings
+$conf->{'securedCookie'} = 1 unless ($conf->{'securedCookie'});
+$conf->{'httpOnly'} = 1 unless ($conf->{'httpOnly'});
+
+
+$OUT = '';
+
+}

root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/025localnet

@@ -0,0 +1,45 @@
+{
+
+my $reg = '$ipAddr =~ /^';
+
+# Build a regexp to check if the client IP
+# is part of a local network
+# Then, we can easily use this macro to restrict
+# access to local networks on some applications
+my @net = ();
+
+foreach my $net ($n->networks){
+    my $addr = $net->key;
+    my $mask = $net->prop('Mask') || '255.255.255.255';
+    foreach (esmith::util::computeAllLocalNetworkPrefixes($addr,$mask)){
+        push @net, "($_)";
+    }
+}
+
+$reg .= join('|', @net);
+$reg .= '/';
+$reg =~ s/\./\\\./g;
+
+$conf->{'macros'}->{'localAccess'} = '(' . $reg . ") ? '1':'0'";
+
+$reg = '$ipAddr =~ /^';
+@net = ();
+
+# Do the same for extenal SSL access
+foreach my $net (split(/[;,]/,(${'httpd-admin'}{'ValidFrom'} || ''))){
+    my ($addr,$mask) = split(/\//,$net);
+    foreach (esmith::util::computeAllLocalNetworkPrefixes($addr,$mask)){
+        push @net, "($_)";
+    }
+}
+
+$reg .= join('|', @net);
+$reg .= '/';
+$reg =~ s/\./\\\./g;
+
+$conf->{'macros'}->{'externalSSLAccess'} = '(' . $reg . ") ? '1':'0'";
+
+$OUT = '';
+
+}
+

root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/030notifications

@@ -0,0 +1,10 @@
+{
+
+if (($conf->{'notification'} || '0') eq '1'){
+    $conf->{'notificationStorage'} = 'File';
+    $conf->{'notificationStorageOptions'} = {
+        'dirName' => '/var/lib/lemonldap-ng/notifications'
+    },
+}
+
+}

root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/035portal

@@ -0,0 +1,9 @@
+{
+
+# Portal elements
+$conf->{'portalDisplayRegister'} = 0;
+$conf->{'portalDisplayResetPassword'} = 0;
+
+$OUT = '';
+
+}

root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/template-end

@@ -0,0 +1,16 @@
+{
+
+# Now, update the configuration
+my $num = $confAccess->saveConf($conf);
+
+if ($num > 0){
+    esmith::util::chownFile('www', 'www', "/var/lib/lemonldap-ng/conf/lmConf-$num");
+    chmod 0660, "/var/lib/lemonldap-ng/conf/lmConf-$num";
+}
+else {
+    die "An error occured saving LemonLDAP::NG configuration: $num\n";
+}
+
+$OUT = '# This is just a dummy config file';
+
+}