initial commit of file from CVS for smeserver-lemonldap-ng on Sat Sep 7 20:31:17 AEST 2024
4
.gitignore
vendored
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
*.rpm
|
||||||
|
*.log
|
||||||
|
*spec-20*
|
||||||
|
*.tar.gz
|
21
Makefile
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
# Makefile for source rpm: smeserver-lemonldap-ng
|
||||||
|
# $Id: Makefile,v 1.1 2022/08/20 03:50:58 jpp Exp $
|
||||||
|
NAME := smeserver-lemonldap-ng
|
||||||
|
SPECFILE = $(firstword $(wildcard *.spec))
|
||||||
|
|
||||||
|
define find-makefile-common
|
||||||
|
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||||
|
endef
|
||||||
|
|
||||||
|
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||||
|
|
||||||
|
ifeq ($(MAKEFILE_COMMON),)
|
||||||
|
# attept a checkout
|
||||||
|
define checkout-makefile-common
|
||||||
|
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
||||||
|
endef
|
||||||
|
|
||||||
|
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
||||||
|
endif
|
||||||
|
|
||||||
|
include $(MAKEFILE_COMMON)
|
17
README.md
@ -1,3 +1,16 @@
|
|||||||
# smeserver-lemonldap-ng
|
# <img src="https://www.koozali.org/images/koozali/Logo/Png/Koozali_logo_2016.png" width="25%" vertical="auto" style="vertical-align:bottom"> smeserver-lemonldap-ng
|
||||||
|
|
||||||
SMEServer Koozali developed git repo for smeserver-lemonldap-ng smecontribs
|
SMEServer Koozali developed git repo for smeserver-lemonldap-ng smecontribs
|
||||||
|
|
||||||
|
## Wiki
|
||||||
|
<br />https://wiki.koozali.org/LemonLDAP-NG
|
||||||
|
<br />https://wiki.koozali.org/LemonLDAP-NG/fr
|
||||||
|
|
||||||
|
## Bugzilla
|
||||||
|
Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=smeserver-lemonldap-ng&product=SME%20Contribs&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
|
||||||
|
|
||||||
|
## Description
|
||||||
|
|
||||||
|
<br />*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.*
|
||||||
|
*Once it has been checked, then this comment will be deleted*
|
||||||
|
<br />
|
||||||
|
3
additional/.tito/packages/.readme
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
the .tito/packages directory contains metadata files
|
||||||
|
named after their packages. Each file has the latest tagged
|
||||||
|
version and the project's relative directory.
|
1
additional/.tito/packages/smeserver-lemonldap-ng
Normal file
@ -0,0 +1 @@
|
|||||||
|
0.2.20-1 ./
|
1
additional/.tito/releasers.conf
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../../tito_libs/releasers.conf
|
6
additional/.tito/tito.props
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
[buildconfig]
|
||||||
|
builder = tito.builder.Builder
|
||||||
|
tagger = tito.tagger.VersionTagger
|
||||||
|
changelog_do_not_remove_cherrypick = 0
|
||||||
|
changelog_format = %s (%ae)
|
||||||
|
lib_dir = ../tito_libs
|
204
additional/smeserver-lemonldap-ng.spec
Normal file
@ -0,0 +1,204 @@
|
|||||||
|
# Authority: vip-ire
|
||||||
|
# Name: Daniel Berteaud
|
||||||
|
|
||||||
|
Summary: LemonLDAP NG is a web SSO solution
|
||||||
|
%define name smeserver-lemonldap-ng
|
||||||
|
Name: %{name}
|
||||||
|
%define version 0.2.19
|
||||||
|
%define release 1
|
||||||
|
Version: 0.2.20
|
||||||
|
Release: 1%{?dist}
|
||||||
|
License: GPL
|
||||||
|
Group: SME Server
|
||||||
|
Source: %{name}-%{version}.tar.gz
|
||||||
|
|
||||||
|
BuildArchitectures: noarch
|
||||||
|
|
||||||
|
BuildRequires: e-smith-devtools
|
||||||
|
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
|
||||||
|
|
||||||
|
Requires: e-smith-base >= 5.2.0-56
|
||||||
|
Requires: e-smith-ldap
|
||||||
|
Requires: smeserver-webapps-common >= 0.1-8
|
||||||
|
Requires: lemonldap-ng >= 1.4.1
|
||||||
|
Requires: lemonldap-ng-fr-doc
|
||||||
|
Requires: perl(Authen::Captcha)
|
||||||
|
|
||||||
|
%description
|
||||||
|
This package contains all the needed scripts and templates
|
||||||
|
to run LemonLDAP NG on your SME Server. It uses LDAP as authentication source
|
||||||
|
but can also use SSL auth (either optional with a fallback to LDAP, or SSL required)
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Tue Sep 03 2019 Daniel Berteaud <daniel@firewall-services.com> 0.2.20-1
|
||||||
|
- Bump version
|
||||||
|
|
||||||
|
* Tue Sep 03 2019 Daniel Berteaud <daniel@firewall-services.com> 0.2.19-1
|
||||||
|
- new package built with tito
|
||||||
|
|
||||||
|
* Wed Feb 15 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.19-1.sme
|
||||||
|
- Set Access-Control-Allow-Origin on CAS endpoint, need for ticket renew in SOGo
|
||||||
|
|
||||||
|
* Mon Jan 9 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.18-1.sme
|
||||||
|
- Update httpd template to read the Authentication prop of domain to load
|
||||||
|
Lemonldap::NG handler
|
||||||
|
|
||||||
|
* Wed Dec 7 2016 Daniel Berteaud <daniel@firewall-services.com> 0.2.17-1.sme
|
||||||
|
- Replace My::Package with Lemonldap::NG::Handler in default vhost templates
|
||||||
|
|
||||||
|
* Sat Jan 23 2016 Daniel Berteaud <daniel@firewall-services.com> 0.2.16-1.sme
|
||||||
|
- Don't redirect to https for acme challenges
|
||||||
|
|
||||||
|
* Wed Oct 14 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.15-1.sme
|
||||||
|
- Fix DL icon size
|
||||||
|
|
||||||
|
* Fri Sep 5 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.14-1.sme
|
||||||
|
- Define localSessionStorage to prevent clashes between handlers
|
||||||
|
|
||||||
|
* Wed Jul 30 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.13-1.sme
|
||||||
|
- Add icons for mailman and phplist
|
||||||
|
|
||||||
|
* Tue Jul 1 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.12-1.sme
|
||||||
|
- Adapt for LL::NG 1.4.1 (1.4.0 was too buggy)
|
||||||
|
|
||||||
|
* Wed Dec 11 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.11-1.sme
|
||||||
|
- Add an icon for DL
|
||||||
|
|
||||||
|
* Wed Nov 20 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.10-1.sme
|
||||||
|
- Add an icon for pydio
|
||||||
|
|
||||||
|
* Mon Nov 18 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.9-1.sme
|
||||||
|
- Add two new icons (rdv.png and survey.png)
|
||||||
|
|
||||||
|
* Wed Nov 13 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.8-1.sme
|
||||||
|
- compatibility with SME9 (perl lib path)
|
||||||
|
|
||||||
|
* Mon Nov 4 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.7-1.sme
|
||||||
|
- Requires perl(Authen::Captcha) for LL::NG 1.3.0
|
||||||
|
|
||||||
|
* Tue Sep 17 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.6-1.sme
|
||||||
|
- Small modifications to support SOGo CAS auth
|
||||||
|
- Enable CAS auth
|
||||||
|
|
||||||
|
* Wed Aug 21 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.5-1.sme
|
||||||
|
- Move custom icons to the correct directory
|
||||||
|
|
||||||
|
* Wed Aug 21 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.4-1.sme
|
||||||
|
- Add custom icons for the portal
|
||||||
|
|
||||||
|
* Tue Sep 4 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.3-1.sme
|
||||||
|
- Use Authentication prop instead of LemonLDAP
|
||||||
|
|
||||||
|
* Wed Jun 20 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.2-1.sme
|
||||||
|
- Redirect to HTTPS on port 443
|
||||||
|
|
||||||
|
* Wed Jun 20 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.1-1.sme
|
||||||
|
- Add optional floating menu per vhost
|
||||||
|
|
||||||
|
* Wed Jun 20 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.0-1.sme
|
||||||
|
- Import in GIT
|
||||||
|
- Remove the grantSessionRule param
|
||||||
|
- Log via syslog (auth)
|
||||||
|
|
||||||
|
* Mon Dec 19 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-22.sme
|
||||||
|
- Change SSL Auth to work with LocationMatch, so CAS proxy can work with
|
||||||
|
SSL Auth enabled
|
||||||
|
|
||||||
|
* Wed Jul 13 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-21.sme
|
||||||
|
- Disable password reset form
|
||||||
|
|
||||||
|
* Wed Jul 13 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-20.sme
|
||||||
|
- Fix uninitilized values in lemonldap conf templates
|
||||||
|
|
||||||
|
* Mon Jul 11 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-19.sme
|
||||||
|
- reserve /lm-reload
|
||||||
|
|
||||||
|
* Sun Jul 10 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-18.sme
|
||||||
|
- Fix notification check
|
||||||
|
|
||||||
|
* Sat Jul 09 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-17.sme
|
||||||
|
- Don't force notifications on
|
||||||
|
|
||||||
|
* Fri Jul 08 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-16.sme
|
||||||
|
- Enable and configure notifications
|
||||||
|
|
||||||
|
* Thu Jun 30 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-15.sme
|
||||||
|
- Manage some configuration from the DB
|
||||||
|
|
||||||
|
* Fri Mar 11 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-14.sme
|
||||||
|
- Make LemonLDAP compatible with ocsinventory-ng
|
||||||
|
|
||||||
|
* Mon Mar 7 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-13.sme
|
||||||
|
- Add support for SSL Auth on the portal
|
||||||
|
- Use a separated vhost for SOAP requests
|
||||||
|
|
||||||
|
* Tue Feb 1 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-12.sme
|
||||||
|
- Requires recent version of smeserver-webapps-common
|
||||||
|
- Switch to LDAP based auth to protect the manager
|
||||||
|
|
||||||
|
* Tue Jan 25 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-11.sme
|
||||||
|
- Fix a spacing issue in httpd templates
|
||||||
|
|
||||||
|
* Fri Jan 21 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-10.sme
|
||||||
|
- Add SSLEngine directives in https virtualhosts
|
||||||
|
|
||||||
|
* Fri Jan 21 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-9.sme
|
||||||
|
- Fix empty SoapPassword
|
||||||
|
|
||||||
|
* Thu Jan 06 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-8.sme
|
||||||
|
- Fix Soap ressources authentication
|
||||||
|
|
||||||
|
* Mon Jan 03 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-7.sme
|
||||||
|
- Run the manager as a perl script (instead of CGI mode)
|
||||||
|
|
||||||
|
* Mon Jan 03 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-6.sme
|
||||||
|
- Use https links for error pages
|
||||||
|
|
||||||
|
* Thu Dec 30 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-5.sme
|
||||||
|
- use only alphanumeric characters for soap password
|
||||||
|
- use htpasswd to hash the password
|
||||||
|
|
||||||
|
* Tue Dec 28 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-4.sme
|
||||||
|
- don't load mod_auth_external if not needed
|
||||||
|
- move cache dir in /var/cache
|
||||||
|
- Fix several hosts listed in SoapAllowFrom
|
||||||
|
|
||||||
|
* Fri Dec 24 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-3.sme
|
||||||
|
- Use htpasswd file to protect SOAP services
|
||||||
|
- Configure session storage in lemonldap-ng.ini
|
||||||
|
- Support additionnal server reload URL
|
||||||
|
|
||||||
|
* Fri Dec 17 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-2.sme
|
||||||
|
- Let the manager be self-protected if ManagerAuth eq self
|
||||||
|
|
||||||
|
* Thu Dec 16 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-1.sme
|
||||||
|
- initial public release
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q -n %{name}-%{version}
|
||||||
|
|
||||||
|
%build
|
||||||
|
perl createlinks
|
||||||
|
%{__mkdir_p} root/var/cache/lemonldap-ng
|
||||||
|
%{__mkdir_p} root/var/lib/lemonldap-ng/notifications
|
||||||
|
|
||||||
|
%install
|
||||||
|
/bin/rm -rf $RPM_BUILD_ROOT
|
||||||
|
(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
|
||||||
|
/bin/rm -f %{name}-%{version}-filelist
|
||||||
|
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
|
||||||
|
--dir /var/cache/lemonldap-ng 'attr(0770,root,www)' \
|
||||||
|
--dir /var/lib/lemonldap-ng/notifications 'attr(0770,root,www)' \
|
||||||
|
> %{name}-%{version}-filelist
|
||||||
|
|
||||||
|
%files -f %{name}-%{version}-filelist
|
||||||
|
%defattr(-,root,root)
|
||||||
|
|
||||||
|
%clean
|
||||||
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
|
%post
|
||||||
|
|
||||||
|
%preun
|
||||||
|
|
||||||
|
true
|
1
contriborbase
Normal file
@ -0,0 +1 @@
|
|||||||
|
contribs10
|
14
createlinks
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
#!/usr/bin/perl -w
|
||||||
|
|
||||||
|
use esmith::Build::CreateLinks qw(:all);
|
||||||
|
|
||||||
|
templates2events("/etc/lemonldap-ng/lemonldap-ng.ini", qw/webapps-update bootstrap-console-save/);
|
||||||
|
templates2events("/etc/lemonldap-ng/soap-htpasswd", qw/webapps-update bootstrap-console-save/);
|
||||||
|
|
||||||
|
event_link("lemonldap-init-domains", "webapps-update", "20");
|
||||||
|
foreach my $event (qw/webapps-update network-create network-delete bootstrap-ldap-save remoteaccess-update/){
|
||||||
|
event_link("lemonldap-update-conf", "$event", "25");
|
||||||
|
}
|
||||||
|
|
||||||
|
safe_touch("root/etc/e-smith/templates/etc/lemonldap-ng/soap-htpasswd/template-begin");
|
||||||
|
|
1
root/etc/e-smith/db/accounts/defaults/lm-reload/type
Normal file
@ -0,0 +1 @@
|
|||||||
|
url
|
@ -0,0 +1 @@
|
|||||||
|
enabled
|
@ -0,0 +1 @@
|
|||||||
|
service
|
14
root/etc/e-smith/db/configuration/migrate/90MigrateLemonLDAP
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
use esmith::DomainsDB;
|
||||||
|
my $d = esmith::DomainsDB->open() or die "Couldn't open DomainsDB\n";
|
||||||
|
|
||||||
|
foreach my $domain ($d->domains){
|
||||||
|
my $llng = $domain->prop('LemonLDAP') || '';
|
||||||
|
next unless $llng eq 'enabled';
|
||||||
|
$domain->set_prop('Authentication', 'LemonLDAP');
|
||||||
|
$domain->delete_prop('LemonLDAP');
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,12 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
my $mp = $DB->get('modPerl') || $DB->new_record("modPerl", { type => "service", status => "enabled" });
|
||||||
|
|
||||||
|
if ( ($mp->prop('status') || 'disabled') eq 'enabled'){
|
||||||
|
return "";
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
$DB->set_prop('modPerl', 'status', 'enabled');
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,13 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
my $rec = $DB->get('lemonldap')
|
||||||
|
|| $DB->new_record('lemonldap', {type => 'service'});
|
||||||
|
|
||||||
|
my $pw = $rec->prop('SoapPassword');
|
||||||
|
|
||||||
|
if (not $pw){
|
||||||
|
my $rand = `/usr/bin/openssl rand -base64 35 | tr -cd '[:alnum:]'`;
|
||||||
|
$rec->set_prop('SoapPassword', "$rand");
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
88
root/etc/e-smith/events/actions/lemonldap-init-domains
Normal file
@ -0,0 +1,88 @@
|
|||||||
|
#!/usr/bin/perl -w
|
||||||
|
#----------------------------------------------------------------------
|
||||||
|
# copyright (C) 2010 Firewall-Services
|
||||||
|
# daniel@firewall-services.com
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 2 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program; if not, write to the Free Software
|
||||||
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
|
#
|
||||||
|
# Technical support for this program is available from Mitel Networks
|
||||||
|
# Please visit our web site www.mitel.com/sme/ for details.
|
||||||
|
#----------------------------------------------------------------------
|
||||||
|
|
||||||
|
use strict;
|
||||||
|
use warnings;
|
||||||
|
use esmith::DomainsDB;
|
||||||
|
use esmith::ConfigDB;
|
||||||
|
|
||||||
|
my $d = esmith::DomainsDB->open or die "Couldn't open DomainsDB\n";
|
||||||
|
my $c = esmith::ConfigDB->open_ro() or die "Couldn't open ConfigDB\n";
|
||||||
|
|
||||||
|
my $domain = $c->get('DomainName')->value;
|
||||||
|
my $vhost;
|
||||||
|
|
||||||
|
$vhost = $d->get("sso-manager.$domain");
|
||||||
|
|
||||||
|
if (!$vhost){
|
||||||
|
$d->new_record("sso-manager.$domain",{
|
||||||
|
type => 'domain',
|
||||||
|
Content => 'Primary',
|
||||||
|
Description => "LemonLDAP-NG Manager",
|
||||||
|
Nameservers => 'internet',
|
||||||
|
TemplatePath => 'LemonLDAPManager',
|
||||||
|
Removable => 'no',
|
||||||
|
});
|
||||||
|
|
||||||
|
unless ( system("/sbin/e-smith/signal-event", "domain-create", "sso-manager.$domain") == 0 ){
|
||||||
|
die "Failed to create domain sso-manager.$domain\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$vhost = $d->get("auth.$domain");
|
||||||
|
|
||||||
|
if (!$vhost){
|
||||||
|
$d->new_record("auth.$domain",{
|
||||||
|
type => 'domain',
|
||||||
|
Content => 'Primary',
|
||||||
|
Description => "LemonLDAP-NG Portal",
|
||||||
|
Nameservers => 'internet',
|
||||||
|
TemplatePath => 'LemonLDAPPortal',
|
||||||
|
Removable => 'no',
|
||||||
|
});
|
||||||
|
|
||||||
|
unless ( system("/sbin/e-smith/signal-event", "domain-create", "auth.$domain") == 0 ){
|
||||||
|
die "Failed to create domain auth.$domain\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$vhost = $d->get("soapsso.$domain");
|
||||||
|
|
||||||
|
if (!$vhost){
|
||||||
|
$d->new_record("soapsso.$domain",{
|
||||||
|
type => 'domain',
|
||||||
|
Content => 'Primary',
|
||||||
|
Description => "LemonLDAP-NG SOAP Handler",
|
||||||
|
Nameservers => 'internet',
|
||||||
|
TemplatePath => 'LemonLDAPSoap',
|
||||||
|
Removable => 'no',
|
||||||
|
});
|
||||||
|
|
||||||
|
unless ( system("/sbin/e-smith/signal-event", "domain-create", "soapsso.$domain") == 0 ){
|
||||||
|
die "Failed to create domain soapsso.$domain\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
exit 0;
|
||||||
|
|
43
root/etc/e-smith/events/actions/lemonldap-update-conf
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
#!/usr/bin/perl -w
|
||||||
|
#----------------------------------------------------------------------
|
||||||
|
# copyright (C) 2011 Firewall-Services
|
||||||
|
# daniel@firewall-services.com
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 2 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program; if not, write to the Free Software
|
||||||
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
|
#
|
||||||
|
# Technical support for this program is available from Mitel Networks
|
||||||
|
# Please visit our web site www.mitel.com/sme/ for details.
|
||||||
|
#----------------------------------------------------------------------
|
||||||
|
|
||||||
|
use esmith::ConfigDB;
|
||||||
|
use esmith::templates;
|
||||||
|
|
||||||
|
my $c = esmith::ConfigDB->open_ro or die "Error opening ConfigDB\n";
|
||||||
|
my $llng = $c->get('lemonldap');
|
||||||
|
|
||||||
|
my $status = $llng->prop('status') || 'disabled';
|
||||||
|
my $manual = $llng->prop('ManualConf') || 'disabled';
|
||||||
|
|
||||||
|
# Don't touch the configuration if it's set to be manual
|
||||||
|
# or if the service is disabled
|
||||||
|
exit (0) if ($manual eq 'enabled' or $status ne 'enabled');
|
||||||
|
|
||||||
|
processTemplate(
|
||||||
|
{
|
||||||
|
TEMPLATE_PATH => "/var/lib/lemonldap-ng/conf/lmConf",
|
||||||
|
OUTPUT_FILENAME => "/var/lib/lemonldap-ng/conf/lmConf",
|
||||||
|
});
|
||||||
|
|
||||||
|
exit (0);
|
@ -0,0 +1,3 @@
|
|||||||
|
PERMS=0640
|
||||||
|
UID="root"
|
||||||
|
GID="www"
|
@ -0,0 +1,3 @@
|
|||||||
|
PERMS=0640
|
||||||
|
UID="root"
|
||||||
|
GID="www"
|
@ -0,0 +1,3 @@
|
|||||||
|
PERMS=0640
|
||||||
|
UID="www"
|
||||||
|
GID="www"
|
@ -0,0 +1,34 @@
|
|||||||
|
#====================================================================
|
||||||
|
# Apache configuration for LemonLDAP::NG Handler
|
||||||
|
#====================================================================
|
||||||
|
|
||||||
|
# Load LemonLDAP::NG Handler
|
||||||
|
PerlOptions +GlobalRequest
|
||||||
|
PerlRequire Lemonldap/NG/Handler.pm
|
||||||
|
|
||||||
|
# Common error page and security parameters
|
||||||
|
#ErrorDocument 403 http://auth.{$DomainName}/?lmError=403
|
||||||
|
#ErrorDocument 500 http://auth.{$DomainName}/?lmError=500
|
||||||
|
|
||||||
|
|
||||||
|
# Configuration reload mechanism (only 1 per physical server is
|
||||||
|
# needed): choose your URL to avoid restarting Apache when
|
||||||
|
# configuration change
|
||||||
|
# Dummy Alias so apache allows access to /lm-reload
|
||||||
|
Alias /lm-reload /etc/httpd/proxy/proxy.pac
|
||||||
|
<Location /lm-reload>
|
||||||
|
SSLRequireSSL on
|
||||||
|
Order deny,allow
|
||||||
|
Deny from all
|
||||||
|
Allow from {"$LocalIP $localAccess $externalSSLAccess";}
|
||||||
|
PerlHeaderParserHandler Lemonldap::NG::Handler->refresh
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
# Uncomment this to activate status module
|
||||||
|
#<Location /status>
|
||||||
|
# Order deny,allow
|
||||||
|
# Deny from all
|
||||||
|
# Allow from 127.0.0.0/8
|
||||||
|
# PerlHeaderParserHandler Lemonldap::NG::Handler->status
|
||||||
|
#</Location>
|
||||||
|
|
@ -0,0 +1,10 @@
|
|||||||
|
{
|
||||||
|
use esmith::DomainsDB;
|
||||||
|
# Convert the passed hash for the domain object back into an object.
|
||||||
|
$domain = bless \%domain, 'esmith::DB::db::Record';
|
||||||
|
|
||||||
|
# Make scalars from some of the properties of the domain
|
||||||
|
$virtualHost = $domain->key;
|
||||||
|
$OUT = "";
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1 @@
|
|||||||
|
ServerName {$virtualHost}
|
@ -0,0 +1,114 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
use esmith::util;
|
||||||
|
|
||||||
|
if ( $port ne ($modSSL{'TCPPort'} || '443')){
|
||||||
|
$OUT .=<<"EOF";
|
||||||
|
|
||||||
|
#====================================================================
|
||||||
|
# HTTPS redirection for LemonLDAP::NG Manager
|
||||||
|
#====================================================================
|
||||||
|
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
|
||||||
|
RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 \[L,R\]
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
my $authtype = $lemonldap{'ManagerAuth'} || 'basic';
|
||||||
|
my $auth = '';
|
||||||
|
my $base = esmith::util::ldapBase($DomainName);
|
||||||
|
|
||||||
|
unless ( $authtype eq 'self' ) {
|
||||||
|
$auth = "AuthName 'LemonLDAP NG Manager Interface'\n" .
|
||||||
|
" AuthType Basic\n" .
|
||||||
|
" AuthBasicProvider ldap\n" .
|
||||||
|
" AuthLDAPURL ldap://localhost/ou=Users,$base?uid\n" .
|
||||||
|
" AuthLDAPGroupAttribute memberUid\n" .
|
||||||
|
" AuthLDAPGroupAttributeIsDN off\n" .
|
||||||
|
" require ldap-user admin";
|
||||||
|
}
|
||||||
|
|
||||||
|
$OUT .=<<"EOF";
|
||||||
|
|
||||||
|
SSLEngine On
|
||||||
|
|
||||||
|
PerlOptions +Parent
|
||||||
|
|
||||||
|
#====================================================================
|
||||||
|
# Apache configuration for LemonLDAP::NG Manager
|
||||||
|
#====================================================================
|
||||||
|
|
||||||
|
# DocumentRoot
|
||||||
|
DocumentRoot /var/lib/lemonldap-ng/manager/
|
||||||
|
<Directory /var/lib/lemonldap-ng/manager/>
|
||||||
|
Order deny,allow
|
||||||
|
Deny from all
|
||||||
|
Allow from $localAccess $externalSSLAccess
|
||||||
|
Options +ExecCGI +FollowSymlinks
|
||||||
|
$auth
|
||||||
|
Satisfy all
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
# On-line documentation
|
||||||
|
Alias /doc/ /var/lib/lemonldap-ng/doc/
|
||||||
|
Alias /fr-doc/ /var/lib/lemonldap-ng/fr-doc/
|
||||||
|
Alias /lib/ /var/lib/lemonldap-ng/doc/lib/
|
||||||
|
<Directory /var/lib/lemonldap-ng/doc/>
|
||||||
|
Order deny,allow
|
||||||
|
Allow from all
|
||||||
|
ErrorDocument 404 /notfound.html
|
||||||
|
Options +FollowSymlinks
|
||||||
|
DirectoryIndex index.pl index.html
|
||||||
|
</Directory>
|
||||||
|
<Directory /var/lib/lemonldap-ng/fr-doc/>
|
||||||
|
Order deny,allow
|
||||||
|
Allow from all
|
||||||
|
ErrorDocument 404 /notfound.html
|
||||||
|
Options +FollowSymlinks
|
||||||
|
DirectoryIndex index.pl index.html
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
# Perl script
|
||||||
|
# Note: to avoid manager stay in memory, we don't use ModPerl::Registry
|
||||||
|
# by default. Change this to increase manager performances
|
||||||
|
<Files *.pl>
|
||||||
|
#SetHandler cgi-script
|
||||||
|
SetHandler perl-script
|
||||||
|
PerlResponseHandler ModPerl::Registry
|
||||||
|
</Files>
|
||||||
|
|
||||||
|
# Directory index
|
||||||
|
<IfModule mod_dir.c>
|
||||||
|
DirectoryIndex index.pl index.html
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
<Location />
|
||||||
|
<IfModule mod_deflate.c>
|
||||||
|
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
|
||||||
|
SetOutputFilter DEFLATE
|
||||||
|
BrowserMatch ^Mozilla/4 gzip-only-text/html
|
||||||
|
BrowserMatch ^Mozilla/4\.0[678] no-gzip
|
||||||
|
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
|
||||||
|
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)\$ no-gzip dont-vary
|
||||||
|
</IfModule>
|
||||||
|
<IfModule mod_headers.c>
|
||||||
|
Header append Vary User-Agent env=!dont-vary
|
||||||
|
</IfModule>
|
||||||
|
</Location>
|
||||||
|
<Location /doc/>
|
||||||
|
<IfModule mod_expires.c>
|
||||||
|
ExpiresActive On
|
||||||
|
ExpiresDefault "access plus 1 month"
|
||||||
|
</IfModule>
|
||||||
|
</Location>
|
||||||
|
<Location /skins/>
|
||||||
|
<IfModule mod_expires.c>
|
||||||
|
ExpiresActive On
|
||||||
|
ExpiresDefault "access plus 1 month"
|
||||||
|
</IfModule>
|
||||||
|
</Location>
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,2 @@
|
|||||||
|
|
||||||
|
<VirtualHost {$ipAddress}:{$port}>
|
@ -0,0 +1,2 @@
|
|||||||
|
</VirtualHost>
|
||||||
|
|
@ -0,0 +1,10 @@
|
|||||||
|
{
|
||||||
|
use esmith::DomainsDB;
|
||||||
|
# Convert the passed hash for the domain object back into an object.
|
||||||
|
$domain = bless \%domain, 'esmith::DB::db::Record';
|
||||||
|
|
||||||
|
# Make scalars from some of the properties of the domain
|
||||||
|
$virtualHost = $domain->key;
|
||||||
|
$OUT = "";
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1 @@
|
|||||||
|
ServerName {$virtualHost}
|
@ -0,0 +1,133 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
use esmith::AccountsDB;
|
||||||
|
my $a = esmith::AccountsDB->open_ro() or die "Couldn't open AccountsDB\n";
|
||||||
|
|
||||||
|
if ( $port ne ($modSSL{'TCPPort'} || '443')){
|
||||||
|
$OUT .=<<"EOF";
|
||||||
|
|
||||||
|
#====================================================================
|
||||||
|
# HTTPS redirection for LemonLDAP::NG Portal
|
||||||
|
#====================================================================
|
||||||
|
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
|
||||||
|
RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 \[L,R\]
|
||||||
|
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
|
||||||
|
# SSL Authentication
|
||||||
|
my $SSLAuth = $lemonldap{'SSLAuth'} || 'disabled';
|
||||||
|
my $sslDirectives = ' # SSL Auth is disabled';
|
||||||
|
my $sogoWorkArround = '';
|
||||||
|
if ((-e '/etc/pki/tls/certs/cacert.pem') &&
|
||||||
|
($SSLAuth =~ m/^(require)|(optional)$/)) {
|
||||||
|
$sslDirectives =<<"HERE";
|
||||||
|
<LocationMatch "^/(\$|\\?url=.*|cas/login.*)">
|
||||||
|
SSLVerifyClient $SSLAuth
|
||||||
|
SSLVerifyDepth 1
|
||||||
|
SSLOptions +StdEnvVars
|
||||||
|
SSLUserName SSL_CLIENT_S_DN_CN
|
||||||
|
</LocationMatch>
|
||||||
|
HERE
|
||||||
|
}
|
||||||
|
if (-e '/usr/lib/perl5/site_perl/Apache/FilterChangeLength.pm' ||
|
||||||
|
-e '/usr/share/perl5/vendor_perl/Apache/FilterChangeLength.pm'){
|
||||||
|
# Looks like iPasserelle groupware is installed
|
||||||
|
# SOPE doesn't supports chunked encoding
|
||||||
|
# the following makes it happy
|
||||||
|
# see http://sogo.nu/bugs/view.php?id=2408
|
||||||
|
$sogoWorkArround =<<"HERE";
|
||||||
|
<Location /cas>
|
||||||
|
BrowserMatch "SOPE/" downgrade-1.0
|
||||||
|
PerlOutputFilterHandler Apache::FilterChangeLength
|
||||||
|
Header set Access-Control-Allow-Origin '*'
|
||||||
|
</Location>
|
||||||
|
HERE
|
||||||
|
}
|
||||||
|
|
||||||
|
$OUT .=<<"EOF";
|
||||||
|
|
||||||
|
SSLEngine On
|
||||||
|
|
||||||
|
PerlOptions +Parent
|
||||||
|
|
||||||
|
#====================================================================
|
||||||
|
# Apache configuration for LemonLDAP::NG Portal
|
||||||
|
#====================================================================
|
||||||
|
|
||||||
|
# DocumentRoot
|
||||||
|
DocumentRoot /var/lib/lemonldap-ng/portal/
|
||||||
|
|
||||||
|
<Perl>
|
||||||
|
require Lemonldap::NG::Portal::SharedConf;
|
||||||
|
Lemonldap::NG::Portal::SharedConf->compile(
|
||||||
|
qw(delete header cache read_from_client cookie redirect unescapeHTML));
|
||||||
|
# Uncomment this line if you use Lemonldap::NG menu
|
||||||
|
require Lemonldap::NG::Portal::Menu;
|
||||||
|
</Perl>
|
||||||
|
|
||||||
|
<Directory /var/lib/lemonldap-ng/portal/>
|
||||||
|
Order allow,deny
|
||||||
|
Allow from all
|
||||||
|
Options +ExecCGI +FollowSymlinks
|
||||||
|
</Directory>
|
||||||
|
$sslDirectives
|
||||||
|
$sogoWorkArround
|
||||||
|
|
||||||
|
# Perl script
|
||||||
|
<Files *.pl>
|
||||||
|
SetHandler perl-script
|
||||||
|
PerlResponseHandler ModPerl::Registry
|
||||||
|
</Files>
|
||||||
|
|
||||||
|
<IfModule mod_dir.c>
|
||||||
|
DirectoryIndex index.pl index.html
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
# SAML2 Issuer
|
||||||
|
<IfModule mod_rewrite.c>
|
||||||
|
RewriteEngine On
|
||||||
|
RewriteRule ^/saml/metadata /metadata.pl
|
||||||
|
RewriteRule ^/saml/.* /index.pl
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
# CAS Issuer
|
||||||
|
<IfModule mod_rewrite.c>
|
||||||
|
RewriteEngine On
|
||||||
|
RewriteRule ^/cas/.* /index.pl
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
# OpenID Issuer
|
||||||
|
<IfModule mod_rewrite.c>
|
||||||
|
RewriteEngine On
|
||||||
|
RewriteRule ^/openidserver/.* /index.pl
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
<Location />
|
||||||
|
<IfModule mod_deflate.c>
|
||||||
|
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
|
||||||
|
SetOutputFilter DEFLATE
|
||||||
|
BrowserMatch ^Mozilla/4 gzip-only-text/html
|
||||||
|
BrowserMatch ^Mozilla/4\.0[678] no-gzip
|
||||||
|
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
|
||||||
|
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)\$ no-gzip dont-vary
|
||||||
|
</IfModule>
|
||||||
|
<IfModule mod_headers.c>
|
||||||
|
Header append Vary User-Agent env=!dont-vary
|
||||||
|
</IfModule>
|
||||||
|
</Location>
|
||||||
|
<Location /skins/>
|
||||||
|
<IfModule mod_expires.c>
|
||||||
|
ExpiresActive On
|
||||||
|
ExpiresDefault "access plus 1 month"
|
||||||
|
</IfModule>
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
@ -0,0 +1,2 @@
|
|||||||
|
|
||||||
|
<VirtualHost {$ipAddress}:{$port}>
|
@ -0,0 +1,2 @@
|
|||||||
|
</VirtualHost>
|
||||||
|
|
@ -0,0 +1,10 @@
|
|||||||
|
{
|
||||||
|
use esmith::DomainsDB;
|
||||||
|
# Convert the passed hash for the domain object back into an object.
|
||||||
|
$domain = bless \%domain, 'esmith::DB::db::Record';
|
||||||
|
|
||||||
|
# Make scalars from some of the properties of the domain
|
||||||
|
$virtualHost = $domain->key;
|
||||||
|
$OUT = "";
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1 @@
|
|||||||
|
ServerName {$virtualHost}
|
@ -0,0 +1,120 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
use esmith::AccountsDB;
|
||||||
|
my $a = esmith::AccountsDB->open_ro() or die "Couldn't open AccountsDB\n";
|
||||||
|
|
||||||
|
if ( $port ne ($modSSL{'TCPPort'} || '443')){
|
||||||
|
$OUT .=<<"EOF";
|
||||||
|
|
||||||
|
#====================================================================
|
||||||
|
# HTTPS redirection for LemonLDAP::NG Portal
|
||||||
|
#====================================================================
|
||||||
|
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
|
||||||
|
RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 \[L,R\]
|
||||||
|
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
my $soapAllow = join (" ", split(/[;,]/, ($lemonldap{'SoapAllowFrom'} || '')));
|
||||||
|
$soapAllow = ( $soapAllow eq '' ) ? '' : "Allow from $soapAllow\n ";
|
||||||
|
my $soapPassword = $lemonldap{'SoapPassword'} || '';
|
||||||
|
$soapAllow .= ($soapPassword eq '') ? '' :
|
||||||
|
'AuthName "LemonLDAP SOAP interface"' . "\n " .
|
||||||
|
'AuthType Basic' . "\n " .
|
||||||
|
'AuthBasicProvider file' . "\n " .
|
||||||
|
'AuthUserFile /etc/lemonldap-ng/soap-htpasswd' . "\n " .
|
||||||
|
'Require valid-user' . "\n " .
|
||||||
|
'Satisfy all';
|
||||||
|
|
||||||
|
$OUT .=<<"EOF";
|
||||||
|
|
||||||
|
SSLEngine On
|
||||||
|
|
||||||
|
PerlOptions +Parent
|
||||||
|
|
||||||
|
#====================================================================
|
||||||
|
# Apache configuration for LemonLDAP::NG Portal
|
||||||
|
#====================================================================
|
||||||
|
|
||||||
|
# DocumentRoot
|
||||||
|
DocumentRoot /var/lib/lemonldap-ng/portal/
|
||||||
|
|
||||||
|
<Perl>
|
||||||
|
require Lemonldap::NG::Portal::SharedConf;
|
||||||
|
Lemonldap::NG::Portal::SharedConf->compile(
|
||||||
|
qw(delete header cache read_from_client cookie redirect unescapeHTML));
|
||||||
|
# Uncomment this line if you use portal SOAP capabilities
|
||||||
|
require SOAP::Lite;
|
||||||
|
</Perl>
|
||||||
|
|
||||||
|
<Directory /var/lib/lemonldap-ng/portal/>
|
||||||
|
Order allow,deny
|
||||||
|
Allow from all
|
||||||
|
Options +ExecCGI +FollowSymlinks
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
# Perl script
|
||||||
|
<Files *.pl>
|
||||||
|
SetHandler perl-script
|
||||||
|
PerlResponseHandler ModPerl::Registry
|
||||||
|
</Files>
|
||||||
|
|
||||||
|
<IfModule mod_dir.c>
|
||||||
|
DirectoryIndex index.pl index.html
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
# SOAP functions for sessions management (disabled by default)
|
||||||
|
<Location /index.pl/adminSessions>
|
||||||
|
Order deny,allow
|
||||||
|
Deny from all
|
||||||
|
$soapAllow
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
# SOAP functions for sessions access (disabled by default)
|
||||||
|
<Location /index.pl/sessions>
|
||||||
|
Order deny,allow
|
||||||
|
Deny from all
|
||||||
|
$soapAllow
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
# SOAP functions for configuration access (disabled by default)
|
||||||
|
<Location /index.pl/config>
|
||||||
|
Order deny,allow
|
||||||
|
Deny from all
|
||||||
|
$soapAllow
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
# SOAP functions for notification insertion (disabled by default)
|
||||||
|
<Location /index.pl/notification>
|
||||||
|
Order deny,allow
|
||||||
|
Deny from all
|
||||||
|
$soapAllow
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
<Location />
|
||||||
|
<IfModule mod_deflate.c>
|
||||||
|
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
|
||||||
|
SetOutputFilter DEFLATE
|
||||||
|
BrowserMatch ^Mozilla/4 gzip-only-text/html
|
||||||
|
BrowserMatch ^Mozilla/4\.0[678] no-gzip
|
||||||
|
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
|
||||||
|
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)\$ no-gzip dont-vary
|
||||||
|
</IfModule>
|
||||||
|
<IfModule mod_headers.c>
|
||||||
|
Header append Vary User-Agent env=!dont-vary
|
||||||
|
</IfModule>
|
||||||
|
</Location>
|
||||||
|
<Location /skins/>
|
||||||
|
<IfModule mod_expires.c>
|
||||||
|
ExpiresActive On
|
||||||
|
ExpiresDefault "access plus 1 month"
|
||||||
|
</IfModule>
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
@ -0,0 +1,2 @@
|
|||||||
|
|
||||||
|
<VirtualHost {$ipAddress}:{$port}>
|
@ -0,0 +1,2 @@
|
|||||||
|
</VirtualHost>
|
||||||
|
|
@ -0,0 +1,21 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
my $auth = $domain->prop('Authentication') || 'none';
|
||||||
|
|
||||||
|
if (($modSSL{'TCPPort'} || '443') eq $port){
|
||||||
|
if ($auth eq 'LemonLDAP'){
|
||||||
|
$OUT .= " # This virtualhost is configured to be protected by LemonLDAP NG\n" .
|
||||||
|
" PerlHeaderParserHandler Lemonldap::NG::Handler\n" .
|
||||||
|
" ErrorDocument 403 https://auth.$DomainName/?lmError=403\n" .
|
||||||
|
" ErrorDocument 500 https://auth.$DomainName/?lmError=500\n";
|
||||||
|
if (($domain->prop('LemonLDAPMenu') || 'disabled') eq 'enabled'){
|
||||||
|
$OUT .= " PerlOutputFilterHandler Lemonldap::NG::Handler::Menu\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elsif ($auth eq 'LemonLDAPBasic'){
|
||||||
|
$OUT .= " # This virtualhost is configured to be protected by LemonLDAP NG (basic auth)\n" .
|
||||||
|
" PerlHeaderParserHandler Lemonldap::NG::Handler::Specific::AuthBasic\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,21 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
my $auth = $domain->prop('Authentication') || 'none';
|
||||||
|
|
||||||
|
if (($modSSL{'TCPPort'} || '443') eq $port){
|
||||||
|
if ($auth eq 'LemonLDAP'){
|
||||||
|
$OUT .= " # This virtualhost is configured to be protected by LemonLDAP NG\n" .
|
||||||
|
" PerlHeaderParserHandler Lemonldap::NG::Handler\n" .
|
||||||
|
" ErrorDocument 403 https://auth.$DomainName/?lmError=403\n" .
|
||||||
|
" ErrorDocument 500 https://auth.$DomainName/?lmError=500\n";
|
||||||
|
if (($domain->prop('LemonLDAPMenu') || 'disabled') eq 'enabled'){
|
||||||
|
$OUT .= " PerlOutputFilterHandler Lemonldap::NG::Handler::Menu\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elsif ($auth eq 'LemonLDAPBasic'){
|
||||||
|
$OUT .= " # This virtualhost is configured to be protected by LemonLDAP NG (basic auth)\n" .
|
||||||
|
" PerlHeaderParserHandler Lemonldap::NG::Handler::Specific::AuthBasic\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,19 @@
|
|||||||
|
#==============================================================================
|
||||||
|
# LemonLDAP::NG local configuration parameters
|
||||||
|
#
|
||||||
|
# This file is dedicated to configuration parameters override
|
||||||
|
# You can set here configuration parameters that will be used only by
|
||||||
|
# local LemonLDAP::NG elements
|
||||||
|
#
|
||||||
|
# Section "all" is always read first before "portal", "handler"
|
||||||
|
# and "manager"
|
||||||
|
#
|
||||||
|
# Section "configuration" is used to load global configuration and set cache
|
||||||
|
# (replace old storage.conf file)
|
||||||
|
#
|
||||||
|
# Section "apply" is read by Manager to reload handlers
|
||||||
|
# (replace old apply.conf file)
|
||||||
|
#
|
||||||
|
# Other section are only read by the specific LemonLDAP::NG component
|
||||||
|
#==============================================================================
|
||||||
|
|
@ -0,0 +1,7 @@
|
|||||||
|
|
||||||
|
[all]
|
||||||
|
globalStorage = Apache::Session::File
|
||||||
|
globalStorageOptions = \{ 'Directory' => '/var/lib/lemonldap-ng/sessions/', 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/', \}
|
||||||
|
localSessionStorage=Cache::FileCache
|
||||||
|
localSessionStorageOptions=\{ 'namespace' => 'sessions', 'default_expires_in' => '600', 'directory_umask' => '007', 'cache_root' => '/var/cache/lemonldap-ng', 'cache_depth' => 3, \}
|
||||||
|
|
@ -0,0 +1,11 @@
|
|||||||
|
|
||||||
|
[configuration]
|
||||||
|
|
||||||
|
type=File
|
||||||
|
dirName = /var/lib/lemonldap-ng/conf
|
||||||
|
globalStorageOptions=\{ 'generateModule' => 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256' \}
|
||||||
|
|
||||||
|
localStorage=Cache::FileCache
|
||||||
|
localStorageOptions=\{ 'namespace' => 'localcache', 'default_expires_in' => 600, 'directory_umask' => '007', 'cache_root' => '/var/cache/lemonldap-ng', 'cache_depth' => 5, \}
|
||||||
|
|
||||||
|
|
@ -0,0 +1,11 @@
|
|||||||
|
[apply]
|
||||||
|
|
||||||
|
{"$SystemName.$DomainName";} = https://{"$SystemName.$DomainName";}/lm-reload
|
||||||
|
|
||||||
|
{
|
||||||
|
|
||||||
|
foreach my $srv (split(/[;,]/, ($lemonldap{'Reload'} || ''))){
|
||||||
|
my ($name,$url) = split(/=/, $srv);
|
||||||
|
$OUT .= "$name = $url\n";
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,10 @@
|
|||||||
|
|
||||||
|
[manager]
|
||||||
|
{
|
||||||
|
$OUT .= (($lemonldap{'ManagerAuth'} || 'basic') eq 'self') ?
|
||||||
|
'protection = manager' : '';
|
||||||
|
}
|
||||||
|
|
||||||
|
[sessionsExplorer]
|
||||||
|
|
||||||
|
|
@ -0,0 +1,6 @@
|
|||||||
|
[handler]
|
||||||
|
|
||||||
|
https = 1
|
||||||
|
status = 0
|
||||||
|
useRedirectOnError = 1
|
||||||
|
|
@ -0,0 +1,3 @@
|
|||||||
|
|
||||||
|
[portal]
|
||||||
|
|
@ -0,0 +1,6 @@
|
|||||||
|
{
|
||||||
|
my $pw = $lemonldap{'SoapPassword'} || 'secret';
|
||||||
|
my $res = `/usr/bin/htpasswd -bnm lemonsoap $pw`;
|
||||||
|
chomp($res);
|
||||||
|
$OUT .= $res;
|
||||||
|
}
|
@ -0,0 +1,31 @@
|
|||||||
|
{
|
||||||
|
use esmith::ConfigDB;
|
||||||
|
use esmith::DomainsDB;
|
||||||
|
use esmith::NetworksDB;
|
||||||
|
use esmith::util;
|
||||||
|
use Lemonldap::NG::Common::Conf;
|
||||||
|
|
||||||
|
$c = esmith::ConfigDB->open_ro or die "Error opening ConfigDB\n";
|
||||||
|
$d = esmith::DomainsDB->open_ro or die "Error opening DomainsDB\n";
|
||||||
|
$n = esmith::NetworksDB->open_ro or die "Error opening NetworksDB\n";
|
||||||
|
$domain = $c->get('DomainName')->value;
|
||||||
|
$host = $c->get('SystemName')->value;
|
||||||
|
$base = esmith::util::ldapBase ($domain);
|
||||||
|
$ldap = $c->get('ldap') || die "Error reading ldap service entry\n";
|
||||||
|
$port = $ldap->prop('TCPPort') || '389';
|
||||||
|
$llng = $c->get('lemonldap');
|
||||||
|
|
||||||
|
$manual = $llng->prop('ManualConf') || 'disabled';
|
||||||
|
|
||||||
|
$confAccess = new Lemonldap::NG::Common::Conf(
|
||||||
|
{
|
||||||
|
type=>'File',
|
||||||
|
dirName=>"/var/lib/lemonldap-ng/conf",
|
||||||
|
},
|
||||||
|
) or die "Unable to build Lemonldap::NG::Common::Conf, see Apache logs\n";
|
||||||
|
|
||||||
|
$conf = $confAccess->getConf();
|
||||||
|
|
||||||
|
$OUT = '';
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,15 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
# Global parameters
|
||||||
|
$conf->{'domain'} = "$domain";
|
||||||
|
$conf->{'portal'} = "https://auth.$domain/";
|
||||||
|
$conf->{'storePassword'} = '0';
|
||||||
|
$conf->{'portalUserAttr'} = 'cn' if (($conf->{'portalUserAttr'} || '_user') eq "_user");
|
||||||
|
$conf->{'portalDisplayChangePassword'} = '0';
|
||||||
|
$conf->{'syslog'} = 'auth';
|
||||||
|
$conf->{'https'} = '1';
|
||||||
|
$conf->{'port'} = '443';
|
||||||
|
|
||||||
|
$OUT .= '';
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,17 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
# LDAP parameters
|
||||||
|
$conf->{'passwordDB'} = 'LDAP';
|
||||||
|
$conf->{'userDB'} = 'LDAP';
|
||||||
|
$conf->{'ldapServer'} = 'localhost';
|
||||||
|
$conf->{'ldapPort'} = "$port";
|
||||||
|
$conf->{'ldapVersion'} = '3';
|
||||||
|
$conf->{'ldapBase'} = "ou=Users,$base";
|
||||||
|
$conf->{'ldapGroupBase'} = "ou=Groups,$base";
|
||||||
|
$conf->{'ldapGroupAttributeNameUser'} = 'uid';
|
||||||
|
$conf->{'ldapGroupAttributeNameSearch'} = 'cn';
|
||||||
|
$conf->{'ldapGroupAttributeName'} = 'memberUid';
|
||||||
|
$conf->{'ldapGroupObjectClass'} = 'mailboxRelatedObject';
|
||||||
|
|
||||||
|
$OUT .= '';
|
||||||
|
}
|
@ -0,0 +1,19 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
# SOAP
|
||||||
|
if (($llng->prop('SoapAllowFrom') || '') ne ''){
|
||||||
|
my $password = $llng->prop('SoapPassword') || 'secret';
|
||||||
|
$conf->{'Soap'} = '1';
|
||||||
|
$conf->{'globalStorage'} = 'Lemonldap::NG::Common::Apache::Session::SOAP';
|
||||||
|
$conf->{'globalStorageOptions'} = {
|
||||||
|
proxy => "https://lemonsoap:$password\@soapsso.$domain/index.pl/sessions",
|
||||||
|
generateModule => 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256'
|
||||||
|
};
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$conf->{'Soap'} = '0';
|
||||||
|
}
|
||||||
|
|
||||||
|
$OUT = '';
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,34 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
# SSL Auth
|
||||||
|
my $ssl = $llng->prop('SSLAuth') || '';
|
||||||
|
|
||||||
|
if ($ssl eq 'optional' || $ssl eq 'require'){
|
||||||
|
# SSL Auth is enabled
|
||||||
|
# Configure common attributes
|
||||||
|
$conf->{'SSLLDAPField'} = 'uid';
|
||||||
|
$conf->{'SSLVar'} = 'SSL_CLIENT_S_DN_CN';
|
||||||
|
$conf->{'SSLRequire'} = '1';
|
||||||
|
|
||||||
|
if ($ssl eq 'optional'){
|
||||||
|
$conf->{'authentication'} = 'Multi SSL;LDAP';
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
$conf->{'authentication'} = 'SSL';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
$conf->{'authentication'} = 'LDAP';
|
||||||
|
}
|
||||||
|
|
||||||
|
# Enable CAS issuer DB
|
||||||
|
$conf->{'issuerDBCASActivation'} = 1;
|
||||||
|
|
||||||
|
# default cookie settings
|
||||||
|
$conf->{'securedCookie'} = 1 unless ($conf->{'securedCookie'});
|
||||||
|
$conf->{'httpOnly'} = 1 unless ($conf->{'httpOnly'});
|
||||||
|
|
||||||
|
|
||||||
|
$OUT = '';
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,45 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
my $reg = '$ipAddr =~ /^';
|
||||||
|
|
||||||
|
# Build a regexp to check if the client IP
|
||||||
|
# is part of a local network
|
||||||
|
# Then, we can easily use this macro to restrict
|
||||||
|
# access to local networks on some applications
|
||||||
|
my @net = ();
|
||||||
|
|
||||||
|
foreach my $net ($n->networks){
|
||||||
|
my $addr = $net->key;
|
||||||
|
my $mask = $net->prop('Mask') || '255.255.255.255';
|
||||||
|
foreach (esmith::util::computeAllLocalNetworkPrefixes($addr,$mask)){
|
||||||
|
push @net, "($_)";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$reg .= join('|', @net);
|
||||||
|
$reg .= '/';
|
||||||
|
$reg =~ s/\./\\\./g;
|
||||||
|
|
||||||
|
$conf->{'macros'}->{'localAccess'} = '(' . $reg . ") ? '1':'0'";
|
||||||
|
|
||||||
|
$reg = '$ipAddr =~ /^';
|
||||||
|
@net = ();
|
||||||
|
|
||||||
|
# Do the same for extenal SSL access
|
||||||
|
foreach my $net (split(/[;,]/,(${'httpd-admin'}{'ValidFrom'} || ''))){
|
||||||
|
my ($addr,$mask) = split(/\//,$net);
|
||||||
|
foreach (esmith::util::computeAllLocalNetworkPrefixes($addr,$mask)){
|
||||||
|
push @net, "($_)";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$reg .= join('|', @net);
|
||||||
|
$reg .= '/';
|
||||||
|
$reg =~ s/\./\\\./g;
|
||||||
|
|
||||||
|
$conf->{'macros'}->{'externalSSLAccess'} = '(' . $reg . ") ? '1':'0'";
|
||||||
|
|
||||||
|
$OUT = '';
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,10 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
if (($conf->{'notification'} || '0') eq '1'){
|
||||||
|
$conf->{'notificationStorage'} = 'File';
|
||||||
|
$conf->{'notificationStorageOptions'} = {
|
||||||
|
'dirName' => '/var/lib/lemonldap-ng/notifications'
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,9 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
# Portal elements
|
||||||
|
$conf->{'portalDisplayRegister'} = 0;
|
||||||
|
$conf->{'portalDisplayResetPassword'} = 0;
|
||||||
|
|
||||||
|
$OUT = '';
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,16 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
# Now, update the configuration
|
||||||
|
my $num = $confAccess->saveConf($conf);
|
||||||
|
|
||||||
|
if ($num > 0){
|
||||||
|
esmith::util::chownFile('www', 'www', "/var/lib/lemonldap-ng/conf/lmConf-$num");
|
||||||
|
chmod 0660, "/var/lib/lemonldap-ng/conf/lmConf-$num";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
die "An error occured saving LemonLDAP::NG configuration: $num\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
$OUT = '# This is just a dummy config file';
|
||||||
|
|
||||||
|
}
|
After Width: | Height: | Size: 2.0 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/backup.png
Normal file
After Width: | Height: | Size: 3.6 KiB |
After Width: | Height: | Size: 1.2 KiB |
After Width: | Height: | Size: 2.6 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/camera.png
Normal file
After Width: | Height: | Size: 2.0 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/dl.png
Normal file
After Width: | Height: | Size: 860 B |
After Width: | Height: | Size: 4.2 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/freepbx.png
Normal file
After Width: | Height: | Size: 1.6 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/glpi.png
Normal file
After Width: | Height: | Size: 3.2 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/jappix.png
Normal file
After Width: | Height: | Size: 1.5 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/jenkins.png
Normal file
After Width: | Height: | Size: 3.3 KiB |
After Width: | Height: | Size: 1.5 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/mailman.png
Normal file
After Width: | Height: | Size: 1.9 KiB |
After Width: | Height: | Size: 2.7 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/nagios.png
Normal file
After Width: | Height: | Size: 2.5 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/ntop.png
Normal file
After Width: | Height: | Size: 1.4 KiB |
After Width: | Height: | Size: 3.6 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/pda.png
Normal file
After Width: | Height: | Size: 2.2 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/pfsense.png
Normal file
After Width: | Height: | Size: 3.3 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/phplist.png
Normal file
After Width: | Height: | Size: 1.5 KiB |
After Width: | Height: | Size: 3.7 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/power.png
Normal file
After Width: | Height: | Size: 2.0 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/pydio.png
Normal file
After Width: | Height: | Size: 709 B |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/rdv.png
Normal file
After Width: | Height: | Size: 2.5 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/redmine.png
Normal file
After Width: | Height: | Size: 3.1 KiB |
After Width: | Height: | Size: 3.0 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/survey.png
Normal file
After Width: | Height: | Size: 1.5 KiB |
After Width: | Height: | Size: 1.6 KiB |
After Width: | Height: | Size: 2.8 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/ttrss.png
Normal file
After Width: | Height: | Size: 2.3 KiB |
BIN
root/usr/share/lemonldap-ng/portal-skins/common/apps/zabbix.png
Normal file
After Width: | Height: | Size: 2.7 KiB |
211
smeserver-lemonldap-ng.spec
Normal file
@ -0,0 +1,211 @@
|
|||||||
|
# Authority: vip-ire
|
||||||
|
# Name: Daniel Berteaud
|
||||||
|
|
||||||
|
Summary: LemonLDAP NG is a web SSO solution
|
||||||
|
%define name smeserver-lemonldap-ng
|
||||||
|
Name: %{name}
|
||||||
|
%define version 0.2.19
|
||||||
|
%define release 2
|
||||||
|
Version: 0.2.20
|
||||||
|
Release: 1%{?dist}
|
||||||
|
License: GPL
|
||||||
|
Group: SME Server
|
||||||
|
Source: %{name}-%{version}.tar.xz
|
||||||
|
|
||||||
|
BuildArchitectures: noarch
|
||||||
|
|
||||||
|
BuildRequires: e-smith-devtools
|
||||||
|
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
|
||||||
|
|
||||||
|
Requires: e-smith-base >= 5.2.0-56
|
||||||
|
Requires: e-smith-ldap
|
||||||
|
Requires: smeserver-webapps-common >= 0.1-8
|
||||||
|
Requires: lemonldap-ng >= 1.4.1
|
||||||
|
Requires: lemonldap-ng-fr-doc
|
||||||
|
Requires: perl(Authen::Captcha)
|
||||||
|
|
||||||
|
%description
|
||||||
|
This package contains all the needed scripts and templates
|
||||||
|
to run LemonLDAP NG on your SME Server. It uses LDAP as authentication source
|
||||||
|
but can also use SSL auth (either optional with a fallback to LDAP, or SSL required)
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Sat Sep 07 2024 cvs2git.sh aka Brian Read <brianr@koozali.org> 0.2.19-2.sme
|
||||||
|
- Roll up patches and move to git repo [SME: 12338]
|
||||||
|
|
||||||
|
* Sat Sep 07 2024 BogusDateBot
|
||||||
|
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
|
||||||
|
by assuming the date is correct and changing the weekday.
|
||||||
|
|
||||||
|
* Tue Sep 03 2019 Daniel Berteaud <daniel@firewall-services.com> 0.2.20-1
|
||||||
|
- Bump version
|
||||||
|
|
||||||
|
* Tue Sep 03 2019 Daniel Berteaud <daniel@firewall-services.com> 0.2.19-1
|
||||||
|
- new package built with tito
|
||||||
|
|
||||||
|
* Wed Feb 15 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.19-1.sme
|
||||||
|
- Set Access-Control-Allow-Origin on CAS endpoint, need for ticket renew in SOGo
|
||||||
|
|
||||||
|
* Mon Jan 9 2017 Daniel Berteaud <daniel@firewall-services.com> 0.2.18-1.sme
|
||||||
|
- Update httpd template to read the Authentication prop of domain to load
|
||||||
|
Lemonldap::NG handler
|
||||||
|
|
||||||
|
* Wed Dec 7 2016 Daniel Berteaud <daniel@firewall-services.com> 0.2.17-1.sme
|
||||||
|
- Replace My::Package with Lemonldap::NG::Handler in default vhost templates
|
||||||
|
|
||||||
|
* Sat Jan 23 2016 Daniel Berteaud <daniel@firewall-services.com> 0.2.16-1.sme
|
||||||
|
- Don't redirect to https for acme challenges
|
||||||
|
|
||||||
|
* Wed Oct 14 2015 Daniel Berteaud <daniel@firewall-services.com> 0.2.15-1.sme
|
||||||
|
- Fix DL icon size
|
||||||
|
|
||||||
|
* Fri Sep 5 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.14-1.sme
|
||||||
|
- Define localSessionStorage to prevent clashes between handlers
|
||||||
|
|
||||||
|
* Wed Jul 30 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.13-1.sme
|
||||||
|
- Add icons for mailman and phplist
|
||||||
|
|
||||||
|
* Tue Jul 1 2014 Daniel Berteaud <daniel@firewall-services.com> 0.2.12-1.sme
|
||||||
|
- Adapt for LL::NG 1.4.1 (1.4.0 was too buggy)
|
||||||
|
|
||||||
|
* Wed Dec 11 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.11-1.sme
|
||||||
|
- Add an icon for DL
|
||||||
|
|
||||||
|
* Wed Nov 20 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.10-1.sme
|
||||||
|
- Add an icon for pydio
|
||||||
|
|
||||||
|
* Mon Nov 18 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.9-1.sme
|
||||||
|
- Add two new icons (rdv.png and survey.png)
|
||||||
|
|
||||||
|
* Wed Nov 13 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.8-1.sme
|
||||||
|
- compatibility with SME9 (perl lib path)
|
||||||
|
|
||||||
|
* Mon Nov 4 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.7-1.sme
|
||||||
|
- Requires perl(Authen::Captcha) for LL::NG 1.3.0
|
||||||
|
|
||||||
|
* Tue Sep 17 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.6-1.sme
|
||||||
|
- Small modifications to support SOGo CAS auth
|
||||||
|
- Enable CAS auth
|
||||||
|
|
||||||
|
* Wed Aug 21 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.5-1.sme
|
||||||
|
- Move custom icons to the correct directory
|
||||||
|
|
||||||
|
* Wed Aug 21 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.4-1.sme
|
||||||
|
- Add custom icons for the portal
|
||||||
|
|
||||||
|
* Tue Sep 4 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.3-1.sme
|
||||||
|
- Use Authentication prop instead of LemonLDAP
|
||||||
|
|
||||||
|
* Wed Jun 20 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.2-1.sme
|
||||||
|
- Redirect to HTTPS on port 443
|
||||||
|
|
||||||
|
* Wed Jun 20 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.1-1.sme
|
||||||
|
- Add optional floating menu per vhost
|
||||||
|
|
||||||
|
* Wed Jun 20 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.0-1.sme
|
||||||
|
- Import in GIT
|
||||||
|
- Remove the grantSessionRule param
|
||||||
|
- Log via syslog (auth)
|
||||||
|
|
||||||
|
* Mon Dec 19 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-22.sme
|
||||||
|
- Change SSL Auth to work with LocationMatch, so CAS proxy can work with
|
||||||
|
SSL Auth enabled
|
||||||
|
|
||||||
|
* Wed Jul 13 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-21.sme
|
||||||
|
- Disable password reset form
|
||||||
|
|
||||||
|
* Wed Jul 13 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-20.sme
|
||||||
|
- Fix uninitilized values in lemonldap conf templates
|
||||||
|
|
||||||
|
* Mon Jul 11 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-19.sme
|
||||||
|
- reserve /lm-reload
|
||||||
|
|
||||||
|
* Sun Jul 10 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-18.sme
|
||||||
|
- Fix notification check
|
||||||
|
|
||||||
|
* Sat Jul 09 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-17.sme
|
||||||
|
- Don't force notifications on
|
||||||
|
|
||||||
|
* Fri Jul 08 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-16.sme
|
||||||
|
- Enable and configure notifications
|
||||||
|
|
||||||
|
* Thu Jun 30 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-15.sme
|
||||||
|
- Manage some configuration from the DB
|
||||||
|
|
||||||
|
* Fri Mar 11 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-14.sme
|
||||||
|
- Make LemonLDAP compatible with ocsinventory-ng
|
||||||
|
|
||||||
|
* Mon Mar 7 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-13.sme
|
||||||
|
- Add support for SSL Auth on the portal
|
||||||
|
- Use a separated vhost for SOAP requests
|
||||||
|
|
||||||
|
* Tue Feb 1 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-12.sme
|
||||||
|
- Requires recent version of smeserver-webapps-common
|
||||||
|
- Switch to LDAP based auth to protect the manager
|
||||||
|
|
||||||
|
* Tue Jan 25 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-11.sme
|
||||||
|
- Fix a spacing issue in httpd templates
|
||||||
|
|
||||||
|
* Fri Jan 21 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-10.sme
|
||||||
|
- Add SSLEngine directives in https virtualhosts
|
||||||
|
|
||||||
|
* Fri Jan 21 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-9.sme
|
||||||
|
- Fix empty SoapPassword
|
||||||
|
|
||||||
|
* Thu Jan 06 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-8.sme
|
||||||
|
- Fix Soap ressources authentication
|
||||||
|
|
||||||
|
* Mon Jan 03 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-7.sme
|
||||||
|
- Run the manager as a perl script (instead of CGI mode)
|
||||||
|
|
||||||
|
* Mon Jan 03 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-6.sme
|
||||||
|
- Use https links for error pages
|
||||||
|
|
||||||
|
* Thu Dec 30 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-5.sme
|
||||||
|
- use only alphanumeric characters for soap password
|
||||||
|
- use htpasswd to hash the password
|
||||||
|
|
||||||
|
* Tue Dec 28 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-4.sme
|
||||||
|
- don't load mod_auth_external if not needed
|
||||||
|
- move cache dir in /var/cache
|
||||||
|
- Fix several hosts listed in SoapAllowFrom
|
||||||
|
|
||||||
|
* Fri Dec 24 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-3.sme
|
||||||
|
- Use htpasswd file to protect SOAP services
|
||||||
|
- Configure session storage in lemonldap-ng.ini
|
||||||
|
- Support additionnal server reload URL
|
||||||
|
|
||||||
|
* Fri Dec 17 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-2.sme
|
||||||
|
- Let the manager be self-protected if ManagerAuth eq self
|
||||||
|
|
||||||
|
* Thu Dec 16 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-1.sme
|
||||||
|
- initial public release
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q -n %{name}-%{version}
|
||||||
|
|
||||||
|
%build
|
||||||
|
perl createlinks
|
||||||
|
%{__mkdir_p} root/var/cache/lemonldap-ng
|
||||||
|
%{__mkdir_p} root/var/lib/lemonldap-ng/notifications
|
||||||
|
|
||||||
|
%install
|
||||||
|
/bin/rm -rf $RPM_BUILD_ROOT
|
||||||
|
(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
|
||||||
|
/bin/rm -f %{name}-%{version}-filelist
|
||||||
|
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
|
||||||
|
--dir /var/cache/lemonldap-ng 'attr(0770,root,www)' \
|
||||||
|
--dir /var/lib/lemonldap-ng/notifications 'attr(0770,root,www)' \
|
||||||
|
> %{name}-%{version}-filelist
|
||||||
|
|
||||||
|
%files -f %{name}-%{version}-filelist
|
||||||
|
%defattr(-,root,root)
|
||||||
|
|
||||||
|
%clean
|
||||||
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
|
%post
|
||||||
|
|
||||||
|
%preun
|
||||||
|
|
||||||
|
true
|