You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
183 lines
6.7 KiB
183 lines
6.7 KiB
#==============================================================================
|
|
# LemonLDAP::NG local configuration parameters
|
|
#
|
|
# This file is dedicated to configuration parameters override
|
|
# You can set here configuration parameters that will be used only by
|
|
# local LemonLDAP::NG elements
|
|
#
|
|
# Section "all" is always read first before "portal", "handler"
|
|
# and "manager"
|
|
#
|
|
# Section "configuration" is used to load global configuration and set cache
|
|
# (replace old storage.conf file)
|
|
#
|
|
# Section "apply" is read by Manager to reload handlers
|
|
# (replace old apply.conf file)
|
|
#
|
|
# Other section are only read by the specific LemonLDAP::NG component
|
|
#==============================================================================
|
|
|
|
[all]
|
|
# CUSTOM FUNCTION
|
|
# If you want to create customFunctions in rules, declare them here:
|
|
;customFunctions => 'function1 function2',
|
|
;customFunctions => 'Package::func1 Package::func2',
|
|
|
|
# CROSS-DOMAIN
|
|
# If you have some handlers that are not registered on the main domain,
|
|
# uncomment this
|
|
;cda => 1,
|
|
|
|
[configuration]
|
|
# GLOBAL CONFIGURATION ACCESS TYPE
|
|
# (File, SOAP, DBI, LDAP)
|
|
# Set here the parameters needed to access to Lemonldap::NG configuration.
|
|
# You have to set "type" to one of the followings :
|
|
#
|
|
# * File: you have to set 'dirName' parameter. Example:
|
|
#
|
|
# type = File
|
|
# dirName = /var/lib/lemonldap-ng/conf
|
|
#
|
|
# * DBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword'
|
|
# if needed. Example:
|
|
#
|
|
# type = DBI
|
|
# dbiChain = DBI:mysql:database=lemonldap-ng;host=1.2.3.4
|
|
# dbiUser = lemonldap
|
|
# dbiPassword = password
|
|
#
|
|
# * SOAP: SOAP configuration access is a sort of proxy: the portal is
|
|
# configured to use the real session storage type (DBI or File for
|
|
# example).
|
|
# You have to set 'proxy' parameter. Example:
|
|
#
|
|
# type = SOAP
|
|
# proxy = https://auth.example.com/index.pl/config
|
|
# proxyOptions = { timeout => 5 }
|
|
# User = lemonldap
|
|
# Password = mypassword
|
|
#
|
|
# * LDAP: you have to set ldapServer, ldapConfBranch, ldapBindDN and ldapBindPassword.
|
|
#
|
|
# type = LDAP
|
|
# ldapServer = ldap://localhost
|
|
# ldapConfBase = ou=conf,ou=applications,dc=example,dc=com
|
|
# ldapBindDN = cn=manager,dc=example,dc=com
|
|
# ldapBindPassword = secret
|
|
|
|
type = File
|
|
dirName = /var/lib/lemonldap-ng/conf
|
|
|
|
# LOCAL CACHE CONFIGURATION
|
|
#
|
|
# To increase performances, use a local cache for the configuration. You have
|
|
# to choose a Cache::Cache module and set it's parameters (1 line). Example:
|
|
#
|
|
# localStorage = Cache::FileCache
|
|
# localStorageOptions = { 'namespace' => 'MyNamespace', 'default_expires_in' => 600, 'directory_umask' => '007', 'cache_root' => '/tmp', 'cache_depth' => 5, }
|
|
|
|
localStorage = Cache::FileCache
|
|
localStorageOptions = { 'namespace' => 'MyNamespace', 'default_expires_in' => 600, 'directory_umask' => '007', 'cache_root' => '/tmp', 'cache_depth' => 5, }
|
|
|
|
[portal]
|
|
# PORTAL CUSTOMIZATION
|
|
# Name of the skin
|
|
;portalSkin = pastel
|
|
# Modules displayed
|
|
;portalDisplayLogout = 1
|
|
;portalDisplayResetPassword = 1
|
|
;portalDisplayChangePassword = 1
|
|
;portalDisplayAppslist => 1
|
|
# Allow password autocompletion (passwords stored in user web browsers)
|
|
;portalAutocomplete = 1
|
|
# Require the old password when changing password
|
|
;portalRequireOldPassword = 1
|
|
# Attribute displayed as connected user
|
|
;portalUserAttr => "mail",
|
|
|
|
# LOG
|
|
# By default, all is logged in Apache file. To log user actions by
|
|
# syslog, just set syslog facility here:
|
|
;syslog = auth
|
|
|
|
# SOAP FUNCTIONS
|
|
# Remove comment to activate SOAP Functions getCookies(user,pwd) and
|
|
# error(language, code)
|
|
;Soap = 1
|
|
# Note that getAttibutes() will be activated but on a different URI
|
|
# (http://auth.example.com/index.pl/sessions)
|
|
# You can also restrict attributes and macros exported by getAttributes
|
|
;exportedAttr => uid mail
|
|
|
|
# PASSWORD POLICY
|
|
# Remove comment to use LDAP Password Policy
|
|
;ldapPpolicyControl = 1
|
|
# Remove comment to store password in session (use with caution)
|
|
;storePassword = 1
|
|
# Remove comment to use LDAP modify password extension
|
|
# (beware of compatibility with LDAP Password Policy)
|
|
;ldapSetPassword = 1
|
|
|
|
# RESET PASSWORD BY MAIL
|
|
# SMTP server (default to localhost), set to '' to use default mail service
|
|
;SMTPServer = localhost
|
|
# Mail From address
|
|
;mailFrom = noreply@test.com
|
|
# Mail confirmation URL
|
|
;mailUrl = http://reset.example.com
|
|
# Mail subject for confirmation message
|
|
;mailConfirmSubject = [LemonLDAP::NG] Password reset confirmation
|
|
# Mail body for confiramtion (can use $url for confirmation URL, and other session
|
|
# infos, like $cn). Keep comment to use HTML templates
|
|
;mailConfirmBody = Hello $cn,\n\nClick here to receive your new password: $url
|
|
# Mail subject for new password message
|
|
;mailSubject = [LemonLDAP::NG] Your new password
|
|
# Mail body for new password (can use $password for generated password, and other session
|
|
# infos, like $cn). Keep comment to use HTML templates
|
|
;mailBody = Hello $cn,\n\nYour new password is $password
|
|
# LDAP filter to use
|
|
;mailLDAPFilter = '(&(mail=$mail)(objectClass=inetOrgPerson))'
|
|
# Random regexp for password generation
|
|
;randomPasswordRegexp = [A-Z]{3}[a-z]{5}.\d{2}
|
|
|
|
# LDAP GROUPS
|
|
# Set the base DN of your groups branch
|
|
;ldapGroupBase = ou=groups,dc=example,dc=com
|
|
# Objectclass used by groups
|
|
;ldapGroupObjectClass = groupOfUniqueNames
|
|
# Attribute used by groups to store member
|
|
;ldapGroupAttributeName = uniqueMember
|
|
# Attribute used by user to link to groups
|
|
;ldapGroupAttributeNameUser = dn
|
|
# Attribute used to identify a group. The group will be displayed as
|
|
# cn|mail|status, where cn, mail and status will be replaced by their
|
|
# values.
|
|
;ldapGroupAttributeNameSearch = ['cn']
|
|
|
|
# NOTIFICATIONS SERVICE
|
|
# Use it to be able to notify messages during authentication
|
|
;notification = 1
|
|
# Note that the SOAP function newNotification will be activated on
|
|
# http://auth.example.com/index.pl/notification
|
|
# If you want to hide this, just protect "/index.pl/notification" in
|
|
# your Apache configuration file
|
|
|
|
# XSS protection bypass
|
|
# By default, the portal refuse redirections that comes from sites not
|
|
# registered in the configuration (manager) except for those coming
|
|
# from trusted domains. By default, trustedDomains contains the domain
|
|
# declared in the manager. You can set trustedDomains to empty value so
|
|
# that, undeclared sites will be rejected. You can also set here a list
|
|
# of trusted domains or hosts separated by spaces. This is usefull if
|
|
# your website use Lemonldap::NG without handler with SOAP functions.
|
|
;trustedDomains => 'my.trusted.host example2.com',
|
|
|
|
[handler]
|
|
https = 0
|
|
|
|
[manager]
|
|
;protection = authenticate
|
|
|
|
[apply]
|
|
test1.__DNSDOMAIN__ = http://test1.__DNSDOMAIN__/reload
|
|
|