Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
FusionIAM
FusionIAM
Commits
3d99e590
Commit
3d99e590
authored
Jul 08, 2021
by
Clément OUDOT
Browse files
Access rules for profile and photo sharing (#10)
parent
c70d9d06
Changes
4
Hide whitespace changes
Inline
Side-by-side
README.md
View file @
3d99e590
...
...
@@ -71,6 +71,8 @@ Configuration parameters are set as environment variables.
| LEMONLDAP2_OIDCPUB | Path to OIDC public key |
| LEMONLDAP2_SAMLPRIV | Path to SAML private key |
| LEMONLDAP2_SAMLPUB | Path to SAML public key or certificate |
| LEMONLDAP2_UNPROTECT_PHOTO_URL | Allow unauthenticated access to user photo |
| LEMONLDAP2_UNPROTECT_PROFILE_URL | Allow unauthenticated access to user profile |
| LSC_LDAP_PASSWORD | Password of LSC service account |
| LSC_LDAP_USERNAME | Identifier of LSC service account |
| POSTGRES_HOST | Host of database server |
...
...
build/centos8/lemonldap-ng/ansible/deploy.yaml
View file @
3d99e590
...
...
@@ -48,6 +48,9 @@
lemonldap2_fusiondirectory_host
:
"
{{
lookup('env',
'FUSIONDIRECTORY_HOST')
}}"
lemonldap2_fusiondirectory_port
:
"
{{
lookup('env',
'FUSIONDIRECTORY_PORT')
}}"
lemonldap2_unprotect_profile_url
:
"
{{
lookup('env',
'LEMONLDAP2_UNPROTECT_PROFILE_URL')
|
default(0,
true)
}}"
lemonldap2_unprotect_photo_url
:
"
{{
lookup('env',
'LEMONLDAP2_UNPROTECT_PHOTO_URL')
|
default(0,
true)
}}"
tasks
:
-
name
:
LemonLDAP main configuration file
template
:
...
...
build/centos8/lemonldap-ng/ansible/llng_config_base.yml
View file @
3d99e590
...
...
@@ -88,6 +88,20 @@
-
name
:
"
locationRules/{{
lemonldap2_fusiondirectory_name
}}.{{
lemonldap2_domain
}}/default"
value
:
"
inGroup('access-fusiondirectory')"
-
name
:
Unprotect profile URL
lemonldap_config
:
name
:
"
locationRules:{{
lemonldap2_whitepages_name
}}.{{
lemonldap2_domain
}}:^/index
\\
.php
\\
?page=display&dn="
value
:
"
unprotect"
sep
:
"
:"
when
:
lemonldap2_unprotect_profile_url|bool
-
name
:
Unprotect photo URL
lemonldap_config
:
name
:
"
locationRules:{{
lemonldap2_whitepages_name
}}.{{
lemonldap2_domain
}}:^/photo
\\
.php
\\
?dn="
value
:
"
unprotect"
sep
:
"
:"
when
:
lemonldap2_unprotect_photo_url|bool
-
name
:
Set Portal configuration
lemonldap_config
:
name
:
"
{{
item.name
}}"
...
...
run/ENVVAR.example
View file @
3d99e590
...
...
@@ -17,6 +17,8 @@ LEMONLDAP2_OIDCPRIV=/etc/lemonldap-ng-keys/oidc.key
LEMONLDAP2_OIDCPUB=/etc/lemonldap-ng-keys/oidc_pub.key
LEMONLDAP2_SAMLPRIV=/etc/lemonldap-ng-keys/saml.key
LEMONLDAP2_SAMLPUB=/etc/lemonldap-ng-keys/saml.pem
LEMONLDAP2_UNPROTECT_PHOTO_URL=1
LEMONLDAP2_UNPROTECT_PROFILE_URL=0
POSTGRES_HOST=10.0.2.2
POSTGRES_PASSWORD=secret
POSTGRES_PORT=33432
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment