lemonldap-ng.ini 13.3 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
;==============================================================================
; LemonLDAP::NG local configuration parameters
;
; This file is dedicated to configuration parameters override
; You can set here configuration parameters that will be used only by
; local LemonLDAP::NG elements
;
; Section "all" is always read first before "portal", "handler"
; and "manager"
;
; Section "configuration" is used to load global configuration and set cache
; (replace old storage.conf file)
;
; Other section are only read by the specific LemonLDAP::NG component
;==============================================================================
16

17
[all]
18

19 20
; CUSTOM FUNCTION
; If you want to create customFunctions in rules, declare them here:
21 22
;customFunctions = function1 function2
;customFunctions = Package::func1 Package::func2
23

24 25 26
; CROSS-DOMAIN
; If you have some handlers that are not registered on the main domain,
; uncomment this
27
;cda = 1
28

29 30 31
; SAFE JAIL
; Uncomment this to disable Safe jail.
; Warning: this can allow malicious code in custom functions or rules
32 33
;useSafeJail = 0

34 35 36 37 38 39 40 41 42
; LOGGING
;
; 1 - Defined logging level
;   Set here one of error, warn, notice, info or debug
logLevel     = warn
; Note that this has no effect for Apache2 logging: Apache LogLevel is used
; instead
;
; 2 - Change logger
43
;
44
;   By default, logging is set to:
45 46 47 48 49 50 51 52 53
;    - Lemonldap::NG::Common::Logger::Apache2  for ApacheMP2 handlers
;    - Lemonldap::NG::Common::Logger::Syslog   for FastCGI (Nginx)
;    - Lemonldap::NG::Common::Logger::Std      for PSGI applications (manager,
;                                              portal,...) when they are not
;                                              launched by FastCGI server
;   Other loggers availables:
;    - Lemonldap::NG::Common::Logger::Log4perl to use Log4perl
;
;   "Std" is redirected to the web server logs for Apache. For Nginx, only if
54
;   request failed
55
;
56
;   You can overload this in this section (for all) or in another section if
57
;   you want to change logger for a specified app.
58 59
;
;   LLNG uses 2 loggers: 1 for technical logs (logger), 1 for user actions
60
;   (userLogger). "userLogger" uses the same class as "logger" if not set.
61
;logger     = Lemonldap::NG::Common::Logger::Syslog
62 63 64
;userLogger = Lemonldap::NG::Common::Logger::Log4perl
;
; 2.1 - Using Syslog
65
;
66 67
;   For Syslog logging, you can also overwrite facilities. Default values:
;logger             = Lemonldap::NG::Common::Logger::Syslog
68 69
;syslogFacility     = daemon
;userSyslogFacility = auth
70 71 72 73 74 75 76 77 78 79 80 81 82 83 84
;
; 2.2 - Using Log4perl
;
;   If you want to use Log4perl, you can set these parameters. Here are default
;   values:
;logger             = Lemonldap::NG::Common::Logger::Log4perl
;log4perlConfFile   = /etc/log4perl.conf
;log4perlLogger     = LLNG
;log4perlUserLogger = LLNG.user
;
;   Here, Log4perl configuration is read from /etc/log4perl.conf. The "LLNG"
;   value points to the logger class. Example:
;     log4perl.logger.LLNG      = WARN, File1
;     log4perl.logger.LLNG.user = INFO, File2
;     ...
85

86 87 88 89 90 91 92 93
; CONFIGURATION CHECK
;
; By default, LLNG verify configuration at server start. If you use "reload"
; mechanism local cache will be updated. configuration is checked locally every
; 10 minutes by each LLNG component. You can change this value using
; `checkTime` (time in seconds):
;checkTime = 600

94
[configuration]
95

96
; GLOBAL CONFIGURATION ACCESS TYPE
97
; (File, REST, SOAP, RDBI/CDBI, LDAP, YAMLFile)
98 99 100
; Set here the parameters needed to access to LemonLDAP::NG configuration.
; You have to set "type" to one of the followings :
;
101
; * File/YAMLFile: you have to set 'dirName' parameter. Example:
102
;
Xavier Guimard's avatar
Typo  
Xavier Guimard committed
103
;           type = File ; or type = YAMLFile
104 105 106 107 108 109 110
;           dirName = /var/lib/lemonldap-ng/conf
;
; * RDBI/CDBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword'
;         if needed. Example:
;
;           type        = RDBI
;          ;type        = CDBI 
Xavier Guimard's avatar
Xavier Guimard committed
111
;           dbiChain    = DBI:MariaDB:database=lemonldap-ng;host=1.2.3.4
112 113 114
;           dbiUser     = lemonldap
;           dbiPassword = password
;
115 116 117 118 119
; * REST: REST configuration access is a sort of proxy: the portal is
;         configured to use the real session storage type (DBI or File for
;         example).
;         You have to set 'baseUrl' parameter. Example:
;
120
;           type         = REST
121 122 123 124 125
;           baseUrl      = https://auth.example.com/config
;           proxyOptions = { timeout => 5 }
;           User         = lemonldap
;           Password     = mypassword
;
126 127 128 129 130 131
; * SOAP: SOAP configuration access is a sort of proxy: the portal is
;         configured to use the real session storage type (DBI or File for
;         example).
;         You have to set 'proxy' parameter. Example:
;
;           type         = SOAP
Xavier Guimard's avatar
Xavier Guimard committed
132
;           proxy        = https://auth.example.com/config
133 134 135 136
;           proxyOptions = { timeout => 5 }
;           User         = lemonldap
;           Password     = mypassword
;
137
; * LDAP: you have to set ldapServer, ldapConfBase, ldapBindDN and ldapBindPassword.
138
;
139 140 141 142 143 144
;           type                 = LDAP
;           ldapServer           = ldap://localhost
;           ldapConfBase         = ou=conf,ou=applications,dc=example,dc=com
;           ldapBindDN           = cn=manager,dc=example,dc=com
;           ldapBindPassword     = secret
;           ldapObjectClass      = applicationProcess
145
;           ldapAttributeId      = cn
146 147
;           ldapAttributeContent = description

148 149
type=File
dirName=/var/lib/lemonldap-ng/conf
150

151 152 153 154 155 156 157 158 159 160 161 162 163
; LOCAL CACHE CONFIGURATION
;
; To increase performances, use a local cache for the configuration. You have
; to choose a Cache::Cache module and set its parameters. Example:
;
;           localStorage = Cache::FileCache
;           localStorageOptions={                             \
;               'namespace'          => 'lemonldap-ng-config',\
;               'default_expires_in' => 600,                  \
;               'directory_umask'    => '007',                \
;               'cache_root'         => '/tmp',               \
;               'cache_depth'        => 0,                    \
;           }
164
localStorage=Cache::FileCache
165 166 167 168 169 170
localStorageOptions={                             \
    'namespace'          => 'lemonldap-ng-config',\
    'default_expires_in' => 600,                  \
    'directory_umask'    => '007',                \
    'cache_root'         => '/tmp',               \
    'cache_depth'        => 0,                    \
171
}
172 173

[portal]
174

175
; PORTAL CUSTOMIZATION
Xavier Guimard's avatar
Xavier Guimard committed
176 177 178 179 180 181 182 183 184 185

; I - Required parameters

; staticPrefix: relative (or URL) location of static HTML components
staticPrefix = __PORTALSTATICDIR__

; location of HTML templates directory
templateDir  = __PORTALTEMPLATESDIR__

; languages: available languages for portal interface
186
languages    = en, fr, vi, it, ar
Xavier Guimard's avatar
Xavier Guimard committed
187 188 189

; II - Optional parameters (overwrite configuration)

190
; Name of the skin
191
;portalSkin = pastel
192
; Modules displayed
193 194 195
;portalDisplayLogout = 1
;portalDisplayResetPassword = 1
;portalDisplayChangePassword = 1
196
;portalDisplayAppslist = 1
197
;portalDisplayLoginHistory = 1
198
; Require the old password when changing password
199
;portalRequireOldPassword = 1
200
; Attribute displayed as connected user
201
;portalUserAttr = mail
202 203
; Old menu HTML code
; Enable it if you use old templates
204
;useOldMenuItems=1
205
; Override error codes
206
;error_0 = You are well authenticated!
207 208
; Custom template parameters
; For example to use <TMPL_VAR NAME="myparam"> 
209
;tpl_myparam = test
210

211 212 213 214
; COMBINATION FORMS
; If you want to fix forms to display, you can use this;
;combinationForms = standardform, yubikeyform

215
;syslog = auth
216 217 218
; SOAP FUNCTIONS
; Remove comment to activate SOAP Functions getCookies(user,pwd) and
; error(language, code)
219
;Soap = 1
220
; Note that getAttibutes() will be activated but on a different URI
Xavier Guimard's avatar
Xavier Guimard committed
221
; (http://auth.example.com/sessions)
222
; You can also restrict attributes and macros exported by getAttributes
223
;exportedAttr = uid mail
224

225 226
; PASSWORD POLICY
; Remove comment to use LDAP Password Policy
227
;ldapPpolicyControl = 1
228
; Remove comment to store password in session (use with caution)
229
;storePassword = 1
230 231
; Remove comment to use LDAP modify password extension
; (beware of compatibility with LDAP Password Policy)
232
;ldapSetPassword    = 1
233 234
; RESET PASSWORD BY MAIL
; SMTP server (default to localhost), set to '' to use default mail service
235
;SMTPServer = localhost
236
; SMTP auth user
237
;SMTPAuthUser = toto
238
; SMTP auth password
239
;SMTPAuthPass = secret
240
; Mail From address
241
;mailFrom = noreply@example.com
242
; Reply To
243
;mailReplyTo = noreply@example.com
244
; Mail confirmation URL
245
;mailUrl = http://reset.example.com
246
; Mail subject for confirmation message
247
;mailConfirmSubject = [LemonLDAP::NG] Password reset confirmation
248 249
; Mail body for confiramtion (can use $url for confirmation URL, and other session
; infos, like $cn). Keep comment to use HTML templates
250
;mailConfirmBody = Hello $cn,\n\nClick here to receive your new password: $url
251
; Mail subject for new password message
252
;mailSubject = [LemonLDAP::NG] Your new password
253 254
; Mail body for new password (can use $password for generated password, and other session
; infos, like $cn). Keep comment to use HTML templates
255
;mailBody = Hello $cn,\n\nYour new password is $password
256
; LDAP filter to use
257
;mailLDAPFilter = '(&(mail=$mail)(objectClass=inetOrgPerson))'
258
; Random regexp for password generation
259
;randomPasswordRegexp = [A-Z]{3}[a-z]{5}.\d{2}
260 261
; LDAP GROUPS
; Set the base DN of your groups branch
262
;ldapGroupBase = ou=groups,dc=example,dc=com
263
; Objectclass used by groups
264
;ldapGroupObjectClass = groupOfUniqueNames
265
; Attribute used by groups to store member
266
;ldapGroupAttributeName = uniqueMember
267
; Attribute used by user to link to groups
268
;ldapGroupAttributeNameUser = dn
269 270 271
; Attribute used to identify a group. The group will be displayed as
; cn|mail|status, where cn, mail and status will be replaced by their
; values.
272
;ldapGroupAttributeNameSearch = cn mail
273

274 275
; NOTIFICATIONS SERVICE
; Use it to be able to notify messages during authentication
276
;notification = 1
277
; Note that the SOAP function newNotification will be activated on
Xavier Guimard's avatar
Xavier Guimard committed
278 279
; http://auth.example.com/notification
; If you want to hide this, just protect "/index.fcgi/notification" in
280 281 282 283 284 285 286 287 288
; your Apache configuration file
; XSS protection bypass
; By default, the portal refuse redirections that comes from sites not
; registered in the configuration (manager) except for those coming
; from trusted domains. By default, trustedDomains contains the domain
; declared in the manager. You can set trustedDomains to empty value so
; that, undeclared sites will be rejected. You can also set here a list
; of trusted domains or hosts separated by spaces. This is usefull if
; your website use LemonLDAP::NG without handler with SOAP functions.
289
;trustedDomains = my.trusted.host example2.com
290

291 292
; Check XSS
; Set to 0 to disable error on XSS attack detection
293 294
;checkXSS = 0

Xavier Guimard's avatar
Xavier Guimard committed
295 296 297 298 299
; CUSTOM PLUGINS
; If you want to add custom plugins, set list here (comma separated)
; Read Lemonldap::NG::Portal::Main::Plugin(3pm) man page.
;customPlugins = My::Package1, My::Package2

300
[handler]
301

302 303 304 305 306 307 308 309 310 311
; Handler cache configuration
; You can overwrite here local session cache settings in manager:
;          localSessionStorage=Cache::FileCache
;          localSessionStorageOptions={                         \
;              'namespace'          => 'lemonldap-ng-sessions', \
;              'default_expires_in' => 600,                     \
;              'directory_umask'    => '007',                   \
;              'cache_root'         => '/tmp',                  \
;              'cache_depth'        => 3,                       \
;          }
312

313 314
; Set https to 1 if your handler protect a https website (used only for
; redirections to the portal)
315
;https = 0
316 317
; Set port if your your hanlder protect a website on a non standard port
; - 80 for http, 443 for https (used only for redirections to the portal)
318
;port = 8080
319 320
; Set status to 1 if you want to have the report of activity (used for
; example to inform MRTG)
Xavier Guimard's avatar
Xavier Guimard committed
321
status = 0
322 323
; Set useRedirectOnForbidden to 1 if you want to use REDIRECT and not FORBIDDEN
; when a user is not allowed by Handler
324
;useRedirectOnForbidden = 1
325
; Hide LemonLDAP::NG Handler in Apache Server Signature
326
;hideSignature = 1
327
useRedirectOnError = 1
328

329
; Zimbra Handler parameters
Clément OUDOT's avatar
Clément OUDOT committed
330 331 332 333 334 335
;zimbraPreAuthKey = XXXX
;zimbraAccountKey = uid
;zimbraBy =id
;zimbraUrl = /service/preauth
;zimbraSsoUrl = ^/zimbrasso$

336
[manager]
337

338 339 340 341 342 343 344 345
; Manager protection: by default, the manager is protected by a demo account.
; You can protect it :
; * by Apache itself,
; * by the parameter 'protection' which can take one of the following
; values :
;   * authenticate : all authenticated users can access
;   * manager      : manager is protected like other virtual hosts: you
;                    have to set rules in the corresponding virtual host
346
;   * <rule>       : you can set here directly the rule to apply
347 348
;   * none         : no protection
protection   = manager
349

350
; staticPrefix: relative (or URL) location of static HTML components
351
staticPrefix = __MANAGERSTATICDIR__
352 353 354
;
; location of HTML templates directory
templateDir  = __MANAGERTEMPLATESDIR__
355

356
; languages: available languages for manager interface
357
languages    = fr, en, vi, ar
358

Xavier Guimard's avatar
Xavier Guimard committed
359 360 361
; Manager modules enabled
; Set here the list of modules you want to see in manager interface
; The first will be used as default module displayed
362 363 364
enabledModules = conf, sessions, notifications, 2ndFA, viewer

; Viewer options - Default values
365
;viewerHiddenKeys = samlIDPMetaDataNodes samlSPMetaDataNodes
366
;viewerAllowBrowser = 0
367
;viewerAllowDiff = 0
Xavier Guimard's avatar
Xavier Guimard committed
368

Xavier Guimard's avatar
Xavier Guimard committed
369 370 371 372
;[node-handler]
;
;This section is for node-lemonldap-ng-handler
;nodeVhosts = test3.example.com, test4.example.com