gnunux/dataset
1
0
Fork 0
forked from stove/dataset
Code Issues Pull requests Projects Releases Wiki Activity
dataset/seed/lemonldap/templates/lmConf-1.json

206 lines
7.1 KiB
JSON
Raw Permalink Blame History

{
"mailFrom" : "{{ general.lemonldap.lemon_mail_admin }}",
"mailLDAPFilter" : "(&(mail=$mail)(objectClass=inetOrgPerson))",
"portalSkinBackground" : "",
"portalCustomCss": "risotto/risotto.css",
"authentication" : "LDAP",
"AuthLDAPFilter" : "(&(cn=$user)(objectClass=inetOrgPerson))",
"managerDn" : "{{ general.ldap.client.ldapclient_user }}",
"managerPassword" : "{{ general.ldap.client.ldapclient_user_password }}",
"ldapPpolicyControl" : 1,
"ldapAllowResetExpiredPassword" : 1,
"ldapChangePasswordAsUser" : 1,
"ldapBase" : "{{ general.ldap.client.ldapclient_search_dn }}",
"ldapExportedVars" : {
"uid" : "uid",
"cn" : "cn",
"sn" : "sn",
"mail" : "mail",
"givenName" : "givenName",
"home" : "homeDirectory"
},
"ldapGroupBase" : "{{ general.ldap.client.ldapclient_group_dn }}",
"ldapGroupAttributeName" : "member",
"ldapGroupAttributeNameUser" : "cn",
"ldapGroupAttributeNameGroup" : "dn",
"ldapGroupAttributeNameSearch" : "cn",
"ldapGroupAttributeNameUser" : "dn",
"ldapGroupObjectClass" : "groupOfNames",
"ldapPort" : "636",
"ldapServer" : "ldaps://{{ general.ldap.server.ldap_server_address }}",
"ldapVerify" : "required",
"ldapTimeout" : 120,
"cfgAuthor" : "Risotto",
"cfgNum" : 1,
"cfgVersion" : "2.0.9",
"demoExportedVars" : {
"cn" : "cn",
"mail" : "mail",
"uid" : "uid"
},
"domain" : "{{ general.revprox.revprox_client.revprox_client_external_domainnames[0] }}",
"exportedVars" : {
"UA" : "HTTP_USER_AGENT",
"cn" : "cn",
"mail" : "mail"
},
"globalStorageOptions" : {
"Directory" : "/srv/lemonldap-ng/sessions",
"LockDirectory" : "/srv/lemonldap-ng/sessions/lock"
},
"issuerDBOpenIDConnectActivation" : 1,
"localSessionStorageOptions" : {
"cache_depth" : 3,
"cache_root" : "/srv/lemonldap-ng/cache",
"default_expires_in" : 600,
"directory_umask" : "007",
"namespace" : "lemonldap-ng-sessions"
},
"locationRules" : {
"{{ general.revprox.revprox_client.revprox_client_external_domainnames[0] }}" : {
"default" : "accept"
{% set domains = [] %}
{% for app in oauth2.remotes %}
{% set key = app|normalize_family %}
{% for external in oauth2['oauth2_' + key]['external_' + key]['hosts_' + key] %}
{% set domain = (external|string).split('/', 3)[-2] %}
{% if domain not in domains %}
},
"{{ domain }}" : {
"^/logout" : "logout_sso",
"default" : "$groups eq \"{{ external['family_' + key] }}\""
{{ domains.append(domain) }}
{% endif %}
{% endfor %}
{% endfor %}
}
},
"loginHistoryEnabled" : 1,
"macros" : {
"UA" : "$ENV{HTTP_USER_AGENT}",
"_whatToTrace" : "$_auth eq 'SAML' ? lc($_user.'@'.$_idpConfKey) : $_auth eq 'OpenIDConnect' ? lc($_user.'@'.$_oidc_OP) : lc($_user)"
},
"mailUrl" : "https://{{ general.revprox.revprox_client.revprox_client_external_domainnames[0] }}/resetpwd",
"mySessionAuthorizedRWKeys" : [
"_appsListOrder",
"_oidcConnectedRP",
"_oidcConsents"
],
"notification" : 1,
"notificationStorageOptions" : {
"dirName" : "/srv/lemonldap-ng/notifications"
},
"oidcRPMetaDataExportedVars" : {
{% set len_app = oauth2.remotes|length %}
{% for app in oauth2.remotes %}
{% set key = app|normalize_family %}
{% set description = oauth2['oauth2_' + key]['description_' + key] %}
"{{ app }}" : {
"email" : "mail",
"family_name" : "sn",
"name" : "cn",
"nickname" : "uid",
"home" : "home"
{% if len_app == loop.index %}
}
{% else %}
},
{% endif %}
{% endfor %}
},
"oidcRPMetaDataOptions" : {
{% for app in oauth2.remotes %}
{% set key = app|normalize_family %}
{% set description = oauth2['oauth2_' + key]['description_' + key] %}
"{{ app }}" : {
"oidcRPMetaDataOptionsAllowClientCredentialsGrant" : 0,
"oidcRPMetaDataOptionsAllowOffline" : 1,
"oidcRPMetaDataOptionsAllowPasswordGrant" : 0,
"oidcRPMetaDataOptionsBypassConsent" : 1,
"oidcRPMetaDataOptionsClientID" : "{{ oauth2['oauth2_' + key]['client_id_' + key] }}",
"oidcRPMetaDataOptionsClientSecret" : "{{ oauth2['oauth2_' + key]['secret_' + key] }}",
"oidcRPMetaDataOptionsIDTokenForceClaims" : 0,
"oidcRPMetaDataOptionsIDTokenSignAlg" : "{{ oauth2['oauth2_' + key]['token_signature_algo_' + key] }}",
"oidcRPMetaDataOptionsLogoutSessionRequired" : 0,
"oidcRPMetaDataOptionsLogoutType" : "front",
"oidcRPMetaDataOptionsPublic" : 0,
{% if oauth2['oauth2_' + key]['login_' + key] %}
"oidcRPMetaDataOptionsRedirectUris" : "{{ oauth2['oauth2_' + key]['login_' + key] }}",
{% endif %}
"oidcRPMetaDataOptionsRefreshToken" : 0,
"oidcRPMetaDataOptionsRequirePKCE" : 0
{% if len_app == loop.index %}
}
{% else %}
},
{% endif %}
{% endfor %}
},
"oidcServiceKeyIdSig" : "2PDCicoyT45rjsARYcxjfg",
"oidcServiceMetaDataAuthnContext" : {
"loa-1" : 1,
"loa-2" : 2,
"loa-3" : 3,
"loa-4" : 4,
"loa-5" : 5
},
{% set tpub = domain_name_eth0|get_public_key(hide=hide_secret) %}
{% set pub = tpub.split("\n")|join('\\n') %}
"oidcServicePublicKeySig" : "{{ pub }}",
{% set tpriv = domain_name_eth0|get_private_key(hide=hide_secret) %}
{% set priv = tpriv.split("\n")|join('\\n') %}
"oidcServicePrivateKeySig" : "{{ priv }}",
"passwordDB" : "LDAP",
"persistentStorage" : "Apache::Session::File",
"persistentStorageOptions" : {
"Directory": "/srv/lemonldap-ng/psessions",
"LockDirectory": "/srv/lemonldap-ng/psessions/lock"
},
"portal" : "https://{{ general.revprox.revprox_client.revprox_client_external_domainnames[0] }}/",
"portalCheckLogins": 0,
"portalDisplayRegister": 0,
"portalDisplayResetPassword": 0,
"portalMainLogo": "risotto/logo.png",
"showLanguages": 0,
"requireToken": "$env->{REMOTE_ADDR} ne '{{ gateway_eth0 }}'",
"whatToTrace" : "_whatToTrace",
{% set remotes = {} %}
{% for app in oauth2.remotes %}
{% set key = app|normalize_family %}
{% set description = oauth2['oauth2_' + key]['description_' + key] %}
{% if description %}
{% set dico = {'key': key,
'description': description,
'logo': "risotto/" + oauth2['oauth2_' + key]['logo_' + key],
'name': oauth2['oauth2_' + key]['name_' + key],
'uri': oauth2['oauth2_' + key]['external_' + key]['hosts_' + key]} %}
{{ remotes.setdefault(oauth2['oauth2_' + key]['category_' + key], []).append(dico) }}
{% endif %}
{% endfor %}
"applicationList" : {
{% for cat in remotes %}
{% if loop.index != 1 %}
,
{% endif %}
"cat_{{ loop.index - 1 }}" : {
"catname" : "{{ cat }}",
{% for dico in remotes[cat] %}
{% for uri in dico['uri'] %}
"{{ dico['key'] }}_{{ loop.index - 1 }}" : {
"options" : {
"description" : "{{ dico['description'] }}",
"display" : "auto",
"logo" : "{{ dico['logo'] }}",
"name" : "{{ dico['name'] }}",
"uri" : "{{ uri }}"
},
"type" : "application"
},
{% endfor %}
{% endfor %}
"type" : "category"
}
{%- endfor -%}
}
}
Reference in a new issue View git blame Copy permalink