From 4e157077b2503016c29f7fa4ea654eed37c2d76e Mon Sep 17 00:00:00 2001 From: tohe Date: Wed, 19 Aug 2020 11:15:07 +0200 Subject: [PATCH] Create a simple wmde config file --- manifests/lam.pp | 5 + templates/wmde.conf.erb | 270 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 275 insertions(+) create mode 100644 templates/wmde.conf.erb diff --git a/manifests/lam.pp b/manifests/lam.pp index eb0a41a..e546cfc 100644 --- a/manifests/lam.pp +++ b/manifests/lam.pp @@ -66,6 +66,11 @@ class wmdeit_ldap::lam( ensure => file, content => template("wmdeit_ldap/lam-config.cfg.erb"), owner => "www-data", + } -> + file {"$docroot/config/wmde.conf": + ensure => file, + content => template("wmdeit_ldap/wmde.conf.erb"), + owner => "www-data", } } diff --git a/templates/wmde.conf.erb b/templates/wmde.conf.erb new file mode 100644 index 0000000..284ed27 --- /dev/null +++ b/templates/wmde.conf.erb @@ -0,0 +1,270 @@ +# LDAP Account Manager configuration +# +# Please do not modify this file manually. The configuration can be done completely by the LAM GUI. +# +################################################################################################### + +# server address (e.g. ldap://localhost:389 or ldaps://localhost:636) +ServerURL: ldap://localhost:389 + +# list of users who are allowed to use LDAP Account Manager +# names have to be seperated by semicolons +# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org +Admins: cn=admin,dc=wikimedia,dc=de + +# password to change these preferences via webfrontend (default: lam) +Passwd: {SSHA}T7uRmkbOgzr9k0BVJi1GvqqwJJQ= iaZAeQ== + +# suffix of tree view +# e.g. dc=yourdomain,dc=org +treesuffix: dc=wikimedia,dc=de + +# default language (a line from config/language) +defaultLanguage: en_GB.utf8 + +# Path to external Script +scriptPath: + +# Server of external Script +scriptServer: + +# Access rights for home directories +scriptRights: 750 + +# Number of minutes LAM caches LDAP searches. +cachetimeout: 5 + +# LDAP search limit. +searchLimit: 1000 + +# Module settings + +modules: posixAccount_user_minUID: 10000 +modules: posixAccount_user_maxUID: 30000 +modules: posixGroup_group_minGID: 10000 +modules: posixGroup_group_maxGID: 20000 +modules: posixAccount_pwdHash: SSHA + +# List of active account types. +activeTypes: user,group + + +types: suffix_user: ou=People,dc=wikimedia,dc=de +types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber +types: modules_user: inetOrgPerson,posixAccount,shadowAccount + +types: suffix_group: ou=group,dc=wikimedia,dc=de +types: attr_group: #cn;#gidNumber;#memberUID;#description +types: modules_group: posixGroup + +# Password mail subject +lamProMailSubject: Your password was reset + +# Password mail text +lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+ + + + +serverDisplayName: + + +# enable TLS encryption +useTLS: no + + +# follow referrals +followReferrals: false + + +# paged results +pagedResults: false + +referentialIntegrityOverlay: false + + +# time zone +timeZone: Europe/London + +scriptUserName: + +scriptSSHKey: + +scriptSSHKeyPassword: + + +# Access level for this profile. +accessLevel: 100 + + +# Login method. +loginMethod: list + + +# Search suffix for LAM login. +loginSearchSuffix: dc=yourdomain,dc=org + + +# Search filter for LAM login. +loginSearchFilter: uid=%USER% + + +# Bind DN for login search. +loginSearchDN: + + +# Bind password for login search. +loginSearchPassword: + + +# HTTP authentication for LAM login. +httpAuthentication: false + + +# Password mail from +lamProMailFrom: + + +# Password mail reply-to +lamProMailReplyTo: + + +# Password mail is HTML +lamProMailIsHTML: false + + +# Allow alternate address +lamProMailAllowAlternateAddress: true + +jobsBindPassword: + +jobsBindUser: + +jobsDatabase: + +jobsDBHost: + +jobsDBPort: + +jobsDBUser: + +jobsDBPassword: + +jobsDBName: + +jobToken: 682084386696 + +pwdResetAllowSpecificPassword: true + +pwdResetAllowScreenPassword: true + +pwdResetForcePasswordChange: true + +pwdResetDefaultPasswordOutput: 2 + +twoFactorAuthentication: none + +twoFactorAuthenticationURL: https://localhost + +twoFactorAuthenticationClientId: + +twoFactorAuthenticationSecretKey: + +twoFactorAuthenticationDomain: + +twoFactorAuthenticationInsecure: + +twoFactorAuthenticationLabel: + +twoFactorAuthenticationOptional: + +twoFactorAuthenticationCaption: + +twoFactorAuthenticationAttribute: +tools: tool_hide_ImportExport: false +tools: tool_hide_toolTests: false +tools: tool_hide_toolProfileEditor: false +tools: tool_hide_toolMultiEdit: false +tools: tool_hide_toolOUEditor: false +tools: tool_hide_toolFileUpload: false +tools: tool_hide_toolPDFEditor: false +tools: tool_hide_toolWebauthn: false +tools: tool_hide_toolSchemaBrowser: false +tools: tool_hide_toolServerInformation: false +modules: posixGroup_group_gidGenerator: range +modules: posixGroup_group_hidememberUid: false +modules: posixAccount_user_uidGeneratorUsers: range +modules: posixAccount_user_userNameSuggestion: @givenname@%sn% +modules: posixAccount_user_hidegecos: false +modules: posixAccount_user_hidepassword: false +modules: posixAccount_shells: /bin/bash+::+/bin/csh+::+/bin/dash+::+/bin/false+::+/bin/ksh+::+/bin/sh +modules: posixAccount_primaryGroupAsSecondary: false +modules: inetOrgPerson_hideDescription: false +modules: inetOrgPerson_hideStreet: false +modules: inetOrgPerson_hidePostOfficeBox: false +modules: inetOrgPerson_hidePostalCode: false +modules: inetOrgPerson_hideLocation: false +modules: inetOrgPerson_hideState: false +modules: inetOrgPerson_hidePostalAddress: false +modules: inetOrgPerson_hideRegisteredAddress: false +modules: inetOrgPerson_hideOfficeName: false +modules: inetOrgPerson_hideRoomNumber: false +modules: inetOrgPerson_hideTelephoneNumber: false +modules: inetOrgPerson_hideHomeTelephoneNumber: false +modules: inetOrgPerson_hideMobileNumber: false +modules: inetOrgPerson_hideFaxNumber: false +modules: inetOrgPerson_hidePager: true +modules: inetOrgPerson_hideEMailAddress: false +modules: inetOrgPerson_hideJobTitle: false +modules: inetOrgPerson_hideCarLicense: false +modules: inetOrgPerson_hideEmployeeType: false +modules: inetOrgPerson_hideBusinessCategory: false +modules: inetOrgPerson_hideDepartments: false +modules: inetOrgPerson_hideManager: false +modules: inetOrgPerson_hideOu: false +modules: inetOrgPerson_hideO: false +modules: inetOrgPerson_hideEmployeeNumber: false +modules: inetOrgPerson_hideInitials: false +modules: inetOrgPerson_hideLabeledURI: false +modules: inetOrgPerson_hideuserCertificate: false +modules: inetOrgPerson_hidejpegPhoto: false +modules: inetOrgPerson_hidedisplayName: true +modules: inetOrgPerson_addAddressbook: false +modules: inetOrgPerson_readOnly_businessCategory: false +modules: inetOrgPerson_readOnly_carLicense: false +modules: inetOrgPerson_readOnly_cn: false +modules: inetOrgPerson_readOnly_departmentNumber: false +modules: inetOrgPerson_readOnly_description: false +modules: inetOrgPerson_readOnly_mail: false +modules: inetOrgPerson_readOnly_employeeNumber: false +modules: inetOrgPerson_readOnly_employeeType: false +modules: inetOrgPerson_readOnly_facsimileTelephoneNumber: false +modules: inetOrgPerson_readOnly_givenName: false +modules: inetOrgPerson_readOnly_homePhone: false +modules: inetOrgPerson_readOnly_initials: false +modules: inetOrgPerson_readOnly_title: false +modules: inetOrgPerson_readOnly_sn: false +modules: inetOrgPerson_readOnly_l: false +modules: inetOrgPerson_readOnly_manager: false +modules: inetOrgPerson_readOnly_mobile: false +modules: inetOrgPerson_readOnly_physicalDeliveryOfficeName: false +modules: inetOrgPerson_readOnly_o: false +modules: inetOrgPerson_readOnly_ou: false +modules: inetOrgPerson_readOnly_pager: false +modules: inetOrgPerson_readOnly_userPassword: false +modules: inetOrgPerson_readOnly_jpegPhoto: false +modules: inetOrgPerson_readOnly_postOfficeBox: false +modules: inetOrgPerson_readOnly_postalAddress: false +modules: inetOrgPerson_readOnly_postalCode: false +modules: inetOrgPerson_readOnly_registeredAddress: false +modules: inetOrgPerson_readOnly_roomNumber: false +modules: inetOrgPerson_readOnly_st: false +modules: inetOrgPerson_readOnly_street: false +modules: inetOrgPerson_readOnly_telephoneNumber: false +modules: inetOrgPerson_readOnly_uid: false +modules: inetOrgPerson_readOnly_labeledURI: false +types: customLabel_user: +types: filter_user: +types: customLabel_group: +types: filter_group: +types: hidden_user: +types: hidden_group: