Create a simple wmde config file

This commit is contained in:
Tobias Herre 2020-08-19 11:15:07 +02:00
parent de5378be34
commit 4e157077b2
2 changed files with 275 additions and 0 deletions

View File

@ -66,6 +66,11 @@ class wmdeit_ldap::lam(
ensure => file, ensure => file,
content => template("wmdeit_ldap/lam-config.cfg.erb"), content => template("wmdeit_ldap/lam-config.cfg.erb"),
owner => "www-data", owner => "www-data",
} ->
file {"$docroot/config/wmde.conf":
ensure => file,
content => template("wmdeit_ldap/wmde.conf.erb"),
owner => "www-data",
} }
} }

270
templates/wmde.conf.erb Normal file
View File

@ -0,0 +1,270 @@
# LDAP Account Manager configuration
#
# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
#
###################################################################################################
# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
ServerURL: ldap://localhost:389
# list of users who are allowed to use LDAP Account Manager
# names have to be seperated by semicolons
# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
Admins: cn=admin,dc=wikimedia,dc=de
# password to change these preferences via webfrontend (default: lam)
Passwd: {SSHA}T7uRmkbOgzr9k0BVJi1GvqqwJJQ= iaZAeQ==
# suffix of tree view
# e.g. dc=yourdomain,dc=org
treesuffix: dc=wikimedia,dc=de
# default language (a line from config/language)
defaultLanguage: en_GB.utf8
# Path to external Script
scriptPath:
# Server of external Script
scriptServer:
# Access rights for home directories
scriptRights: 750
# Number of minutes LAM caches LDAP searches.
cachetimeout: 5
# LDAP search limit.
searchLimit: 1000
# Module settings
modules: posixAccount_user_minUID: 10000
modules: posixAccount_user_maxUID: 30000
modules: posixGroup_group_minGID: 10000
modules: posixGroup_group_maxGID: 20000
modules: posixAccount_pwdHash: SSHA
# List of active account types.
activeTypes: user,group
types: suffix_user: ou=People,dc=wikimedia,dc=de
types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber
types: modules_user: inetOrgPerson,posixAccount,shadowAccount
types: suffix_group: ou=group,dc=wikimedia,dc=de
types: attr_group: #cn;#gidNumber;#memberUID;#description
types: modules_group: posixGroup
# Password mail subject
lamProMailSubject: Your password was reset
# Password mail text
lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+
serverDisplayName:
# enable TLS encryption
useTLS: no
# follow referrals
followReferrals: false
# paged results
pagedResults: false
referentialIntegrityOverlay: false
# time zone
timeZone: Europe/London
scriptUserName:
scriptSSHKey:
scriptSSHKeyPassword:
# Access level for this profile.
accessLevel: 100
# Login method.
loginMethod: list
# Search suffix for LAM login.
loginSearchSuffix: dc=yourdomain,dc=org
# Search filter for LAM login.
loginSearchFilter: uid=%USER%
# Bind DN for login search.
loginSearchDN:
# Bind password for login search.
loginSearchPassword:
# HTTP authentication for LAM login.
httpAuthentication: false
# Password mail from
lamProMailFrom:
# Password mail reply-to
lamProMailReplyTo:
# Password mail is HTML
lamProMailIsHTML: false
# Allow alternate address
lamProMailAllowAlternateAddress: true
jobsBindPassword:
jobsBindUser:
jobsDatabase:
jobsDBHost:
jobsDBPort:
jobsDBUser:
jobsDBPassword:
jobsDBName:
jobToken: 682084386696
pwdResetAllowSpecificPassword: true
pwdResetAllowScreenPassword: true
pwdResetForcePasswordChange: true
pwdResetDefaultPasswordOutput: 2
twoFactorAuthentication: none
twoFactorAuthenticationURL: https://localhost
twoFactorAuthenticationClientId:
twoFactorAuthenticationSecretKey:
twoFactorAuthenticationDomain:
twoFactorAuthenticationInsecure:
twoFactorAuthenticationLabel:
twoFactorAuthenticationOptional:
twoFactorAuthenticationCaption:
twoFactorAuthenticationAttribute:
tools: tool_hide_ImportExport: false
tools: tool_hide_toolTests: false
tools: tool_hide_toolProfileEditor: false
tools: tool_hide_toolMultiEdit: false
tools: tool_hide_toolOUEditor: false
tools: tool_hide_toolFileUpload: false
tools: tool_hide_toolPDFEditor: false
tools: tool_hide_toolWebauthn: false
tools: tool_hide_toolSchemaBrowser: false
tools: tool_hide_toolServerInformation: false
modules: posixGroup_group_gidGenerator: range
modules: posixGroup_group_hidememberUid: false
modules: posixAccount_user_uidGeneratorUsers: range
modules: posixAccount_user_userNameSuggestion: @givenname@%sn%
modules: posixAccount_user_hidegecos: false
modules: posixAccount_user_hidepassword: false
modules: posixAccount_shells: /bin/bash+::+/bin/csh+::+/bin/dash+::+/bin/false+::+/bin/ksh+::+/bin/sh
modules: posixAccount_primaryGroupAsSecondary: false
modules: inetOrgPerson_hideDescription: false
modules: inetOrgPerson_hideStreet: false
modules: inetOrgPerson_hidePostOfficeBox: false
modules: inetOrgPerson_hidePostalCode: false
modules: inetOrgPerson_hideLocation: false
modules: inetOrgPerson_hideState: false
modules: inetOrgPerson_hidePostalAddress: false
modules: inetOrgPerson_hideRegisteredAddress: false
modules: inetOrgPerson_hideOfficeName: false
modules: inetOrgPerson_hideRoomNumber: false
modules: inetOrgPerson_hideTelephoneNumber: false
modules: inetOrgPerson_hideHomeTelephoneNumber: false
modules: inetOrgPerson_hideMobileNumber: false
modules: inetOrgPerson_hideFaxNumber: false
modules: inetOrgPerson_hidePager: true
modules: inetOrgPerson_hideEMailAddress: false
modules: inetOrgPerson_hideJobTitle: false
modules: inetOrgPerson_hideCarLicense: false
modules: inetOrgPerson_hideEmployeeType: false
modules: inetOrgPerson_hideBusinessCategory: false
modules: inetOrgPerson_hideDepartments: false
modules: inetOrgPerson_hideManager: false
modules: inetOrgPerson_hideOu: false
modules: inetOrgPerson_hideO: false
modules: inetOrgPerson_hideEmployeeNumber: false
modules: inetOrgPerson_hideInitials: false
modules: inetOrgPerson_hideLabeledURI: false
modules: inetOrgPerson_hideuserCertificate: false
modules: inetOrgPerson_hidejpegPhoto: false
modules: inetOrgPerson_hidedisplayName: true
modules: inetOrgPerson_addAddressbook: false
modules: inetOrgPerson_readOnly_businessCategory: false
modules: inetOrgPerson_readOnly_carLicense: false
modules: inetOrgPerson_readOnly_cn: false
modules: inetOrgPerson_readOnly_departmentNumber: false
modules: inetOrgPerson_readOnly_description: false
modules: inetOrgPerson_readOnly_mail: false
modules: inetOrgPerson_readOnly_employeeNumber: false
modules: inetOrgPerson_readOnly_employeeType: false
modules: inetOrgPerson_readOnly_facsimileTelephoneNumber: false
modules: inetOrgPerson_readOnly_givenName: false
modules: inetOrgPerson_readOnly_homePhone: false
modules: inetOrgPerson_readOnly_initials: false
modules: inetOrgPerson_readOnly_title: false
modules: inetOrgPerson_readOnly_sn: false
modules: inetOrgPerson_readOnly_l: false
modules: inetOrgPerson_readOnly_manager: false
modules: inetOrgPerson_readOnly_mobile: false
modules: inetOrgPerson_readOnly_physicalDeliveryOfficeName: false
modules: inetOrgPerson_readOnly_o: false
modules: inetOrgPerson_readOnly_ou: false
modules: inetOrgPerson_readOnly_pager: false
modules: inetOrgPerson_readOnly_userPassword: false
modules: inetOrgPerson_readOnly_jpegPhoto: false
modules: inetOrgPerson_readOnly_postOfficeBox: false
modules: inetOrgPerson_readOnly_postalAddress: false
modules: inetOrgPerson_readOnly_postalCode: false
modules: inetOrgPerson_readOnly_registeredAddress: false
modules: inetOrgPerson_readOnly_roomNumber: false
modules: inetOrgPerson_readOnly_st: false
modules: inetOrgPerson_readOnly_street: false
modules: inetOrgPerson_readOnly_telephoneNumber: false
modules: inetOrgPerson_readOnly_uid: false
modules: inetOrgPerson_readOnly_labeledURI: false
types: customLabel_user:
types: filter_user:
types: customLabel_group:
types: filter_group:
types: hidden_user:
types: hidden_group: