From f4ca33f5dbc72f5acd91985dcd1f627873ffbc43 Mon Sep 17 00:00:00 2001 From: Yadd Date: Tue, 20 Aug 2024 10:25:00 +0400 Subject: [PATCH 1/7] Prepare 2.19.1-5 --- .github/workflows/docker-publish.yml | 2 +- Changes.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 69deca7..2981890 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -4,7 +4,7 @@ env: VERSION: 2.19.1 PGVERSION: 15 DEBIANRELEASE: bookworm - DOCKERREVISION: 4 + DOCKERREVISION: 5 on: push: diff --git a/Changes.md b/Changes.md index 1d7e7f2..6e64c2c 100644 --- a/Changes.md +++ b/Changes.md @@ -1,6 +1,6 @@ # Changes -* 2024-08-19: +* 2024-08-19 (v2.19.1-4): * add `libconvert-pem-perl` package into portal * add `FORWARDED_BY` * 2024-08-18: From ae6061546e8028aa91fe1132ce9d23276712069b Mon Sep 17 00:00:00 2001 From: Yadd Date: Thu, 22 Aug 2024 11:25:45 +0400 Subject: [PATCH 2/7] Add mfe translation --- Changes.md | 2 + portal/Dockerfile | 2 +- .../portal/htdocs/static/common/mfe.png | Bin 0 -> 4237 bytes portal/mfe.patch | 403 ++++++++++++++++++ uwsgi-portal/Dockerfile | 2 +- .../portal/htdocs/static/common/mfe.png | Bin 0 -> 4237 bytes uwsgi-portal/mfe.patch | 403 ++++++++++++++++++ 7 files changed, 810 insertions(+), 2 deletions(-) create mode 100644 portal/install/usr/share/lemonldap-ng/portal/htdocs/static/common/mfe.png create mode 100644 portal/mfe.patch create mode 100644 uwsgi-portal/install/usr/share/lemonldap-ng/portal/htdocs/static/common/mfe.png create mode 100644 uwsgi-portal/mfe.patch diff --git a/Changes.md b/Changes.md index 6e64c2c..6bb859e 100644 --- a/Changes.md +++ b/Changes.md @@ -1,5 +1,7 @@ # Changes +* 2024-08-22: + * Add Mauritian Creole translation * 2024-08-19 (v2.19.1-4): * add `libconvert-pem-perl` package into portal * add `FORWARDED_BY` diff --git a/portal/Dockerfile b/portal/Dockerfile index 7098e23..757fd47 100644 --- a/portal/Dockerfile +++ b/portal/Dockerfile @@ -37,7 +37,7 @@ COPY *.patch / RUN for p in appgrid.patch jwt-type.patch app-scope.patch ignorepollers.patch \ fixedLogout.patch more-logs.patch introspec-for-public-clients.patch \ token-exchange.patch redirect-ajax.patch back-channel-debug.patch \ - crowdsec.patch recaptcha.patch msg-broker.patch \ + crowdsec.patch recaptcha.patch msg-broker.patch mfe.patch \ ; do echo patch $p && patch -p1 < $p; done && \ rm -f /*.patch && \ echo "# Install nginx configuration files" && \ diff --git a/portal/install/usr/share/lemonldap-ng/portal/htdocs/static/common/mfe.png b/portal/install/usr/share/lemonldap-ng/portal/htdocs/static/common/mfe.png new file mode 100644 index 0000000000000000000000000000000000000000..98d0f7cb47d4dcd77c6fdce1cbded313445d33dd GIT binary patch literal 4237 zcmeHKd2ka|9Ntz6H58?l%UWPrsDN~{SJG~lq=-%01V{}fD5tR5eVeXLvLU-|(poMN z6;Qwd2gIT{h*uG&%phXHmP1k0!2<>Q0#uP~o0aUAu z0u&@<2|*G~Vc*&G6=d2UCk72aL_Ek8kNaiUZQ8XvKK*vvtFh_V5Z9tJ_nj!(KOl8( zo%~zV{n?FMtmji}k{1VWKWoc)cf^8=D}OvQaO0pC3orb7g}P9kdi0}o@7PgykGgNy zBQ7uu_Fk=Ca(K^2gGbb-(G5+1z8jpTY>lp49XdW` z;mn(F;9eX2LuyvemDGpp3RgD1QWF^VPJ?Z+@ADCF&1P>O-uENVTX&51S( zbr;TkwX=3bEt2%TyB{u(LlNtAAi!eSF!6JE;#$*-74gAB4E<@A^*& zTp666hNYonnD;h6`FvXSvD1#^>Vs38b6V7;YxDP(QYe}+_9?#U=*6R-JpJ0C%4gZP z@7Ob?y4W81IAzty{ksy^-rj#{Pa`8p=7~jFqldgVf2T&(ZqEE^(4u*#wBtj69#LDf zk1gBFm3^_Hft+)4)27#p)jo30!t@O1xR{uezvKGGbxS|}b?P@I@61dY zeaxP_ZF0r+b4#1+=hj+mUuL^z+<9Wn*VT_De>s2Ksc6k*;h4M?ITSoMBB@xu+Hp58MdMKfnf=$=2BYoD#s`76;YDv~oCsD#YZd zCMywC=i~!Qx#qwym`B^|3rD@)4*H1NrUKN1NbpgDGLu9&Omuxh)m#;jq^+QTd_wiZ zO-hsiRVj}Nz*PYv+UTwnMINuOgF$a8D2Jm)Q&7BalZiqHE?OQ785mI@KnR2(sS4|( zy5Tih>J+P6ZFB!$x}8V54SR`h+8ax z#BB^|!L3w)f~;)7mfMx$?wAZ+$%ndDrBjKJN}#Dcz%VqP$5?W43rXkVJZrJw5(qFf z3GxEA0B=;IuLC#P=W$@Pne2@CLcAs^v9JT1CP&H>oe94j1~W8X7mdoJEeu7H43(Q} zB`wxY&^;igLc{5t6lrEyBO?l2A!OvCapW)`1Vl6vG!puW zyr#tbiV|{QdabBV*^&0b?IiLV@8mTAXCr9~N3tAE`zeYeNsgf=kTB8(uZXf#`EO`_ z^Pu+DC3njzoWIftweF}HU{UL+br_P3t%Rb+rr>y?wFQ;00HRSR#l4_1&^D+{bvD{h6h!Yx*w!Fh_2aNc6$DUy~Lvdsz|?5ZMZaXtnn2ceEoD`-zc zD|DQ(g5$f_5-$b%@<73GlEwcn7}3@+p`RJ;9ovb&X<|13T@D%eTx$#-Uhpg=Iu64& z&0xL%=cjEg{?92;w0Dvo>Dwz;uUtJ+phw_dclFBEBL#W{?seCHCYP!6bqYk_zo0mL zS!&Ead>p=L4f9R&yO15zFO0J-z~*J5VKCRzateWwmX?;;=BF|tCMhtr$ca3fGTaRZ zH%8sFRRrmOi~dbQw$u!R!G4;@>+1J?>X3fO$Uhz~I|xI!dYqH}si%d34<+>tZaLn|pmxe+R;&Bx_cipw{!M^}CL*sh@ literal 0 HcmV?d00001 diff --git a/portal/mfe.patch b/portal/mfe.patch new file mode 100644 index 0000000..a9a7bca --- /dev/null +++ b/portal/mfe.patch @@ -0,0 +1,403 @@ +--- a/etc/lemonldap-ng/lemonldap-ng.ini ++++ b/etc/lemonldap-ng/lemonldap-ng.ini +@@ -198,7 +198,7 @@ staticPrefix = /static + templateDir = /usr/share/lemonldap-ng/portal/templates + + ; languages: available languages for portal interface +-languages = en, fr, vi, it, ar, de, fi, tr, pl, zh_TW, es, pt_BR, he, ru ++languages = en, fr, vi, it, ar, de, fi, tr, pl, zh_TW, es, pt_BR, he, ru, mfe + + ; II - Optional parameters (overwrite configuration) + +--- /dev/null ++++ b/usr/share/lemonldap-ng/portal/htdocs/static/languages/mfe.json +@@ -0,0 +1,388 @@ ++{ ++"2FDeviceNotFound":"Pa trouv lekipman 2F", ++"2fRegRequired":"Sa servis-la bizin enn otantifikasion doub fakter. Anrezistre enn lekipman aster-la, apre retourn lor portay-la.", ++"PE0":"Itilizater finn otantifie", ++"PE1":"Ou koneksion finn expire, ou bizin otantifie ankor enn fwa", ++"PE10":"Sertifika pa valab", ++"PE100":"Mo-de-pas kontenir enn karakter ki pa otorize", ++"PE101":"Mo-de-pas kontenir bann karakter ki pa otorize", ++"PE102":"Bizin met azour sesion", ++"PE103":"Pena deziem fakter disponib pou ou kont", ++"PE104":"Move fisie gestioner DevOps", ++"PE105":"Fisie pa finn trouve", ++"PE106":"Erer pandan otantifikasion avel fourniser OpenID", ++"PE107":"Pa konn sa aplikasion-la", ++"PE108":"URL pa otorize", ++"PE109":"Pa enn URL proteze ouswa ki kapav fer konfians", ++"PE110":"Validasion deziem fakter finn fel, silvouple re-esey", ++"PE111":"Modpas tro long", ++"PE2":"Bizin ranpli itilizater ek modpas", ++"PE20":"Pa finn definir modpas pou backend", ++"PE21":"Ou kont finn bloke", ++"PE22":"Ou modpas finn expire", ++"PE23":"Bizin sertifika", ++"PE24":"Erer", ++"PE25":"Mo-de-pas finn reset e aster bizin sanz li", ++"PE26":"Mo-de-pas pa kapav modifie", ++"PE27":"Bizin osi fourni vie modpas kan pe met enn nouvo modpas", ++"PE28":"kalite mod-de-pas insinifyan", ++"PE29":"Mo-de-pas tro kourt", ++"PE3":"Move kont ou mo-de-pas zestioner repertwar", ++"PE30":"Mo-de-pas tro zenn", ++"PE31":"Mod-de-pas finn servi tro resaman", ++"PE32":"otantifikasion reste, sanz ou mo-de-pas!", ++"PE33":"%d zour, %d lertan, %d minit ek %d segonn avan expirasion modpas sanz li!", ++"PE34":"Bann mo-de-pas pa koresponn", ++"PE35":"Mo-de-pas finn sanze avek sikse", ++"PE36":"Ou ena enn nouvo mesaz", ++"PE37":"Move URL", ++"PE38":"Pena okenn scheme disponib", ++"PE39":"Move vie modpas", ++"PE4":"Itilizater pa trouve dan repertwar", ++"PE40":"Move nom itilizater", ++"PE41":"Ouvertir sesion pa otorize", ++"PE42":"Konfirmasion neseser", ++"PE43":"Ou ladres mail obligatwar", ++"PE44":"Lakle konfirmasion pa valab ouswa tro vie", ++"PE45":"Enn erer finn arive kan finn avoy mail", ++"PE46":"Finn avoy enn mail", ++"PE47":"Ou finn dekonekte", ++"PE48":"Erer SAML ki pa finn definir", ++"PE49":"Pa kapav load servis SAML", ++"PE5":"Move idantifian", ++"PE50":"Problem kan pe mont enn fourniser idantite", ++"PE51":"Enn erer finn arive pandan single sign on SAML", ++"PE52":"Pa konn antite SAML", ++"PE53":"Destinasion mesaz SAML pa korek", ++"PE54":"Bann kondision mesaz SAML pa respekte", ++"PE55":"Single sign on inisie par fourniser idantite pa otorize", ++"PE56":"Ou finn dekonekte me enn erer finn arive dan enn lot aplikasion, ou bizin ferm ou browser", ++"PE57":"Erer dan zestyon signatir mesaz SAML", ++"PE58":"Enn erer finn arive pandan itilizasion artefak SAML", ++"PE59":"Erer kominikasion avek bann sesion SAML", ++"PE6":"Pa kapav konekte ar server LDAP", ++"PE60":"Problem kan pe mont enn fourniser servis", ++"PE61":"Enn erer finn arive pandan lesanz bann atribut SAML", ++"PE62":"Sa se enn paz endpoint OpenID", ++"PE63":"Ou sey servi enn idantite OpenID ki pa pou ou", ++"PE64":"Enn atribut obligatwar pa disponib", ++"PE65":"Federasion interdi par politik sekirite", ++"PE66":"Mail konfirmasion-la finn deza avoye", ++"PE67":"Bizin ranpli bwat modpas", ++"PE68":"Akse pa finn permet lor servis CAS", ++"PE69":"Donn ou ladres mail silvouple", ++"PE7":"Erer anormal depi server LDAP", ++"PE70":"Pena itilizater ki koresponn", ++"PE71":"Silvouple donn ou nouvo modpas", ++"PE72":"Enn mail konfirmasion finn avoye", ++"PE73":"Koneksion Radius finn fel", ++"PE74":"Bizin vie modpas", ++"PE75":"Ou sorti depi enn ladres IP ki pa akredite", ++"PE76":"Ou finn fel pou tap captcha-la", ++"PE77":"Ou bizin tap captcha-la", ++"PE78":"Met ou bann linformasion silvouple", ++"PE79":"Enn linformasion manke", ++"PE8":"Modil stokaz sesion finn fel", ++"PE80":"Sa ladres-la finn deza servi", ++"PE81":"Tantativ otantifikasion pa valab", ++"PE82":"Finn depas letan otantifikasion", ++"PE83":"WebAuthn otantifikasion finn fel", ++"PE84":"Ou pa otorize pou gagn akse a sa masinn-la", ++"PE85":"Sit remote-la pe demann enn sesion pli resan (ek plugin UpgradeSession pa finn load). Dekonekte ek re-esey", ++"PE86":"Ou kont finn bloke. Ou bizin atann", ++"PE87":"Ou bizin otantifie ankor pou gagn akse Portay", ++"PE88":"Ou kont bizin ena enn ladres e-mail pou kapav servi otantifikasion doub fakter", ++"PE89":"Akse pa finn done lor servis SAML", ++"PE9":"Bizin otantifikasion", ++"PE90":"Akse pa finn done lor servis OIDC", ++"PE91":"Akse pa finn done lor servis OID", ++"PE92":"Akse pa finn done lor servis GET", ++"PE93":"Akse pa finn done lor servis IMPERSONATION", ++"PE94":"Enn atribut obligatwar pa disponib", ++"PE95":"Akse pa finn done lor servis DECRYPT", ++"PE96":"Kod verifikasion pa valab", ++"PE97":"Ou sertifika pa valab ouswa pou expire biento", ++"PE98":"Silvouple swazir ou nouvo sertifika", ++"PE99":"Silvouple swazir ou nouvo sertifika", ++"SSOSessionInactive":"Sesion SSO inaktif", ++"UA":"Azan itilizater", ++"VHnotFound":"Masinn virtiel pa finn trouve", ++"accept":"Aksepte", ++"accessDenied":"Ou pena okenn lotorizasion akse pou sa aplikasion-la", ++"accountCreated":"Ou kont finn kree, finn avoy ou modpas tanporer lor ou ladres mail.", ++"accountCreationSuccess":"Ou kont finn kree avek sikse.", ++"action":"Aksion", ++"activeSessions":"Bann sesion SSO aktiv", ++"all":"Tou", ++"allowed":"Akse PERMET", ++"anotherInformation":"Enn lot linformasion:", ++"areYouSure":"Ou sir?", ++"askToRenew":"Sa aplikasion-la bizin enn otantifikasion pli resan. Eski ou anvi re-otantifie?", ++"askToUpgrade":"Sa aplikasion-la bizin enn pli ot nivo otantifikasion. Eski ou anvi re-otantifie?", ++"attributes":"BANN ATRIBI", ++"authLevel":"Nivo otantifikasion", ++"authPortal":"Portay otantifikasion", ++"authRemaining":"%s otantifikasion ki reste, sanz ou modpas!", ++"autoAccept":"Aksepte otomatikman dan 30 segonn", ++"autoGlobalLogout":"Logout globalman otomatikman dan 30 segonn", ++"back2CasUrl":"Aplikasion kot ou fek dekonekte finn donn enn lien pou ou swiv", ++"back2Portal":"Retourn lor portay", ++"badCode":"Move kod", ++"badName":"Move nom", ++"cancel":"Kennsel", ++"captcha":"Captcha", ++"certificateReset":"Reset mo sertifika", ++"changePwd":"Sanz ou modpas", ++"checkDevOps":"Verifie fisie handler DevOps", ++"checkLastLogins":"Chek mo bann dernie login", ++"checkUser":"Verifie profil SSO itilizater", ++"checkUserComputedSession":"Pena okenn sesion SSO ki finn trouve. Bann done finn kalkile!", ++"checkUserMerged":"Verifie profil SSO itilizater. Ena bann group SSO Reel ek Spoofed ki finn zwenn ansam!", ++"checkUserNoSessionFound":"Pena okenn sesion SSO ki finn trouve", ++"checkentropyLabel":"Lafors modpas", ++"choose2f":"Swazir ou deziem fakter", ++"chooseApp":"Swazir enn aplikasion ki ou gagn drwa aksede", ++"cipheredValue":"Valer ki finn kode", ++"click2Reset":"Klik isi pou reset ou modpas", ++"clickHere":"Klik isi silvouple", ++"clickOnYubikey":"Klik lor ou Yubikey", ++"close":"Ferme", ++"closeSSO":"Ferm ou sesion SSO", ++"code":"Kod", ++"confirmLinkSent":"Finn avoy enn lien konfirmasion. Sa lien-la valid ziska", ++"confirmPwd":"Konfirm modpas", ++"confirmation":"Konfirmasion", ++"connect":"Konekte", ++"connectedAs":"Konekte kouma", ++"contextSwitching_OFF":"Aret fer sanblan", ++"contextSwitching_ON":"Fer sanblan enn lot itilizater", ++"continue":"Kontinie", ++"createAccount":"Kre enn kont", ++"current":"Aktiel", ++"currentPwd":"Modpas aktiel", ++"date":"Dat", ++"decryptCipheredValue":"Desifre enn valer kode", ++"enterCred":"Silvouple rant ou bann idantifian", ++"enterExt2fCode":"Finn avoy ou enn kod. Met li silvouple", ++"enterMail2fCode":"Finn avoy enn kod lor ou ladres email. Met li silvouple", ++"enterOpenIDLogin":"Silvouple rant ou login OpenID", ++"enterPassword":"Met ou modpas", ++"enterRadius2fCode":"Met ou kod OTP silvouple", ++"enterRest2fCode":"Met ou kod OTP silvouple", ++"enterTotpCode":"Met kod TOTP", ++"enterYubikey":"Silvouple servi ou Yubikey", ++"errorMsg":"Mesaz erer", ++"expired2Fremoved":"%s bann lekipman 2F ki finn expire finn retire (%s)!", ++"explorer":"Explorer", ++"ext2f":"Kod verifikasion", ++"firstName":"Prenom", ++"forbidden":"Akse INTERDI", ++"forgotPwd":"Finn bliye ou modpas?", ++"generatePwd":"Zener modpas-la otomatikman", ++"generic":"Bann linformasion kontak", ++"generic2fFormatError":"Ou bann linformasion kontak pa koresponn avek format neseser", ++"generic2fwelcome":"Anrezistre ou deziem fakter", ++"genericCheckCode":"Finn transmet ou enn kod, silvouple rant li dan form anba", ++"genericRegisterCode":"Met kod ki finn resevwar", ++"genericRegisterName":"Nom sa linformasion kontak-la", ++"genericRegisterPrompt":"Met ou linformasion kontak", ++"genericRegisterRegister":"Klik lor sa bouton-la pou terminn prosesis lanrezistreman", ++"genericRegisterVerify":"Klik lor sa bouton-la pou resevwar ou kod konfirmasion", ++"genericRegistered":"Ou linformasion kontak finn anrezistre avek sikse", ++"genericverify":"Verifie ou bann linformasion kontak", ++"globalLogout":"logout global", ++"goToPortal":"Al lor portay", ++"gotNewMessages":"Ou ena bann nouvo mesaz", ++"gplSoft":"lozisiel gratwi ki kouver par lisans GPL", ++"groups_sso":"BANN GROUP SSO", ++"headers":"BANN ANTET", ++"hello":"Bonzour", ++"hide":"Kasiet", ++"id":"Id", ++"imSure":"Mo sir", ++"info":"Informasion", ++"ipAddr":"Ladres IP", ++"key":"Lakle", ++"lastFailedLogins":"Dernie login ki finn fel", ++"lastFailedLoginsCaptionLabel":"Dernie login ki finn fel", ++"lastLogins":"Dernie login", ++"lastLoginsCaptionLabel":"Dernie login", ++"lastName":"Sirnom", ++"linkValidUntil":"Sa mesaz-la kontenir enn lien pou reset ou modpas, sa lien-la valab ziska", ++"linkValidUntilCertif":"Sa mesaz-la kontenir enn lien pou reset ou sertifika, sa lien-la valab ziska", ++"login":"Login", ++"loginHistory":"Listwar login", ++"logout":"Logout", ++"logoutConfirm":"Eski ou anvi dekonekte?", ++"logoutFromOtherApp":"Dekonekte depi lezot aplikasion ...", ++"logoutFromSP":"Dekonekte depi bann fourniser servis ...", ++"macros":"MACROS", ++"mail":"Mail", ++"mail2f":"Kod email", ++"mailSent2":"Finn avoy enn mesaz lor ou ladres mail.", ++"maintenanceMode":"Sa aplikasion-la lor mintenans, silvouple sey konekte apre", ++"mandatoryField":"* bwat obligatwar", ++"maxNumberOf2FDevicesReached":"Kantite maximum lekipman 2F finn arive!", ++"missingCode":"Kod-la manke", ++"missingPassword":"Mo-de-pas pa finn rantre", ++"myNotification":"Notifikasion ki mo finn aksepte", ++"myNotifications":"Bann notifikasion ki mo finn aksepte", ++"name":"Nom", ++"newMessages":"Nouvo mesaz", ++"newPassword":"Nouvo modpas", ++"newPwdSentTo":"Finn avoy enn konfirmasion lor ou ladres mail.", ++"noAppAllowed":"Okenn aplikasion pa permet!", ++"noHistory":"Sa se ou premie koneksion, bienveni!", ++"noNotification":"Pa finn trouv okenn notifikasion ki finn aksepte", ++"noTOTPFound":"Pena TOTP ki finn trouve", ++"noU2FKeyFound":"Pa finn trouv lakle U2F", ++"notAnEncryptedValue":"Li pa enn valer ankripte", ++"notAuthorized":"Ou pa otorize pou fer sa", ++"notAuthorizedAuthLevel":"Sa aksion-la bizin enn nivo otantifikasion pli ot", ++"notFound":"Pa finn trouve: ou pe rod aksed enn paz ki pa disponib", ++"notificationNotFound":"Notifikasion pa finn trouve dan baz done", ++"notificationRetrieveFailed":"Pa kapav rekiper notifikasion", ++"notificationsExplorer":"Explorater notifikasion", ++"oidcConsent":"Aplikasion %s bizin:", ++"oidcConsents":"OIDC dakor", ++"oidcConsentsFull":"OpenID Connect dakor", ++"okta2f":"Okta", ++"okta2fSelectFactor":"Seleksionn modil Okta ki ou anvi servi", ++"okta2fpush":"Okta Push", ++"okta2fsms":"Okta SMS", ++"okta2ftokensoftwaretotp":"Okta TOTP", ++"oneExpired2Fremoved":"Enn lekipman 2F ki finn expire finn retire (%s)!", ++"openIdExample":"par exanp:http://myopenid.org/toto", ++"openSSOSession":"Ouver ou sesion SSO", ++"openSessionSpace":"Sa lespas-la permet ou ouver enn sesion SSO. Sa pou ed ou gagn akse a tou bann aplikasion ki finn otoriz par ou profil dan enn fason sekirize.", ++"openidAp":"Eski ou dakor pou donn sa bann paramet-la?", ++"openidExchange":"Eski ou anvi otantifie oumem lor %s ?", ++"openidPA":"Polisi itilizasion done disponib lor", ++"openidRpns":"Paramet %s ki finn demande pou federasion pa disponib", ++"otherSessions":"Bann lezot sesion aktif", ++"password":"Modpas", ++"password2f":"Modpas", ++"passwordCompromised":"Pa finn trouve dan enn baz done bann modpas ki finn konpromi", ++"passwordPolicy":"Silvouple respekte sa polisi-la:", ++"passwordPolicyMaxSize":"Dimansion maximal:", ++"passwordPolicyMinDigit":"Karakter sif minimal:", ++"passwordPolicyMinLower":"Bann tit let:", ++"passwordPolicyMinSize":"Dimansion minim:", ++"passwordPolicyMinSpeChar":"karakter spesial minimal:", ++"passwordPolicyMinUpper":"Bann karakter kapital", ++"passwordPolicyNone":"Ou lib pou swazir ou modpas!", ++"passwordPolicySamePwd":"Ou bizin konfirm ou nouvo modpas par rant li de fwa", ++"passwordPolicySpecialChar":"Bann karakter spesial ki permet:", ++"passwordverify":"Re-verifie ou modpas", ++"pasteHere":"Met ou fisie isi...", ++"ppGrace":"otantifikasion ki reste, sanz ou modpas!", ++"proxyError":"Move gateway: pa kapav zwenn server a distans", ++"pwd":"Modpas", ++"pwdChange":"Sanzman modpas", ++"pwdChanged":"Ou modpas finn sanze avek sikse!", ++"pwdResetAlreadyIssued":"Enn demann pou reset enn modpas finn deza sorti lor", ++"pwdWillExpire":"%s zour, %s ertan, %s minit ek %s segonn avan expirasion modpas, sanz li!", ++"radius2f":"Radius", ++"redirectedFrom":"Ou finn redirize depi", ++"redirectedIn":"Ou pou redirize dan 30 segonn", ++"redirectionInProgress":"Redireksion an kour...", ++"redirectionToIdp":"Redireksion ver ou Fourniser Idantite", ++"reference":"Referans", ++"refreshrights":"Refresh mo bann drwa", ++"refuse":"Refize", ++"register":"Anrezistre", ++"registerRequestAlreadyIssued":"Enn demann pou anrezistre pou sa kont-la ti deza sorti lor", ++"rememberChoice":"Rapel mo swa", ++"rememberTimerLabel":"s avan otantifikasion otomatik", ++"remove2fWarning":"Sa loperasion-la pa kapav retourn deryer", ++"removeOtherSessions":"Retir bann lezot sesion", ++"renewSession":"Renouvle sesion", ++"resendCode":"Re-avoy kod", ++"resendConfirmMail":"Re-avoy bann mail konfirmasion?", ++"resendTooSoon":"Silvouple atann inpe plis avan sey re-avoy kod-la", ++"resentConfirm":"Eski ou anvi ki re-avoy sa mesaz konfirmasion-la?", ++"resetPwd":"Reset mo modpas", ++"rest2f":"Kod verifikasion", ++"retry":"Re-eseye", ++"rightsReloadNeedsLogout":"Drwa reload bizin logout ek login ankor", ++"rules":"REG", ++"scope":"lanpler", ++"search":"Resers", ++"searchAccount":"Rod enn kont", ++"searchingForm":"Form resers", ++"seconds":"segonn", ++"selectIdP":"Swazir ou fourniser idantite", ++"sendPwd":"Avoy mwa enn lien", ++"serverError":"Finn ena enn erer lor server-la", ++"service":"Servis", ++"serviceProvidedBy":"Servis ki finn done par", ++"sessionsDeleted":"Bann sesion swivan finn ferme", ++"sfaManager":"2em FA Manager", ++"showhidePasswords":"Montre/Kasiet bann modpas", ++"spoofId":"Id fos", ++"startTime":"Dat kreasion", ++"stayConnected":"Fer konfians sa lekipman-la pou bann login dan lavenir", ++"submit":"Soumet", ++"switchContext":"Sanz kontext", ++"totp2f":"OTP App", ++"totpMissingCode":"Silvouple, rant kod ki ou aplikasion TOTP finn done", ++"totpOrTouch":"Si ou trouv sa lor ou portab, tous kod QR pou ouver ou aplikasion TOTP", ++"totpQrCode":"Skann sa kod QR-la dan ou aplikasion TOTP", ++"totpRegisterCode":"Met kod ki ou aplikasion finn done", ++"totpRegisterName":"Swazir enn nom pou sa lekipman TOTP-la", ++"totpSecretKey":"Si ou aplikasion TOTP pa siport bann kod QR, rant sa lakle-la plito:", ++"touchU2fDevice":"Silvouple tous lekipman U2F ki pe flashe aster-la mem.", ++"touchU2fDeviceOrEnterTotp":"Silvouple tous lekipman U2F ki pe flashe ouswa met kod TOTP.", ++"type":"Tip", ++"u2f":"Lakle U2F", ++"u2fFailed":"Verifikasion U2F finn fel. Re-eseye ou kontakte ou administrater", ++"u2fPermission":"Kapav demann ou permission pou les sit-la gagn akse a ou bann lakle sekirite. Apre ki finn donn permision, lekipman-la pou koumans klignote.", ++"u2fWelcome":"Zesion lekipman U2F", ++"unableToGetKey":"Pa kapav gagn akse a ou lakle. Re-eseye ou kontakte ou administrater", ++"unknownAction":"Aksion inkoni", ++"unknownAttributes":"Bann atribut inkoni", ++"unregister":"Dezanrezistre", ++"updateCdc":"Met azour kouki domenn komin", ++"updateTime":"Dat azour", ++"upgradeSession":"Sesion ameliorasion", ++"useYubikey":"servi ou Yubikey", ++"user":"Itilizater", ++"validationDate":"Dat validasion", ++"value":"Valer", ++"verify":"Verifie", ++"wait":"Atann", ++"waitFor2f":"Pe atann ou deziem fakter aktivasion", ++"waitingmessage":"Otantifikasion an progre, atann silvouple ", ++"warning":"Avertisman", ++"webAuthnBrowserFailed":"Navigater pa finn resi gagn bann credential WebAuthn", ++"webAuthnBrowserInProgress":"Otantifikasion WebAuthn an progre. Swiv bann instriksion ou navigater silvouple", ++"webAuthnFailed":"Otantifikasion WebAuthn finn fel", ++"webAuthnNoDevice":"Pena okenn lekipman WebAuthn disponib pou sa kont-la", ++"webAuthnRegisterFailed":"Lanrezistreman WebAuthn finn fel", ++"webAuthnRegisterInProgress":"Lanrezistreman WebAuthn an progre. Swiv bann instriksion ou navigater silvouple", ++"webAuthnRequired":"Otantifikasion WebAuthn neseser", ++"webAuthnUnsupported":"Ou navigater web pa siport WebAuthn", ++"webauthn2f":"WebAuthn", ++"webauthn2fWelcome":"Lanrezistreman lekipman sekirite", ++"webauthnAlreadyRegistered":"Sa lekipman-la deza anrezistre", ++"webauthnResident":"Sa lekipman-la kapav servi kouma enn passkey", ++"welcomeOnPortal":"Bienveni lor ou portay otantifikasion sekirize.", ++"yesResendMail":"Wi, re-avoy mail-la", ++"your2faIsRegistered":"Ou deziem fakter finn anrezistre", ++"yourAddress":"Konn ou ladres", ++"yourApps":"Ou bann aplikasion", ++"yourEmail":"Konn ou email", ++"yourIdentity":"Konn ou lidantite", ++"yourIdentityIs":"Ou lidantite se", ++"yourKeyIsAlreadyRegistered":"Ou lakle finn DEZA anrezistre!", ++"yourKeyIsRegistered":"Ou lakle finn anrezistre", ++"yourKeyIsUnregistered":"Ou lakle nepli anrezistre", ++"yourKeyIsVerified":"Ou lakle finn verifie", ++"yourNewTotpKey":"Ou nouvo lakle TOTP, silvouple teste li e met kod-la", ++"yourOffline":"Akses ou kont letan ou pa an-lign", ++"yourPasswordIsRegistered":"Ou modpas finn anrezistre", ++"yourPhone":"Konn ou nimero telefonn", ++"yourProfile":"Konn ou profil", ++"yourTotpKey":"Ou lakle TOTP", ++"yubikey2f":"Yubikey" ++} +\ No newline at end of file diff --git a/uwsgi-portal/Dockerfile b/uwsgi-portal/Dockerfile index 35bce21..1a14797 100644 --- a/uwsgi-portal/Dockerfile +++ b/uwsgi-portal/Dockerfile @@ -35,7 +35,7 @@ COPY *.patch / RUN for p in appgrid.patch jwt-type.patch app-scope.patch ignorepollers.patch \ fixedLogout.patch more-logs.patch introspec-for-public-clients.patch \ token-exchange.patch redirect-ajax.patch back-channel-debug.patch \ - crowdsec.patch recaptcha.patch msg-broker.patch \ + crowdsec.patch recaptcha.patch msg-broker.patch mfe.patch \ ; do echo patch $p && patch -p1 < $p; done && \ rm -f /*.patch && \ echo "# Install nginx configuration files" && \ diff --git a/uwsgi-portal/install/usr/share/lemonldap-ng/portal/htdocs/static/common/mfe.png b/uwsgi-portal/install/usr/share/lemonldap-ng/portal/htdocs/static/common/mfe.png new file mode 100644 index 0000000000000000000000000000000000000000..98d0f7cb47d4dcd77c6fdce1cbded313445d33dd GIT binary patch literal 4237 zcmeHKd2ka|9Ntz6H58?l%UWPrsDN~{SJG~lq=-%01V{}fD5tR5eVeXLvLU-|(poMN z6;Qwd2gIT{h*uG&%phXHmP1k0!2<>Q0#uP~o0aUAu z0u&@<2|*G~Vc*&G6=d2UCk72aL_Ek8kNaiUZQ8XvKK*vvtFh_V5Z9tJ_nj!(KOl8( zo%~zV{n?FMtmji}k{1VWKWoc)cf^8=D}OvQaO0pC3orb7g}P9kdi0}o@7PgykGgNy zBQ7uu_Fk=Ca(K^2gGbb-(G5+1z8jpTY>lp49XdW` z;mn(F;9eX2LuyvemDGpp3RgD1QWF^VPJ?Z+@ADCF&1P>O-uENVTX&51S( zbr;TkwX=3bEt2%TyB{u(LlNtAAi!eSF!6JE;#$*-74gAB4E<@A^*& zTp666hNYonnD;h6`FvXSvD1#^>Vs38b6V7;YxDP(QYe}+_9?#U=*6R-JpJ0C%4gZP z@7Ob?y4W81IAzty{ksy^-rj#{Pa`8p=7~jFqldgVf2T&(ZqEE^(4u*#wBtj69#LDf zk1gBFm3^_Hft+)4)27#p)jo30!t@O1xR{uezvKGGbxS|}b?P@I@61dY zeaxP_ZF0r+b4#1+=hj+mUuL^z+<9Wn*VT_De>s2Ksc6k*;h4M?ITSoMBB@xu+Hp58MdMKfnf=$=2BYoD#s`76;YDv~oCsD#YZd zCMywC=i~!Qx#qwym`B^|3rD@)4*H1NrUKN1NbpgDGLu9&Omuxh)m#;jq^+QTd_wiZ zO-hsiRVj}Nz*PYv+UTwnMINuOgF$a8D2Jm)Q&7BalZiqHE?OQ785mI@KnR2(sS4|( zy5Tih>J+P6ZFB!$x}8V54SR`h+8ax z#BB^|!L3w)f~;)7mfMx$?wAZ+$%ndDrBjKJN}#Dcz%VqP$5?W43rXkVJZrJw5(qFf z3GxEA0B=;IuLC#P=W$@Pne2@CLcAs^v9JT1CP&H>oe94j1~W8X7mdoJEeu7H43(Q} zB`wxY&^;igLc{5t6lrEyBO?l2A!OvCapW)`1Vl6vG!puW zyr#tbiV|{QdabBV*^&0b?IiLV@8mTAXCr9~N3tAE`zeYeNsgf=kTB8(uZXf#`EO`_ z^Pu+DC3njzoWIftweF}HU{UL+br_P3t%Rb+rr>y?wFQ;00HRSR#l4_1&^D+{bvD{h6h!Yx*w!Fh_2aNc6$DUy~Lvdsz|?5ZMZaXtnn2ceEoD`-zc zD|DQ(g5$f_5-$b%@<73GlEwcn7}3@+p`RJ;9ovb&X<|13T@D%eTx$#-Uhpg=Iu64& z&0xL%=cjEg{?92;w0Dvo>Dwz;uUtJ+phw_dclFBEBL#W{?seCHCYP!6bqYk_zo0mL zS!&Ead>p=L4f9R&yO15zFO0J-z~*J5VKCRzateWwmX?;;=BF|tCMhtr$ca3fGTaRZ zH%8sFRRrmOi~dbQw$u!R!G4;@>+1J?>X3fO$Uhz~I|xI!dYqH}si%d34<+>tZaLn|pmxe+R;&Bx_cipw{!M^}CL*sh@ literal 0 HcmV?d00001 diff --git a/uwsgi-portal/mfe.patch b/uwsgi-portal/mfe.patch new file mode 100644 index 0000000..a9a7bca --- /dev/null +++ b/uwsgi-portal/mfe.patch @@ -0,0 +1,403 @@ +--- a/etc/lemonldap-ng/lemonldap-ng.ini ++++ b/etc/lemonldap-ng/lemonldap-ng.ini +@@ -198,7 +198,7 @@ staticPrefix = /static + templateDir = /usr/share/lemonldap-ng/portal/templates + + ; languages: available languages for portal interface +-languages = en, fr, vi, it, ar, de, fi, tr, pl, zh_TW, es, pt_BR, he, ru ++languages = en, fr, vi, it, ar, de, fi, tr, pl, zh_TW, es, pt_BR, he, ru, mfe + + ; II - Optional parameters (overwrite configuration) + +--- /dev/null ++++ b/usr/share/lemonldap-ng/portal/htdocs/static/languages/mfe.json +@@ -0,0 +1,388 @@ ++{ ++"2FDeviceNotFound":"Pa trouv lekipman 2F", ++"2fRegRequired":"Sa servis-la bizin enn otantifikasion doub fakter. Anrezistre enn lekipman aster-la, apre retourn lor portay-la.", ++"PE0":"Itilizater finn otantifie", ++"PE1":"Ou koneksion finn expire, ou bizin otantifie ankor enn fwa", ++"PE10":"Sertifika pa valab", ++"PE100":"Mo-de-pas kontenir enn karakter ki pa otorize", ++"PE101":"Mo-de-pas kontenir bann karakter ki pa otorize", ++"PE102":"Bizin met azour sesion", ++"PE103":"Pena deziem fakter disponib pou ou kont", ++"PE104":"Move fisie gestioner DevOps", ++"PE105":"Fisie pa finn trouve", ++"PE106":"Erer pandan otantifikasion avel fourniser OpenID", ++"PE107":"Pa konn sa aplikasion-la", ++"PE108":"URL pa otorize", ++"PE109":"Pa enn URL proteze ouswa ki kapav fer konfians", ++"PE110":"Validasion deziem fakter finn fel, silvouple re-esey", ++"PE111":"Modpas tro long", ++"PE2":"Bizin ranpli itilizater ek modpas", ++"PE20":"Pa finn definir modpas pou backend", ++"PE21":"Ou kont finn bloke", ++"PE22":"Ou modpas finn expire", ++"PE23":"Bizin sertifika", ++"PE24":"Erer", ++"PE25":"Mo-de-pas finn reset e aster bizin sanz li", ++"PE26":"Mo-de-pas pa kapav modifie", ++"PE27":"Bizin osi fourni vie modpas kan pe met enn nouvo modpas", ++"PE28":"kalite mod-de-pas insinifyan", ++"PE29":"Mo-de-pas tro kourt", ++"PE3":"Move kont ou mo-de-pas zestioner repertwar", ++"PE30":"Mo-de-pas tro zenn", ++"PE31":"Mod-de-pas finn servi tro resaman", ++"PE32":"otantifikasion reste, sanz ou mo-de-pas!", ++"PE33":"%d zour, %d lertan, %d minit ek %d segonn avan expirasion modpas sanz li!", ++"PE34":"Bann mo-de-pas pa koresponn", ++"PE35":"Mo-de-pas finn sanze avek sikse", ++"PE36":"Ou ena enn nouvo mesaz", ++"PE37":"Move URL", ++"PE38":"Pena okenn scheme disponib", ++"PE39":"Move vie modpas", ++"PE4":"Itilizater pa trouve dan repertwar", ++"PE40":"Move nom itilizater", ++"PE41":"Ouvertir sesion pa otorize", ++"PE42":"Konfirmasion neseser", ++"PE43":"Ou ladres mail obligatwar", ++"PE44":"Lakle konfirmasion pa valab ouswa tro vie", ++"PE45":"Enn erer finn arive kan finn avoy mail", ++"PE46":"Finn avoy enn mail", ++"PE47":"Ou finn dekonekte", ++"PE48":"Erer SAML ki pa finn definir", ++"PE49":"Pa kapav load servis SAML", ++"PE5":"Move idantifian", ++"PE50":"Problem kan pe mont enn fourniser idantite", ++"PE51":"Enn erer finn arive pandan single sign on SAML", ++"PE52":"Pa konn antite SAML", ++"PE53":"Destinasion mesaz SAML pa korek", ++"PE54":"Bann kondision mesaz SAML pa respekte", ++"PE55":"Single sign on inisie par fourniser idantite pa otorize", ++"PE56":"Ou finn dekonekte me enn erer finn arive dan enn lot aplikasion, ou bizin ferm ou browser", ++"PE57":"Erer dan zestyon signatir mesaz SAML", ++"PE58":"Enn erer finn arive pandan itilizasion artefak SAML", ++"PE59":"Erer kominikasion avek bann sesion SAML", ++"PE6":"Pa kapav konekte ar server LDAP", ++"PE60":"Problem kan pe mont enn fourniser servis", ++"PE61":"Enn erer finn arive pandan lesanz bann atribut SAML", ++"PE62":"Sa se enn paz endpoint OpenID", ++"PE63":"Ou sey servi enn idantite OpenID ki pa pou ou", ++"PE64":"Enn atribut obligatwar pa disponib", ++"PE65":"Federasion interdi par politik sekirite", ++"PE66":"Mail konfirmasion-la finn deza avoye", ++"PE67":"Bizin ranpli bwat modpas", ++"PE68":"Akse pa finn permet lor servis CAS", ++"PE69":"Donn ou ladres mail silvouple", ++"PE7":"Erer anormal depi server LDAP", ++"PE70":"Pena itilizater ki koresponn", ++"PE71":"Silvouple donn ou nouvo modpas", ++"PE72":"Enn mail konfirmasion finn avoye", ++"PE73":"Koneksion Radius finn fel", ++"PE74":"Bizin vie modpas", ++"PE75":"Ou sorti depi enn ladres IP ki pa akredite", ++"PE76":"Ou finn fel pou tap captcha-la", ++"PE77":"Ou bizin tap captcha-la", ++"PE78":"Met ou bann linformasion silvouple", ++"PE79":"Enn linformasion manke", ++"PE8":"Modil stokaz sesion finn fel", ++"PE80":"Sa ladres-la finn deza servi", ++"PE81":"Tantativ otantifikasion pa valab", ++"PE82":"Finn depas letan otantifikasion", ++"PE83":"WebAuthn otantifikasion finn fel", ++"PE84":"Ou pa otorize pou gagn akse a sa masinn-la", ++"PE85":"Sit remote-la pe demann enn sesion pli resan (ek plugin UpgradeSession pa finn load). Dekonekte ek re-esey", ++"PE86":"Ou kont finn bloke. Ou bizin atann", ++"PE87":"Ou bizin otantifie ankor pou gagn akse Portay", ++"PE88":"Ou kont bizin ena enn ladres e-mail pou kapav servi otantifikasion doub fakter", ++"PE89":"Akse pa finn done lor servis SAML", ++"PE9":"Bizin otantifikasion", ++"PE90":"Akse pa finn done lor servis OIDC", ++"PE91":"Akse pa finn done lor servis OID", ++"PE92":"Akse pa finn done lor servis GET", ++"PE93":"Akse pa finn done lor servis IMPERSONATION", ++"PE94":"Enn atribut obligatwar pa disponib", ++"PE95":"Akse pa finn done lor servis DECRYPT", ++"PE96":"Kod verifikasion pa valab", ++"PE97":"Ou sertifika pa valab ouswa pou expire biento", ++"PE98":"Silvouple swazir ou nouvo sertifika", ++"PE99":"Silvouple swazir ou nouvo sertifika", ++"SSOSessionInactive":"Sesion SSO inaktif", ++"UA":"Azan itilizater", ++"VHnotFound":"Masinn virtiel pa finn trouve", ++"accept":"Aksepte", ++"accessDenied":"Ou pena okenn lotorizasion akse pou sa aplikasion-la", ++"accountCreated":"Ou kont finn kree, finn avoy ou modpas tanporer lor ou ladres mail.", ++"accountCreationSuccess":"Ou kont finn kree avek sikse.", ++"action":"Aksion", ++"activeSessions":"Bann sesion SSO aktiv", ++"all":"Tou", ++"allowed":"Akse PERMET", ++"anotherInformation":"Enn lot linformasion:", ++"areYouSure":"Ou sir?", ++"askToRenew":"Sa aplikasion-la bizin enn otantifikasion pli resan. Eski ou anvi re-otantifie?", ++"askToUpgrade":"Sa aplikasion-la bizin enn pli ot nivo otantifikasion. Eski ou anvi re-otantifie?", ++"attributes":"BANN ATRIBI", ++"authLevel":"Nivo otantifikasion", ++"authPortal":"Portay otantifikasion", ++"authRemaining":"%s otantifikasion ki reste, sanz ou modpas!", ++"autoAccept":"Aksepte otomatikman dan 30 segonn", ++"autoGlobalLogout":"Logout globalman otomatikman dan 30 segonn", ++"back2CasUrl":"Aplikasion kot ou fek dekonekte finn donn enn lien pou ou swiv", ++"back2Portal":"Retourn lor portay", ++"badCode":"Move kod", ++"badName":"Move nom", ++"cancel":"Kennsel", ++"captcha":"Captcha", ++"certificateReset":"Reset mo sertifika", ++"changePwd":"Sanz ou modpas", ++"checkDevOps":"Verifie fisie handler DevOps", ++"checkLastLogins":"Chek mo bann dernie login", ++"checkUser":"Verifie profil SSO itilizater", ++"checkUserComputedSession":"Pena okenn sesion SSO ki finn trouve. Bann done finn kalkile!", ++"checkUserMerged":"Verifie profil SSO itilizater. Ena bann group SSO Reel ek Spoofed ki finn zwenn ansam!", ++"checkUserNoSessionFound":"Pena okenn sesion SSO ki finn trouve", ++"checkentropyLabel":"Lafors modpas", ++"choose2f":"Swazir ou deziem fakter", ++"chooseApp":"Swazir enn aplikasion ki ou gagn drwa aksede", ++"cipheredValue":"Valer ki finn kode", ++"click2Reset":"Klik isi pou reset ou modpas", ++"clickHere":"Klik isi silvouple", ++"clickOnYubikey":"Klik lor ou Yubikey", ++"close":"Ferme", ++"closeSSO":"Ferm ou sesion SSO", ++"code":"Kod", ++"confirmLinkSent":"Finn avoy enn lien konfirmasion. Sa lien-la valid ziska", ++"confirmPwd":"Konfirm modpas", ++"confirmation":"Konfirmasion", ++"connect":"Konekte", ++"connectedAs":"Konekte kouma", ++"contextSwitching_OFF":"Aret fer sanblan", ++"contextSwitching_ON":"Fer sanblan enn lot itilizater", ++"continue":"Kontinie", ++"createAccount":"Kre enn kont", ++"current":"Aktiel", ++"currentPwd":"Modpas aktiel", ++"date":"Dat", ++"decryptCipheredValue":"Desifre enn valer kode", ++"enterCred":"Silvouple rant ou bann idantifian", ++"enterExt2fCode":"Finn avoy ou enn kod. Met li silvouple", ++"enterMail2fCode":"Finn avoy enn kod lor ou ladres email. Met li silvouple", ++"enterOpenIDLogin":"Silvouple rant ou login OpenID", ++"enterPassword":"Met ou modpas", ++"enterRadius2fCode":"Met ou kod OTP silvouple", ++"enterRest2fCode":"Met ou kod OTP silvouple", ++"enterTotpCode":"Met kod TOTP", ++"enterYubikey":"Silvouple servi ou Yubikey", ++"errorMsg":"Mesaz erer", ++"expired2Fremoved":"%s bann lekipman 2F ki finn expire finn retire (%s)!", ++"explorer":"Explorer", ++"ext2f":"Kod verifikasion", ++"firstName":"Prenom", ++"forbidden":"Akse INTERDI", ++"forgotPwd":"Finn bliye ou modpas?", ++"generatePwd":"Zener modpas-la otomatikman", ++"generic":"Bann linformasion kontak", ++"generic2fFormatError":"Ou bann linformasion kontak pa koresponn avek format neseser", ++"generic2fwelcome":"Anrezistre ou deziem fakter", ++"genericCheckCode":"Finn transmet ou enn kod, silvouple rant li dan form anba", ++"genericRegisterCode":"Met kod ki finn resevwar", ++"genericRegisterName":"Nom sa linformasion kontak-la", ++"genericRegisterPrompt":"Met ou linformasion kontak", ++"genericRegisterRegister":"Klik lor sa bouton-la pou terminn prosesis lanrezistreman", ++"genericRegisterVerify":"Klik lor sa bouton-la pou resevwar ou kod konfirmasion", ++"genericRegistered":"Ou linformasion kontak finn anrezistre avek sikse", ++"genericverify":"Verifie ou bann linformasion kontak", ++"globalLogout":"logout global", ++"goToPortal":"Al lor portay", ++"gotNewMessages":"Ou ena bann nouvo mesaz", ++"gplSoft":"lozisiel gratwi ki kouver par lisans GPL", ++"groups_sso":"BANN GROUP SSO", ++"headers":"BANN ANTET", ++"hello":"Bonzour", ++"hide":"Kasiet", ++"id":"Id", ++"imSure":"Mo sir", ++"info":"Informasion", ++"ipAddr":"Ladres IP", ++"key":"Lakle", ++"lastFailedLogins":"Dernie login ki finn fel", ++"lastFailedLoginsCaptionLabel":"Dernie login ki finn fel", ++"lastLogins":"Dernie login", ++"lastLoginsCaptionLabel":"Dernie login", ++"lastName":"Sirnom", ++"linkValidUntil":"Sa mesaz-la kontenir enn lien pou reset ou modpas, sa lien-la valab ziska", ++"linkValidUntilCertif":"Sa mesaz-la kontenir enn lien pou reset ou sertifika, sa lien-la valab ziska", ++"login":"Login", ++"loginHistory":"Listwar login", ++"logout":"Logout", ++"logoutConfirm":"Eski ou anvi dekonekte?", ++"logoutFromOtherApp":"Dekonekte depi lezot aplikasion ...", ++"logoutFromSP":"Dekonekte depi bann fourniser servis ...", ++"macros":"MACROS", ++"mail":"Mail", ++"mail2f":"Kod email", ++"mailSent2":"Finn avoy enn mesaz lor ou ladres mail.", ++"maintenanceMode":"Sa aplikasion-la lor mintenans, silvouple sey konekte apre", ++"mandatoryField":"* bwat obligatwar", ++"maxNumberOf2FDevicesReached":"Kantite maximum lekipman 2F finn arive!", ++"missingCode":"Kod-la manke", ++"missingPassword":"Mo-de-pas pa finn rantre", ++"myNotification":"Notifikasion ki mo finn aksepte", ++"myNotifications":"Bann notifikasion ki mo finn aksepte", ++"name":"Nom", ++"newMessages":"Nouvo mesaz", ++"newPassword":"Nouvo modpas", ++"newPwdSentTo":"Finn avoy enn konfirmasion lor ou ladres mail.", ++"noAppAllowed":"Okenn aplikasion pa permet!", ++"noHistory":"Sa se ou premie koneksion, bienveni!", ++"noNotification":"Pa finn trouv okenn notifikasion ki finn aksepte", ++"noTOTPFound":"Pena TOTP ki finn trouve", ++"noU2FKeyFound":"Pa finn trouv lakle U2F", ++"notAnEncryptedValue":"Li pa enn valer ankripte", ++"notAuthorized":"Ou pa otorize pou fer sa", ++"notAuthorizedAuthLevel":"Sa aksion-la bizin enn nivo otantifikasion pli ot", ++"notFound":"Pa finn trouve: ou pe rod aksed enn paz ki pa disponib", ++"notificationNotFound":"Notifikasion pa finn trouve dan baz done", ++"notificationRetrieveFailed":"Pa kapav rekiper notifikasion", ++"notificationsExplorer":"Explorater notifikasion", ++"oidcConsent":"Aplikasion %s bizin:", ++"oidcConsents":"OIDC dakor", ++"oidcConsentsFull":"OpenID Connect dakor", ++"okta2f":"Okta", ++"okta2fSelectFactor":"Seleksionn modil Okta ki ou anvi servi", ++"okta2fpush":"Okta Push", ++"okta2fsms":"Okta SMS", ++"okta2ftokensoftwaretotp":"Okta TOTP", ++"oneExpired2Fremoved":"Enn lekipman 2F ki finn expire finn retire (%s)!", ++"openIdExample":"par exanp:http://myopenid.org/toto", ++"openSSOSession":"Ouver ou sesion SSO", ++"openSessionSpace":"Sa lespas-la permet ou ouver enn sesion SSO. Sa pou ed ou gagn akse a tou bann aplikasion ki finn otoriz par ou profil dan enn fason sekirize.", ++"openidAp":"Eski ou dakor pou donn sa bann paramet-la?", ++"openidExchange":"Eski ou anvi otantifie oumem lor %s ?", ++"openidPA":"Polisi itilizasion done disponib lor", ++"openidRpns":"Paramet %s ki finn demande pou federasion pa disponib", ++"otherSessions":"Bann lezot sesion aktif", ++"password":"Modpas", ++"password2f":"Modpas", ++"passwordCompromised":"Pa finn trouve dan enn baz done bann modpas ki finn konpromi", ++"passwordPolicy":"Silvouple respekte sa polisi-la:", ++"passwordPolicyMaxSize":"Dimansion maximal:", ++"passwordPolicyMinDigit":"Karakter sif minimal:", ++"passwordPolicyMinLower":"Bann tit let:", ++"passwordPolicyMinSize":"Dimansion minim:", ++"passwordPolicyMinSpeChar":"karakter spesial minimal:", ++"passwordPolicyMinUpper":"Bann karakter kapital", ++"passwordPolicyNone":"Ou lib pou swazir ou modpas!", ++"passwordPolicySamePwd":"Ou bizin konfirm ou nouvo modpas par rant li de fwa", ++"passwordPolicySpecialChar":"Bann karakter spesial ki permet:", ++"passwordverify":"Re-verifie ou modpas", ++"pasteHere":"Met ou fisie isi...", ++"ppGrace":"otantifikasion ki reste, sanz ou modpas!", ++"proxyError":"Move gateway: pa kapav zwenn server a distans", ++"pwd":"Modpas", ++"pwdChange":"Sanzman modpas", ++"pwdChanged":"Ou modpas finn sanze avek sikse!", ++"pwdResetAlreadyIssued":"Enn demann pou reset enn modpas finn deza sorti lor", ++"pwdWillExpire":"%s zour, %s ertan, %s minit ek %s segonn avan expirasion modpas, sanz li!", ++"radius2f":"Radius", ++"redirectedFrom":"Ou finn redirize depi", ++"redirectedIn":"Ou pou redirize dan 30 segonn", ++"redirectionInProgress":"Redireksion an kour...", ++"redirectionToIdp":"Redireksion ver ou Fourniser Idantite", ++"reference":"Referans", ++"refreshrights":"Refresh mo bann drwa", ++"refuse":"Refize", ++"register":"Anrezistre", ++"registerRequestAlreadyIssued":"Enn demann pou anrezistre pou sa kont-la ti deza sorti lor", ++"rememberChoice":"Rapel mo swa", ++"rememberTimerLabel":"s avan otantifikasion otomatik", ++"remove2fWarning":"Sa loperasion-la pa kapav retourn deryer", ++"removeOtherSessions":"Retir bann lezot sesion", ++"renewSession":"Renouvle sesion", ++"resendCode":"Re-avoy kod", ++"resendConfirmMail":"Re-avoy bann mail konfirmasion?", ++"resendTooSoon":"Silvouple atann inpe plis avan sey re-avoy kod-la", ++"resentConfirm":"Eski ou anvi ki re-avoy sa mesaz konfirmasion-la?", ++"resetPwd":"Reset mo modpas", ++"rest2f":"Kod verifikasion", ++"retry":"Re-eseye", ++"rightsReloadNeedsLogout":"Drwa reload bizin logout ek login ankor", ++"rules":"REG", ++"scope":"lanpler", ++"search":"Resers", ++"searchAccount":"Rod enn kont", ++"searchingForm":"Form resers", ++"seconds":"segonn", ++"selectIdP":"Swazir ou fourniser idantite", ++"sendPwd":"Avoy mwa enn lien", ++"serverError":"Finn ena enn erer lor server-la", ++"service":"Servis", ++"serviceProvidedBy":"Servis ki finn done par", ++"sessionsDeleted":"Bann sesion swivan finn ferme", ++"sfaManager":"2em FA Manager", ++"showhidePasswords":"Montre/Kasiet bann modpas", ++"spoofId":"Id fos", ++"startTime":"Dat kreasion", ++"stayConnected":"Fer konfians sa lekipman-la pou bann login dan lavenir", ++"submit":"Soumet", ++"switchContext":"Sanz kontext", ++"totp2f":"OTP App", ++"totpMissingCode":"Silvouple, rant kod ki ou aplikasion TOTP finn done", ++"totpOrTouch":"Si ou trouv sa lor ou portab, tous kod QR pou ouver ou aplikasion TOTP", ++"totpQrCode":"Skann sa kod QR-la dan ou aplikasion TOTP", ++"totpRegisterCode":"Met kod ki ou aplikasion finn done", ++"totpRegisterName":"Swazir enn nom pou sa lekipman TOTP-la", ++"totpSecretKey":"Si ou aplikasion TOTP pa siport bann kod QR, rant sa lakle-la plito:", ++"touchU2fDevice":"Silvouple tous lekipman U2F ki pe flashe aster-la mem.", ++"touchU2fDeviceOrEnterTotp":"Silvouple tous lekipman U2F ki pe flashe ouswa met kod TOTP.", ++"type":"Tip", ++"u2f":"Lakle U2F", ++"u2fFailed":"Verifikasion U2F finn fel. Re-eseye ou kontakte ou administrater", ++"u2fPermission":"Kapav demann ou permission pou les sit-la gagn akse a ou bann lakle sekirite. Apre ki finn donn permision, lekipman-la pou koumans klignote.", ++"u2fWelcome":"Zesion lekipman U2F", ++"unableToGetKey":"Pa kapav gagn akse a ou lakle. Re-eseye ou kontakte ou administrater", ++"unknownAction":"Aksion inkoni", ++"unknownAttributes":"Bann atribut inkoni", ++"unregister":"Dezanrezistre", ++"updateCdc":"Met azour kouki domenn komin", ++"updateTime":"Dat azour", ++"upgradeSession":"Sesion ameliorasion", ++"useYubikey":"servi ou Yubikey", ++"user":"Itilizater", ++"validationDate":"Dat validasion", ++"value":"Valer", ++"verify":"Verifie", ++"wait":"Atann", ++"waitFor2f":"Pe atann ou deziem fakter aktivasion", ++"waitingmessage":"Otantifikasion an progre, atann silvouple ", ++"warning":"Avertisman", ++"webAuthnBrowserFailed":"Navigater pa finn resi gagn bann credential WebAuthn", ++"webAuthnBrowserInProgress":"Otantifikasion WebAuthn an progre. Swiv bann instriksion ou navigater silvouple", ++"webAuthnFailed":"Otantifikasion WebAuthn finn fel", ++"webAuthnNoDevice":"Pena okenn lekipman WebAuthn disponib pou sa kont-la", ++"webAuthnRegisterFailed":"Lanrezistreman WebAuthn finn fel", ++"webAuthnRegisterInProgress":"Lanrezistreman WebAuthn an progre. Swiv bann instriksion ou navigater silvouple", ++"webAuthnRequired":"Otantifikasion WebAuthn neseser", ++"webAuthnUnsupported":"Ou navigater web pa siport WebAuthn", ++"webauthn2f":"WebAuthn", ++"webauthn2fWelcome":"Lanrezistreman lekipman sekirite", ++"webauthnAlreadyRegistered":"Sa lekipman-la deza anrezistre", ++"webauthnResident":"Sa lekipman-la kapav servi kouma enn passkey", ++"welcomeOnPortal":"Bienveni lor ou portay otantifikasion sekirize.", ++"yesResendMail":"Wi, re-avoy mail-la", ++"your2faIsRegistered":"Ou deziem fakter finn anrezistre", ++"yourAddress":"Konn ou ladres", ++"yourApps":"Ou bann aplikasion", ++"yourEmail":"Konn ou email", ++"yourIdentity":"Konn ou lidantite", ++"yourIdentityIs":"Ou lidantite se", ++"yourKeyIsAlreadyRegistered":"Ou lakle finn DEZA anrezistre!", ++"yourKeyIsRegistered":"Ou lakle finn anrezistre", ++"yourKeyIsUnregistered":"Ou lakle nepli anrezistre", ++"yourKeyIsVerified":"Ou lakle finn verifie", ++"yourNewTotpKey":"Ou nouvo lakle TOTP, silvouple teste li e met kod-la", ++"yourOffline":"Akses ou kont letan ou pa an-lign", ++"yourPasswordIsRegistered":"Ou modpas finn anrezistre", ++"yourPhone":"Konn ou nimero telefonn", ++"yourProfile":"Konn ou profil", ++"yourTotpKey":"Ou lakle TOTP", ++"yubikey2f":"Yubikey" ++} +\ No newline at end of file From 9f000c356badd04f47afee8dad29bdbe7e9a73b7 Mon Sep 17 00:00:00 2001 From: Yadd Date: Thu, 22 Aug 2024 12:18:30 +0400 Subject: [PATCH 3/7] Fix mfe --- .../install/etc/lemonldap-ng/lemonldap-ng.ini | 420 ++++++++++++++++++ portal/mfe.patch | 11 - .../install/etc/lemonldap-ng/lemonldap-ng.ini | 420 ++++++++++++++++++ uwsgi-portal/mfe.patch | 11 - 4 files changed, 840 insertions(+), 22 deletions(-) create mode 100644 portal/install/etc/lemonldap-ng/lemonldap-ng.ini create mode 100644 uwsgi-portal/install/etc/lemonldap-ng/lemonldap-ng.ini diff --git a/portal/install/etc/lemonldap-ng/lemonldap-ng.ini b/portal/install/etc/lemonldap-ng/lemonldap-ng.ini new file mode 100644 index 0000000..a999e2f --- /dev/null +++ b/portal/install/etc/lemonldap-ng/lemonldap-ng.ini @@ -0,0 +1,420 @@ +;============================================================================== +; LemonLDAP::NG local configuration parameters +; +; This file is dedicated to configuration parameters override +; You can set here configuration parameters that will be used only by +; local LemonLDAP::NG elements +; +; Section "all" is always read first before "portal", "handler" +; and "manager" +; +; Section "configuration" is used to load global configuration and set cache +; (replace old storage.conf file) +; +; Other section are only read by the specific LemonLDAP::NG component +;============================================================================== + +[all] +userLogger = Lemonldap::NG::Common::Logger::Std +logger = Lemonldap::NG::Common::Logger::Std + +; CUSTOM FUNCTION +; If you want to create customFunctions in rules, declare them here: +;require = Package +; Prevent Portal to crash if Perl module is not found +;requireDontDie = 1 +;customFunctions = function1 function2 +;customFunctions = Package::func1 Package::func2 + +; CROSS-DOMAIN +; If you have some handlers that are not registered on the main domain, +; uncomment this +;cda = 1 + +; SAFE JAIL +; Comment this to configure Safe jail with Manager. +; It can also be disabled from here by setting value to 0. +; Warning: this can allow malicious code in custom functions or rules +useSafeJail = 1 + +; LOGGING +; +; 1 - Defined logging level +; Set here one of error, warn, notice, info or debug +logLevel=info +; Note that this has no effect for Apache2 logging: Apache LogLevel is used +; instead +; +; 2 - Change logger +; +; By default, logging is set to: +; - Lemonldap::NG::Common::Logger::Apache2 for ApacheMP2 handlers +; - Lemonldap::NG::Common::Logger::Syslog for FastCGI (Nginx) +; - Lemonldap::NG::Common::Logger::Std for PSGI applications (manager, +; portal,...) when they are not +; launched by FastCGI server +; Other loggers availables: +; - Lemonldap::NG::Common::Logger::Log4perl to use Log4perl +; +; "Std" is redirected to the web server logs for Apache. For Nginx, only if +; request failed +; +; You can overload this in this section (for all) or in another section if +; you want to change logger for a specified app. +; +; LLNG uses 2 loggers: 1 for technical logs (logger), 1 for user actions +; (userLogger). "userLogger" uses the same class as "logger" if not set. +;logger = Lemonldap::NG::Common::Logger::Syslog +;userLogger = Lemonldap::NG::Common::Logger::Log4perl +; +; 2.1 - Using Syslog +; +; For Syslog logging, you can also overwrite facilities. Default values: +;logger = Lemonldap::NG::Common::Logger::Syslog +;syslogFacility = daemon +;syslogOptions = cons,pid,ndelay +;userSyslogFacility = auth +;userSyslogOptions = cons,pid,ndelay +; +; 2.2 - Using Log4perl +; +; If you want to use Log4perl, you can set these parameters. Here are default +; values: +;logger = Lemonldap::NG::Common::Logger::Log4perl +;log4perlConfFile = /etc/log4perl.conf +;log4perlLogger = LLNG +;log4perlUserLogger = LLNGuser +; +; Here, Log4perl configuration is read from /etc/log4perl.conf. The "LLNG" +; value points to the logger class. Example: +; log4perl.logger.LLNG = WARN, File1 +; log4perl.logger.LLNGuser = INFO, File2 +; ... + +; CONFIGURATION CHECK +; +; LLNG checks configuration at server start. If you use "reload" mechanism, +; local cache will be updated. Configuration is checked locally every +; 10 minutes by each LLNG component. You can change this value using +; `checkTime` (time in seconds). +; To increase performances, you should comment this parameter and rely on cache. +checkTime = 1 + +[configuration] + +; confTimeout: maximum time to get configuration (default 10) +;confTimeout = 5 + +; GLOBAL CONFIGURATION ACCESS TYPE +; (File, REST, SOAP, CDBI/RDBI, LDAP, YAMLFile) +; Set here the parameters needed to access to LemonLDAP::NG configuration. +; You have to set "type" to one of the followings : +; +; * File/YAMLFile: you have to set 'dirName' parameter. Example: +; +; type = File ; or type = YAMLFile +; dirName = /var/lib/lemonldap-ng/conf +; ; Optimize JSON for readability instead of performance +; prettyPrint = 1 +; +; * CDBI/RDBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword' +; if needed. Example: +; +; type = CDBI +; ;type = RDBI +; dbiChain = DBI:MariaDB:database=lemonldap-ng;host=1.2.3.4 +; dbiUser = lemonldap +; dbiPassword = password +; +; * REST: REST configuration access is a sort of proxy: the portal is +; configured to use the real session storage type (DBI or File for +; example). +; You have to set 'baseUrl' parameter. Example: +; +; type = REST +; baseUrl = https://auth.example.com/config +; lwpOpts = { timeout => 5 } +; lwpSslOpts = { SSL_ca_file => "..." } +; user = lemonldap +; password = mypassword +; realm = myrealm +; +; * LDAP: you have to set ldapServer, ldapConfBase, ldapBindDN and ldapBindPassword. +; +; type = LDAP +; ldapServer = ldap://localhost +; ldapConfBase = ou=conf,ou=applications,dc=example,dc=com +; ldapBindDN = cn=manager,dc=example,dc=com +; ldapBindPassword = secret +; ldapObjectClass = applicationProcess +; ldapAttributeId = cn +; ldapAttributeContent = description + +type = Overlay +overlayRealtype = File +overlayDirectory = /over + +dirName = /var/lib/lemonldap-ng/conf +; Optimize for readability instead of performance +prettyPrint = 1 + +; LOCAL CACHE CONFIGURATION +; +; To increase performances, use a local cache for the configuration. You have +; to choose a Cache::Cache module and set its parameters. Example: +; +; localStorage = Cache::FileCache +; localStorageOptions={ \ +; 'namespace' => 'lemonldap-ng-config',\ +; 'default_expires_in' => 600, \ +; 'directory_umask' => '007', \ +; 'cache_root' => '/var/cache/lemonldap-ng', \ +; 'cache_depth' => 3, \ +; } +localStorage=Cache::FileCache +localStorageOptions={ \ + 'namespace' => 'lemonldap-ng-config',\ + 'default_expires_in' => 600, \ + 'directory_umask' => '007', \ + 'cache_root' => '/var/cache/lemonldap-ng', \ + 'cache_depth' => 3, \ +} + +[apply] + +; reload URLs for distant Hanlders + + +[portal] + +; PORTAL CUSTOMIZATION + +; I - Required parameters + +; staticPrefix: relative (or URL) location of static HTML components +staticPrefix = /static + +; location of HTML templates directory +templateDir = /usr/share/lemonldap-ng/portal/templates + +; languages: available languages for portal interface +languages = en, fr, vi, ru, mfe, it, ar, de, fi, tr, pl, zh_TW, es, pt_BR, he, ru + +; II - Optional parameters (overwrite configuration) + +; Name of the skin +;portalSkin = pastel +; Modules displayed +;portalDisplayLogout = 1 +;portalDisplayResetPassword = 1 +;portalDisplayChangePassword = 1 +;portalDisplayAppslist = 1 +;portalDisplayLoginHistory = 1 +; Require the old password when changing password +;portalRequireOldPassword = 1 +; Attribute displayed as connected user +;portalUserAttr = mail +; Old menu HTML code +; Enable it if you use old templates +;useOldMenuItems=1 +; Override error codes +;error_0 = You are well authenticated! +; Custom template parameters +; For example to use +;tpl_myparam = test + +; COMBINATION FORMS +; If you want to fix forms to display, you can use this; +;combinationForms = standardform, yubikeyform + +;syslog = auth +; SOAP FUNCTIONS +; Remove comment to activate SOAP Functions getCookies(user,pwd) and +; error(language, code) +;Soap = 1 +; Note that getAttibutes() will be activated but on a different URI +; (http://auth.example.com/sessions) +; You can also restrict attributes and macros exported by getAttributes +;exportedAttr = uid mail + +; PASSWORD POLICY +; Remove comment to use LDAP Password Policy +;ldapPpolicyControl = 1 +; Remove comment to store password in session (use with caution) +;storePassword = 1 +; Remove comment to use LDAP modify password extension +; (beware of compatibility with LDAP Password Policy) +;ldapSetPassword = 1 +; RESET PASSWORD BY MAIL +; SMTP server (default to localhost), set to '' to use default mail service +;SMTPServer = localhost +; SMTP auth user +;SMTPAuthUser = toto +; SMTP auth password +;SMTPAuthPass = secret +; Mail From address +;mailFrom = noreply@example.com +; Reply To +;mailReplyTo = noreply@example.com +; Mail confirmation URL +;mailUrl = http://reset.example.com +; Mail subject for confirmation message +;mailConfirmSubject = [LemonLDAP::NG] Password reset confirmation +; Mail body for confiramtion (can use $url for confirmation URL, and other session +; infos, like $cn). Keep comment to use HTML templates +;mailConfirmBody = Hello $cn,\n\nClick here to receive your new password: $url +; Mail subject for new password message +;mailSubject = [LemonLDAP::NG] Your new password +; Mail body for new password (can use $password for generated password, and other session +; infos, like $cn). Keep comment to use HTML templates +;mailBody = Hello $cn,\n\nYour new password is $password +; LDAP filter to use +;mailLDAPFilter = '(&(mail=$mail)(objectClass=inetOrgPerson))' +; Random regexp for password generation +;randomPasswordRegexp = [A-Z]{3}[a-z]{5}.\d{2} +; LDAP GROUPS +; Set the base DN of your groups branch +;ldapGroupBase = ou=groups,dc=example,dc=com +; Objectclass used by groups +;ldapGroupObjectClass = groupOfUniqueNames +; Attribute used by groups to store member +;ldapGroupAttributeName = uniqueMember +; Attribute used by user to link to groups +;ldapGroupAttributeNameUser = dn +; Attribute used to identify a group. The group will be displayed as +; cn|mail|status, where cn, mail and status will be replaced by their +; values. +;ldapGroupAttributeNameSearch = cn mail + +; NOTIFICATIONS SERVICE +; Use it to be able to notify messages during authentication +;notification = 1 +; Note that the SOAP function newNotification will be activated on +; http://auth.example.com/notification +; If you want to hide this, just protect "/index.fcgi/notification" in +; your Apache configuration file +; XSS protection bypass +; By default, the portal refuses redirections that come from sites not +; registered in the configuration (manager) except for those coming +; from trusted domains. By default, trustedDomains contains the domain +; declared in the manager. You can set trustedDomains to empty value so +; that, undeclared sites will be rejected. You can also set here a list +; of trusted domains or hosts separated by spaces. This is usefull if +; your website use LemonLDAP::NG without handler with SOAP functions. +;trustedDomains = my.trusted.host example2.com + +; Check XSS +; Set to 0 to disable error on XSS attack detection +;checkXSS = 0 + +; pdata cookie domain +; pdata cookie could not be sent with cross domains AJAX request +; Null is default value +;pdataDomain = example.com + +; CUSTOM PLUGINS +; If you want to add custom plugins, set list here (comma separated) +; Read Lemonldap::NG::Portal::Main::Plugin(3pm) man page. +;customPlugins = ::My::Package1, ::My::Package2 + +; To avoid bad/expired OTT if "authssl" and "auth" are served by different Load Balancers +; you can override OTT configuration to store Upgrade or Issuer OTT into global storage +;forceGlobalStorageUpgradeOTT = 1 +;forceGlobalStorageIssuerOTT = 1 + +[handler] + +; Handler cache configuration +; You can overwrite here local session cache settings in manager: +; localSessionStorage=Cache::FileCache +; localSessionStorageOptions={ \ +; 'namespace' => 'lemonldap-ng-sessions', \ +; 'default_expires_in' => 600, \ +; 'directory_umask' => '007', \ +; 'cache_root' => '/var/cache/lemonldap-ng', \ +; 'cache_depth' => 3, \ +; } + +; Set https to 1 if your handler protect a https website (used only for +; redirections to the portal) +;https = 0 +; Set port if your handler protects a website on a non standard port +; - 80 for http, 443 for https (used only for redirections to the portal) +;port = 8080 +; Set status to 1 if you want to have the report of activity (used for +; example to inform MRTG) +status = 0 +; Set useRedirectOnForbidden to 1 if you want to use REDIRECT and not FORBIDDEN +; when a user is not allowed by Handler +;useRedirectOnForbidden = 1 +; Hide LemonLDAP::NG Handler in Apache Server Signature +;hideSignature = 1 +; Set ServiceToken timeout +;handlerServiceTokenTTL = 30 +; Set Impersonation/ContextSwitching prefix +; impersonationPrefix = real_ +useRedirectOnError = 1 + +; Zimbra Handler parameters +;zimbraPreAuthKey = XXXX +;zimbraAccountKey = uid +;zimbraBy =id +;zimbraUrl = /service/preauth +;zimbraSsoUrl = ^/zimbrasso$ + +[manager] + +; Manager protection: by default, the manager is protected by a demo account. +; You can protect it : +; * by Apache itself, +; * by the parameter 'protection' which can take one of the following +; values : +; * authenticate : all authenticated users can access +; * manager : manager is protected like other virtual hosts: you +; have to set rules in the corresponding virtual host +; * : you can set here directly the rule to apply +; * none : no protection +protection = manager + +; staticPrefix: relative (or URL) location of static HTML components +staticPrefix = /static +; docPrefix: relative (or URL) location of embedded documentation +docPrefix = /doc + +; instanceName: Display LLNG instance name +;instanceName = Demo +; customCSS: CSS file to customize Manager +;customCSS = css/custom.css +; customPortalUrl: Override Portal drop-down menu links +;customPortalUrl = http://external-portal.internal.com + +; location of HTML templates directory +templateDir = /usr/share/lemonldap-ng/manager/htdocs/templates + +; languages: available languages for manager interface +languages = en, fr, it, vi, ar, tr, pl, zh_TW, es, he, pt_BR, ru + +; Manager modules enabled +; Set here the list of modules you want to see in manager interface +; The first will be used as default module displayed +;enabledModules = conf, sessions, notifications, 2ndFA, viewer +enabledModules = conf, sessions, notifications, 2ndFA + +; To avoid restricted users to edit configuration, defaulModule MUST be different than 'conf' +; 'conf' is set by default +;defaultModule = viewer + +; Viewer module allows us to edit configuration in read-only mode +; Options can be set with specific rules like this : +;viewerAllowBrowser = $uid eq 'dwho' +;viewerAllowDiff = $uid ne 'dwho' +; +; Viewer options - Default values +;viewerHiddenKeys = samlIDPMetaDataNodes samlSPMetaDataNodes managerPassword ManagerDn globalStorageOptions persistentStorageOptions +;viewerAllowBrowser = 0 +;viewerAllowDiff = 0 + +;[node-handler] +; +;This section is for node-lemonldap-ng-handler +;nodeVhosts = test3.example.com, test4.example.com diff --git a/portal/mfe.patch b/portal/mfe.patch index a9a7bca..cb0c3fd 100644 --- a/portal/mfe.patch +++ b/portal/mfe.patch @@ -1,14 +1,3 @@ ---- a/etc/lemonldap-ng/lemonldap-ng.ini -+++ b/etc/lemonldap-ng/lemonldap-ng.ini -@@ -198,7 +198,7 @@ staticPrefix = /static - templateDir = /usr/share/lemonldap-ng/portal/templates - - ; languages: available languages for portal interface --languages = en, fr, vi, it, ar, de, fi, tr, pl, zh_TW, es, pt_BR, he, ru -+languages = en, fr, vi, it, ar, de, fi, tr, pl, zh_TW, es, pt_BR, he, ru, mfe - - ; II - Optional parameters (overwrite configuration) - --- /dev/null +++ b/usr/share/lemonldap-ng/portal/htdocs/static/languages/mfe.json @@ -0,0 +1,388 @@ diff --git a/uwsgi-portal/install/etc/lemonldap-ng/lemonldap-ng.ini b/uwsgi-portal/install/etc/lemonldap-ng/lemonldap-ng.ini new file mode 100644 index 0000000..a999e2f --- /dev/null +++ b/uwsgi-portal/install/etc/lemonldap-ng/lemonldap-ng.ini @@ -0,0 +1,420 @@ +;============================================================================== +; LemonLDAP::NG local configuration parameters +; +; This file is dedicated to configuration parameters override +; You can set here configuration parameters that will be used only by +; local LemonLDAP::NG elements +; +; Section "all" is always read first before "portal", "handler" +; and "manager" +; +; Section "configuration" is used to load global configuration and set cache +; (replace old storage.conf file) +; +; Other section are only read by the specific LemonLDAP::NG component +;============================================================================== + +[all] +userLogger = Lemonldap::NG::Common::Logger::Std +logger = Lemonldap::NG::Common::Logger::Std + +; CUSTOM FUNCTION +; If you want to create customFunctions in rules, declare them here: +;require = Package +; Prevent Portal to crash if Perl module is not found +;requireDontDie = 1 +;customFunctions = function1 function2 +;customFunctions = Package::func1 Package::func2 + +; CROSS-DOMAIN +; If you have some handlers that are not registered on the main domain, +; uncomment this +;cda = 1 + +; SAFE JAIL +; Comment this to configure Safe jail with Manager. +; It can also be disabled from here by setting value to 0. +; Warning: this can allow malicious code in custom functions or rules +useSafeJail = 1 + +; LOGGING +; +; 1 - Defined logging level +; Set here one of error, warn, notice, info or debug +logLevel=info +; Note that this has no effect for Apache2 logging: Apache LogLevel is used +; instead +; +; 2 - Change logger +; +; By default, logging is set to: +; - Lemonldap::NG::Common::Logger::Apache2 for ApacheMP2 handlers +; - Lemonldap::NG::Common::Logger::Syslog for FastCGI (Nginx) +; - Lemonldap::NG::Common::Logger::Std for PSGI applications (manager, +; portal,...) when they are not +; launched by FastCGI server +; Other loggers availables: +; - Lemonldap::NG::Common::Logger::Log4perl to use Log4perl +; +; "Std" is redirected to the web server logs for Apache. For Nginx, only if +; request failed +; +; You can overload this in this section (for all) or in another section if +; you want to change logger for a specified app. +; +; LLNG uses 2 loggers: 1 for technical logs (logger), 1 for user actions +; (userLogger). "userLogger" uses the same class as "logger" if not set. +;logger = Lemonldap::NG::Common::Logger::Syslog +;userLogger = Lemonldap::NG::Common::Logger::Log4perl +; +; 2.1 - Using Syslog +; +; For Syslog logging, you can also overwrite facilities. Default values: +;logger = Lemonldap::NG::Common::Logger::Syslog +;syslogFacility = daemon +;syslogOptions = cons,pid,ndelay +;userSyslogFacility = auth +;userSyslogOptions = cons,pid,ndelay +; +; 2.2 - Using Log4perl +; +; If you want to use Log4perl, you can set these parameters. Here are default +; values: +;logger = Lemonldap::NG::Common::Logger::Log4perl +;log4perlConfFile = /etc/log4perl.conf +;log4perlLogger = LLNG +;log4perlUserLogger = LLNGuser +; +; Here, Log4perl configuration is read from /etc/log4perl.conf. The "LLNG" +; value points to the logger class. Example: +; log4perl.logger.LLNG = WARN, File1 +; log4perl.logger.LLNGuser = INFO, File2 +; ... + +; CONFIGURATION CHECK +; +; LLNG checks configuration at server start. If you use "reload" mechanism, +; local cache will be updated. Configuration is checked locally every +; 10 minutes by each LLNG component. You can change this value using +; `checkTime` (time in seconds). +; To increase performances, you should comment this parameter and rely on cache. +checkTime = 1 + +[configuration] + +; confTimeout: maximum time to get configuration (default 10) +;confTimeout = 5 + +; GLOBAL CONFIGURATION ACCESS TYPE +; (File, REST, SOAP, CDBI/RDBI, LDAP, YAMLFile) +; Set here the parameters needed to access to LemonLDAP::NG configuration. +; You have to set "type" to one of the followings : +; +; * File/YAMLFile: you have to set 'dirName' parameter. Example: +; +; type = File ; or type = YAMLFile +; dirName = /var/lib/lemonldap-ng/conf +; ; Optimize JSON for readability instead of performance +; prettyPrint = 1 +; +; * CDBI/RDBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword' +; if needed. Example: +; +; type = CDBI +; ;type = RDBI +; dbiChain = DBI:MariaDB:database=lemonldap-ng;host=1.2.3.4 +; dbiUser = lemonldap +; dbiPassword = password +; +; * REST: REST configuration access is a sort of proxy: the portal is +; configured to use the real session storage type (DBI or File for +; example). +; You have to set 'baseUrl' parameter. Example: +; +; type = REST +; baseUrl = https://auth.example.com/config +; lwpOpts = { timeout => 5 } +; lwpSslOpts = { SSL_ca_file => "..." } +; user = lemonldap +; password = mypassword +; realm = myrealm +; +; * LDAP: you have to set ldapServer, ldapConfBase, ldapBindDN and ldapBindPassword. +; +; type = LDAP +; ldapServer = ldap://localhost +; ldapConfBase = ou=conf,ou=applications,dc=example,dc=com +; ldapBindDN = cn=manager,dc=example,dc=com +; ldapBindPassword = secret +; ldapObjectClass = applicationProcess +; ldapAttributeId = cn +; ldapAttributeContent = description + +type = Overlay +overlayRealtype = File +overlayDirectory = /over + +dirName = /var/lib/lemonldap-ng/conf +; Optimize for readability instead of performance +prettyPrint = 1 + +; LOCAL CACHE CONFIGURATION +; +; To increase performances, use a local cache for the configuration. You have +; to choose a Cache::Cache module and set its parameters. Example: +; +; localStorage = Cache::FileCache +; localStorageOptions={ \ +; 'namespace' => 'lemonldap-ng-config',\ +; 'default_expires_in' => 600, \ +; 'directory_umask' => '007', \ +; 'cache_root' => '/var/cache/lemonldap-ng', \ +; 'cache_depth' => 3, \ +; } +localStorage=Cache::FileCache +localStorageOptions={ \ + 'namespace' => 'lemonldap-ng-config',\ + 'default_expires_in' => 600, \ + 'directory_umask' => '007', \ + 'cache_root' => '/var/cache/lemonldap-ng', \ + 'cache_depth' => 3, \ +} + +[apply] + +; reload URLs for distant Hanlders + + +[portal] + +; PORTAL CUSTOMIZATION + +; I - Required parameters + +; staticPrefix: relative (or URL) location of static HTML components +staticPrefix = /static + +; location of HTML templates directory +templateDir = /usr/share/lemonldap-ng/portal/templates + +; languages: available languages for portal interface +languages = en, fr, vi, ru, mfe, it, ar, de, fi, tr, pl, zh_TW, es, pt_BR, he, ru + +; II - Optional parameters (overwrite configuration) + +; Name of the skin +;portalSkin = pastel +; Modules displayed +;portalDisplayLogout = 1 +;portalDisplayResetPassword = 1 +;portalDisplayChangePassword = 1 +;portalDisplayAppslist = 1 +;portalDisplayLoginHistory = 1 +; Require the old password when changing password +;portalRequireOldPassword = 1 +; Attribute displayed as connected user +;portalUserAttr = mail +; Old menu HTML code +; Enable it if you use old templates +;useOldMenuItems=1 +; Override error codes +;error_0 = You are well authenticated! +; Custom template parameters +; For example to use +;tpl_myparam = test + +; COMBINATION FORMS +; If you want to fix forms to display, you can use this; +;combinationForms = standardform, yubikeyform + +;syslog = auth +; SOAP FUNCTIONS +; Remove comment to activate SOAP Functions getCookies(user,pwd) and +; error(language, code) +;Soap = 1 +; Note that getAttibutes() will be activated but on a different URI +; (http://auth.example.com/sessions) +; You can also restrict attributes and macros exported by getAttributes +;exportedAttr = uid mail + +; PASSWORD POLICY +; Remove comment to use LDAP Password Policy +;ldapPpolicyControl = 1 +; Remove comment to store password in session (use with caution) +;storePassword = 1 +; Remove comment to use LDAP modify password extension +; (beware of compatibility with LDAP Password Policy) +;ldapSetPassword = 1 +; RESET PASSWORD BY MAIL +; SMTP server (default to localhost), set to '' to use default mail service +;SMTPServer = localhost +; SMTP auth user +;SMTPAuthUser = toto +; SMTP auth password +;SMTPAuthPass = secret +; Mail From address +;mailFrom = noreply@example.com +; Reply To +;mailReplyTo = noreply@example.com +; Mail confirmation URL +;mailUrl = http://reset.example.com +; Mail subject for confirmation message +;mailConfirmSubject = [LemonLDAP::NG] Password reset confirmation +; Mail body for confiramtion (can use $url for confirmation URL, and other session +; infos, like $cn). Keep comment to use HTML templates +;mailConfirmBody = Hello $cn,\n\nClick here to receive your new password: $url +; Mail subject for new password message +;mailSubject = [LemonLDAP::NG] Your new password +; Mail body for new password (can use $password for generated password, and other session +; infos, like $cn). Keep comment to use HTML templates +;mailBody = Hello $cn,\n\nYour new password is $password +; LDAP filter to use +;mailLDAPFilter = '(&(mail=$mail)(objectClass=inetOrgPerson))' +; Random regexp for password generation +;randomPasswordRegexp = [A-Z]{3}[a-z]{5}.\d{2} +; LDAP GROUPS +; Set the base DN of your groups branch +;ldapGroupBase = ou=groups,dc=example,dc=com +; Objectclass used by groups +;ldapGroupObjectClass = groupOfUniqueNames +; Attribute used by groups to store member +;ldapGroupAttributeName = uniqueMember +; Attribute used by user to link to groups +;ldapGroupAttributeNameUser = dn +; Attribute used to identify a group. The group will be displayed as +; cn|mail|status, where cn, mail and status will be replaced by their +; values. +;ldapGroupAttributeNameSearch = cn mail + +; NOTIFICATIONS SERVICE +; Use it to be able to notify messages during authentication +;notification = 1 +; Note that the SOAP function newNotification will be activated on +; http://auth.example.com/notification +; If you want to hide this, just protect "/index.fcgi/notification" in +; your Apache configuration file +; XSS protection bypass +; By default, the portal refuses redirections that come from sites not +; registered in the configuration (manager) except for those coming +; from trusted domains. By default, trustedDomains contains the domain +; declared in the manager. You can set trustedDomains to empty value so +; that, undeclared sites will be rejected. You can also set here a list +; of trusted domains or hosts separated by spaces. This is usefull if +; your website use LemonLDAP::NG without handler with SOAP functions. +;trustedDomains = my.trusted.host example2.com + +; Check XSS +; Set to 0 to disable error on XSS attack detection +;checkXSS = 0 + +; pdata cookie domain +; pdata cookie could not be sent with cross domains AJAX request +; Null is default value +;pdataDomain = example.com + +; CUSTOM PLUGINS +; If you want to add custom plugins, set list here (comma separated) +; Read Lemonldap::NG::Portal::Main::Plugin(3pm) man page. +;customPlugins = ::My::Package1, ::My::Package2 + +; To avoid bad/expired OTT if "authssl" and "auth" are served by different Load Balancers +; you can override OTT configuration to store Upgrade or Issuer OTT into global storage +;forceGlobalStorageUpgradeOTT = 1 +;forceGlobalStorageIssuerOTT = 1 + +[handler] + +; Handler cache configuration +; You can overwrite here local session cache settings in manager: +; localSessionStorage=Cache::FileCache +; localSessionStorageOptions={ \ +; 'namespace' => 'lemonldap-ng-sessions', \ +; 'default_expires_in' => 600, \ +; 'directory_umask' => '007', \ +; 'cache_root' => '/var/cache/lemonldap-ng', \ +; 'cache_depth' => 3, \ +; } + +; Set https to 1 if your handler protect a https website (used only for +; redirections to the portal) +;https = 0 +; Set port if your handler protects a website on a non standard port +; - 80 for http, 443 for https (used only for redirections to the portal) +;port = 8080 +; Set status to 1 if you want to have the report of activity (used for +; example to inform MRTG) +status = 0 +; Set useRedirectOnForbidden to 1 if you want to use REDIRECT and not FORBIDDEN +; when a user is not allowed by Handler +;useRedirectOnForbidden = 1 +; Hide LemonLDAP::NG Handler in Apache Server Signature +;hideSignature = 1 +; Set ServiceToken timeout +;handlerServiceTokenTTL = 30 +; Set Impersonation/ContextSwitching prefix +; impersonationPrefix = real_ +useRedirectOnError = 1 + +; Zimbra Handler parameters +;zimbraPreAuthKey = XXXX +;zimbraAccountKey = uid +;zimbraBy =id +;zimbraUrl = /service/preauth +;zimbraSsoUrl = ^/zimbrasso$ + +[manager] + +; Manager protection: by default, the manager is protected by a demo account. +; You can protect it : +; * by Apache itself, +; * by the parameter 'protection' which can take one of the following +; values : +; * authenticate : all authenticated users can access +; * manager : manager is protected like other virtual hosts: you +; have to set rules in the corresponding virtual host +; * : you can set here directly the rule to apply +; * none : no protection +protection = manager + +; staticPrefix: relative (or URL) location of static HTML components +staticPrefix = /static +; docPrefix: relative (or URL) location of embedded documentation +docPrefix = /doc + +; instanceName: Display LLNG instance name +;instanceName = Demo +; customCSS: CSS file to customize Manager +;customCSS = css/custom.css +; customPortalUrl: Override Portal drop-down menu links +;customPortalUrl = http://external-portal.internal.com + +; location of HTML templates directory +templateDir = /usr/share/lemonldap-ng/manager/htdocs/templates + +; languages: available languages for manager interface +languages = en, fr, it, vi, ar, tr, pl, zh_TW, es, he, pt_BR, ru + +; Manager modules enabled +; Set here the list of modules you want to see in manager interface +; The first will be used as default module displayed +;enabledModules = conf, sessions, notifications, 2ndFA, viewer +enabledModules = conf, sessions, notifications, 2ndFA + +; To avoid restricted users to edit configuration, defaulModule MUST be different than 'conf' +; 'conf' is set by default +;defaultModule = viewer + +; Viewer module allows us to edit configuration in read-only mode +; Options can be set with specific rules like this : +;viewerAllowBrowser = $uid eq 'dwho' +;viewerAllowDiff = $uid ne 'dwho' +; +; Viewer options - Default values +;viewerHiddenKeys = samlIDPMetaDataNodes samlSPMetaDataNodes managerPassword ManagerDn globalStorageOptions persistentStorageOptions +;viewerAllowBrowser = 0 +;viewerAllowDiff = 0 + +;[node-handler] +; +;This section is for node-lemonldap-ng-handler +;nodeVhosts = test3.example.com, test4.example.com diff --git a/uwsgi-portal/mfe.patch b/uwsgi-portal/mfe.patch index a9a7bca..cb0c3fd 100644 --- a/uwsgi-portal/mfe.patch +++ b/uwsgi-portal/mfe.patch @@ -1,14 +1,3 @@ ---- a/etc/lemonldap-ng/lemonldap-ng.ini -+++ b/etc/lemonldap-ng/lemonldap-ng.ini -@@ -198,7 +198,7 @@ staticPrefix = /static - templateDir = /usr/share/lemonldap-ng/portal/templates - - ; languages: available languages for portal interface --languages = en, fr, vi, it, ar, de, fi, tr, pl, zh_TW, es, pt_BR, he, ru -+languages = en, fr, vi, it, ar, de, fi, tr, pl, zh_TW, es, pt_BR, he, ru, mfe - - ; II - Optional parameters (overwrite configuration) - --- /dev/null +++ b/usr/share/lemonldap-ng/portal/htdocs/static/languages/mfe.json @@ -0,0 +1,388 @@ From 3b19b7baba9685127cccc970fee1b39dc0b13995 Mon Sep 17 00:00:00 2001 From: Yadd Date: Thu, 22 Aug 2024 16:13:08 +0400 Subject: [PATCH 4/7] Add LANGUAGES variable --- Changes.md | 1 + base-no-s6/README.md | 1 + base-no-s6/docker-compose.yml | 7 ++++++- base-no-s6/install/etc/cont-init.d/update-llng-conf | 4 ++++ base-no-s6/test | 1 + base/README.md | 1 + base/docker-compose.yml | 1 + base/install/etc/cont-init.d/update-llng-conf | 4 ++++ base/test | 1 + 9 files changed, 20 insertions(+), 1 deletion(-) diff --git a/Changes.md b/Changes.md index 6bb859e..7248d29 100644 --- a/Changes.md +++ b/Changes.md @@ -2,6 +2,7 @@ * 2024-08-22: * Add Mauritian Creole translation + * Add `LANGUAGES` variable * 2024-08-19 (v2.19.1-4): * add `libconvert-pem-perl` package into portal * add `FORWARDED_BY` diff --git a/base-no-s6/README.md b/base-no-s6/README.md index f0c68ae..8ce8009 100644 --- a/base-no-s6/README.md +++ b/base-no-s6/README.md @@ -42,6 +42,7 @@ LemonLDAP::NG. * `LOGGER` = `syslog` _(possible values: stderr, syslog)_ * `USERLOGGER` = `syslog` _(possible values: stderr, syslog)_ * `FORCE_KEY_REGENERATION` = `no` +* `LANGUAGES` = default LLNG list _(set here the wanted languages separated by comma. Example: `fr,en`)_ * Configuration and persistent session storage * `PG_SERVER` = * `PG_DATABASE` = `lemonldapng` diff --git a/base-no-s6/docker-compose.yml b/base-no-s6/docker-compose.yml index cae9f57..0b57f9c 100644 --- a/base-no-s6/docker-compose.yml +++ b/base-no-s6/docker-compose.yml @@ -6,7 +6,11 @@ services: environment: - POSTGRES_PASSWORD=zz healthcheck: - test: "exit 0" + test: ["CMD-SHELL", "pg_isready"] + interval: 10s + timeout: 5s + retries: 5 + base: image: yadd/lemonldap-ng-base-no-s6 build: @@ -20,6 +24,7 @@ services: - OVERRIDE_authChoiceModules={"1_LDAP":"Demo;Demo;Null;;;{}","2_SAML":"SAML;SAML;Null;;;{}"} - OVERRIDE_applicationList_1sample_catname="Some applications" - OVERRIDE_exportedVars_aa=bb + - LANGUAGES=en,fr volumes: - ./test-over:/over depends_on: diff --git a/base-no-s6/install/etc/cont-init.d/update-llng-conf b/base-no-s6/install/etc/cont-init.d/update-llng-conf index 259878f..c9e4f27 100755 --- a/base-no-s6/install/etc/cont-init.d/update-llng-conf +++ b/base-no-s6/install/etc/cont-init.d/update-llng-conf @@ -165,3 +165,7 @@ for key in `(env | grep OVERRIDE || true) | sed -e 's/=.*$//'`; do echo "Set $KEYNAME to $VAL" /usr/share/docker-llng/updateConf set `echo $KEYNAME|perl -pe 's/_/\n/g'` "$VAL" done + +if test "$LANGUAGES" != ''; then + perl -i -pe "s/^(languages\s*=\s*).*\$/\$1$LANGUAGES/" /etc/lemonldap-ng/lemonldap-ng.ini +fi diff --git a/base-no-s6/test b/base-no-s6/test index 22aa784..f6a9a15 100755 --- a/base-no-s6/test +++ b/base-no-s6/test @@ -18,4 +18,5 @@ $COMPOSE run base /usr/share/docker-llng/updateConf get applicationList 1sample $COMPOSE run base /usr/share/docker-llng/updateConf get exportedVars aa | grep bb $COMPOSE run base /usr/share/docker-llng/updateConf get macros | grep ZZ $COMPOSE run base /usr/share/docker-llng/updateConf get portal | grep dockertest.com +$COMPOSE run base grep languages /etc/lemonldap-ng/lemonldap-ng.ini | perl -pe 's/\r//g' | grep -E '^languages *= *en,fr$' $COMPOSE down diff --git a/base/README.md b/base/README.md index 22d32a8..7a77965 100644 --- a/base/README.md +++ b/base/README.md @@ -42,6 +42,7 @@ LemonLDAP::NG. * `LOGGER` = `syslog` _(possible values: stderr, syslog)_ * `USERLOGGER` = `syslog` _(possible values: stderr, syslog)_ * `FORCE_KEY_REGENERATION` = `no` +* `LANGUAGES` = default LLNG list _(set here the wanted languages separated by comma. Example: `fr,en`)_ * Configuration and persistent session storage * `PG_SERVER` = * `PG_DATABASE` = `lemonldapng` diff --git a/base/docker-compose.yml b/base/docker-compose.yml index ca68b27..a28200c 100644 --- a/base/docker-compose.yml +++ b/base/docker-compose.yml @@ -24,6 +24,7 @@ services: - OVERRIDE_authChoiceModules={"1_LDAP":"Demo;Demo;Null;;;{}","2_SAML":"SAML;SAML;Null;;;{}"} - OVERRIDE_applicationList_1sample_catname="Some applications" - OVERRIDE_exportedVars_aa=bb + - LANGUAGES=en,fr volumes: - ./test-over:/over depends_on: diff --git a/base/install/etc/cont-init.d/update-llng-conf b/base/install/etc/cont-init.d/update-llng-conf index 259878f..c9e4f27 100755 --- a/base/install/etc/cont-init.d/update-llng-conf +++ b/base/install/etc/cont-init.d/update-llng-conf @@ -165,3 +165,7 @@ for key in `(env | grep OVERRIDE || true) | sed -e 's/=.*$//'`; do echo "Set $KEYNAME to $VAL" /usr/share/docker-llng/updateConf set `echo $KEYNAME|perl -pe 's/_/\n/g'` "$VAL" done + +if test "$LANGUAGES" != ''; then + perl -i -pe "s/^(languages\s*=\s*).*\$/\$1$LANGUAGES/" /etc/lemonldap-ng/lemonldap-ng.ini +fi diff --git a/base/test b/base/test index 22aa784..f6a9a15 100755 --- a/base/test +++ b/base/test @@ -18,4 +18,5 @@ $COMPOSE run base /usr/share/docker-llng/updateConf get applicationList 1sample $COMPOSE run base /usr/share/docker-llng/updateConf get exportedVars aa | grep bb $COMPOSE run base /usr/share/docker-llng/updateConf get macros | grep ZZ $COMPOSE run base /usr/share/docker-llng/updateConf get portal | grep dockertest.com +$COMPOSE run base grep languages /etc/lemonldap-ng/lemonldap-ng.ini | perl -pe 's/\r//g' | grep -E '^languages *= *en,fr$' $COMPOSE down From 5e4c5684b4d7e9543682d72f4f331dfd7a69236e Mon Sep 17 00:00:00 2001 From: Yadd Date: Thu, 29 Aug 2024 14:10:39 +0400 Subject: [PATCH 5/7] Add security patch from 2.19.2 --- portal/Dockerfile | 2 +- portal/security.patch | 15 +++++++++++++++ uwsgi-portal/Dockerfile | 2 +- uwsgi-portal/security.patch | 15 +++++++++++++++ 4 files changed, 32 insertions(+), 2 deletions(-) create mode 100644 portal/security.patch create mode 100644 uwsgi-portal/security.patch diff --git a/portal/Dockerfile b/portal/Dockerfile index 757fd47..59eb6d1 100644 --- a/portal/Dockerfile +++ b/portal/Dockerfile @@ -37,7 +37,7 @@ COPY *.patch / RUN for p in appgrid.patch jwt-type.patch app-scope.patch ignorepollers.patch \ fixedLogout.patch more-logs.patch introspec-for-public-clients.patch \ token-exchange.patch redirect-ajax.patch back-channel-debug.patch \ - crowdsec.patch recaptcha.patch msg-broker.patch mfe.patch \ + crowdsec.patch recaptcha.patch msg-broker.patch mfe.patch security.patch \ ; do echo patch $p && patch -p1 < $p; done && \ rm -f /*.patch && \ echo "# Install nginx configuration files" && \ diff --git a/portal/security.patch b/portal/security.patch new file mode 100644 index 0000000..9673ab8 --- /dev/null +++ b/portal/security.patch @@ -0,0 +1,15 @@ +--- a/usr/share/perl5/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm ++++ b/usr/share/perl5/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm +@@ -1767,6 +1767,12 @@ sub checkEndPointAuthenticationCredentials { + "Relying Party $rp is public, do not check client secret"); + } + else { ++ if ( $method eq "none" ) { ++ $self->logger->error( ++ "Relying Party $rp is confidential but no known method was used" ++ . " to authenticate on token endpoint" ); ++ return undef; ++ } + if ( $method =~ /^client_secret_(?:basic|post)$/ ) { + unless ($client_secret) { + $self->logger->error( diff --git a/uwsgi-portal/Dockerfile b/uwsgi-portal/Dockerfile index 1a14797..4a739b4 100644 --- a/uwsgi-portal/Dockerfile +++ b/uwsgi-portal/Dockerfile @@ -35,7 +35,7 @@ COPY *.patch / RUN for p in appgrid.patch jwt-type.patch app-scope.patch ignorepollers.patch \ fixedLogout.patch more-logs.patch introspec-for-public-clients.patch \ token-exchange.patch redirect-ajax.patch back-channel-debug.patch \ - crowdsec.patch recaptcha.patch msg-broker.patch mfe.patch \ + crowdsec.patch recaptcha.patch msg-broker.patch mfe.patch security.patch \ ; do echo patch $p && patch -p1 < $p; done && \ rm -f /*.patch && \ echo "# Install nginx configuration files" && \ diff --git a/uwsgi-portal/security.patch b/uwsgi-portal/security.patch new file mode 100644 index 0000000..9673ab8 --- /dev/null +++ b/uwsgi-portal/security.patch @@ -0,0 +1,15 @@ +--- a/usr/share/perl5/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm ++++ b/usr/share/perl5/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm +@@ -1767,6 +1767,12 @@ sub checkEndPointAuthenticationCredentials { + "Relying Party $rp is public, do not check client secret"); + } + else { ++ if ( $method eq "none" ) { ++ $self->logger->error( ++ "Relying Party $rp is confidential but no known method was used" ++ . " to authenticate on token endpoint" ); ++ return undef; ++ } + if ( $method =~ /^client_secret_(?:basic|post)$/ ) { + unless ($client_secret) { + $self->logger->error( From 1ab77453dad1ab9c28086496b95fcc01a42321ba Mon Sep 17 00:00:00 2001 From: Yadd Date: Thu, 29 Aug 2024 14:11:01 +0400 Subject: [PATCH 6/7] Add _ldapsearch --- portal/install/usr/bin/_ldapsearch | 98 ++++++++++++++++++++++++ uwsgi-portal/install/usr/bin/_ldapsearch | 98 ++++++++++++++++++++++++ 2 files changed, 196 insertions(+) create mode 100755 portal/install/usr/bin/_ldapsearch create mode 100755 uwsgi-portal/install/usr/bin/_ldapsearch diff --git a/portal/install/usr/bin/_ldapsearch b/portal/install/usr/bin/_ldapsearch new file mode 100755 index 0000000..630a69b --- /dev/null +++ b/portal/install/usr/bin/_ldapsearch @@ -0,0 +1,98 @@ +#!/usr/bin/perl + +use strict; +use warnings; +use Net::LDAP; +use Getopt::Long; +use Pod::Usage; + +# Variables pour les options de ligne de commande +my $host = 'localhost'; +my $port = 389; +my $binddn; +my $password; +my $base; +my $scope = 'sub'; # sub, one, or base +my $filter = '(objectClass=*)'; +my @attrs; +my $url; +my $help = 0; +my $x; + +# Récupération des options +GetOptions( + 'x' => \$x, + 'h|host=s' => \$host, + 'H|url=s' => \$url, + 'p|port=i' => \$port, + 'D|binddn=s' => \$binddn, + 'w|password=s' => \$password, + 'b|base=s' => \$base, + 's|scope=s' => \$scope, + 'f|filter=s' => \$filter, + 'a|attrs=s' => \@attrs, + 'help|?' => \$help, +) or pod2usage(2); + +pod2usage(1) if $help; + +$filter = shift if @ARGV; + +@attrs = @ARGV if ( @ARGV and !@attrs ); + +# Connexion au serveur LDAP +my $ldap = Net::LDAP->new( $url ? ($url) : ( $host, port => $port ) ) + or die "Erreur de connexion à " . ( $url ? $url : "$host:$port" ) . " : $@"; + +# Authentification +if ( $binddn && $password ) { + my $mesg = $ldap->bind( $binddn, password => $password ); + die "Erreur d'authentification: ", $mesg->error if $mesg->code; +} + +# Recherche LDAP +my $mesg = $ldap->search( + base => $base, + scope => $scope, + filter => $filter, + ( @attrs ? ( attrs => \@attrs ) : () ), +); + +# Vérification des erreurs de recherche +die "Erreur lors de la recherche: ", $mesg->error if $mesg->code; + +# Affichage des résultats +foreach my $entry ( $mesg->entries ) { + $entry->dump; # Affiche toutes les informations de l'entrée +} + +# Fermeture de la connexion LDAP +$ldap->unbind; + +__END__ + +=head1 NAME + +ldapsearch.pl - Un utilitaire Perl qui imite ldapsearch + +=head1 SYNOPSIS + +ldapsearch.pl [options] + + Options: + -h | --host Nom d'hôte du serveur LDAP (par défaut: localhost) + -p | --port Port du serveur LDAP (par défaut: 389) + -D | --binddn DN pour se lier au serveur LDAP + -w | --password Mot de passe pour l'authentification + -b | --base DN de base pour la recherche + -s | --scope Portée de la recherche: base, one, sub (par défaut: sub) + -f | --filter Filtre LDAP pour la recherche (par défaut: (objectClass=*)) + -a | --attrs Attributs à récupérer (peut être utilisé plusieurs fois) + --help Affiche ce message d'aide + +=head1 DESCRIPTION + +Ce script Perl imite le comportement de base de la commande ldapsearch. + +=cut + diff --git a/uwsgi-portal/install/usr/bin/_ldapsearch b/uwsgi-portal/install/usr/bin/_ldapsearch new file mode 100755 index 0000000..630a69b --- /dev/null +++ b/uwsgi-portal/install/usr/bin/_ldapsearch @@ -0,0 +1,98 @@ +#!/usr/bin/perl + +use strict; +use warnings; +use Net::LDAP; +use Getopt::Long; +use Pod::Usage; + +# Variables pour les options de ligne de commande +my $host = 'localhost'; +my $port = 389; +my $binddn; +my $password; +my $base; +my $scope = 'sub'; # sub, one, or base +my $filter = '(objectClass=*)'; +my @attrs; +my $url; +my $help = 0; +my $x; + +# Récupération des options +GetOptions( + 'x' => \$x, + 'h|host=s' => \$host, + 'H|url=s' => \$url, + 'p|port=i' => \$port, + 'D|binddn=s' => \$binddn, + 'w|password=s' => \$password, + 'b|base=s' => \$base, + 's|scope=s' => \$scope, + 'f|filter=s' => \$filter, + 'a|attrs=s' => \@attrs, + 'help|?' => \$help, +) or pod2usage(2); + +pod2usage(1) if $help; + +$filter = shift if @ARGV; + +@attrs = @ARGV if ( @ARGV and !@attrs ); + +# Connexion au serveur LDAP +my $ldap = Net::LDAP->new( $url ? ($url) : ( $host, port => $port ) ) + or die "Erreur de connexion à " . ( $url ? $url : "$host:$port" ) . " : $@"; + +# Authentification +if ( $binddn && $password ) { + my $mesg = $ldap->bind( $binddn, password => $password ); + die "Erreur d'authentification: ", $mesg->error if $mesg->code; +} + +# Recherche LDAP +my $mesg = $ldap->search( + base => $base, + scope => $scope, + filter => $filter, + ( @attrs ? ( attrs => \@attrs ) : () ), +); + +# Vérification des erreurs de recherche +die "Erreur lors de la recherche: ", $mesg->error if $mesg->code; + +# Affichage des résultats +foreach my $entry ( $mesg->entries ) { + $entry->dump; # Affiche toutes les informations de l'entrée +} + +# Fermeture de la connexion LDAP +$ldap->unbind; + +__END__ + +=head1 NAME + +ldapsearch.pl - Un utilitaire Perl qui imite ldapsearch + +=head1 SYNOPSIS + +ldapsearch.pl [options] + + Options: + -h | --host Nom d'hôte du serveur LDAP (par défaut: localhost) + -p | --port Port du serveur LDAP (par défaut: 389) + -D | --binddn DN pour se lier au serveur LDAP + -w | --password Mot de passe pour l'authentification + -b | --base DN de base pour la recherche + -s | --scope Portée de la recherche: base, one, sub (par défaut: sub) + -f | --filter Filtre LDAP pour la recherche (par défaut: (objectClass=*)) + -a | --attrs Attributs à récupérer (peut être utilisé plusieurs fois) + --help Affiche ce message d'aide + +=head1 DESCRIPTION + +Ce script Perl imite le comportement de base de la commande ldapsearch. + +=cut + From f578e39e6d5800bd34f2ce2e9d0944584ffdb412 Mon Sep 17 00:00:00 2001 From: Yadd Date: Thu, 29 Aug 2024 14:11:55 +0400 Subject: [PATCH 7/7] Update ch --- Changes.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Changes.md b/Changes.md index 7248d29..5c20104 100644 --- a/Changes.md +++ b/Changes.md @@ -1,5 +1,8 @@ # Changes +* 2024-08-29: + * Add security patch + * Add `_ldapsearch` command * 2024-08-22: * Add Mauritian Creole translation * Add `LANGUAGES` variable