{
use esmith::util;
if ( $port ne ($modSSL{'TCPPort'} || '443')){
$OUT .=<<"EOF";
#====================================================================
# HTTPS redirection for LemonLDAP::NG Manager
#====================================================================
RewriteEngine on
RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 \[L,R\]
EOF
}
else{
my $authtype = $lemonldap{'ManagerAuth'} || 'basic';
my $auth = '';
my $base = esmith::util::ldapBase($DomainName);
unless ( $authtype eq 'self' ) {
$auth = "AuthName 'LemonLDAP NG Manager Interface'\n" .
" AuthType Basic\n" .
" AuthBasicProvider ldap\n" .
" AuthLDAPURL ldap://localhost/ou=Users,$base?uid\n" .
" AuthLDAPGroupAttribute memberUid\n" .
" AuthLDAPGroupAttributeIsDN off\n" .
" require ldap-user admin";
}
$OUT .=<<"EOF";
SSLEngine On
PerlOptions +Parent
#====================================================================
# Apache configuration for LemonLDAP::NG Manager
#====================================================================
# DocumentRoot
DocumentRoot /var/lib/lemonldap-ng/manager/
Order deny,allow
Deny from all
Allow from $localAccess $externalSSLAccess
Options +ExecCGI +FollowSymlinks
$auth
Satisfy all
# On-line documentation
Alias /doc/ /var/lib/lemonldap-ng/doc/
Alias /lib/ /var/lib/lemonldap-ng/doc/lib/
Order deny,allow
Allow from all
ErrorDocument 404 /notfound.html
Options +FollowSymlinks
DirectoryIndex index.pl index.html
# Perl script
# Note: to avoid manager stay in memory, we don't use ModPerl::Registry
# by default. Change this to increase manager performances
#SetHandler cgi-script
SetHandler perl-script
PerlResponseHandler ModPerl::Registry
# Directory index
DirectoryIndex index.pl index.html
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)\$ no-gzip dont-vary
Header append Vary User-Agent env=!dont-vary
ExpiresActive On
ExpiresDefault "access plus 1 month"
ExpiresActive On
ExpiresDefault "access plus 1 month"
EOF
}
}