General principle

Three files are read successively to retrieve the parameters :

  • param/ : default settings file, delivered to each new version ;
  • param/ : file adapted to each implementation. It contains, in particular, the database connection accounts and all the information necessary for the proper functioning of the installed software ;
  • param/param.ini (or any other location) : optional file, which contains the specific parameters suitable for multi-instance use in the same server (the same application code is used for several different databases).

The file is never delivered. A provisional version is provided for new installations: param/ This file must be renamed to param/ during the first implementation.

For most of parameters, the pre-position is by default, relative to the installation scripts provided. You will find in bold those which must imperatively be modified.

Connection to the database

Two connections are used in the software, one to access the rights database, the other to the data itself. Here are the parameters to defin :

  • $BDD_login : connection account to the database
  • $BDD_passwd : associated password
  • $BDD_dsn : database address in standardized form
  • $BDD_schema : schema used (several schemes can be described, separated by a comma – Postgresql’s own operation)
  • $GACL_dblogin : connection account to rights database
  • $GACL_dbpasswd : associated password
  • $GACL_dsn : standard address
  • $GACL_schema : schema used
  • $GACL_aco : code name of the application used in rights management

User identification and session management

The application supports five modes of identification : local database (BDD), LDAP directory (LDAP), LDAP directory and then local database to manage the accounts of the company associated with guest accounts (LDAP-BDD), CAS server (CAS), and finally Proxy server (identification via HEADER – the login is provided in a variable of the HTTP header (HEADER).

  • $ident_type : BDD | LDAP | LDAP-BDD | CAS | HEADER
  • $privateKey : private key used to generate the tokens, either identification (automatic re-identification after a first connection), or to reset a password
  • $pubKey : associated public key
  • $tokenIdentityValidity : period of validity, in seconds, of identification tokens
  • $CONNEXION_max_attempts : maximum number of login attempts before account blocking
  • $CONNEXION_blocking_duration : duration, in seconds, of account lockout
  • $APPLI_mailToAdminPeriod : Time lapse before sending an email to the administrator in case of account blocking (to avoid burst sending each time you try to connect)
  • $APPLI_lostPassword : authorize or not the procedure for recovering a password in case of loss (identification in database)
  • $MAIL_enabled : authorize or not the sending of mails. Must be enabled if $ APPLI_lostPassword = 1
  • $APPLI_admin_ttl : maximum duration of inactivity of the administration session (access to the administration modules of the application)
  • $APPLI_session_ttl : maximum duration of inactivity of the administration session
  • $APPLI_absolute_session : maximum duration of the session, with or without activity

Specific parameters for CAS identification

  • $CAS_address : CAS server address
  • $CAS_port : Systematically 443 (encrypted connection)

Specific parameters for identification by the LDAP directory

The parameters are defined in the table $LDAP :

  • address : server address
  • port : access port
  • tls : access in encrypted mode or not (essential if the directory is not hosted in the same machine)
  • basedn : user search base
  • user_attrib : user identifier
  • commonNameAttrib : user name displayed
    mailAttrib : user mail
  • groupSupport : with “true”, directory groups are integrated with rights management
  • groupAttrib : field name which contains user’s membership groups
  • attributgroupname : field name nom du champ corresponding to the name of the group
  • attributloginname : field name containing group members
  • basedngroup : search base groups

Specific parameters for identification by HEADER

  • $ident_header_login_var : name of the variable transmitted in the HTTP header containing the user’s login

Application operation settings

  • $APPLI_code : Internal code of the application. It must not be modified in production. This code appears on the printed labels and allows you to find the samples. It must be unique for the considered work community (one per different database)
  • $mapDefaultX : Longitude of positioning the center of the default map
  • $mapDefaultY : Latitude of positioning of the center of the default map
  • $mapDefaultZoom : default zoom factor when viewing a map with OpenStreetMap
  • $APPLI_address : web address of the application (essential for recovering passwords)
  • $APPLI_mail : address of sending mails by the application
  • $APPLI_assist_address : support site (address to ticket manager, for example)
  • $APPLI_print_direct_command : command used to print labels directly. Default: lpr, but can also use the lp command (for Raspberry)