RT notifier: parse templates without header correctly

[openxpki.git] / trunk / deployment / etc / templates / default / config.xml

<openxpki>
  <common>
    <log_config>[%        server.logconfig %]</log_config>
    <server>
        <user>[%          server.runuser %]</user>
        <group>[%         server.rungroup %]</group>
        [% IF server.socketowner %]
        <socket_owner>[%  server.socketowner %]</socket_owner>
        [% END %]
        [% IF server.socketgroup %]
        <socket_group>[%  server.socketgroup %]</socket_group>
        [% END %]
        <socket_file>[%   server.socketfile %]</socket_file>
        <pid_file>[%      server.pidfile %]</pid_file>
        <session_dir>[%   dir.openxpkisessiondir %]</session_dir>
        <connection_timeout>120</connection_timeout>
        <session_lifetime>[% server.session_lifetime %]</session_lifetime>
        <stderr>[%        server.stderrfile %]</stderr>
        <tmpdir>[%        dir.tmpdir %]</tmpdir>
[% FOREACH item = server.transport %]
        <transport>[%     item %]</transport>
[% END %]
[% FOREACH item = server.service %]
        <service>[%       item %]</service>
[% END %]
[% FOREACH var IN environment.keys %]
        <environment>
            <variable>[% var %]</variable>
            <value>[% environment.$var %]</value>
        </environment>
[% END %]
    </server>
    <i18n>
        <locale_directory>[% dir.localedir %]</locale_directory>
        <default_language>[% i18n.defaultlanguage %]</default_language>
    </i18n>
    <data_exchange>
        <export>
            <dir>[% dir.dataexchange %]/export</dir>
        </export>
        <import>
            <dir>[% dir.dataexchange %]/import</dir>
        </import>
    </data_exchange>

    [% IF deployment.xmlstyle == 'multi-file' %]
    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="database.xml"/>
    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="log_database.xml"/>
    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="token.xml"/>
    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notification.xml"/>

    [% ELSIF deployment.xmlstyle == 'all-in-one' %]
      [% INCLUDE database.xml     FILTER indent(4) %]
      [% INCLUDE log_database.xml FILTER indent(4) %]
      [% INCLUDE token.xml        FILTER indent(4) %]
      [% INCLUDE notification.xml FILTER indent(4) %]
    [% ELSE %]
      [% THROW configerror 'Invalid XML output style specification (deployment.xmlstyle)' %]
    [% END %]
  </common>


[% FOREACH realmsection = global.pkirealm %]
  <pki_realm name="[% $realmsection.name %]" id="[% $realmsection.name %]">
    <common id="default">
      <!-- default token (used for general crypto operations not requiring
           private key operations) -->
      <token super="common/token_config/token{default}"/>

      <secret>
        <group id="default" label="I18N_OPENXPKI_CONFIG_DEFAULT_SECRET_AUTHENTICATION_GROUP">
          <method id="plain">
            <total_shares>1</total_shares>
          </method>
        <!-- alternatively use one of the following methods:
          <method id="literal">password</method>
          Literal password in the configuration file, not recommended
          except for testing.

          <method id="split">
            <total_shares>3</total_shares>
          </method>
          Shamir's secret splitting, three passphrase shares, three
          required to unlock the secret.

          <method id="split">
            <total_shares>5</total_shares>
            <required_shares>3</required_shares>
          </method>
          Shamir's secret splitting, five passphrase shares, any three
          required to unlock the secret.
        --> 
          <cache>
            <type>daemon</type>
            <usage_count>-1</usage_count>
          </cache>
        </group>
      </secret>
      <notification>
      [% FOREACH notifier = $realmsection.notifier %]
        <notifier>[% notifier %]</notifier>
      [% END %]
      </notification>

      [% IF deployment.xmlstyle == 'multi-file' %]
      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="profile.xml"/>
      [% ELSIF deployment.xmlstyle == 'all-in-one' %]
        [% INCLUDE profile.xml FILTER indent(6) %]
      [% END %]
      <!-- LDAP addition  -->
      <!-- WARNING: keep "ldap_enable" set to "no" to avoid surprises  -->      
      [% IF deployment.xmlstyle == 'multi-file' %]
      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="ldappublic.xml"/>
      [% ELSIF deployment.xmlstyle == 'all-in-one' %]
        [% INCLUDE ldappublic.xml FILTER indent(6) %]
      [% END %]
      <!-- end of LDAP addition  -->
    </common>

    <!-- Issuing CAs defined for this realm -->
    <!-- 'id' is the internal CA identifier -->
    [% FOREACH ca = $realmsection.issuingca %]
    [% THROW config "No 'id' defined for issuing CA $ca" IF ! $ca.id.defined %]
    <ca id="[% $ca.id %]">
      <token super="common/token_config/token{[% $ca.id %]}"/>
      <!-- CONFIG -->
      <cert>
        [% IF $ca.cacert_alias %]
          <alias>[% $ca.cacert_alias %]</alias>
          <realm>[% $realmsection.name %]</realm>
        [% ELSIF $ca.cacert_identifier %]
          <identifier>[% $ca.cacert_identifier %]</identifier>
        [% ELSE %]
            [% THROW configerror 'Neither alias nor identifier specified for CA certificate.' %]
        [% END %]
      </cert>
      [% IF $ca.crl_publication_file_format && $ca.crl_publication_file_name %]
      <crl_publication>
        <file>
            <filename>[% $ca.crl_publication_file_name %]</filename>
            <format>[% $ca.crl_publication_file_format %]</format>
        </file>
        <!--
        <ldap>
            <server></server>
            <port></port>
            <bind_dn></bind_dn>
            <pass></pass>
            <base_dn></base_dn>
            <search_dn></search_dn>
        </ldap>
        -->
        <!-- if you do not want to use bind authentication, you can
             use SASL as well (Authen::SASL is required for that to work)

             as sasl_mechanism, you can for example configure DIGEST-MD5 for
             MS ADS

             Also note that configuring a hostname (not an IP) is required
             for MS ADS
        -->
        <!--
        <ldap>
            <server></server>
            <port></port>
            <base_dn></base_dn>
            <search_dn></search_dn>
            <sasl>yes</sasl>
            <sasl_mechanism></sasl_mechanism>
            <sasl_user></sasl_user>
            <sasl_pass></sasl_pass>
        </ldap>
        -->
      </crl_publication>
      [% END %]
    </ca>
    [% END %]

    <!-- Subsystems defined for this realm -->
    <!-- 'id' is the subsystem identifier -->
    [% FOREACH entry = $realmsection.subsystem %]
    [% THROW config "No 'id' defined for subsystem $entry" IF ! $entry.id.defined %]
    [% THROW config "No 'type' defined for subsystem $entry" IF ! $entry.type.defined %]
    <[% $entry.type %] id="[% $entry.id %]">
      [% IF $entry.cert_alias %]
      <cert>
        <alias>[% $entry.cert_alias %]</alias>
        <realm>[% $realmsection.name %]</realm>
      </cert>
      [% ELSIF $entry.cert_identifier %]
      <cert>
        <identifier>[% $entry.cert_identifier %]</identifier>
      <cert>
      [% END %]
      <token super="common/token_config/token{[% $entry.id %]}"/>
    </[% $entry.type %]>
    [% END %]


    [% IF deployment.xmlstyle == 'multi-file' %]
    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="auth.xml"/>
    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="acl.xml"/>
    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="workflow.xml"/>
    [% ELSIF deployment.xmlstyle == 'all-in-one' %]
      [% INCLUDE auth.xml  FILTER indent(4) %]
      [% INCLUDE acl.xml   FILTER indent(4) %]
      [% INCLUDE workflow.xml FILTER indent(4) %]
    [% END %]
  </pki_realm>

[% END %]

</openxpki>