NAME

Lemonldap::NG::Portal::AuthSSL - Perl extension for building Lemonldap::NG compatible portals with SSL authentication.

SYNOPSIS

With Lemonldap::NG::Portal::SharedConf, set authentication field to "SSL" in configuration database.

With Lemonldap::NG::Portal::Simple:

use Lemonldap::NG::Portal::Simple;
my $portal = new Lemonldap::NG::Portal::Simple(
       domain         => 'example.com',
       globalStorage  => 'Apache::Session::MySQL',
       globalStorageOptions => {
         DataSource   => 'dbi:mysql:database',
         UserName     => 'db_user',
         Password     => 'db_password',
         TableName    => 'sessions',
       },
       ldapServer     => 'ldap.domaine.com',
       securedCookie  => 1,
       authentication => 'SSL',
       
       # SSLVar: field to search in client certificate
       #         default: SSL_CLIENT_S_DN_Email the mail address
       SSLVar         => 'SSL_CLIENT_S_DN_CN',
       
       # SSLLDAPField: field to use in ldap filter to search SSLVar
       #               default: mail
       SSLLDAPField   => 'cn',
       
       # SSLRequire: if set to 1, login/password are disabled
       #             default: 1
       SSLRequire     => 1,
  );

if($portal->process()) {
  # Write here the menu with CGI methods. This page is displayed ONLY IF
  # the user was not redirected here.
  print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see CGI(3))
  print "...";

  # or redirect the user to the menu
  print $portal->redirect( -uri => 'https://portal/menu');
}
else {
  # If the user enters here, IT MEANS THAT YOUR SSL PARAMETERS ARE BAD
  print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see CGI(3))
  print "<html><body><h1>Unable to work</h1>";
  print "This server isn't well configured. Contact your administrator.";
  print "</body></html>";
}

Modify your httpd.conf:

<Location /My/File>
  SSLVerifyClient optional # or 'require' if login/password are disabled
  SSLOptions +StdEnvVars
</Location>

DESCRIPTION

This library just overload few methods of Lemonldap::NG::Portal::Simple to use Apache SSLv3 mechanism: we've just to verify that $ENV{SSL_CLIENT_S_DN_Email} exists. So remenber to export SSL variables to CGI.

The parameter SSLRequire can be used to authenticate users by SSL or ldap bind. If SSL is used, authenticationLevel is set to 5. You can use this parameter in Lemonldap::NG::Handler rules to force users to use certificates in some applications:

virtualHost1 => {
  'default' => '$authenticationLevel > 5 and $uid = "jeff"',
},

Note that you can use Apache SSL environment variables in "exported variables".

See Lemonldap::NG::Portal::Simple for usage and other methods.

AUTHOR

Xavier Guimard, <x.guimard@free.fr>

BUG REPORT

Use OW2 system to report bug or ask for features: http://jira.ow2.org

DOWNLOAD

Lemonldap::NG is available at http://forge.objectweb.org/project/showfiles.php?group_id=274

COPYRIGHT AND LICENSE

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.10.0 or, at your option, any later version of Perl 5 you may have available.

To install Lemonldap::NG::Portal, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Lemonldap::NG::Portal

CPAN shell

perl -MCPAN -e shell
install Lemonldap::NG::Portal

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)