NAME

Lemonldap::NG::Portal::AuthSSL - Perl extension for building Lemonldap::NG compatible portals with SSL authentication.

SYNOPSIS

With Lemonldap::NG::Portal::SharedConf, set authentication field to "SSL" in configuration database.

With Lemonldap::NG::Portal::Simple:

use Lemonldap::NG::Portal::Simple;
my $portal = new Lemonldap::NG::Portal::Simple(
       domain         => 'example.com',
       globalStorage  => 'Apache::Session::MySQL',
       globalStorageOptions => {
         DataSource   => 'dbi:mysql:database',
         UserName     => 'db_user',
         Password     => 'db_password',
         TableName    => 'sessions',
       },
       ldapServer     => 'ldap.domaine.com',
       securedCookie  => 1,
       authentication => 'SSL',
       
       # SSLVar: field to search in client certificate
       #         default: SSL_CLIENT_S_DN_Email the mail address
       SSLVar         => 'SSL_CLIENT_S_DN_CN',
  );

if($portal->process()) {
  # Write here the menu with CGI methods. This page is displayed ONLY IF
  # the user was not redirected here.
  print $portal->header('text/html; charset=utf-8'); # DON'T FORGET THIS (see CGI(3))
  print "...";

  # or redirect the user to the menu
  print $portal->redirect( -uri => 'https://portal/menu');
}
else {
  # If the user enters here, IT MEANS THAT YOUR SSL PARAMETERS ARE BAD
  print $portal->header('text/html; charset=utf-8'); # DON'T FORGET THIS (see CGI(3))
  print "<html><body><h1>Unable to work</h1>";
  print "This server isn't well configured. Contact your administrator.";
  print "</body></html>";
}

Modify your httpd.conf:

<Location /My/File>
  SSLVerifyClient optional # or 'require' if login/password are disabled
  SSLOptions +StdEnvVars
</Location>

DESCRIPTION

This library just overload few methods of Lemonldap::NG::Portal::Simple to use Apache SSLv3 mechanism: we've just to verify that $ENV{SSL_CLIENT_S_DN_Email} exists. So remenber to export SSL variables to CGI.

If SSL is used, authenticationLevel is set to 5. You can use this parameter in Lemonldap::NG::Handler rules to force users to use certificates in some applications:

virtualHost1 => {
  'default' => '$authenticationLevel > 5 and $uid = "jeff"',
},

Note that you can use Apache SSL environment variables in "exported variables".

See Lemonldap::NG::Portal::Simple for usage and other methods.

AUTHOR

Clement Oudot, <clem.oudot@gmail.com>
François-Xavier Deltombe, <fxdeltombe@gmail.com.>
Xavier Guimard, <x.guimard@free.fr>

BUG REPORT

Use OW2 system to report bug or ask for features: http://jira.ow2.org

DOWNLOAD

Lemonldap::NG is available at http://forge.objectweb.org/project/showfiles.php?group_id=274

COPYRIGHT AND LICENSE

This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

To install Lemonldap::NG::Portal, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Lemonldap::NG::Portal

CPAN shell

perl -MCPAN -e shell
install Lemonldap::NG::Portal

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)