NAME
Lemonldap::Portal::Sslsso - Perl extension for the Lemonldap SSO system
SYNOPSIS
use Lemonldap::Portal::Sslsso;
my $message ;
my %params =Vars;
my $stack_user=Lemonldap::Portal::Ssslsso->new('formateUser' => \&my_method);
my $urlc;
my $urldc;
$retour=$stack_user->process(param => \%params,
server => $ReverseProxyConfig::ldap_serveur,
port => $ReverseProxyConfig::ldap_port,
DnManager => $ReverseProxyConfig::ldap_admin_dn,
passwordManager => $ReverseProxyConfig::ldap_admin_pd,
branch => $ReverseProxyConfig::ldap_branch_people,
id_certif => $ENV{SSL_CLIENT_S_DN_Email} ,
field_certif=>'mail'
);
if ($retour) {
$message=$retour->message;
$erreur=$retour->error;
}
See in directory examples for more details
DESCRIPTION
Lemonldap is a SSO system under GPL.
In SSL environment all jobs are made by mod_ssl .
In this case params user and password are useless.
Sslsso.pm manages all the cycle of authentification : The user's mail is in the client certificate then the module 'll retrieve the ldap Entry.
The OCSP protocol is available with the last release of mod_ssl.
step 0 : setting configuration
step 1 : manage the source of request
step 2 : manage timeout
step 3 : control the input form of user and password
step 4 : formate the userid if needing
step 5 : build the filter for the search
step 6 : build subtree for the search ldap
step 7 : make socket upon ldap server
step 8 : bind operation
step 9 : make search
step 10 : confection of %session from ldap infos
step 11 : unbind
Any step can bee overload for include your custom method.
standards errors messages :
1 => 'Your connection has expired; You must to be authentified once again',
3 => 'Wrong directory manager account or password' ,
4 => 'not found in directory',
METHODS
new();
my $stack_user= Lemonldap::Portal::Sslsso->new('standard_method' => \&my_method);
process();
$retour=$stack_user->process(param => \%params,
server => 'ldap_serveur',
port => 'ldap_port',
DnManager => 'ldap_admin_dn',
passwordManager => 'ldap_admin_pd',
branch => 'ldap_branch_people',
id_certif => $ENV{SSL_CLIENT_S_DN_Email} ,
field_certif=>'mail'
);
You can keep DnManager and passwordManager in undef state in order to provide
anonymous bind.
Don't pass them like parameter for this.
%params is the hash initialized whith CGI params
urlc : url of the original request .
id_certif : Environment variable get next to mod_ssl
field_certif: the ldap attribute which refers to id_certif value
message() ;
return the text of error
error() ;
return the number of error
sub infoSession ()
return a reference of hash of session
SEE ALSO
Lemonldap(3), Lemonldap::Handler::Intrusion(3)
http://lemonldap.sourceforge.net/
"Writing Apache Modules with Perl and C" by Lincoln Stein & Doug MacEachern - O'REILLY
See the examples directory
AUTHORS
COPYRIGHT AND LICENSE
Copyright (C) 2004 by Eric German & Xavier Guimard
Lemonldap originaly written by Eric german who decided to publish him in 2003 under the terms of the GNU General Public License version 2.
- This package is under the GNU General Public License, Version 2.
- The primary copyright holder is Eric German.
- Portions are copyrighted under the same license as Perl itself.
- Portions are copyrighted by Doug MacEachern and Lincoln Stein. This library is under the GNU General Public License, Version 2.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 dated June, 1991.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
A copy of the GNU General Public License is available in the source tree;
if not, write to the Free Software Foundation, Inc.,
59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.