NAME
Lemonldap::Handler - Apache/modperl module to implement a Lemonldap compatible SSO agent.
SYNOPSIS
httpd.conf:
PerlModule Lemonldap::Handler
# Required directives
PerlSetVar LemonldapManagerUrl https://portal/manager.pl
PerlSetVar LemonldapSharedSecret <My key>
PerlSetVar LemonldapHandlerId <Handler Id>
# To use the built-in proxy
PerlSetVar LemonldapEnableproxy 1
# Common usage
<VirtualHost *:443>
# Enabling protection
PerlInitHandler Lemonldap::Handler
# Example of disabling authentication
<Files *.jpg>
PerlSetVar LemonldapDisabled 1
</Files>
</VirtualHost>DESCRIPTION
Lemonldap is a collection of Perl modules written to implement a complete solution of web single sign on (Web-SSO).
This module provides an Apache module which can bu used to protect a web directory.
ADVANCED USAGE
Lemonldap::Handler has several others parameters:
Using several instances
If you want to use more than one instance (several VirtualHosts for example, you have to set a different SHM namespace for the configuration store and users store. Those names must consist of four alphanumerics:
<VirtualHost 1>
PerlInitHandler Lemonldap::Handler
PerlSetVar LemonldapConfigNameSpace LC01
PerlSetVar LemonldapUsersNameSpace LU01
</VirtualHost>
<VirtualHost 2>
PerlInitHandler Lemonldap::Handler2
PerlSetVar LemonldapConfigNameSpace LC02
PerlSetVar LemonldapUsersNameSpace LU02
</VirtualHost>NOTE: Lemonldap::Handler2 can be a simple copy of original package to avoid variable conflicts.
Logging
Lemonldap::Handler inform Apache of connected users for logging. In complement, it can generate a special log for the first access:
PerlSetVar LemonldapNotify 1Protecting user cookies
By default, Lemonldap::Handler transmits the user request to the remote application. If you want to hide the cookie to avoid programmers to usurp any identity, Lemonldap::Handler can do it:
PerlSetVar LemonldapStopCookie 1Notify unauthorizated requests
By default, Lemonldap::Handler call the Lemonldap::Handler::Intrusion sub called forbidden which deny just the request. See Lemonldap::Handler::Intrusion(3) for other available subroutines.
Exemple :
PerlSetVar LemonldapIntrusionProcess mailTuning the shared cache
Lemonldap::Handler use some shared memory to share users informations between all Apache's children. By defaults, this size is set to 65535. To increase it:
PerlSetVar LemonldapUsersShmSize 131069
PerlSetVar LemonldapConfigShmSize 131069By default, each Apache's child check the shared configuration each 120 seconds. You can change this value:
PerlSetVar LemonldapConfigUpdate 240SEE ALSO
Lemonldap(3), Lemonldap::Handler::Intrusion(3)
http://lemonldap.sourceforge.net/
"Writing Apache Modules with Perl and C" by Lincoln Stein & Doug MacEachern - O'REILLY
AUTHORS
COPYRIGHT AND LICENSE
Copyright (C) 2004 by Eric German & Xavier Guimard
Lemonldap originaly written by Eric german who decided to publish him in 2003 under the terms of the GNU General Public License version 2.
- This library is under the GNU General Public License, Version 2.
- The primary copyright holder is Eric German.
- Portions are copyrighted under the same license as Perl itself.
- Portions are copyrighted by Doug MacEachern and Lincoln Stein.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 dated June, 1991.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
A copy of the GNU General Public License is available in the source tree;
if not, write to the Free Software Foundation, Inc.,
59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.