NAME
Lemonldap::NG::Portal::Simple - Base module for building Lemonldap::NG compatible portals
SYNOPSIS
use Lemonldap::NG::Portal::Simple;
my $portal = new Lemonldap::NG::Portal::Simple(
domain => 'gendarmerie.defense.gouv.fr',
globalStorage => 'Apache::Session::MySQL',
globalStorageOptions => {
DataSource => 'dbi:mysql:database=dbname;host=127.0.0.1',
UserName => 'db_user',
Password => 'db_password',
TableName => 'sessions',
LockDataSource => 'dbi:mysql:database=dbname;host=127.0.0.1',
LockUserName => 'db_user',
LockPassword => 'db_password',
},
ldapServer => 'ldap.domaine.com',
securedCookie => 1,
exportedVars => ["uid","cn","mail","appli"],
);
if($portal->process()) {
# Write here the menu with CGI methods. This page is displayed ONLY IF
# the user was not redirected here.
print $portal->header; # DON'T FORGET THIS (see L<CGI(3)>)
print "...";
# or redirect the user to the menu
print $portal->redirect( -uri => 'https://portal/menu');
}
else {
# Write here the html form used to authenticate with CGI methods.
# $portal->error returns the error message if athentification failed
# Warning: by defaut, input names are "user" and "password"
print $portal->header; # DON'T FORGET THIS (see L<CGI(3)>)
print "...";
print '<form method="POST">';
# In your form, the following value is required for redirection
print '<input type="hidden" name="url" value="'.$portal->param('url').'">';
# Next, login and password
print 'Login : <input name="user"><br>';
print 'Password : <input name="password" type="password" autocomplete="off">';
print '<input type="submit" value="go" />';
print '</form>';
}
DESCRIPTION
Lemonldap::NG::Portal::Simple is the base module for building Lemonldap::NG compatible portals. You can use it either by inheritance or by writing anonymous methods like in the example above.
See Lemonldap::NG::Portal::SharedConf::DBI for a complete example of use of Lemonldap::Portal::* libraries.
METHODS
Constructor (new)
Args
ldapServer: server used to retrive session informations and to valid credentials (localhost by default).
ldapPort: tcp port used by ldap server.
ldapBase: base of the ldap directory.
managerDn: dn to used to connect to ldap server. By default, anonymous bind is used.
managerPassword: password to used to connect to ldap server. By default, anonymous bind is used.
securedCookie: set it to 1 if you want to protect user cookies
cookieName: name of the cookie used by Lemonldap (lemon by default)
domain: cookie domain. You may have to give it else the SSO will work only on your server.
globalStorage: required: Apache::Session library to used to store session informations
globalStorageOptions: parameters to bind to Apache::Session module
authentication: sheme to authenticate users (default: "ldap"). It can be set to:
SSL: See Lemonldap::NG::Portal::AuthSSL.
Methods that can be overloaded
All the functions above can be overloaded to adapt Lemonldap to your environment. They MUST return one of the exported constants (see above) and are called in this order by process().
controlUrlOrigin
If the user was redirected by a Lemonldap NG handler, stores the url that will be used to redirect the user after authentication.
controlExistingSession
Controls if a previous session is always available.
extractFormInfo
Converts form input into object variables ($self->{user} and $self->{password}).
formateParams
Does nothing. To be overloaded if needed.
formateFilter
Creates the ldap filter using $self->{user}. By default :
$self->{filter} = "(&(uid=" . $self->{user} . ")(objectClass=person))";
connectLDAP
Connects to LDAP server.
bind
Binds to the LDAP server using $self->{managerDn} and $self->{managerPassword} if exist. Anonymous bind is provided else.
search
Retrives the LDAP entry corresponding to the user using $self->{filter}.
setSessionInfo
Prepares variables to store in central cache (stored temporarily in $self-
{sessionInfo}>). It use exportedVars
entry (passed to the new sub) if defined to know what to store else it stores uid, cn and mail attributes.
setGroups
Does nothing by default.
authenticate
Authenticates the user by rebinding to the LDAP server using the dn retrived with search() and the password.
store
Stores the informations collected by setSessionInfo into the central cache. The portal connects the cache using the Apache::Session module passed by the globalStorage parameters (see constructor).
unbind
Disconnects from the LDAP server.
buildCookie
Creates the Lemonldap cookie.
autoRedirect
Redirects the user to the url stored by controlUrlOrigin().
log
Does nothing. To be overloaded if wanted.
Other methods
process
Main method.
error
Returns the error message corresponding to the error returned by the methods described above
_bind( $ldap, $dn, $password )
Non-object method used to bind to the ldap server.
header
Overloads the CGI::header method to add Lemonldap cookie.
redirect
Overloads the CGI::redirect method to add Lemonldap cookie.
EXPORT
Constants
PE_OK: all is good
PE_SESSIONEXPIRED: the user session has expired
PE_FORMEMPTY: Nothing was entered in the login form
PE_USERNOTFOUND: the user was not found in the (ldap) directory
PE_WRONGMANAGERACCOUNT: the account used to bind to LDAP server in order to find the user distinguished name (dn) was refused by the server
PE_BADCREDENTIALS: bad login or password
PE_LDAPERROR: abnormal error from ldap
PE_APACHESESSIONERROR: abnormal error from Apache::Session
PE_FIRSTACCESS: First access to the portal
PE_BADCERTIFICATE: Wrong certificate
SEE ALSO
Lemonldap::NG::Handler, Lemonldap::NG::Portal::SharedConf::DBI, CGI
AUTHOR
Xavier Guimard, <x.guimard@free.fr>
COPYRIGHT AND LICENSE
Copyright (C) 2005 by Xavier Guimard <x.guimard@free.fr>
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.4 or, at your option, any later version of Perl 5 you may have available.