Lemonldap::Portal::Sslsso - Perl extension for the Lemonldap SSO system
use Lemonldap::Portal::Sslsso; my $message ; my %params =Vars; my $stack_user=Lemonldap::Portal::Ssslsso->new('formateUser' => \&my_method); my $urlc; my $urldc; $retour=$stack_user->process(param => \%params, server => $ReverseProxyConfig::ldap_serveur, port => $ReverseProxyConfig::ldap_port, DnManager => $ReverseProxyConfig::ldap_admin_dn, passwordManager => $ReverseProxyConfig::ldap_admin_pd, branch => $ReverseProxyConfig::ldap_branch_people, id_certif => $ENV{SSL_CLIENT_S_DN_Email} , field_certif=>'mail' ); if ($retour) { $message=$retour->message; $erreur=$retour->error; } See in directory examples for more details
Lemonldap is a SSO system under GPL. In SSL environment all jobs are made by mod_ssl . In this case params user and password are useless. Sslsso.pm manages all the cycle of authentification : The user's mail is in the client certificate then the module 'll retrieve the ldap Entry. The OCSP protocol is available with the last release of mod_ssl. step 0 : setting configuration step 1 : manage the source of request step 2 : manage timeout step 3 : control the input form of user and password step 4 : formate the userid if needing step 5 : build the filter for the search step 6 : build subtree for the search ldap step 7 : make socket upon ldap server step 8 : bind operation step 9 : make search step 10 : confection of %session from ldap infos step 11 : unbind
Any step can bee overload for include your custom method.
standards errors messages : 1 => 'Your connection has expired; You must to be authentified once again', 3 => 'Wrong directory manager account or password' , 4 => 'not found in directory',
my $stack_user= Lemonldap::Portal::Sslsso->new('standard_method' => \&my_method);
$retour=$stack_user->process(param => \%params, server => 'ldap_serveur', port => 'ldap_port', DnManager => 'ldap_admin_dn', passwordManager => 'ldap_admin_pd', branch => 'ldap_branch_people', id_certif => $ENV{SSL_CLIENT_S_DN_Email} , field_certif=>'mail' ); You can keep DnManager and passwordManager in undef state in order to provide anonymous bind. Don't pass them like parameter for this. %params is the hash initialized whith CGI params urlc : url of the original request . id_certif : Environment variable get next to mod_ssl field_certif: the ldap attribute which refers to id_certif value
return the text of error
return the number of error
return a reference of hash of session
return a plaintext url of redirection
return a list of encoded url and decoded url of redirection
Lemonldap(3), Lemonldap::Handler::Intrusion(3)
http://lemonldap.sourceforge.net/
"Writing Apache Modules with Perl and C" by Lincoln Stein & Doug MacEachern - O'REILLY
See the examples directory
Copyright (C) 2004 by Eric German & Xavier Guimard
Lemonldap originaly written by Eric german who decided to publish him in 2003 under the terms of the GNU General Public License version 2.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 dated June, 1991. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. A copy of the GNU General Public License is available in the source tree; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
To install Lemonldap::Portal::Sslsso, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Lemonldap::Portal::Sslsso
CPAN shell
perl -MCPAN -e shell install Lemonldap::Portal::Sslsso
For more information on module installation, please visit the detailed CPAN module installation guide.