Lemonldap::Portal::Sslsso - Perl extension for the Lemonldap SSO system


  use Lemonldap::Portal::Sslsso;
 my $message ;
 my %params =Vars;
 my $stack_user=Lemonldap::Portal::Ssslsso->new('formateUser' => \&my_method);
 my $urlc;
 my $urldc; 
 $retour=$stack_user->process(param =>  \%params,           
                server          => $ReverseProxyConfig::ldap_serveur,
                port            => $ReverseProxyConfig::ldap_port,
                DnManager       => $ReverseProxyConfig::ldap_admin_dn,
                passwordManager => $ReverseProxyConfig::ldap_admin_pd,
                branch => $ReverseProxyConfig::ldap_branch_people,  
                id_certif => $ENV{SSL_CLIENT_S_DN_Email} ,
    if ($retour)   { 

 See in directory examples for more details  


 Lemonldap is a SSO system under GPL. 
 In SSL environment all jobs are made by mod_ssl .
 In this case  params user and  password are useless.  manages all the cycle of authentification : The user's mail is in the client certificate then the module 'll retrieve the ldap Entry. 
 The OCSP protocol is available with the last release of mod_ssl. 
 step 0  : setting configuration
 step 1  : manage the source of request
 step 2  : manage timeout 
 step 3  : control the input form of user and password
 step 4  : formate the userid if needing
 step 5  : build the filter for  the  search
 step 6  : build subtree for the search ldap 
 step 7  : make socket upon ldap server
 step 8  : bind operation
 step 9  : make search
 step 10 : confection of %session from ldap infos   
 step 11 : unbind 

Any step can bee overload for include your custom method.

 standards errors messages :

 1 => 'Your connection has expired; You must to be authentified once again',
 3 => 'Wrong directory manager account or password' ,
 4  => 'not found in directory',



my $stack_user= Lemonldap::Portal::Sslsso->new('standard_method' => \&my_method);


 $retour=$stack_user->process(param =>  \%params,           
                server          => 'ldap_serveur',
                port            => 'ldap_port',
                DnManager       => 'ldap_admin_dn',
                passwordManager => 'ldap_admin_pd',
                branch => 'ldap_branch_people',  
                id_certif => $ENV{SSL_CLIENT_S_DN_Email} ,
  You can keep DnManager and passwordManager in undef state in order to  provide 
   anonymous bind.
   Don't pass them like parameter for this. 

  %params is  the hash initialized whith  CGI params 
  urlc : url of  the original request .
  id_certif : Environment variable get next to mod_ssl
  field_certif: the ldap attribute which refers to id_certif value 

message() ;

  return the text of error 

error() ;

  return the  number of error 

sub infoSession ()

  return a reference of hash of session 

getRedirection ()

  return a plaintext url of redirection

(urlc,urldc) :getAllRedirection ()

  return a  list of encoded url and decoded  url of redirection



Lemonldap(3), Lemonldap::Handler::Intrusion(3)

"Writing Apache Modules with Perl and C" by Lincoln Stein & Doug MacEachern - O'REILLY

 See the examples directory


Eric German, <>
Xavier Guimard, <>


Copyright (C) 2004 by Eric German & Xavier Guimard

Lemonldap originaly written by Eric german who decided to publish him in 2003 under the terms of the GNU General Public License version 2.

This package is under the GNU General Public License, Version 2.
Portions are copyrighted under the same license as Perl itself.
Portions are copyrighted by Doug MacEachern and Lincoln Stein. This library is under the GNU General Public License, Version 2.
  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; version 2 dated June, 1991.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  GNU General Public License for more details.

  A copy of the GNU General Public License is available in the source tree;
  if not, write to the Free Software Foundation, Inc.,
  59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.