NAME

Lemonldap::NG::Handler::SharedConf::DBI - Module to share Lemonldap::NG configuration using DBI.

SYNOPSIS

  package My::Package;
  use Lemonldap::NG::Handler::SharedConf::DBI;
  @ISA = qw(Lemonldap::NG::Handler::SharedConf::DBI);
  
  __PACKAGE__->init ( {
    localStorage        => "Cache::DBFile",
    localStorageOptions => {},
    reloadTime          => 1200, # Default: 600
    dbiChain            => "DBI:mysql:database=$database;host=$hostname;port=$port",
    dbiUser             => "lemonldap",
    dbiassword          => "password",
  } );

Call your package in /apache-dir/conf/httpd.conf :

  PerlRequire MyFile
  # TOTAL PROTECTION
  PerlInitHandler My::Package
  # OR SELECTED AREA
  <Location /protected-area>
    PerlInitHandler My::Package
  </Location>

The configuration is loaded only at Apache start. Create an URI to force configuration reload, so you don't need to restart Apache at each change :

  # /apache-dir/conf/httpd.conf
  <Location /location/that/I/ve/choosed>
    Order deny,allow
    Deny from all
    Allow from my.manager.com
    PerlInitHandler My::Package::refresh
  </Location>

DESCRIPTION

Lemonldap::NG is a simple Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application (they just have to read some headers for accounting).

It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space.

This library inherit from Lemonldap::NG::Handler::SharedConf to build a complete SSO Handler System: a central database contains the policy of your domain. People that want to access to a protected applications are redirected to the portal that run Lemonldap::NG::Portal::SharedConf::DBI. After reading configuration from the database and authenticating the user, it stores a key word for each application the user is granted to access to. Then the user is redirected to the application he wanted to access and the Apache handler build with Lemonldap::NG::Handler::SharedConf::DBI has just to verify that the keyword corresponding to the protected area is stored in the database.

EXPORT

Same as Lemonldap::NG::Handler::SharedConf.

OPERATION

Each new Apache child checks if there's a configuration stored in the local store. If not, it calls getConf to get one and store it in the local store by calling setconf.

Every 600 seconds (or $reload seconds), each Apache child checks if the local stored configuration has changed and reload it if it has.

DIAGRAM OF THE CONFIGURATION DATABASE

  CREATE TABLE lmConfig (
    cfgNum int,
    locationRules text,
    globalStorage text,
    globalStorageOptions text,
    exportedHeaders text,
    portal text,
    PRIMARY KEY (cfgNum)
    );
  • cfgNum indicates the number of each configuration. Lemonldap::NG use always the highest.

  • locationRules, globalStorageOptions and exportedHeaders are hash references serialized by Storage::freeze. See Lemonldap::NG::Manager for more about this.

  • portal indicates the URL of the Lemonldap portal used to authenticate users.

  • globalStorage indicates the Apache::Session::* module used to store sessions.

SEE ALSO

Lemonldap::Manager, Lemonldap::NG::Portal::SharedConf::DBI, Lemonldap::NG::Handler, Lemonldap::NG::Handler::SharedConf

AUTHOR

Xavier Guimard, <x.guimard@free.fr>

COPYRIGHT AND LICENSE

Copyright (C) 2005 by Xavier Guimard <x.guimard@free.fr>

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.4 or, at your option, any later version of Perl 5 you may have available.

Lemonldap was originaly written by Eric german who decided to publish him in 2003 under the terms of the GNU General Public License version 2. Lemonldap::NG is a complete rewrite of Lemonldap and is able to have different policies in a same Apache virtual host.