NAME

Lemonldap::NG::Handler::SharedConf::DBI - Module to share Lemonldap::NG configuration using DBI.

SYNOPSIS

  package My::Package;
  use Lemonldap::NG::Handler::SharedConf::DBI;
  @ISA = qw(Lemonldap::NG::Handler::SharedConf::DBI);
  
  __PACKAGE__->init ( {
    localStorage        => "Cache::FileCache",
    localStorageOptions => {
        'namespace' => 'MyNamespace',
        'default_expires_in' => 600,
      },
    reloadTime          => 1200, # Default: 600
    dbiChain            => "DBI:mysql:database=$database;host=$hostname;port=$port",
    dbiUser             => "lemonldap",
    dbiPassword          => "password",
  } );

Call your package in /apache-dir/conf/httpd.conf :

  PerlRequire MyFile
  # TOTAL PROTECTION
  PerlInitHandler My::Package
  # OR SELECTED AREA
  <Location /protected-area>
    PerlInitHandler My::Package
  </Location>

The configuration is loaded only at Apache start. Create an URI to force configuration reload, so you don't need to restart Apache at each change :

  # /apache-dir/conf/httpd.conf
  <Location /location/that/I/ve/choosed>
    Order deny,allow
    Deny from all
    Allow from my.manager.com
    PerlInitHandler My::Package->refresh
  </Location>

DESCRIPTION

This library inherit from Lemonldap::NG::Handler::SharedConf to build a complete SSO Handler System: a central database contains the policy of your domain. People that want to access to a protected applications are redirected to the portal that run Lemonldap::NG::Portal::SharedConf::DBI. After reading configuration from the database and authenticating the user, it stores a key word for each application the user is granted to access to. Then the user is redirected to the application he wanted to access and the Apache handler build with Lemonldap::NG::Handler::SharedConf::DBI has just to verify that the keyword corresponding to the protected area is stored in the database.

EXPORT

Same as Lemonldap::NG::Handler::SharedConf.

OPERATION

Each new Apache child checks if there's a configuration stored in the local store. If not, it calls getConf to get one and store it in the local store by calling setconf.

Every 600 seconds (or $reload seconds), each Apache child checks if the local stored configuration has changed and reload it if it has.

SCHEME OF THE CONFIGURATION DATABASE

  CREATE TABLE lmConfig (
    cfgNum int,
    locationRules text,
    globalStorage text,
    globalStorageOptions text,
    exportedHeaders text,
    portal text,
    domain text,
    ldapServer text,
    ldapPort int,
    ldapBase text,
    securedCookie int,
    cookiename text,
    authentication text,
    exportedvars text,
    managerDn text,
    managerPassword text,
    PRIMARY KEY (cfgNum)
    );
  • cfgNum indicates the number of each configuration. Lemonldap::NG use always the highest.

  • locationRules, globalStorageOptions and exportedHeaders are hash references serialized by Storage::freeze. See Lemonldap::NG::Manager for more about this.

  • portal indicates the URL of the Lemonldap portal used to authenticate users.

  • globalStorage indicates the Apache::Session::* module used to store sessions.

SEE ALSO

Lemonldap::Manager, Lemonldap::NG::Portal::SharedConf::DBI, Lemonldap::NG::Handler, Lemonldap::NG::Handler::SharedConf

AUTHOR

Xavier Guimard, <x.guimard@free.fr>

COPYRIGHT AND LICENSE

Copyright (C) 2005 by Xavier Guimard <x.guimard@free.fr>

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.4 or, at your option, any later version of Perl 5 you may have available.