NAME

Lemonldap::NG::Portal::Simple - Base module for building Lemonldap::NG compatible portals

SYNOPSIS

  use Lemonldap::NG::Portal::Simple;
  my $portal = new Lemonldap::NG::Portal::Simple(
         domain         => 'example.com',
         globalStorage  => 'Apache::Session::MySQL',
         globalStorageOptions => {
           DataSource   => 'dbi:mysql:database=dbname;host=127.0.0.1',
           UserName     => 'db_user',
           Password     => 'db_password',
           TableName    => 'sessions',
           LockDataSource   => 'dbi:mysql:database=dbname;host=127.0.0.1',
           LockUserName     => 'db_user',
           LockPassword     => 'db_password',
         },
         ldapServer     => 'ldap.domaine.com,ldap-backup.domaine.com',
         securedCookie  => 1,
         exportedVars  => {
           uid   => 'uid',
           cn    => 'cn',
           mail  => 'mail',
           appli => 'appli',
         },
         # Activate SOAP service
         Soap           => 1
    );
  
  if($portal->process()) {
    # Write here the menu with CGI methods. This page is displayed ONLY IF
    # the user was not redirected here.
    print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see L<CGI(3)>)
    print "...";

    # or redirect the user to the menu
    print $portal->redirect( -uri => 'https://portal/menu');
  }
  else {
    # Write here the html form used to authenticate with CGI methods.
    # $portal->error returns the error message if athentification failed
    # Warning: by defaut, input names are "user" and "password"
    print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see L<CGI(3)>)
    print "...";
    print '<form method="POST">';
    # In your form, the following value is required for redirection
    print '<input type="hidden" name="url" value="'.$portal->param('url').'">';
    # Next, login and password
    print 'Login : <input name="user"><br>';
    print 'Password : <input name="password" type="password" autocomplete="off">';
    print '<input type="submit" value="go" />';
    print '</form>';
  }

SOAP mode authentication (client) :

  #!/usr/bin/perl -l
  
  use SOAP::Lite;
  use Data::Dumper;
  
  my $soap =
    SOAP::Lite->proxy('http://auth.example.com/')
    ->uri('urn:/Lemonldap::NG::Common::::CGI::SOAPService');
  my $r = $soap->getCookies( 'user', 'password' );
  
  # Catch SOAP errors
  if ( $r->fault ) {
      print STDERR "SOAP Error: " . $r->fault->{faultstring};
  }
  else {
      my $res = $r->result();
  
      # If authentication failed, display error
      if ( $res->{error} ) {
          print STDERR "Error: " . $soap->error( 'fr', $res->{error} )->result();
      }
  
      # print session-ID
      else {
          print "Cookie: lemonldap=" . $res->{cookies}->{lemonldap};
      }
  }

DESCRIPTION

Lemonldap::NG::Portal::Simple is the base module for building Lemonldap::NG compatible portals. You can use it either by inheritance or by writing anonymous methods like in the example above.

See Lemonldap::NG::Portal::SharedConf for a complete example of use of Lemonldap::Portal::* libraries.

METHODS

Constructor (new)

Args

ldapServer: server(s) used to retrive session informations and to valid credentials (localhost by default). More than one server can be set here separated by commas. The servers will be tested in the specifies order. To use TLS, set "ldap+tls://server" and to use LDAPS, set "ldaps://server" instead of server name. If you use TLS, you can set any of the Net::LDAP->start_tls() sub like this: "ldap/tls://server/verify=none&capath=/etc/ssl" You can also use caFile and caPath parameters.
ldapPort: tcp port used by ldap server.
ldapBase: base of the ldap directory.
managerDn: dn to used to connect to ldap server. By default, anonymous bind is used.
managerPassword: password to used to connect to ldap server. By default, anonymous bind is used.
securedCookie: set it to 1 if you want to protect user cookies.
cookieName: name of the cookie used by Lemonldap::NG (lemon by default).
domain: cookie domain. You may have to give it else the SSO will work only on your server.
globalStorage: required: Apache::Session library to used to store session informations.
globalStorageOptions: parameters to bind to Apache::Session module
authentication: sheme to authenticate users (default: "ldap"). It can be set to:
- SSL: See Lemonldap::NG::Portal::AuthSSL.
caPath, caFile: if you use ldap+tls you can overwrite cafile or capath options with those parameters. This is usefull if you use a shared configuration.
ldapPpolicyControl: set it to 1 if you want to use LDAP Password Policy

Methods that can be overloaded

All the functions above can be overloaded to adapt Lemonldap::NG to your environment. They MUST return one of the exported constants (see above) and are called in this order by process().

controlUrlOrigin

If the user was redirected by a Lemonldap::NG handler, stores the url that will be used to redirect the user after authentication.

controlExistingSession

Controls if a previous session is always available. If true, it call the sub existingSession with two parameters: id and a scalar tied on Apache::Session module choosed to store sessions. See bellow

existingSession

This sub is called only if a previous session exists and is available. By defaults, it returns PE_OK so user is re-authenticated. You can overload it: for example if existingSession just returns PE_DONE: authenticated users are not re-authenticated and process> returns true.

extractFormInfo

Method implemented into Lemonldap::NG::Portal::Auth* modules. By default (ldap bind), converts form input into object variables ($self->{user} and $self->{password}).

formateParams

Does nothing. To be overloaded if needed.

formateFilter

Creates the ldap filter using $self->{user}. By default :

  $self->{filter} = "(&(uid=" . $self->{user} . ")(objectClass=inetOrgPerson))";

If $self->{authFilter} is set, it is used instead of this. This is used by Lemonldap::NG::Portal::Auth* modules to overload filter.

connectLDAP

Connects to LDAP server.

bind

Binds to the LDAP server using $self->{managerDn} and $self->{managerPassword} if exist. Anonymous bind is provided else.

search

Retrives the LDAP entry corresponding to the user using $self->{filter}.

setAuthSessionInfo

Same as setSessionInfo but implemented in Lemonldap::NG::Portal::Auth* modules.

setSessionInfo

Prepares variables to store in central cache (stored temporarily in $self-{sessionInfo}>). It use exportedVars entry (passed to the new sub) if defined to know what to store else it stores uid, cn and mail attributes.

getSessionInfo

Pick up an information stored in session.

setGroups

Does nothing by default.

authenticate

Method implemented in Lemonldap::NG::Portal::Auth* modules. By default (ldap), authenticates the user by rebinding to the LDAP server using the dn retrived with search() and the password.

store

Stores the informations collected by setSessionInfo into the central cache. The portal connects the cache using the Apache::Session module passed by the globalStorage parameters (see constructor).

unbind

Disconnects from the LDAP server.

buildCookie

Creates the Lemonldap::NG cookie.

log

Does nothing. To be overloaded if wanted.

autoRedirect

Redirects the user to the url stored by controlUrlOrigin().

Other methods

process

Main method.

error

Returns the error message corresponding to the error returned by the methods described above

error_type

Give the type of the error (positive, warning or positive)

translate_template

Define an HTML::Template filter to translate multilingual strings

_bind( $ldap, $dn, $password )

Method used to bind to the ldap server.

Overloads the CGI::header method to add Lemonldap::NG cookie.

redirect

Overloads the CGI::redirect method to add Lemonldap::NG cookie.

EXPORT

Constants

PE_OK: all is good
PE_SESSIONEXPIRED: the user session has expired
PE_FORMEMPTY: Nothing was entered in the login form
PE_USERNOTFOUND: the user was not found in the (ldap) directory
PE_WRONGMANAGERACCOUNT: the account used to bind to LDAP server in order to find the user distinguished name (dn) was refused by the server
PE_BADCREDENTIALS: bad login or password
PE_LDAPERROR: abnormal error from ldap
PE_APACHESESSIONERROR: abnormal error from Apache::Session
PE_FIRSTACCESS: First access to the portal
PE_BADCERTIFICATE: Wrong certificate
PE_PP_ACCOUNT_LOCKED: account locked
PE_PP_PASSWORD_EXPIRED: password axpired
PE_CERTIFICATEREQUIRED: certificate required
PE_ERROR: unclassified error

AUTHOR

Xavier Guimard, <x.guimard@free.fr>

BUG REPORT

Use OW2 system to report bug or ask for features: http://forge.objectweb.org/tracker/?group_id=274

DOWNLOAD

Lemonldap::NG is available at http://forge.objectweb.org/project/showfiles.php?group_id=274

COPYRIGHT AND LICENSE

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.4 or, at your option, any later version of Perl 5 you may have available.

To install Lemonldap::NG::Portal, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Lemonldap::NG::Portal

CPAN shell

perl -MCPAN -e shell
install Lemonldap::NG::Portal

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)