Provided by: liblemonldap-ng-portal-perl_1.9.16-2_all bug

NAME

       Lemonldap::NG::Portal::AuthSSL - Perl extension for building Lemonldap::NG compatible
       portals with SSL authentication.

SYNOPSIS

       With Lemonldap::NG::Portal::SharedConf, set authentication field to "SSL" in configuration
       database.

       With Lemonldap::NG::Portal::Simple:

         use Lemonldap::NG::Portal::Simple;
         my $portal = new Lemonldap::NG::Portal::Simple(
                domain         => 'example.com',
                globalStorage  => 'Apache::Session::MySQL',
                globalStorageOptions => {
                  DataSource   => 'dbi:mysql:database',
                  UserName     => 'db_user',
                  Password     => 'db_password',
                  TableName    => 'sessions',
                },
                ldapServer     => 'ldap.domaine.com',
                securedCookie  => 1,
                authentication => 'SSL',

                # SSLVar: field to search in client certificate
                #         default: SSL_CLIENT_S_DN_Email the mail address
                SSLVar         => 'SSL_CLIENT_S_DN_CN',
           );

         if($portal->process()) {
           # Write here the menu with CGI methods. This page is displayed ONLY IF
           # the user was not redirected here.
           print $portal->header('text/html; charset=utf-8'); # DON'T FORGET THIS (see CGI(3))
           print "...";

           # or redirect the user to the menu
           print $portal->redirect( -uri => 'https://portal/menu');
         }
         else {
           # If the user enters here, IT MEANS THAT YOUR SSL PARAMETERS ARE BAD
           print $portal->header('text/html; charset=utf-8'); # DON'T FORGET THIS (see CGI(3))
           print "<html><body><h1>Unable to work</h1>";
           print "This server isn't well configured. Contact your administrator.";
           print "</body></html>";
         }

       Modify your httpd.conf:

         <Location /My/File>
           SSLVerifyClient optional # or 'require' if login/password are disabled
           SSLOptions +StdEnvVars
         </Location>

DESCRIPTION

       This library just overload few methods of Lemonldap::NG::Portal::Simple to use Apache
       SSLv3 mechanism: we've just to verify that $ENV{SSL_CLIENT_S_DN_Email} exists. So remenber
       to export SSL variables to CGI.

       If SSL is used, authenticationLevel is set to 5. You can use this parameter in
       Lemonldap::NG::Handler rules to force users to use certificates in some applications:

         virtualHost1 => {
           'default' => '$authenticationLevel > 5 and $uid = "jeff"',
         },

       Note that you can use Apache SSL environment variables in "exported variables".

       See Lemonldap::NG::Portal::Simple for usage and other methods.

SEE ALSO

       Lemonldap::NG::Portal, Lemonldap::NG::Portal::Simple, <http://lemonldap-ng.org/>

AUTHOR

       Clement Oudot, <clem.oudot@gmail.com>
       François-Xavier Deltombe, <fxdeltombe@gmail.com.>
       Xavier Guimard, <x.guimard@free.fr>

BUG REPORT

       Use OW2 system to report bug or ask for features:
       <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>

DOWNLOAD

       Lemonldap::NG is available at
       <http://forge.objectweb.org/project/showfiles.php?group_id=274>

COPYRIGHT AND LICENSE

       Copyright (C) 2006-2010 by Xavier Guimard, <x.guimard@free.fr>
       Copyright (C) 2012-2013 by François-Xavier Deltombe, <fxdeltombe@gmail.com.>
       Copyright (C) 2006-2012 by Clement Oudot, <clem.oudot@gmail.com>

       This library is free software; you can redistribute it and/or modify it under the terms of
       the GNU General Public License as published by the Free Software Foundation; either
       version 2, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
       without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
       See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program.
       If not, see <http://www.gnu.org/licenses/>.