Provided by: liblemonldap-ng-portal-perl_1.9.16-2_all bug

NAME

       Lemonldap::NG::Portal::Simple - Base module for building Lemonldap::NG compatible portals

SYNOPSIS

         use Lemonldap::NG::Portal::Simple;
         my $portal = new Lemonldap::NG::Portal::Simple(
                domain         => 'example.com',
                globalStorage  => 'Apache::Session::MySQL',
                globalStorageOptions => {
                  DataSource   => 'dbi:mysql:database=dbname;host=127.0.0.1',
                  UserName     => 'db_user',
                  Password     => 'db_password',
                  TableName    => 'sessions',
                  LockDataSource   => 'dbi:mysql:database=dbname;host=127.0.0.1',
                  LockUserName     => 'db_user',
                  LockPassword     => 'db_password',
                },
                ldapServer     => 'ldap.domaine.com,ldap-backup.domaine.com',
                securedCookie  => 1,
                exportedVars  => {
                  uid   => 'uid',
                  cn    => 'cn',
                  mail  => 'mail',
                  appli => 'appli',
                },
                # Activate SOAP service
                Soap           => 1
           );

         if($portal->process()) {
           # Write here the menu with CGI methods. This page is displayed ONLY IF
           # the user was not redirected here.
           print $portal->header('text/html; charset=utf-8'); # DON'T FORGET THIS (see L<CGI(3)>)
           print "...";

           # or redirect the user to the menu
           print $portal->redirect( -uri => 'https://portal/menu');
         }
         else {
           # Write here the html form used to authenticate with CGI methods.
           # $portal->error returns the error message if athentification failed
           # Warning: by default, input names are "user" and "password"
           print $portal->header('text/html; charset=utf-8'); # DON'T FORGET THIS (see L<CGI(3)>)
           print "...";
           print '<form method="POST">';
           # In your form, the following value is required for redirection
           print '<input type="hidden" name="url" value="'.$portal->param('url').'">';
           # Next, login and password
           print 'Login : <input name="user"><br>';
           print 'Password : <input name="password" type="password">';
           print '<input type="submit" value="go" />';
           print '</form>';
         }

       SOAP mode authentication (client) :

         #!/usr/bin/perl -l

         use SOAP::Lite;
         use Data::Dumper;

         my $soap =
           SOAP::Lite->proxy('http://auth.example.com/')
           ->uri('urn:/Lemonldap::NG::Common::CGI::SOAPService');
         my $r = $soap->getCookies( 'user', 'password' );

         # Catch SOAP errors
         if ( $r->fault ) {
             print STDERR "SOAP Error: " . $r->fault->{faultstring};
         }
         else {
             my $res = $r->result();

             # If authentication failed, display error
             if ( $res->{error} ) {
                 print STDERR "Error: " . $soap->error( $res->{error} )->result();
             }

             # print session-ID
             else {
                 print "Cookie: lemonldap=" . $res->{cookies}->{lemonldap};
             }
         }

DESCRIPTION

       Lemonldap::NG::Portal::Simple is the base module for building Lemonldap::NG compatible
       portals. You can use it either by inheritance or by writing anonymous methods like in the
       example above.

       See Lemonldap::NG::Portal::SharedConf for a complete example of use of
       Lemonldap::Portal::* libraries.

METHODS

   Constructor (new)
       Args

       •   ldapServer: server(s) used to retrieve session information and to valid credentials
           (localhost by default). More than one server can be set here separated by commas. The
           servers will be tested in the specifies order.  To use TLS, set "ldap+tls://server"
           and to use LDAPS, set "ldaps://server" instead of server name. If you use TLS, you can
           set any of the Net::LDAP->start_tls() sub like this:
             "ldap/tls://server/verify=none&capath=/etc/ssl" You can also use caFile and caPath
           parameters.

       •   ldapPort: tcp port used by ldap server.

       •   ldapBase: base of the ldap directory.

       •   managerDn: dn to used to connect to ldap server. By default, anonymous bind is used.

       •   managerPassword: password to used to connect to ldap server. By default, anonymous
           bind is used.

       •   securedCookie: set it to 1 if you want to protect user cookies.

       •   cookieName: name of the cookie used by Lemonldap::NG (lemon by default).

       •   domain: cookie domain. You may have to give it else the SSO will work only on your
           server.

       •   globalStorage: required: Apache::Session library to used to store session information.

       •   globalStorageOptions: parameters to bind to Apache::Session module

       •   authentication: sheme to authenticate users (default: "ldap"). It can be set to:

           •   SSL: See Lemonldap::NG::Portal::AuthSSL.

       •   caPath, caFile: if you use ldap+tls you can overwrite cafile or capath options with
           those parameters. This is useful if you use a shared configuration.

       •   ldapPpolicyControl: set it to 1 if you want to use LDAP Password Policy

       •   grantSessionRule: rule applied to grant session opening for a user. Can use all
           exported attributes, macros, groups and custom functions.

   Methods that can be overloaded
       All the functions above can be overloaded to adapt Lemonldap::NG to your environment. They
       MUST return one of the exported constants (see above) and are called in this order by
       process().

       controlUrlOrigin

       If the user was redirected by a Lemonldap::NG handler, stores the url that will be used to
       redirect the user after authentication.

       controlExistingSession

       Controls if a previous session is always available. If true, it call the sub
       "existingSession" with two parameters: id and a scalar tied on Apache::Session module
       choosed to store sessions. See below

       existingSession

       This sub is called only if a previous session exists and is available. By defaults, it
       returns PE_OK so user is re-authenticated. You can overload it: for example if
       existingSession just returns PE_DONE: authenticated users are not re-authenticated and
       ""process> returns true.

       extractFormInfo

       Method implemented into Lemonldap::NG::Portal::Auth* modules. By default (ldap bind),
       converts form input into object variables ($self->{user} and $self->{password}).

       formateParams

       Does nothing. To be overloaded if needed.

       formateFilter

       Creates the ldap filter using $self->{user}. By default :

         $self->{filter} = "(&(uid=" . $self->{user} . ")(objectClass=inetOrgPerson))";

       If $self->{AuthLDAPFilter} is set, it is used instead of this. This is used by
       Lemonldap::NG::Portal::Auth* modules to overload filter.

       connectLDAP

       Connects to LDAP server.

       bind

       Binds to the LDAP server using $self->{managerDn} and $self->{managerPassword} if exist.
       Anonymous bind is provided else.

       search

       Retrieves the LDAP entry corresponding to the user using $self->{filter}.

       setAuthSessionInfo

       Same as setSessionInfo but implemented in Lemonldap::NG::Portal::Auth* modules.

       setSessionInfo

       Prepares variables to store in central cache (stored temporarily in
       "$self-"{sessionInfo}>). It use "exportedVars" entry (passed to the new sub) if defined to
       know what to store else it stores uid, cn and mail attributes.

       getSessionInfo

       Pick up an information stored in session.

       setGroups

       Does nothing by default.

       authenticate

       Method implemented in Lemonldap::NG::Portal::Auth* modules. By default (ldap),
       authenticates the user by rebinding to the LDAP server using the dn retrieved with
       search() and the password.

       grantSession

       Use grantSessionRule parameter to allow session opening.

       store

       Stores information collected by setSessionInfo into the central cache.  The portal
       connects the cache using the Apache::Session module passed by the globalStorage parameters
       (see constructor).

       unbind

       Disconnects from the LDAP server.

       buildCookie

       Creates the Lemonldap::NG cookie.

       log

       Does nothing. To be overloaded if wanted.

       autoRedirect

       Redirects the user to the url stored by controlUrlOrigin().

   Other methods
       process

       Main method.

       error

       Returns the error message corresponding to the error returned by the methods described
       above

       error_type

       Give the type of the error (positive, warning or positive)

       _bind( $ldap, $dn, $password )

       Method used to bind to the ldap server.

       header

       Overloads the CGI::header method to add Lemonldap::NG cookie.

       redirect

       Overloads the CGI::redirect method to add Lemonldap::NG cookie.

   EXPORT
       ConstantsPE_OK: all is good

       •    PE_SESSIONEXPIRED: the user session has expired

       •    PE_FORMEMPTY: Nothing was entered in the login form

       •    PE_USERNOTFOUND: the user was not found in the (ldap) directory

       •    PE_WRONGMANAGERACCOUNT: the account used to bind to LDAP server in order to find the
            user distinguished name (dn) was refused by the server

       •    PE_BADCREDENTIALS: bad login or password

       •    PE_LDAPERROR: abnormal error from ldap

       •    PE_APACHESESSIONERROR: abnormal error from Apache::Session

       •    PE_FIRSTACCESS: First access to the portal

       •    PE_BADCERTIFICATE: Wrong certificate

       •    PE_PP_ACCOUNT_LOCKED: account locked

       •    PE_PP_PASSWORD_EXPIRED: password axpired

       •    PE_CERTIFICATEREQUIRED: certificate required

       •    PE_ERROR: unclassified error

SEE ALSO

       Lemonldap::NG::Handler, Lemonldap::NG::Portal::SharedConf, CGI, <http://lemonldap-ng.org/>

AUTHOR

       Clement Oudot, <clem.oudot@gmail.com>
       François-Xavier Deltombe, <fxdeltombe@gmail.com.>
       Xavier Guimard, <x.guimard@free.fr>
       Sandro Cazzaniga, <cazzaniga.sandro@gmail.com>
       Thomas Chemineau, <thomas.chemineau@gmail.com>

BUG REPORT

       Use OW2 system to report bug or ask for features:
       <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>

DOWNLOAD

       Lemonldap::NG is available at
       <http://forge.objectweb.org/project/showfiles.php?group_id=274>

COPYRIGHT AND LICENSE

       Copyright (C) 2005-2016 by Xavier Guimard, <x.guimard@free.fr>
       Copyright (C) 2012 by Sandro Cazzaniga, <cazzaniga.sandro@gmail.com>
       Copyright (C) 2012-2013 by François-Xavier Deltombe, <fxdeltombe@gmail.com.>
       Copyright (C) 2006-2016 by Clement Oudot, <clem.oudot@gmail.com>
       Copyright (C) 2010-2011 by Thomas Chemineau, <thomas.chemineau@gmail.com>

       This library is free software; you can redistribute it and/or modify it under the terms of
       the GNU General Public License as published by the Free Software Foundation; either
       version 2, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
       without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
       See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program.
       If not, see <http://www.gnu.org/licenses/>.