Provided by: liblemonldap-ng-portal-perl_1.9.16-2_all 
NAME
Lemonldap::NG::Portal::AuthSSL - Perl extension for building Lemonldap::NG compatible
portals with SSL authentication.
SYNOPSIS
With Lemonldap::NG::Portal::SharedConf, set authentication field to "SSL" in configuration
database.
With Lemonldap::NG::Portal::Simple:
use Lemonldap::NG::Portal::Simple;
my $portal = new Lemonldap::NG::Portal::Simple(
domain => 'example.com',
globalStorage => 'Apache::Session::MySQL',
globalStorageOptions => {
DataSource => 'dbi:mysql:database',
UserName => 'db_user',
Password => 'db_password',
TableName => 'sessions',
},
ldapServer => 'ldap.domaine.com',
securedCookie => 1,
authentication => 'SSL',
# SSLVar: field to search in client certificate
# default: SSL_CLIENT_S_DN_Email the mail address
SSLVar => 'SSL_CLIENT_S_DN_CN',
);
if($portal->process()) {
# Write here the menu with CGI methods. This page is displayed ONLY IF
# the user was not redirected here.
print $portal->header('text/html; charset=utf-8'); # DON'T FORGET THIS (see CGI(3))
print "...";
# or redirect the user to the menu
print $portal->redirect( -uri => 'https://portal/menu');
}
else {
# If the user enters here, IT MEANS THAT YOUR SSL PARAMETERS ARE BAD
print $portal->header('text/html; charset=utf-8'); # DON'T FORGET THIS (see CGI(3))
print "<html><body><h1>Unable to work</h1>";
print "This server isn't well configured. Contact your administrator.";
print "</body></html>";
}
Modify your httpd.conf:
<Location /My/File>
SSLVerifyClient optional # or 'require' if login/password are disabled
SSLOptions +StdEnvVars
</Location>
DESCRIPTION
This library just overload few methods of Lemonldap::NG::Portal::Simple to use Apache
SSLv3 mechanism: we've just to verify that $ENV{SSL_CLIENT_S_DN_Email} exists. So remenber
to export SSL variables to CGI.
If SSL is used, authenticationLevel is set to 5. You can use this parameter in
Lemonldap::NG::Handler rules to force users to use certificates in some applications:
virtualHost1 => {
'default' => '$authenticationLevel > 5 and $uid = "jeff"',
},
Note that you can use Apache SSL environment variables in "exported variables".
See Lemonldap::NG::Portal::Simple for usage and other methods.
SEE ALSO
Lemonldap::NG::Portal, Lemonldap::NG::Portal::Simple, <http://lemonldap-ng.org/>
AUTHOR
Clement Oudot, <clem.oudot@gmail.com>
François-Xavier Deltombe, <fxdeltombe@gmail.com.>
Xavier Guimard, <x.guimard@free.fr>
BUG REPORT
Use OW2 system to report bug or ask for features:
<https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>
DOWNLOAD
Lemonldap::NG is available at
<http://forge.objectweb.org/project/showfiles.php?group_id=274>
COPYRIGHT AND LICENSE
Copyright (C) 2006-2010 by Xavier Guimard, <x.guimard@free.fr>
Copyright (C) 2012-2013 by François-Xavier Deltombe, <fxdeltombe@gmail.com.>
Copyright (C) 2006-2012 by Clement Oudot, <clem.oudot@gmail.com>
This library is free software; you can redistribute it and/or modify it under the terms of
the GNU General Public License as published by the Free Software Foundation; either
version 2, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program.
If not, see <http://www.gnu.org/licenses/>.