Clément OUDOT > Lemonldap-NG-Portal > Lemonldap::NG::Portal::AuthSSL



Annotate this POD


Open  0
View/Report Bugs
Module Version: 1.4.1   Source  


Lemonldap::NG::Portal::AuthSSL - Perl extension for building Lemonldap::NG compatible portals with SSL authentication.


With Lemonldap::NG::Portal::SharedConf, set authentication field to "SSL" in configuration database.

With Lemonldap::NG::Portal::Simple:

  use Lemonldap::NG::Portal::Simple;
  my $portal = new Lemonldap::NG::Portal::Simple(
         domain         => '',
         globalStorage  => 'Apache::Session::MySQL',
         globalStorageOptions => {
           DataSource   => 'dbi:mysql:database',
           UserName     => 'db_user',
           Password     => 'db_password',
           TableName    => 'sessions',
         ldapServer     => '',
         securedCookie  => 1,
         authentication => 'SSL',
         # SSLVar: field to search in client certificate
         #         default: SSL_CLIENT_S_DN_Email the mail address
         SSLVar         => 'SSL_CLIENT_S_DN_CN',

  if($portal->process()) {
    # Write here the menu with CGI methods. This page is displayed ONLY IF
    # the user was not redirected here.
    print $portal->header('text/html; charset=utf-8'); # DON'T FORGET THIS (see CGI(3))
    print "...";

    # or redirect the user to the menu
    print $portal->redirect( -uri => 'https://portal/menu');
  else {
    # If the user enters here, IT MEANS THAT YOUR SSL PARAMETERS ARE BAD
    print $portal->header('text/html; charset=utf-8'); # DON'T FORGET THIS (see CGI(3))
    print "<html><body><h1>Unable to work</h1>";
    print "This server isn't well configured. Contact your administrator.";
    print "</body></html>";

Modify your httpd.conf:

  <Location /My/File>
    SSLVerifyClient optional # or 'require' if login/password are disabled
    SSLOptions +StdEnvVars


This library just overload few methods of Lemonldap::NG::Portal::Simple to use Apache SSLv3 mechanism: we've just to verify that $ENV{SSL_CLIENT_S_DN_Email} exists. So remenber to export SSL variables to CGI.

If SSL is used, authenticationLevel is set to 5. You can use this parameter in Lemonldap::NG::Handler rules to force users to use certificates in some applications:

  virtualHost1 => {
    'default' => '$authenticationLevel > 5 and $uid = "jeff"',

Note that you can use Apache SSL environment variables in "exported variables".

See Lemonldap::NG::Portal::Simple for usage and other methods.


Lemonldap::NG::Portal, Lemonldap::NG::Portal::Simple,


Clement Oudot, <>
François-Xavier Deltombe, <>
Xavier Guimard, <>


Use OW2 system to report bug or ask for features:


Lemonldap::NG is available at


Copyright (C) 2006, 2007, 2008, 2009, 2010 by Xavier Guimard, <>
Copyright (C) 2012, 2013 by François-Xavier Deltombe, <>
Copyright (C) 2006, 2009, 2010, 2012 by Clement Oudot, <>

This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see

syntax highlighting: