Lemonldap::NG::Portal::Simple - Base module for building Lemonldap::NG compatible portals
use Lemonldap::NG::Portal::Simple;
my $portal = new Lemonldap::NG::Portal::Simple(
domain => 'example.com',
globalStorage => 'Apache::Session::MySQL',
globalStorageOptions => {
DataSource => 'dbi:mysql:database=dbname;host=127.0.0.1',
UserName => 'db_user',
Password => 'db_password',
TableName => 'sessions',
LockDataSource => 'dbi:mysql:database=dbname;host=127.0.0.1',
LockUserName => 'db_user',
LockPassword => 'db_password',
},
ldapServer => 'ldap.domaine.com,ldap-backup.domaine.com',
securedCookie => 1,
exportedVars => {
uid => 'uid',
cn => 'cn',
mail => 'mail',
appli => 'appli',
},
# Activate SOAP service
Soap => 1
);
if($portal->process()) {
# Write here the menu with CGI methods. This page is displayed ONLY IF
# the user was not redirected here.
print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see L<CGI(3)>)
print "...";
# or redirect the user to the menu
print $portal->redirect( -uri => 'https://portal/menu');
}
else {
# Write here the html form used to authenticate with CGI methods.
# $portal->error returns the error message if athentification failed
# Warning: by defaut, input names are "user" and "password"
print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see L<CGI(3)>)
print "...";
print '<form method="POST">';
# In your form, the following value is required for redirection
print '<input type="hidden" name="url" value="'.$portal->param('url').'">';
# Next, login and password
print 'Login : <input name="user"><br>';
print 'Password : <input name="password" type="password" autocomplete="off">';
print '<input type="submit" value="go" />';
print '</form>';
}
SOAP mode authentication (client) :
#!/usr/bin/perl -l
use SOAP::Lite;
use Data::Dumper;
my $soap =
SOAP::Lite->proxy('http://auth.example.com/')
->uri('urn:/Lemonldap::NG::Common::CGI::SOAPService');
my $r = $soap->getCookies( 'user', 'password' );
# Catch SOAP errors
if ( $r->fault ) {
print STDERR "SOAP Error: " . $r->fault->{faultstring};
}
else {
my $res = $r->result();
# If authentication failed, display error
if ( $res->{error} ) {
print STDERR "Error: " . $soap->error( 'fr', $res->{error} )->result();
}
# print session-ID
else {
print "Cookie: lemonldap=" . $res->{cookies}->{lemonldap};
}
}
Lemonldap::NG::Portal::Simple is the base module for building Lemonldap::NG compatible portals. You can use it either by inheritance or by writing anonymous methods like in the example above.
See Lemonldap::NG::Portal::SharedConf for a complete example of use of Lemonldap::Portal::* libraries.
All the functions above can be overloaded to adapt Lemonldap::NG to your environment. They MUST return one of the exported constants (see above) and are called in this order by process().
If the user was redirected by a Lemonldap::NG handler, stores the url that will be used to redirect the user after authentication.
Controls if a previous session is always available. If true, it call the sub existingSession with two parameters: id and a scalar tied on Apache::Session module choosed to store sessions. See bellow
This sub is called only if a previous session exists and is available. By defaults, it returns PE_OK so user is re-authenticated. You can overload it: for example if existingSession just returns PE_DONE: authenticated users are not re-authenticated and process> returns true.
Method implemented into Lemonldap::NG::Portal::Auth* modules. By default (ldap bind), converts form input into object variables ($self->{user} and $self->{password}).
Does nothing. To be overloaded if needed.
Creates the ldap filter using $self->{user}. By default :
$self->{filter} = "(&(uid=" . $self->{user} . ")(objectClass=inetOrgPerson))";
If $self->{AuthLDAPFilter} is set, it is used instead of this. This is used by Lemonldap::NG::Portal::Auth* modules to overload filter.
Connects to LDAP server.
Binds to the LDAP server using $self->{managerDn} and $self->{managerPassword} if exist. Anonymous bind is provided else.
Retrives the LDAP entry corresponding to the user using $self->{filter}.
Same as setSessionInfo but implemented in Lemonldap::NG::Portal::Auth* modules.
Prepares variables to store in central cache (stored temporarily in $self-{sessionInfo}>). It use exportedVars entry (passed to the new sub) if defined to know what to store else it stores uid, cn and mail attributes.
Pick up an information stored in session.
Does nothing by default.
Method implemented in Lemonldap::NG::Portal::Auth* modules. By default (ldap), authenticates the user by rebinding to the LDAP server using the dn retrived with search() and the password.
Use grantSessionRule parameter to allow session opening.
Stores information collected by setSessionInfo into the central cache. The portal connects the cache using the Apache::Session module passed by the globalStorage parameters (see constructor).
Disconnects from the LDAP server.
Creates the Lemonldap::NG cookie.
Does nothing. To be overloaded if wanted.
Redirects the user to the url stored by controlUrlOrigin().
Main method.
Returns the error message corresponding to the error returned by the methods described above
Give the type of the error (positive, warning or positive)
Method used to bind to the ldap server.
Overloads the CGI::header method to add Lemonldap::NG cookie.
Overloads the CGI::redirect method to add Lemonldap::NG cookie.
Lemonldap::NG::Handler, Lemonldap::NG::Portal::SharedConf, CGI, http://lemonldap-ng.org/
Xavier Guimard, <x.guimard@free.fr>
Use OW2 system to report bug or ask for features: http://jira.ow2.org
Lemonldap::NG is available at http://forge.objectweb.org/project/showfiles.php?group_id=274
Copyright (C) 2005, 2009, 2010 by Xavier Guimard <x.guimard@free.fr> and Clement Oudot, <coudot@linagora.com>
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.10.0 or, at your option, any later version of Perl 5 you may have available.
