.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .if !\nF .nr F 0 .if \nF>0 \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} .\} .\" ======================================================================== .\" .IX Title "Lemonldap::NG::Portal::Simple 3pm" .TH Lemonldap::NG::Portal::Simple 3pm "2018-10-07" "perl v5.26.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" Lemonldap::NG::Portal::Simple \- Base module for building Lemonldap::NG compatible portals .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 10 \& use Lemonldap::NG::Portal::Simple; \& my $portal = new Lemonldap::NG::Portal::Simple( \& domain => \*(Aqexample.com\*(Aq, \& globalStorage => \*(AqApache::Session::MySQL\*(Aq, \& globalStorageOptions => { \& DataSource => \*(Aqdbi:mysql:database=dbname;host=127.0.0.1\*(Aq, \& UserName => \*(Aqdb_user\*(Aq, \& Password => \*(Aqdb_password\*(Aq, \& TableName => \*(Aqsessions\*(Aq, \& LockDataSource => \*(Aqdbi:mysql:database=dbname;host=127.0.0.1\*(Aq, \& LockUserName => \*(Aqdb_user\*(Aq, \& LockPassword => \*(Aqdb_password\*(Aq, \& }, \& ldapServer => \*(Aqldap.domaine.com,ldap\-backup.domaine.com\*(Aq, \& securedCookie => 1, \& exportedVars => { \& uid => \*(Aquid\*(Aq, \& cn => \*(Aqcn\*(Aq, \& mail => \*(Aqmail\*(Aq, \& appli => \*(Aqappli\*(Aq, \& }, \& # Activate SOAP service \& Soap => 1 \& ); \& \& if($portal\->process()) { \& # Write here the menu with CGI methods. This page is displayed ONLY IF \& # the user was not redirected here. \& print $portal\->header(\*(Aqtext/html; charset=utf\-8\*(Aq); # DON\*(AqT FORGET THIS (see L) \& print "..."; \& \& # or redirect the user to the menu \& print $portal\->redirect( \-uri => \*(Aqhttps://portal/menu\*(Aq); \& } \& else { \& # Write here the html form used to authenticate with CGI methods. \& # $portal\->error returns the error message if athentification failed \& # Warning: by default, input names are "user" and "password" \& print $portal\->header(\*(Aqtext/html; charset=utf\-8\*(Aq); # DON\*(AqT FORGET THIS (see L) \& print "..."; \& print \*(Aq
\*(Aq; \& # In your form, the following value is required for redirection \& print \*(Aq\*(Aq; \& # Next, login and password \& print \*(AqLogin :
\*(Aq; \& print \*(AqPassword : \*(Aq; \& print \*(Aq\*(Aq; \& print \*(Aq
\*(Aq; \& } .Ve .PP \&\s-1SOAP\s0 mode authentication (client) : .PP .Vb 1 \& #!/usr/bin/perl \-l \& \& use SOAP::Lite; \& use Data::Dumper; \& \& my $soap = \& SOAP::Lite\->proxy(\*(Aqhttp://auth.example.com/\*(Aq) \& \->uri(\*(Aqurn:/Lemonldap::NG::Common::CGI::SOAPService\*(Aq); \& my $r = $soap\->getCookies( \*(Aquser\*(Aq, \*(Aqpassword\*(Aq ); \& \& # Catch SOAP errors \& if ( $r\->fault ) { \& print STDERR "SOAP Error: " . $r\->fault\->{faultstring}; \& } \& else { \& my $res = $r\->result(); \& \& # If authentication failed, display error \& if ( $res\->{error} ) { \& print STDERR "Error: " . $soap\->error( $res\->{error} )\->result(); \& } \& \& # print session\-ID \& else { \& print "Cookie: lemonldap=" . $res\->{cookies}\->{lemonldap}; \& } \& } .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" Lemonldap::NG::Portal::Simple is the base module for building Lemonldap::NG compatible portals. You can use it either by inheritance or by writing anonymous methods like in the example above. .PP See Lemonldap::NG::Portal::SharedConf for a complete example of use of Lemonldap::Portal::* libraries. .SH "METHODS" .IX Header "METHODS" .SS "Constructor (new)" .IX Subsection "Constructor (new)" \fIArgs\fR .IX Subsection "Args" .IP "\(bu" 4 ldapServer: server(s) used to retrieve session information and to valid credentials (localhost by default). More than one server can be set here separated by commas. The servers will be tested in the specifies order. To use \s-1TLS,\s0 set \*(L"ldap+tls://server\*(R" and to use \s-1LDAPS,\s0 set \*(L"ldaps://server\*(R" instead of server name. If you use \s-1TLS,\s0 you can set any of the Net::LDAP\->\fIstart_tls()\fR sub like this: \*(L"ldap/tls://server/verify=none&capath=/etc/ssl\*(R" You can also use caFile and caPath parameters. .IP "\(bu" 4 ldapPort: tcp port used by ldap server. .IP "\(bu" 4 ldapBase: base of the ldap directory. .IP "\(bu" 4 managerDn: dn to used to connect to ldap server. By default, anonymous bind is used. .IP "\(bu" 4 managerPassword: password to used to connect to ldap server. By default, anonymous bind is used. .IP "\(bu" 4 securedCookie: set it to 1 if you want to protect user cookies. .IP "\(bu" 4 cookieName: name of the cookie used by Lemonldap::NG (lemon by default). .IP "\(bu" 4 domain: cookie domain. You may have to give it else the \s-1SSO\s0 will work only on your server. .IP "\(bu" 4 globalStorage: required: Apache::Session library to used to store session information. .IP "\(bu" 4 globalStorageOptions: parameters to bind to Apache::Session module .IP "\(bu" 4 authentication: sheme to authenticate users (default: \*(L"ldap\*(R"). It can be set to: .RS 4 .IP "\(bu" 4 \&\fB\s-1SSL\s0\fR: See Lemonldap::NG::Portal::AuthSSL. .RE .RS 4 .RE .IP "\(bu" 4 caPath, caFile: if you use ldap+tls you can overwrite cafile or capath options with those parameters. This is useful if you use a shared configuration. .IP "\(bu" 4 ldapPpolicyControl: set it to 1 if you want to use \s-1LDAP\s0 Password Policy .IP "\(bu" 4 grantSessionRule: rule applied to grant session opening for a user. Can use all exported attributes, macros, groups and custom functions. .SS "Methods that can be overloaded" .IX Subsection "Methods that can be overloaded" All the functions above can be overloaded to adapt Lemonldap::NG to your environment. They \s-1MUST\s0 return one of the exported constants (see above) and are called in this order by \fIprocess()\fR. .PP \fIcontrolUrlOrigin\fR .IX Subsection "controlUrlOrigin" .PP If the user was redirected by a Lemonldap::NG handler, stores the url that will be used to redirect the user after authentication. .PP \fIcontrolExistingSession\fR .IX Subsection "controlExistingSession" .PP Controls if a previous session is always available. If true, it call the sub \&\f(CW\*(C`existingSession\*(C'\fR with two parameters: id and a scalar tied on Apache::Session module choosed to store sessions. See below .PP \fIexistingSession\fR .IX Subsection "existingSession" .PP This sub is called only if a previous session exists and is available. By defaults, it returns \s-1PE_OK\s0 so user is re-authenticated. You can overload it: for example if existingSession just returns \s-1PE_DONE:\s0 authenticated users are not re-authenticated and \f(CW\*(C`\*(C'\fRprocess> returns true. .PP \fIextractFormInfo\fR .IX Subsection "extractFormInfo" .PP Method implemented into Lemonldap::NG::Portal::Auth* modules. By default (ldap bind), converts form input into object variables ($self\->{user} and \&\f(CW$self\fR\->{password}). .PP \fIformateParams\fR .IX Subsection "formateParams" .PP Does nothing. To be overloaded if needed. .PP \fIformateFilter\fR .IX Subsection "formateFilter" .PP Creates the ldap filter using \f(CW$self\fR\->{user}. By default : .PP .Vb 1 \& $self\->{filter} = "(&(uid=" . $self\->{user} . ")(objectClass=inetOrgPerson))"; .Ve .PP If \f(CW$self\fR\->{AuthLDAPFilter} is set, it is used instead of this. This is used by Lemonldap::NG::Portal::Auth* modules to overload filter. .PP \fIconnectLDAP\fR .IX Subsection "connectLDAP" .PP Connects to \s-1LDAP\s0 server. .PP \fIbind\fR .IX Subsection "bind" .PP Binds to the \s-1LDAP\s0 server using \f(CW$self\fR\->{managerDn} and \f(CW$self\fR\->{managerPassword} if exist. Anonymous bind is provided else. .PP \fIsearch\fR .IX Subsection "search" .PP Retrieves the \s-1LDAP\s0 entry corresponding to the user using \f(CW$self\fR\->{filter}. .PP \fIsetAuthSessionInfo\fR .IX Subsection "setAuthSessionInfo" .PP Same as setSessionInfo but implemented in Lemonldap::NG::Portal::Auth* modules. .PP \fIsetSessionInfo\fR .IX Subsection "setSessionInfo" .PP Prepares variables to store in central cache (stored temporarily in \&\f(CW\*(C`$self\-\*(C'\fR{sessionInfo}>). It use \f(CW\*(C`exportedVars\*(C'\fR entry (passed to the new sub) if defined to know what to store else it stores uid, cn and mail attributes. .PP \fIgetSessionInfo\fR .IX Subsection "getSessionInfo" .PP Pick up an information stored in session. .PP \fIsetGroups\fR .IX Subsection "setGroups" .PP Does nothing by default. .PP \fIauthenticate\fR .IX Subsection "authenticate" .PP Method implemented in Lemonldap::NG::Portal::Auth* modules. By default (ldap), authenticates the user by rebinding to the \s-1LDAP\s0 server using the dn retrieved with \fIsearch()\fR and the password. .PP \fIgrantSession\fR .IX Subsection "grantSession" .PP Use grantSessionRule parameter to allow session opening. .PP \fIstore\fR .IX Subsection "store" .PP Stores information collected by setSessionInfo into the central cache. The portal connects the cache using the Apache::Session module passed by the globalStorage parameters (see constructor). .PP \fIunbind\fR .IX Subsection "unbind" .PP Disconnects from the \s-1LDAP\s0 server. .PP \fIbuildCookie\fR .IX Subsection "buildCookie" .PP Creates the Lemonldap::NG cookie. .PP \fIlog\fR .IX Subsection "log" .PP Does nothing. To be overloaded if wanted. .PP \fIautoRedirect\fR .IX Subsection "autoRedirect" .PP Redirects the user to the url stored by \fIcontrolUrlOrigin()\fR. .SS "Other methods" .IX Subsection "Other methods" \fIprocess\fR .IX Subsection "process" .PP Main method. .PP \fIerror\fR .IX Subsection "error" .PP Returns the error message corresponding to the error returned by the methods described above .PP \fIerror_type\fR .IX Subsection "error_type" .PP Give the type of the error (positive, warning or positive) .PP \fI_bind( \f(CI$ldap\fI, \f(CI$dn\fI, \f(CI$password\fI )\fR .IX Subsection "_bind( $ldap, $dn, $password )" .PP Method used to bind to the ldap server. .PP \fIheader\fR .IX Subsection "header" .PP Overloads the CGI::header method to add Lemonldap::NG cookie. .PP \fIredirect\fR .IX Subsection "redirect" .PP Overloads the CGI::redirect method to add Lemonldap::NG cookie. .SS "\s-1EXPORT\s0" .IX Subsection "EXPORT" \fIConstants\fR .IX Subsection "Constants" .IP "\(bu" 5 \&\fB\s-1PE_OK\s0\fR: all is good .IP "\(bu" 5 \&\fB\s-1PE_SESSIONEXPIRED\s0\fR: the user session has expired .IP "\(bu" 5 \&\fB\s-1PE_FORMEMPTY\s0\fR: Nothing was entered in the login form .IP "\(bu" 5 \&\fB\s-1PE_USERNOTFOUND\s0\fR: the user was not found in the (ldap) directory .IP "\(bu" 5 \&\fB\s-1PE_WRONGMANAGERACCOUNT\s0\fR: the account used to bind to \s-1LDAP\s0 server in order to find the user distinguished name (dn) was refused by the server .IP "\(bu" 5 \&\fB\s-1PE_BADCREDENTIALS\s0\fR: bad login or password .IP "\(bu" 5 \&\fB\s-1PE_LDAPERROR\s0\fR: abnormal error from ldap .IP "\(bu" 5 \&\fB\s-1PE_APACHESESSIONERROR\s0\fR: abnormal error from Apache::Session .IP "\(bu" 5 \&\fB\s-1PE_FIRSTACCESS\s0\fR: First access to the portal .IP "\(bu" 5 \&\fB\s-1PE_BADCERTIFICATE\s0\fR: Wrong certificate .IP "\(bu" 5 \&\s-1PE_PP_ACCOUNT_LOCKED:\s0 account locked .IP "\(bu" 5 \&\s-1PE_PP_PASSWORD_EXPIRED:\s0 password axpired .IP "\(bu" 5 \&\s-1PE_CERTIFICATEREQUIRED:\s0 certificate required .IP "\(bu" 5 \&\s-1PE_ERROR:\s0 unclassified error .SH "SEE ALSO" .IX Header "SEE ALSO" Lemonldap::NG::Handler, Lemonldap::NG::Portal::SharedConf, \s-1CGI\s0, .SH "AUTHOR" .IX Header "AUTHOR" .IP "Clement Oudot, " 4 .IX Item "Clement Oudot, " .PD 0 .IP "François\-Xavier Deltombe, " 4 .IX Item "François-Xavier Deltombe, " .IP "Xavier Guimard, " 4 .IX Item "Xavier Guimard, " .IP "Sandro Cazzaniga, " 4 .IX Item "Sandro Cazzaniga, " .IP "Thomas Chemineau, " 4 .IX Item "Thomas Chemineau, " .PD .SH "BUG REPORT" .IX Header "BUG REPORT" Use \s-1OW2\s0 system to report bug or ask for features: .SH "DOWNLOAD" .IX Header "DOWNLOAD" Lemonldap::NG is available at .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" .IP "Copyright (C) 2005\-2016 by Xavier Guimard, " 4 .IX Item "Copyright (C) 2005-2016 by Xavier Guimard, " .PD 0 .IP "Copyright (C) 2012 by Sandro Cazzaniga, " 4 .IX Item "Copyright (C) 2012 by Sandro Cazzaniga, " .IP "Copyright (C) 2012\-2013 by François\-Xavier Deltombe, " 4 .IX Item "Copyright (C) 2012-2013 by François-Xavier Deltombe, " .IP "Copyright (C) 2006\-2016 by Clement Oudot, " 4 .IX Item "Copyright (C) 2006-2016 by Clement Oudot, " .IP "Copyright (C) 2010\-2011 by Thomas Chemineau, " 4 .IX Item "Copyright (C) 2010-2011 by Thomas Chemineau, " .PD .PP This library is free software; you can redistribute it and/or modify it under the terms of the \s-1GNU\s0 General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. .PP This program is distributed in the hope that it will be useful, but \s-1WITHOUT ANY WARRANTY\s0; without even the implied warranty of \&\s-1MERCHANTABILITY\s0 or \s-1FITNESS FOR A PARTICULAR PURPOSE.\s0 See the \&\s-1GNU\s0 General Public License for more details. .PP You should have received a copy of the \s-1GNU\s0 General Public License along with this program. If not, see .