worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

LEMONLDAP::NG : Release 0.8

Browse Source
environments/ppa-mbqj77/deployments/1
Xavier Guimard 18 years ago
parent 9c928e97cd
commit 5f867fe023
13 changed files with 245 additions and 482 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      modules/lemonldap-ng-handler/Changes
  2. 1
      modules/lemonldap-ng-handler/MANIFEST
  3. 196
      modules/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/SharedConf/DBI.pm
  4. 2
      modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm
  5. 2
      modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Apache/Session/SOAP.pm
  6. 46
      modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf.pm
  7. 2
      modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/DBI.pm
  8. 19
      modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/File.pm
  9. 352
      modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Help.pm
  10. 3
      modules/lemonldap-ng-portal/Changes
  11. 1
      modules/lemonldap-ng-portal/MANIFEST
  12. 2
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal.pm
  13. 98
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/SharedConf/DBI.pm

3
modules/lemonldap-ng-handler/Changes
Unescape View File

@ -1,7 +1,8 @@
Revision history for Perl extension Lemonldap::NG::Handler.
0.76 Fri Mar 9 7:14:42 2007
- little bug correction
- Little bug correction
- Delete of DBI.pm which is not more in use
0.75 Sat Feb 24 16:36:56
- Adding cross-domain-authentication support

1
modules/lemonldap-ng-handler/MANIFEST
Unescape View File

@ -6,7 +6,6 @@ lib/Lemonldap/NG/Handler.pm
lib/Lemonldap/NG/Handler/CDA.pm
lib/Lemonldap/NG/Handler/Proxy.pm
lib/Lemonldap/NG/Handler/SharedConf.pm
lib/Lemonldap/NG/Handler/SharedConf/DBI.pm
lib/Lemonldap/NG/Handler/Simple.pm
lib/Lemonldap/NG/Handler/Vhost.pm
Makefile.PL

196
modules/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/SharedConf/DBI.pm
Unescape View File

@ -1,196 +0,0 @@
package Lemonldap::NG::Handler::SharedConf::DBI;
use strict;
use Lemonldap::NG::Handler::SharedConf qw(:all);
use DBI;
use Storable qw(thaw);
use MIME::Base64;
BEGIN {
if ( MP() == 2 ) {
Apache2::compat->import();
}
}
our $VERSION = '0.52';
our @ISA = qw(Lemonldap::NG::Handler::SharedConf);
*EXPORT_TAGS = *Lemonldap::NG::Handler::SharedConf::EXPORT_TAGS;
*EXPORT_OK = *Lemonldap::NG::Handler::SharedConf::EXPORT_OK;
our ( $dbiChain, $dbiUser, $dbiPassword );
my ( $dbh, $cfgNum ) = ( undef, 0 );
sub localInit($$) {
my ( $class, $args ) = @_;
$args->configStorage = {
type => 'DBI',
dbiChain => $args->{dbiChain},
dbiUser => $args->{dbiUser},
dbiPassword => $args->{dbiPassword},
dbiTable => $args->{dbiTable},
};
$class->SUPER::localInit($args);
}
1;
__END__
=head1 NAME
Lemonldap::NG::Handler::SharedConf::DBI - Module to share Lemonldap::NG
configuration using DBI.
IMPORTANT: This module is written for compatibility. Now, you an use directly
Lemonldap::NG::Handler::SharedConf as shown bellow:
=head1 SYNOPSIS
New usage:
package My::Package;
use Lemonldap::NG::Handler::SharedConf;
@ISA = qw(Lemonldap::NG::Handler::SharedConf);
__PACKAGE__->init ( {
localStorage => "Cache::FileCache",
localStorageOptions => {
'namespace' => 'MyNamespace',
'default_expires_in' => 600,
},
reloadTime => 1200, # Default: 600
configStorage => {
type => "DBI"
dbiChain => "DBI:mysql:database=$database;host=$hostname;port=$port",
dbiUser => "lemonldap",
dbiPassword => "password",
},
} );
Old usage:
package My::Package;
use Lemonldap::NG::Handler::SharedConf::DBI;
@ISA = qw(Lemonldap::NG::Handler::SharedConf::DBI);
__PACKAGE__->init ( {
localStorage => "Cache::FileCache",
localStorageOptions => {
'namespace' => 'MyNamespace',
'default_expires_in' => 600,
},
reloadTime => 1200, # Default: 600
dbiChain => "DBI:mysql:database=$database;host=$hostname;port=$port",
dbiUser => "lemonldap",
dbiPassword => "password",
} );
Call your package in /apache-dir/conf/httpd.conf :
PerlRequire MyFile
# TOTAL PROTECTION
PerlHeaderParserHandler My::Package
# OR SELECTED AREA
<Location /protected-area>
PerlHeaderParserHandler My::Package
</Location>
The configuration is loaded only at Apache start. Create an URI to force
configuration reload, so you don't need to restart Apache at each change :
# /apache-dir/conf/httpd.conf
<Location /location/that/I/ve/choosed>
Order deny,allow
Deny from all
Allow from my.manager.com
PerlHeaderParserHandler My::Package->refresh
</Location>
=head1 DESCRIPTION
This library inherit from L<Lemonldap::NG::Handler::SharedConf> to build a
complete SSO Handler System: a central database contains the policy of your
domain. People that want to access to a protected applications are redirected
to the portal that run L<Lemonldap::NG::Portal::SharedConf::DBI>. After reading
configuration from the database and authenticating the user, it stores a key
word for each application the user is granted to access to.
Then the user is redirected to the application he wanted to access and the
Apache handler build with L<Lemonldap::NG::Handler::SharedConf::DBI> has just
to verify that the keyword corresponding to the protected area is stored in
the database.
=head2 EXPORT
Same as L<Lemonldap::NG::Handler::SharedConf>.
=head1 OPERATION
Each new Apache child checks if there's a configuration stored in the local
store. If not, it calls C<getConf> to get one and store it in the local store by
calling setconf.
Every 600 seconds (or $reload seconds), each Apache child checks if the local
stored configuration has changed and reload it if it has.
=head1 SCHEME OF THE CONFIGURATION DATABASE
CREATE TABLE lmConfig (
cfgNum int,
locationRules text,
globalStorage text,
globalStorageOptions text,
groups text,
macros text,
exportedHeaders text,
portal text,
domain text,
ldapServer text,
ldapPort int,
ldapBase text,
securedCookie int,
cookieName text,
authentication text,
exportedVars text,
managerDn text,
managerPassword text,
PRIMARY KEY (cfgNum)
);
=over
=item * cfgNum indicates the number of each configuration. Lemonldap::NG use
always the highest.
=item * locationRules, globalStorageOptions and exportedHeaders are hash
references serialized by Storage::freeze. See L<Lemonldap::NG::Manager> for
more about this.
=item * portal indicates the URL of the Lemonldap portal used to authenticate
users.
=item * globalStorage indicates the Apache::Session::* module used to store
sessions.
=back
=head1 SEE ALSO
L<Lemonldap::Manager>, L<Lemonldap::NG::Handler>,
L<Lemonldap::NG::Handler::SharedConf>
=head1 AUTHOR
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.8.4 or,
at your option, any later version of Perl 5 you may have available.
=cut

2
modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm
Unescape View File

@ -83,8 +83,6 @@ sub print_libjs {
sub print_lmjs {
my $self = shift;
# TODO: replace this
# print $self->header_public( $ENV{SCRIPT_FILENAME},
print $self->header(
-type => 'text/javascript' );
$self->javascript;

2
modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Apache/Session/SOAP.pm
Unescape View File

@ -145,6 +145,8 @@ BEGIN {
}
}
# TODO: test and documentation of authentication
1;
__END__

46
modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf.pm
Unescape View File

@ -5,7 +5,7 @@ use Storable qw(thaw freeze);
use MIME::Base64;
use Lemonldap::NG::Manager::Conf::Constants;
our $VERSION = 0.42;
our $VERSION = 0.43;
our @ISA;
sub new {
@ -81,8 +81,6 @@ sub getConf {
return $conf;
}
# TODO: SOAP authentication documentation
1;
__END__
@ -119,31 +117,35 @@ choosen type. Examples:
=item * B<File>:
$confAccess = new Lemonldap::NG::Manager::Conf(
{
type => 'File',
dirName => '/var/lib/lemonldap-ng/',
});
{
type => 'File',
dirName => '/var/lib/lemonldap-ng/',
});
=item * B<DBI>:
$confAccess = new Lemonldap::NG::Manager::Conf(
{
type
dbiChain => 'DBI:mysql:database=lemonldap-ng,host=1.2.3.4',
dbiUser => 'lemonldap'
dbiPassword => 'pass'
dbiTable => 'lmConfig',
});
{
type => 'DBI',
dbiChain => 'DBI:mysql:database=lemonldap-ng,host=1.2.3.4',
dbiUser => 'lemonldap'
dbiPassword => 'pass'
dbiTable => 'lmConfig',
});
=item * B<SOAP>:
$confAccess = new Lemonldap::NG::Manager::Conf(
{
type => 'SOAP',
proxy => 'https://manager.example.com/soapmanager.pl',
proxyOptions => {
timeout => 5,
},
});
{
type => 'SOAP',
proxy => 'https://manager.example.com/soapmanager.pl',
proxyOptions => {
timeout => 5,
},
});
SOAP configuration access is a sort of proxy: the SOAP server that runs
L<Lemonldap::NG::Manager::SOAPServer> is configured to use the real session
storage type (DBI or File for example). See L<Lemonldap::NG::Conf::SOAP> for
more.
=back

2
modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/DBI.pm
Unescape View File

@ -49,8 +49,6 @@ sub dbh {
);
}
# TODO: test lock
sub lock {
my $self = shift;
my $sth = $self->dbh->prepare_cached(q{SELECT GET_LOCK(?, 5)}, {}, 1);

19
modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/File.pm
Unescape View File

@ -3,7 +3,7 @@ package Lemonldap::NG::Manager::Conf::File;
use strict;
use Lemonldap::NG::Manager::Conf::Constants;
our $VERSION = 0.12;
our $VERSION = 0.2;
sub prereq {
my $self = shift;
@ -36,15 +36,28 @@ sub lastCfg {
# TODO: LOCK
sub lock {
my $self = shift;
if( $self->isLocked ) {
sleep 2;
return 0 if( $self->isLocked );
}
unless( open F, $self->{dirName} . "/lmConf.lock" ) {
print STDERR "Unable to lock\n";
return 0;
}
print F $$;
close F;
return 1;
}
sub isLocked {
return 0;
my $self = shift;
-e $self->{dirName} . "/lmConf.lock";
}
sub unlock {
return 1;
my $self = shift;
unlink $self->{dirName} . "/lmConf.lock";
}
sub store {

352
modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Help.pm
Unescape View File

@ -31,98 +31,109 @@ __END__
=pod
=cut
sub help_virtualHosts_en {
sub help_groups_en {
print <<EOT;
<h3>Virtual Hosts</h3>
<p> A virtual host configuration is cutted in 2 pieces&nbsp;: the rules and the HTTP
headers.</p>
<p> <u>Note</u> : If portal and handlers are not in the same domain than declared
in "General Parameters" menu, <u>you have to use</u> CDA modules. Else, session
cookie is not seen by handlers.
<h4> Rules </h4>
<p> A rule associates a regular expression with a perl boolean expression.
When a user tries to access to an URL that match with the regular expression,
access is granted or not depending on the boolean expression result&nbsp;:</p>
<h3>User Groups</h3>
<p> Groups are not required but accelerate the treatment of the requests. For
example, if a virtual host is granted only for 3 users, the rule is&nbsp;:</p>
<pre>
# Virtual host test.example.com - rules
^/protected =&gt; \$groups =~ /\\bgroup1\\b/
# test.example.com - Rules
default =&gt; \$uid eq "user1" or \$uid eq "user2" or \$uid eq "user3"
</pre>
<p> This rule means that all URL starting with '/protected', are reserved to
users member of 'group1'. You can also use 'accept' and 'deny' keywords.
'accept' keyword means that all authenticated users are granted.</p>
<p> If URL doesn't match any regular expression, 'default' rule is called to
grant or not.</p>
<h4> Headers </h4>
<p> Headers are used to inform the remote application on the connected user.
They are declared as&nbsp;:
<tt>&lt;Header Name&gt;&nbsp;=&gt;&nbsp;&lt;Perl expression&gt;.
</p>
<p> Examples :</p>
<p> The problem is that this rule is calculated for each HTTP request. Other
example, if 2 sites have the same rules, any modification on one has to be
write in the second. The 'groups' system solve this&nbsp;: groups are
evaluated one time in the authentication phase, and the result is stored in the
\$groups variable. The rule abode becomes&nbsp;:</p>
<pre>
Auth-User =&gt; \$uid
Unite =&gt; \$departmentUID
# Group declaration
group1 =&gt; \$uid eq "user1" or \$uid eq "user2" or \$uid eq "user3"
# Use of the group :
# test.example.com - Rules
default =&gt; \$groups =~ /\\bgroup1\\b/
</pre>
<p> The last rule is a Perl regular expression (PCRE) that means 'search the
word "group1" in the string "groups"'.</p>
<p> The \$groups string joins all the groups where the user matchs the
expression. The groups are separated by a space in the \$groups string.
EOT
}
sub help_macros_en {
sub help_groups_fr {
print <<EOT;
<h3>Macros</h3>
This help chapter does not exist in english. If you want to help us, you can
edit lib/Lemonldap/NG/Manager/Help.pm in lemonldap-ng source tree and send us
your contribution.<br>
Thanks.
EOT
}
<h3>Groupes d'utilisateurs</h3>
<p>Les groupes ne sont pas indispensables mais acc&eacute;l&egrave;rent le traitement des
requ&ecirc;tes. Par exemple, si un h&ocirc;te virtuel est autoris&eacute; nominativement &agrave;
user, user2 et user3, la r&egrave;gle d'acc&egrave;s s'&eacute;crira&nbsp;:</p>
<pre>
# test.example.com - R&egrave;gles
default =&gt; \$uid eq "user1" or \$uid eq "user2" or \$uid eq "user3"
</pre>
<p> Le probl&egrave;me est que cette expression sera calcul&eacute;e &agrave; chaque requ&ecirc;te HTTP.
D'autre part, si 2 h&ocirc;tes virtuels ont la m&ecirc;me r&egrave;gle d'acc&egrave;s, toute modification
doit &ecirc;tre r&eacute;percut&eacute;e sur les deux h&ocirc;tes virtuels. Le syst&egrave;me des groupes permet
de r&eacute;soudre ces deux probl&egrave;mes&nbsp;: lors de la connexion au portail, les
expressions complexes sont calcul&eacute;es une fois pour toute la session et le
r&eacute;sultat est stock&eacute; dans la cha&icirc;ne \$groups. L'exemple pr&eacute;c&eacute;dent devient
alors&nbsp;:</p>
<pre>
# D&eacute;claration d'un groupe
group1 =&gt; \$uid eq "user1" or \$uid eq "user2" or \$uid eq "user3"
sub help_groups_en {
print <<EOT;
<h3>User Groups</h3>
This help chapter does not exist in english. If you want to help us, you can
edit lib/Lemonldap/NG/Manager/Help.pm in lemonldap-ng source tree and send us
your contribution.<br>
Thanks.
EOT
}
# Utilisation :
# test.example.com - R&egrave;gles
default =&gt; \$groups =~ /\\bgroup1\\b/
</pre>
<p> Cette derni&egrave;re expression est une expression r&eacute;guli&egrave;re Perl (PCRE) qui
correspond &agrave; la recherche du mot group1 dans la cha&icirc;ne \$groups (\\b signifie
d&eacute;but ou fin de mot).</p>
sub help_ldap_en {
print <<EOT;
<h3>LDAP Parameters</h3>
This help chapter does not exist in english. If you want to help us, you can
edit lib/Lemonldap/NG/Manager/Help.pm in lemonldap-ng source tree and send us
your contribution.<br>
Thanks.
<p>La variable export&eacute;e \$groups est une cha&icirc;ne de caract&egrave;res compos&eacute;s de tous les
noms de groupes auquel l'utilisateur connect&eacute; appartient (c'est &agrave; dire les
noms de groupe pour lesquels l'expression est vraie.</p>
EOT
}
sub help_vars_en {
print <<EOT;
<h3>Variables (LDAP attributes)</h3>
This help chapter does not exist in english. If you want to help us, you can
edit lib/Lemonldap/NG/Manager/Help.pm in lemonldap-ng source tree and send us
your contribution.<br>
Thanks.
<p> Set here the LDAP attributes you need in your configuration or in exported
headers.</p>
<p> Declare as the following&nbsp;:</p>
<pre> &lt;MyName&gt; =&gt; &lt;real LDAP attribute name&gt;</pre>
<p>Examples :</p>
<pre>
uid =&gt; uid
unit =&gt; ou
</pre>
Declared names can be used in rules, groups, macros and HTTP headers by using
them with '\$'. Example&nbsp;:
<pre>
group1 =&gt; \$uid eq 'user1' or \$uid eq 'user2'
</pre>
EOT
}
sub help_storage_en {
sub help_vars_fr {
print <<EOT;
<h3>Sessions Storage</h3>
This help chapter does not exist in english. If you want to help us, you can
edit lib/Lemonldap/NG/Manager/Help.pm in lemonldap-ng source tree and send us
your contribution.<br>
Thanks.
<h3>Variables (attributs LDAP)</h3>
<p> Indiquez ici tous les attributs LDAP dont vous avez besoin dans votre
configuration (pour d&eacute;finir les groupes, les macros, les r&egrave;gles
d'acc&egrave;s aux h&ocirc;tes virtuels ou encore les en-t&ecirc;tes HTTP).</p>
<p>La d&eacute;claration d'une variable se fait sous la forme&nbsp;:</p>
<pre> &lt;nom declare&gt; =&gt; &lt;nom de l'attribut LDAP&gt;</pre>
<p>Exemples :</p>
<pre>
uid =&gt; uid
unite =&gt; ou
</pre>
Les noms d&eacute;clar&eacute;s s'utilisent ensuite dans les r&egrave;gles, les
groupes, les macros ou les en-t&ecirc;tes HTTP en les faisant
pr&eacute;c&eacute;der du signe '\$'. Exemple&nbsp;:
<pre>
group1 =&gt; \$uid eq 'user1' or \$uid eq 'user2'
</pre>
EOT
}
@ -136,13 +147,25 @@ Thanks.
EOT
}
sub help_cookieName_en {
sub help_authParams_fr {
print <<EOT;
<h3>Cookie Name</h3>
This help chapter does not exist in english. If you want to help us, you can
edit lib/Lemonldap/NG/Manager/Help.pm in lemonldap-ng source tree and send us
your contribution.<br>
Thanks.
<h3>Param&egrave;tres d'authentification</h3>
<dl>
<dt> Type d'authentfication </dt>
<dd> Le sch&eacute;ma classique d'authentification Lemonldap consiste &agrave; utiliser une
authentification par LDAP. Vous pouvez changer ceci en ssl par exemple.</dd>
<dt> Portail </dt>
<dd> Indiquez ici l'URL ou seront renvoy&eacute;s les utilisateurs non authentifi&eacute;s.
Cette URL doit bien sur correspondre &agrave; un portail utilisant
Lemonldap::NG::Portal::SharedConf.</dd>
<dt> Cookie s&eacute;curis&eacute; (SSL) </dt>
<dd> Une fois authentifi&eacute;, l'utilisateur est reconnu par son cookie. Si tous
les h&ocirc;tes virtuels de votre domaine son prot&eacute;g&eacute;s par SSL, mettez cette option
&agrave; 1, ainsi le cookie ne sera pr&eacute;sent&eacute; par le navigateur qu'aux sites prot&eacute;g&eacute;s,
ce qui &eacute;vite un vol de session.
</dl>
EOT
}
@ -156,6 +179,61 @@ Thanks.
EOT
}
sub help_domain_fr {
print <<EOT;
<h3>Domaine protégé</h3>
<p> Indiquez ici le nom du domaine (ou du sous-domaine) contenant vos
applications à protéger.<br>
ATTENTION : tous les hôtes virtuels protégés ainsi que le portail
d'authentification doivent se trouver dans ce domaine.
EOT
}
sub help_virtualHosts_en {
print <<EOT;
<h3>Virtual Hosts</h3>
<p> A virtual host configuration is cutted in 2 pieces&nbsp;: the rules and the HTTP
headers.</p>
<p> <u>Note</u> : If portal and handlers are not in the same domain than declared
in "General Parameters" menu, <u>you have to use</u> CDA modules. Else, session
cookie is not seen by handlers.
<h4> Rules </h4>
<p> A rule associates a regular expression with a perl boolean expression.
When a user tries to access to an URL that match with the regular expression,
access is granted or not depending on the boolean expression result&nbsp;:</p>
<pre>
# Virtual host test.example.com - rules
^/protected =&gt; \$groups =~ /\\bgroup1\\b/
</pre>
<p> This rule means that all URL starting with '/protected', are reserved to
users member of 'group1'. You can also use 'accept' and 'deny' keywords.
'accept' keyword means that all authenticated users are granted.</p>
<p> If URL doesn't match any regular expression, 'default' rule is called to
grant or not.</p>
<h4> Headers </h4>
<p> Headers are used to inform the remote application on the connected user.
They are declared as&nbsp;:
<tt>&lt;Header Name&gt;&nbsp;=&gt;&nbsp;&lt;Perl expression&gt;.
</p>
<p> Examples :</p>
<pre>
Auth-User =&gt; \$uid
Unite =&gt; \$departmentUID
</pre>
EOT
}
sub help_virtualHosts_fr {
print <<EOT;
<h3>H&ocirc;tes virtuels</h3>
@ -203,12 +281,33 @@ comme suit&nbsp;: <tt>&lt;nom de l'en-t&ecirc;te&gt; =&gt; &lt;expression Perl&g
EOT
}
sub help_macros_en {
print <<EOT;
<h3>Macros</h3>
<p> Macros are used to add new variables to user variables attributes). Those
new variables are calculated from other variables issued from LDAP attributes.
This mechanism avoid to do more than one time the same operation in the
authentication phase. Example&nbsp;:</p>
<pre>
# macros
long_name => \$givenname . " " . \$surname
admin => \$uid eq "foo" or \$uid eq "bar"
# test.example.com - Headers
Name => \$long_name
# test.example.com - Rules
^/admin/ => \$admin
EOT
}
sub help_macros_fr {
print <<EOT;
<h3>Macros</h3>
<p> Les macros permettent d'ajouter des variables calcul&eacute;es &agrave; partir des
attributs LDAP (variables export&eacute;es). Elles &eacute;vitent de r&eacute;p&eacute;ter le m&ecirc;me calcul
plusieurs fois dans la configuration. Exemple&nbsp;:</p>
<p> Les macros permettent d'ajouter des variables calcul&eacute;es &agrave;
partir des attributs LDAP (variables export&eacute;es). Elles &eacute;vitent
de r&eacute;p&eacute;ter le m&ecirc;me calcul plusieurs fois dans la phase
d'authentification. Exemple&nbsp;:</p>
<pre>
# macros
nom_complet => \$givenname . " " . \$surname
@ -222,38 +321,13 @@ plusieurs fois dans la configuration. Exemple&nbsp;:</p>
EOT
}
sub help_groups_fr {
sub help_ldap_en {
print <<EOT;
<h3>Groupes d'utilisateurs</h3>
<p>Les groupes ne sont pas indispensables mais acc&eacute;l&egrave;rent le traitement des
requ&ecirc;tes. Par exemple, si un h&ocirc;te virtuel est autoris&eacute; nominativement &agrave;
user, user2 et user3, la r&egrave;gle d'acc&egrave;s s'&eacute;crira&nbsp;:</p>
<pre>
# test.example.com - R&egrave;gles
default =&gt; \$uid eq "user1" or \$uid eq "user2" or \$uid eq "user3"
</pre>
<p> Le probl&egrave;me est que cette expression sera calcul&eacute;e &agrave; chaque requ&ecirc;te HTTP.
D'autre part, si 2 h&ocirc;tes virtuels ont la m&ecirc;me r&egrave;gle d'acc&egrave;s, toute modification
doit &ecirc;tre r&eacute;percut&eacute;e sur les deux h&ocirc;tes virtuels. Le syst&egrave;me des groupes permet
de r&eacute;soudre ces deux probl&egrave;mes&nbsp;: lors de la connexion au portail, les
expressions complexes sont calcul&eacute;es une fois pour toute la session et le
r&eacute;sultat est stock&eacute; dans la cha&icirc;ne \$groups. L'exemple pr&eacute;c&eacute;dent devient
alors&nbsp;:</p>
<pre>
# D&eacute;claration d'un groupe (on suppose ici que ou est un champ mono-valu&eacute;)
group1 =&gt; \$uid eq "user1" or \$uid eq "user2" or \$uid eq "user3"
# Utilisation :
# test.example.com - R&egrave;gles
default =&gt; \$groups =~ /\\bgroup1\\b/
</pre>
<p> Cette derni&egrave;re expression est une expression r&eacute;guli&egrave;re Perl (PCRE) qui
correspond &agrave; la recherche du mot group1 dans la cha&icirc;ne \$groups (\\b signifie
d&eacute;but ou fin de mot).</p>
<p>La variable export&eacute;e \$groups est une cha&icirc;ne de caract&egrave;res compos&eacute;s de tous les
noms de groupes auquel l'utilisateur connect&eacute; appartient (c'est &agrave; dire les
noms de groupe pour lesquels l'expression est vraie.</p>
<h3>LDAP Parameters</h3>
This help chapter does not exist in english. If you want to help us, you can
edit lib/Lemonldap/NG/Manager/Help.pm in lemonldap-ng source tree and send us
your contribution.<br>
Thanks.
EOT
}
@ -278,23 +352,13 @@ exemple).</p>
EOT
}
sub help_vars_fr {
sub help_storage_en {
print <<EOT;
<h3>Variables (attributs LDAP)</h3>
<p> Indiquez ici tous les attributs LDAP dont vous avez besoin dans votre
configuration (pour d&eacute;finir les groupes, les r&egrave;gles d'acc&egrave;s au h&ocirc;tes virtuels
ou encore les en-t&ecirc;tes HTTP).</p>
<p>La d&eacute;claration d'une variable se fait sous la forme&nbsp;:</p>
<pre> &lt;nom declare&gt; =&gt; &lt;nom de l'attribut LDAP&gt;</pre>
<p>Exemples :</p>
<pre>
uid =&gt; uid
unite =&gt; ou
</pre>
Les noms d&eacute;clar&eacute;s s'utilisent ensuite dans les r&egrave;gles, les groupes ou les
en-t&ecirc;tes HTTP en les faisant pr&eacute;c&eacute;der du signe '\$'. Exemple&nbsp;:
<pre>
group1 =&gt; \$uid eq 'user1' or \$uid eq 'user2'
<h3>Sessions Storage</h3>
This help chapter does not exist in english. If you want to help us, you can
edit lib/Lemonldap/NG/Manager/Help.pm in lemonldap-ng source tree and send us
your contribution.<br>
Thanks.
EOT
}
@ -322,25 +386,13 @@ indiquer les param&egrave;tres correspondants &agrave; ce module&nbsp;:</p>
EOT
}
sub help_authParams_fr {
sub help_cookieName_en {
print <<EOT;
<h3>Param&egrave;tres d'authentification</h3>
<dl>
<dt> Type d'authentfication </dt>
<dd> Le sch&eacute;ma classique d'authentification Lemonldap consiste &agrave; utiliser une
authentification par LDAP. Vous pouvez changer ceci en ssl par exemple.</dd>
<dt> Portail </dt>
<dd> Indiquez ici l'URL ou seront renvoy&eacute;s les utilisateurs non authentifi&eacute;s.
Cette URL doit bien sur correspondre &agrave; un portail utilisant
Lemonldap::NG::Portal::SharedConf.</dd>
<dt> Cookie s&eacute;curis&eacute; (SSL) </dt>
<dd> Une fois authentifi&eacute;, l'utilisateur est reconnu par son cookie. Si tous
les h&ocirc;tes virtuels de votre domaine son prot&eacute;g&eacute;s par SSL, mettez cette option
&agrave; 1, ainsi le cookie ne sera pr&eacute;sent&eacute; par le navigateur qu'aux sites prot&eacute;g&eacute;s,
ce qui &eacute;vite un vol de session.
</dl>
<h3>Cookie Name</h3>
This help chapter does not exist in english. If you want to help us, you can
edit lib/Lemonldap/NG/Manager/Help.pm in lemonldap-ng source tree and send us
your contribution.<br>
Thanks.
EOT
}
@ -353,13 +405,3 @@ ATTENTION, tout changement n
hébergeant des agents de protection Lemonldap::NG::Handler.</p>
EOT
}
sub help_domain_fr {
print <<EOT;
<h3>Domaine protégé</h3>
<p> Indiquez ici le nom du domaine (ou du sous-domaine) contenant vos
applications à protéger.<br>
ATTENTION : tous les hôtes virtuels protégés ainsi que le portail
d'authentification doivent se trouver dans ce domaine.
EOT
}

3
modules/lemonldap-ng-portal/Changes
Unescape View File

@ -1,5 +1,8 @@
Revision history for Perl extension Lemonldap::NG::Portal.
0.64 Fri Mar 9 17:49:44
- Delete of DBI.pm which is no more in use
0.63 Thu Feb 2 20:44:43
- Adding CAS authentication compatibility system
- New i18n system for errors

1
modules/lemonldap-ng-portal/MANIFEST
Unescape View File

@ -8,7 +8,6 @@ lib/Lemonldap/NG/Portal/AuthLA.pm
lib/Lemonldap/NG/Portal/AuthSSL.pm
lib/Lemonldap/NG/Portal/CDA.pm
lib/Lemonldap/NG/Portal/SharedConf.pm
lib/Lemonldap/NG/Portal/SharedConf/DBI.pm
lib/Lemonldap/NG/Portal/Simple.pm
Makefile.PL
MANIFEST

2
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal.pm
Unescape View File

@ -2,7 +2,7 @@ package Lemonldap::NG::Portal;
print STDERR
"See Lemonldap::NG::Portal(3) to know which Lemonldap::NG::Portal::* module to use.";
our $VERSION = "0.63";
our $VERSION = "0.64";
1;

98
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/SharedConf/DBI.pm
Unescape View File

@ -1,98 +0,0 @@
package Lemonldap::NG::Portal::SharedConf::DBI;
use strict;
use warnings;
use Lemonldap::NG::Portal::SharedConf qw(:all);
use DBI;
use Storable qw(thaw);
use MIME::Base64;
*EXPORT_OK = *Lemonldap::NG::Portal::SharedConf::EXPORT_OK;
*EXPORT_TAGS = *Lemonldap::NG::Portal::SharedConf::EXPORT_TAGS;
*EXPORT = *Lemonldap::NG::Portal::SharedConf::EXPORT;
our $VERSION = '0.31';
our @ISA = qw(Lemonldap::NG::Portal::SharedConf);
sub getConf {
my ( $self, $args ) = @_;
$self->{configStorage} = {
type => "DBI",
dbiChain => $self->{dbiChain},
dbiUser => $self->{dbiUser},
dbiPassword => $self->{dbiPassword},
dbiTable => $self->{dbiTable},
};
$self->SUPER::getConf(@_);
}
1;
__END__
=head1 NAME
Lemonldap::NG::Portal::SharedConf::DBI - This module is deprecated. See
L<Lemonldap::NG::Portal::SharedConf>.
=head1 SYNOPSIS
use Lemonldap::NG::Portal::SharedConf;
my $portal = new Lemonldap::NG::Portal::SharedConf( {
configStorage => {
dbiChain => "dbi:mysql:database=lemonldap;host=127.0.0.1",
dbiUser => "lemonldap",
dbiPassword => "password",
dbiTable => "lmConfig",
},
} );
if($portal->process()) {
# Write here the menu with CGI methods. This page is displayed ONLY IF
# the user was not redirected here.
print $portal->header; # DON'T FORGET THIS (see L<CGI(3)>)
print "...";
# or redirect the user to the menu
print $portal->redirect( -uri => 'https://portal/menu');
}
else {
# Write here the html form used to authenticate with CGI methods.
# $portal->error returns the error message if athentification failed
# Warning: by defaut, input names are "user" and "password"
print $portal->header; # DON'T FORGET THIS (see L<CGI(3)>)
print "...";
print '<form method="POST">';
# In your form, the following value is required for redirection
print '<input type="hidden" name="url" value="'.$portal->param('url').'">';
# Next, login and password
print 'Login : <input name="user"><br>';
print 'Password : <input name="password" type="password" autocomplete="off">';
print '<input type=submit value="OK">';
print '</form>';
}
=head1 DESCRIPTION
Lemonldap::NG::Portal::SharedConf::DBI is written for compatibility with old
versions of Lemonldap::NG. See now L<Lemonldap::NG::Portal::SharedConf>.
=head1 SEE ALSO
L<Lemonldap::NG::Portal::SharedConf>, L<Lemonldap::NG::Portal>,
L<Lemonldap::NG::Handler>, L<Lemonldap::NG::Manager>
=head1 AUTHOR
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2005-2006 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.8.4 or,
at your option, any later version of Perl 5 you may have available.
=cut
Write Preview
Loading…
Cancel
Save