Commit 5f867fe0 authored by Xavier Guimard's avatar Xavier Guimard

LEMONLDAP::NG : Release 0.8

parent 9c928e97
Revision history for Perl extension Lemonldap::NG::Handler.
0.76 Fri Mar 9 7:14:42 2007
- little bug correction
- Little bug correction
- Delete of DBI.pm which is not more in use
0.75 Sat Feb 24 16:36:56
- Adding cross-domain-authentication support
......
......@@ -6,7 +6,6 @@ lib/Lemonldap/NG/Handler.pm
lib/Lemonldap/NG/Handler/CDA.pm
lib/Lemonldap/NG/Handler/Proxy.pm
lib/Lemonldap/NG/Handler/SharedConf.pm
lib/Lemonldap/NG/Handler/SharedConf/DBI.pm
lib/Lemonldap/NG/Handler/Simple.pm
lib/Lemonldap/NG/Handler/Vhost.pm
Makefile.PL
......
package Lemonldap::NG::Handler::SharedConf::DBI;
use strict;
use Lemonldap::NG::Handler::SharedConf qw(:all);
use DBI;
use Storable qw(thaw);
use MIME::Base64;
BEGIN {
if ( MP() == 2 ) {
Apache2::compat->import();
}
}
our $VERSION = '0.52';
our @ISA = qw(Lemonldap::NG::Handler::SharedConf);
*EXPORT_TAGS = *Lemonldap::NG::Handler::SharedConf::EXPORT_TAGS;
*EXPORT_OK = *Lemonldap::NG::Handler::SharedConf::EXPORT_OK;
our ( $dbiChain, $dbiUser, $dbiPassword );
my ( $dbh, $cfgNum ) = ( undef, 0 );
sub localInit($$) {
my ( $class, $args ) = @_;
$args->configStorage = {
type => 'DBI',
dbiChain => $args->{dbiChain},
dbiUser => $args->{dbiUser},
dbiPassword => $args->{dbiPassword},
dbiTable => $args->{dbiTable},
};
$class->SUPER::localInit($args);
}
1;
__END__
=head1 NAME
Lemonldap::NG::Handler::SharedConf::DBI - Module to share Lemonldap::NG
configuration using DBI.
IMPORTANT: This module is written for compatibility. Now, you an use directly
Lemonldap::NG::Handler::SharedConf as shown bellow:
=head1 SYNOPSIS
New usage:
package My::Package;
use Lemonldap::NG::Handler::SharedConf;
@ISA = qw(Lemonldap::NG::Handler::SharedConf);
__PACKAGE__->init ( {
localStorage => "Cache::FileCache",
localStorageOptions => {
'namespace' => 'MyNamespace',
'default_expires_in' => 600,
},
reloadTime => 1200, # Default: 600
configStorage => {
type => "DBI"
dbiChain => "DBI:mysql:database=$database;host=$hostname;port=$port",
dbiUser => "lemonldap",
dbiPassword => "password",
},
} );
Old usage:
package My::Package;
use Lemonldap::NG::Handler::SharedConf::DBI;
@ISA = qw(Lemonldap::NG::Handler::SharedConf::DBI);
__PACKAGE__->init ( {
localStorage => "Cache::FileCache",
localStorageOptions => {
'namespace' => 'MyNamespace',
'default_expires_in' => 600,
},
reloadTime => 1200, # Default: 600
dbiChain => "DBI:mysql:database=$database;host=$hostname;port=$port",
dbiUser => "lemonldap",
dbiPassword => "password",
} );
Call your package in /apache-dir/conf/httpd.conf :
PerlRequire MyFile
# TOTAL PROTECTION
PerlHeaderParserHandler My::Package
# OR SELECTED AREA
<Location /protected-area>
PerlHeaderParserHandler My::Package
</Location>
The configuration is loaded only at Apache start. Create an URI to force
configuration reload, so you don't need to restart Apache at each change :
# /apache-dir/conf/httpd.conf
<Location /location/that/I/ve/choosed>
Order deny,allow
Deny from all
Allow from my.manager.com
PerlHeaderParserHandler My::Package->refresh
</Location>
=head1 DESCRIPTION
This library inherit from L<Lemonldap::NG::Handler::SharedConf> to build a
complete SSO Handler System: a central database contains the policy of your
domain. People that want to access to a protected applications are redirected
to the portal that run L<Lemonldap::NG::Portal::SharedConf::DBI>. After reading
configuration from the database and authenticating the user, it stores a key
word for each application the user is granted to access to.
Then the user is redirected to the application he wanted to access and the
Apache handler build with L<Lemonldap::NG::Handler::SharedConf::DBI> has just
to verify that the keyword corresponding to the protected area is stored in
the database.
=head2 EXPORT
Same as L<Lemonldap::NG::Handler::SharedConf>.
=head1 OPERATION
Each new Apache child checks if there's a configuration stored in the local
store. If not, it calls C<getConf> to get one and store it in the local store by
calling setconf.
Every 600 seconds (or $reload seconds), each Apache child checks if the local
stored configuration has changed and reload it if it has.
=head1 SCHEME OF THE CONFIGURATION DATABASE
CREATE TABLE lmConfig (
cfgNum int,
locationRules text,
globalStorage text,
globalStorageOptions text,
groups text,
macros text,
exportedHeaders text,
portal text,
domain text,
ldapServer text,
ldapPort int,
ldapBase text,
securedCookie int,
cookieName text,
authentication text,
exportedVars text,
managerDn text,
managerPassword text,
PRIMARY KEY (cfgNum)
);
=over
=item * cfgNum indicates the number of each configuration. Lemonldap::NG use
always the highest.
=item * locationRules, globalStorageOptions and exportedHeaders are hash
references serialized by Storage::freeze. See L<Lemonldap::NG::Manager> for
more about this.
=item * portal indicates the URL of the Lemonldap portal used to authenticate
users.
=item * globalStorage indicates the Apache::Session::* module used to store
sessions.
=back
=head1 SEE ALSO
L<Lemonldap::Manager>, L<Lemonldap::NG::Handler>,
L<Lemonldap::NG::Handler::SharedConf>
=head1 AUTHOR
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.8.4 or,
at your option, any later version of Perl 5 you may have available.
=cut
......@@ -83,8 +83,6 @@ sub print_libjs {
sub print_lmjs {
my $self = shift;
# TODO: replace this
# print $self->header_public( $ENV{SCRIPT_FILENAME},
print $self->header(
-type => 'text/javascript' );
$self->javascript;
......
......@@ -145,6 +145,8 @@ BEGIN {
}
}
# TODO: test and documentation of authentication
1;
__END__
......
......@@ -5,7 +5,7 @@ use Storable qw(thaw freeze);
use MIME::Base64;
use Lemonldap::NG::Manager::Conf::Constants;
our $VERSION = 0.42;
our $VERSION = 0.43;
our @ISA;
sub new {
......@@ -81,8 +81,6 @@ sub getConf {
return $conf;
}
# TODO: SOAP authentication documentation
1;
__END__
......@@ -119,31 +117,35 @@ choosen type. Examples:
=item * B<File>:
$confAccess = new Lemonldap::NG::Manager::Conf(
{
type => 'File',
dirName => '/var/lib/lemonldap-ng/',
});
{
type => 'File',
dirName => '/var/lib/lemonldap-ng/',
});
=item * B<DBI>:
$confAccess = new Lemonldap::NG::Manager::Conf(
{
type
dbiChain => 'DBI:mysql:database=lemonldap-ng,host=1.2.3.4',
dbiUser => 'lemonldap'
dbiPassword => 'pass'
dbiTable => 'lmConfig',
});
{
type => 'DBI',
dbiChain => 'DBI:mysql:database=lemonldap-ng,host=1.2.3.4',
dbiUser => 'lemonldap'
dbiPassword => 'pass'
dbiTable => 'lmConfig',
});
=item * B<SOAP>:
$confAccess = new Lemonldap::NG::Manager::Conf(
{
type => 'SOAP',
proxy => 'https://manager.example.com/soapmanager.pl',
proxyOptions => {
timeout => 5,
},
});
{
type => 'SOAP',
proxy => 'https://manager.example.com/soapmanager.pl',
proxyOptions => {
timeout => 5,
},
});
SOAP configuration access is a sort of proxy: the SOAP server that runs
L<Lemonldap::NG::Manager::SOAPServer> is configured to use the real session
storage type (DBI or File for example). See L<Lemonldap::NG::Conf::SOAP> for
more.
=back
......
......@@ -49,8 +49,6 @@ sub dbh {
);
}
# TODO: test lock
sub lock {
my $self = shift;
my $sth = $self->dbh->prepare_cached(q{SELECT GET_LOCK(?, 5)}, {}, 1);
......
......@@ -3,7 +3,7 @@ package Lemonldap::NG::Manager::Conf::File;
use strict;
use Lemonldap::NG::Manager::Conf::Constants;
our $VERSION = 0.12;
our $VERSION = 0.2;
sub prereq {
my $self = shift;
......@@ -36,15 +36,28 @@ sub lastCfg {
# TODO: LOCK
sub lock {
my $self = shift;
if( $self->isLocked ) {
sleep 2;
return 0 if( $self->isLocked );
}
unless( open F, $self->{dirName} . "/lmConf.lock" ) {
print STDERR "Unable to lock\n";
return 0;
}
print F $$;
close F;
return 1;
}
sub isLocked {
return 0;
my $self = shift;
-e $self->{dirName} . "/lmConf.lock";
}
sub unlock {
return 1;
my $self = shift;
unlink $self->{dirName} . "/lmConf.lock";
}
sub store {
......
Revision history for Perl extension Lemonldap::NG::Portal.
0.64 Fri Mar 9 17:49:44
- Delete of DBI.pm which is no more in use
0.63 Thu Feb 2 20:44:43
- Adding CAS authentication compatibility system
- New i18n system for errors
......
......@@ -8,7 +8,6 @@ lib/Lemonldap/NG/Portal/AuthLA.pm
lib/Lemonldap/NG/Portal/AuthSSL.pm
lib/Lemonldap/NG/Portal/CDA.pm
lib/Lemonldap/NG/Portal/SharedConf.pm
lib/Lemonldap/NG/Portal/SharedConf/DBI.pm
lib/Lemonldap/NG/Portal/Simple.pm
Makefile.PL
MANIFEST
......
......@@ -2,7 +2,7 @@ package Lemonldap::NG::Portal;
print STDERR
"See Lemonldap::NG::Portal(3) to know which Lemonldap::NG::Portal::* module to use.";
our $VERSION = "0.63";
our $VERSION = "0.64";
1;
......
package Lemonldap::NG::Portal::SharedConf::DBI;
use strict;
use warnings;
use Lemonldap::NG::Portal::SharedConf qw(:all);
use DBI;
use Storable qw(thaw);
use MIME::Base64;
*EXPORT_OK = *Lemonldap::NG::Portal::SharedConf::EXPORT_OK;
*EXPORT_TAGS = *Lemonldap::NG::Portal::SharedConf::EXPORT_TAGS;
*EXPORT = *Lemonldap::NG::Portal::SharedConf::EXPORT;
our $VERSION = '0.31';
our @ISA = qw(Lemonldap::NG::Portal::SharedConf);
sub getConf {
my ( $self, $args ) = @_;
$self->{configStorage} = {
type => "DBI",
dbiChain => $self->{dbiChain},
dbiUser => $self->{dbiUser},
dbiPassword => $self->{dbiPassword},
dbiTable => $self->{dbiTable},
};
$self->SUPER::getConf(@_);
}
1;
__END__
=head1 NAME
Lemonldap::NG::Portal::SharedConf::DBI - This module is deprecated. See
L<Lemonldap::NG::Portal::SharedConf>.
=head1 SYNOPSIS
use Lemonldap::NG::Portal::SharedConf;
my $portal = new Lemonldap::NG::Portal::SharedConf( {
configStorage => {
dbiChain => "dbi:mysql:database=lemonldap;host=127.0.0.1",
dbiUser => "lemonldap",
dbiPassword => "password",
dbiTable => "lmConfig",
},
} );
if($portal->process()) {
# Write here the menu with CGI methods. This page is displayed ONLY IF
# the user was not redirected here.
print $portal->header; # DON'T FORGET THIS (see L<CGI(3)>)
print "...";
# or redirect the user to the menu
print $portal->redirect( -uri => 'https://portal/menu');
}
else {
# Write here the html form used to authenticate with CGI methods.
# $portal->error returns the error message if athentification failed
# Warning: by defaut, input names are "user" and "password"
print $portal->header; # DON'T FORGET THIS (see L<CGI(3)>)
print "...";
print '<form method="POST">';
# In your form, the following value is required for redirection
print '<input type="hidden" name="url" value="'.$portal->param('url').'">';
# Next, login and password
print 'Login : <input name="user"><br>';
print 'Password : <input name="password" type="password" autocomplete="off">';
print '<input type=submit value="OK">';
print '</form>';
}
=head1 DESCRIPTION
Lemonldap::NG::Portal::SharedConf::DBI is written for compatibility with old
versions of Lemonldap::NG. See now L<Lemonldap::NG::Portal::SharedConf>.
=head1 SEE ALSO
L<Lemonldap::NG::Portal::SharedConf>, L<Lemonldap::NG::Portal>,
L<Lemonldap::NG::Handler>, L<Lemonldap::NG::Manager>
=head1 AUTHOR
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2005-2006 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.8.4 or,
at your option, any later version of Perl 5 you may have available.
=cut
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment