Commit 621afef5 authored by Xavier Guimard's avatar Xavier Guimard

LEMONLDAP::NG : New features :

                * new logout system: URL interception can now be configured in Manager interface
                * TLS can now be used in LDAP connexions
parent bcf560cb
......@@ -9,7 +9,7 @@ print $cgi->start_html( 'Page protected by Lemonldap::NG' );
my($headers, $env)=({},{});
use Data::Dumper;
print "<pre>";
foreach(keys %ENV) {
foreach(sort keys %ENV) {
if($_ =~ /^HTTP_/) {
($a=$_) =~ s/^HTTP_//i;
#$a =~ s/_/ /g;
......@@ -30,7 +30,7 @@ print qq#<h1>Authentication succeed</h1>
<table border="1" style="font-size: small;">\n
<tr><th>Header</th><th>Perl CGI</th><th>PHP script</th><th>Value</th></tr>
#;
foreach(keys %$headers) {
foreach(sort keys %$headers) {
$style = $_ eq 'Auth-User' ? 'style="background-color: #FFEEEE;font-weight: bold;"' : '';
print "<tr>
<td $style>$_</td>
......@@ -52,7 +52,7 @@ print qq#<h2>Environment for Perl CGI :</h2>
same server than Lemonldap::NG handler (\$whatToTrace parameter). If you use
it on a reverse-proxy, \$ENV{REMOTE_USER} is not set.</p>
<table border="0" style="font-size: small;">\n#;
foreach(keys %ENV) {
foreach(sort keys %ENV) {
my $tmp = $ENV{$_};
$tmp =~ s/&/&amp;/g;
$tmp =~ s/>/&gt;/g;
......
......@@ -3,8 +3,10 @@ lemonldap-ng (0.8.3) unstable; urgency=high
* Syntax errors in configuration are now displayed
* Security fix: authentication could be replayed with another uid
* Debian package uses po-debconf
* TLS is now supported in LDAP connections (thanks to Baptiste Grenier)
* New logout system: logout urls can be now intercepted in Manager
-- Xavier Guimard <x.guimard@free.fr> Sun, 08 Jul 2007 15:47:16 +0200
-- Xavier Guimard <x.guimard@free.fr> Sun, 22 Jul 2007 21:01:35 +0200
lemonldap-ng (0.8.2.4) unstable; urgency=low
......
......@@ -16,6 +16,7 @@
</Location>
# Optional interception of the logout URL => single logout
# if not done in configuration interface
<Location /logout>
PerlHeaderParserHandler My::Package->logout
</Location>
......
......@@ -17,6 +17,7 @@ PerlOptions +GlobalRequest
</Location>
# Optional interception of the logout URL => single logout
# if not done in configuration interface
<Location /logout>
PerlHeaderParserHandler My::Package->logout
</Location>
......
debian/tmp/var/lib/lemonldap-ng/test.pl
debian/tmp/var/lib/lemonldap-ng/apache-protected-area.conf
debian/tmp/var/lib/lemonldap-ng/apache2-protected-area.conf
......@@ -53,6 +53,8 @@ install: build
$(MAKE) example EXAMPLEDIRBUILD=debian/tmp/var/lib/lemonldap-ng EXAMPLEDIR=/var/lib/lemonldap-ng/ EXAMPLECONFDIR=/var/lib/lemonldap-ng/conf
cp debian/tmp/var/lib/lemonldap-ng/handler/MyHandler.pm debian/tmp/var/lib/lemonldap-ng/handler/MyHandler-Debian.pm
mv debian/tmp/var/lib/lemonldap-ng/index.pl debian/tmp/var/lib/lemonldap-ng/test.pl
mv debian/tmp/var/lib/lemonldap-ng/handler/lmH-apache.conf debian/tmp/var/lib/lemonldap-ng/apache-protected-area.conf
mv debian/tmp/var/lib/lemonldap-ng/handler/lmH-apache2.conf debian/tmp/var/lib/lemonldap-ng/apache2-protected-area.conf
perl -000 -i -pe 's/(new\s*\(\s*){[^}]+}/$$1\$$Lemonldap::NG::Conf::configStorage/; s#^use#\nrequire "/usr/share/lemonldap-ng/configStorage.pm";\nuse#m;' \
debian/tmp/var/lib/lemonldap-ng/manager/scripts/lmConfigEditor \
debian/tmp/var/lib/lemonldap-ng/handler/MyHandler-Debian.pm
......
......@@ -29,6 +29,7 @@ sub scan {
while (<$IN>) {
s/\r//g;
if (/lmQuery/) {
s/__SCRIPTNAME__\?lmQuery=conf&cfgNum="\+n/conf.xml"/;
if (s/__SCRIPTNAME__\?lmQuery=([^"']*)js/$1.js/) {
scan( $script, "$1.js", "lmQuery=$1js" );
}
......@@ -36,7 +37,7 @@ sub scan {
# Nothing to do here
}
elsif (s/__SCRIPTNAME__\?lmQuery=conf/conf.xml/) {
scan( $script, "conf.xml", "lmQuery=conf" );
scan( $script, "conf.xml", "lmQuery=conf&cfgNum=0" );
}
elsif (s/__SCRIPTNAME__\?lmQuery=([^"']*)css/style$1.css/) {
scan( $script, "style$1.css", "lmQuery=$1css" );
......
Revision history for Perl extension Lemonldap::NG::Handler.
0.83 Sun Jul 22 22:19:12 2007
- New logout system : URL can now be declared in Manager
interface
0.82 Fri Jun 1 6:52:43 2007
- Little bug: SharedConf.pm needs Manager::Conf and not Manager
......
......@@ -14,9 +14,9 @@ Makefile.PL
MANIFEST
META.yml Module meta-data (added by MakeMaker)
README
t/Lemonldap-NG-Handler-CDA.t
t/Lemonldap-NG-Handler-CGI.t
t/Lemonldap-NG-Handler-Proxy.t
t/Lemonldap-NG-Handler-SharedConf.t
t/Lemonldap-NG-Handler-Simple.t
t/Lemonldap-NG-Handler-Vhost.t
t/01-Lemonldap-NG-Handler-Simple.t
t/05-Lemonldap-NG-Handler-Vhost.t
t/10-Lemonldap-NG-Handler-SharedConf.t
t/20-Lemonldap-NG-Handler-CDA.t
t/30-Lemonldap-NG-Handler-CGI.t
t/40-Lemonldap-NG-Handler-Proxy.t
......@@ -196,7 +196,8 @@ Cache::Cache module that does not use disk access.
Lemonldap::NG provides a single logout system: you can use it by adding a link
to the portal with "logout=1" parameter in the portal (See
Lemonldap::NG::Portal) and/or by configuring handler to intercept some URL
(See Lemonldap::NG::Handler). The logout system:
(See Lemonldap::NG::Handler) directly in the manager interface or in apache
configuration file. The logout system:
* delete session in the global session storage,
* replace Lemonldap::NG cookie by '',
* delete handler caches only if logout action was started from a protected
......
......@@ -2,7 +2,7 @@ package Lemonldap::NG::Handler;
print STDERR
"See Lemonldap::NG::Handler(3) to know which Lemonldap::NG::Handler::* module to use.";
our $VERSION = "0.82";
our $VERSION = "0.83";
1;
......@@ -68,7 +68,8 @@ You can also unprotect an URI
PerlHeaderParserHandler My::Package->unprotect
</Files>
If your application has a "logout" URL, configure it:
If your application has a "logout" URL, you can configure it directly in Apache
configuration file (or in the manager interface) :
<Location /logout>
PerlHeaderParserHandler My::Package->logout
......@@ -295,6 +296,9 @@ connected on it in the last 10 minutes.
=back
You can also configure rules in the Manager interface to intercept logout URL.
See L<Lemonldap::NG::Manager> and L<Lemonldap::NG::Handler> for more.
=head1 USING LEMONLDAP::NG::HANDLER FOR DEVELOPMENT
Lemonldap::NG::Handler provides different modules:
......
......@@ -7,7 +7,7 @@ use Exporter 'import';
use Safe;
require POSIX;
our $VERSION = '0.81';
our $VERSION = '0.83';
our %EXPORT_TAGS = (
localStorage =>
......@@ -17,6 +17,7 @@ our %EXPORT_TAGS = (
qw(
$locationCondition $defaultCondition $locationCount
$locationRegexp $apacheRequest $datas $safe $portal
$logout
)
],
import => [ qw( import @EXPORT_OK @EXPORT %EXPORT_TAGS ) ],
......@@ -55,6 +56,7 @@ our (
$globalStorage, $globalStorageOptions, $localStorage,
$localStorageOptions, $whatToTrace, $https,
$refLocalStorage, $safe, $cookieSecured,
$logout,
);
##########################################
......@@ -127,13 +129,14 @@ BEGIN {
';
}
*handler = ( MP() == 2 ) ? \&handler_mp2 : \&handler_mp1;
*logout = ( MP() == 2 ) ? \&logout_mp2 : \&logout_mp1;
}
sub handler_mp1 ($$) { shift->run(@_) }
sub handler_mp2 : method { shift->run(@_); }
sub handler_mp2 : method {
shift->run(@_);
}
sub logout_mp1 ($$) { shift->unlog(@_) }
sub logout_mp2 : method { shift->unlog(@_); }
sub lmLog {
my ( $class, $mess, $level ) = @_;
......@@ -320,6 +323,36 @@ sub conditionSub {
if ( $cond =~ /^accept$/i );
return sub { 0 }
if ( $cond =~ /^deny$/i );
if ( $cond =~ /^logout(?:_sso)?(?:\s+(.*))?$/i ) {
my $url = $1 || $class->encodeUrl ( "/" );
return sub { $logout = $url; return 0 }
}
if( MP() == 2 ) {
if ( $cond =~ /^logout_app(?:\s+(.*))?$/i ) {
my $u = $1;
eval 'use Apache2::Filter' unless($INC{"Apache2/Filter.pm"});
return sub {
$apacheRequest->add_output_filter(sub {
return $class->redirectFilter( $u, @_ );
}
);
1;
};
}
elsif ( $cond =~ /^logout_app_sso(?:\s+(.*))?$/i ) {
eval 'use Apache2::Filter' unless($INC{"Apache2/Filter.pm"});
my $u = encode_base64($1);
$u =~ s/[\r\n]//g;
return sub {
$class->localUnlog;
$apacheRequest->add_output_filter(sub {
return $class->redirectFilter( "$portal?url=$u&logout=1", @_ );
}
);
1;
};
}
}
$cond =~ s/\$date/&POSIX::strftime("%Y%m%d%H%M%S",localtime())/e;
$cond =~ s/\$(\w+)/\$datas->{$1}/g;
my $sub;
......@@ -408,8 +441,12 @@ sub grant {
# forbidden : used to reject non authorizated requests
sub forbidden {
my $class = shift;
# We use Apache::Log here
if( $logout ) {
$apacheRequest->headers_out->set(
'Location' => "$portal?url=$logout"
);
return REDIRECT;
}
$class->lmLog(
'The user "' . $datas->{$whatToTrace} . '" was reject when he tried to access to ' . shift,
'notice'
......@@ -426,27 +463,33 @@ sub hideCookie {
lmSetHeaderIn( $apacheRequest, 'Cookie' => $tmp );
}
# Redirect non-authenticated users to the portal
sub goToPortal() {
my ( $class, $url, $arg ) = @_;
sub encodeUrl {
my ( $class, $url ) = @_;
my $port = $apacheRequest->get_server_port();
$port =
( $https && $port == 443 ) ? ''
: ( !$https && $port == 80 ) ? ''
: ':' . $apacheRequest->get_server_port();
my $urlc_init =
my $u =
encode_base64( "http"
. ( $https ? "s" : "" ) . "://"
. $apacheRequest->get_server_name()
. $port
. $url );
$urlc_init =~ s/[\n\s]//sg;
$u =~ s/[\r\n\s]//sg;
return $u;
}
# Redirect non-authenticated users to the portal
sub goToPortal() {
my ( $class, $url, $arg ) = @_;
$class->lmLog(
"Redirect "
. $apacheRequest->connection->remote_ip
. " to portal (url was $url)",
'debug'
);
my $urlc_init = $class->encodeUrl ( $url );
$apacheRequest->headers_out->set(
'Location' => "$portal?url=$urlc_init" . ( $arg ? "&$arg" : "" )
);
......@@ -551,9 +594,8 @@ sub unprotect {
OK;
}
sub logout ($$) {
my $class;
($class, $apacheRequest ) = @_;
sub localUnlog {
my $class = shift;
if( my $id = $class->fetchId ) {
# Delete Apache thread datas
if ( $id eq $datas->{_session_id} ) {
......@@ -564,9 +606,31 @@ sub logout ($$) {
$refLocalStorage->remove($id);
}
}
}
sub unlog ($$) {
my $class;
$logout = 0;
($class, $apacheRequest ) = @_;
$class->localUnlog;
return $class->goToPortal( '/', 'logout=1' );
}
sub redirectFilter {
my $class = shift;
my $url = shift;
my $f = shift;
unless ($f->ctx) {
$f->r->status(REDIRECT);
$f->r->status_line("302 Temporary Moved");
$f->r->err_headers_out->set('Location' => $url);
$f->ctx(1);
}
while ($f->read(my $buffer, 1024)) {
}
return REDIRECT;
}
1;
__END__
......
Revision history for Perl extension Lemonldap::NG::Manager.
0.82 Sat jul 21 15:21:32 2007
- TLS support in LDAP
- Help for new logout system
0.8 Sat jun 23 21:54:27 2007
- New feature: syntax errors are now displayed in the manager interface
......
......@@ -17,7 +17,7 @@ use MIME::Base64;
our @ISA = qw(Lemonldap::NG::Manager::Base);
our $VERSION = '0.8';
our $VERSION = '0.82';
sub new {
my ( $class, $args ) = @_;
......@@ -522,7 +522,7 @@ sub checkConf {
}
}
# Test boolean expressions
unless ( $v eq 'deny' or $v eq 'accept' ) {
unless ( $v =~ /^(?:accept$|deny$|logout)/ ) {
# "=" may be a fault (but not "==")
if ( $v =~ /(?<=[^=<\?])=(?!=)/ ) {
$response->warning( &txt_rule . " $vh -> \"$reg\" : " . &txt_containsAnAssignment );
......
......@@ -190,11 +190,25 @@ authentication is done by another system (SSL for example).</p>
base). Example&nbsp;:
<pre> dc=example, dc=com </pre></li>
<li>LDAP server port : 389 by default&nbsp;;</li>
<li>LDAP server : Name (or IP address) of the LDAP server. To use LDAPS, set
here&nbsp;:
<pre> ldaps://server/</pre>
and don't forget to change port (636 for example). You can specify more than
one server separated by commas. They will be tried in the specified order.
<li>LDAP server : Name(s) (or IP address(es)) of the LDAP server(s).
You can specify more than one server separated by commas and/or spaces,
they will be tried in the specified order.
You can also use encrypted connections&nbsp;:
<ul>
<li>LDAPS : instead of a server name, use&nbsp;:
<pre> ldaps://server/</pre>
and don't forget to change port (636 for example).
</li>
<li>TLS : instead of a server name, use&nbsp;:
<pre> ldap+tls://server/</pre>
you can also set any of the parameters needed by Net::LDAP start_tls
function&nbsp;:
<pre> ldap+tls://server/?verify=none&amp;capath=/etc/ssl</pre>
See Net::LDAP(3) manual page to know all available parameters.
You can also set caPath or caFile parameters in the new() function when
building the portal (because they should depend on local file system).
</li>
</ul>
</li>
<li>LDAP account : optional, must be set if anonymous connection cannot
access to the wanted LDAP attributes. This account is used before LDAP
......@@ -216,13 +230,28 @@ r&eacute;alis&eacute;e par un autre moyen (SSL par exemple).</p>
accepte les requ&ecirc;tes sans base). Exemple&nbsp;:
<pre> dc=example, dc=com </pre></li>
<li>Port du serveur LDAP : 389 par d&eacute;faut&nbsp;;</li>
<li>Serveur LDAP : Nom (ou adresse IP) du serveur LDAP. Pour une connexion
LDAPS, indiquez ici&nbsp;:
<pre> ldaps://server/</pre>
et n'oubliez pas de changer le port (636 en g&eacute;n&eacute;ral). Vous
pouvez indiquer plusieurs serveurs ici séparés par des virgules. Ils seront
testés dans l'ordre indiqué.
</li>
<li>Serveur LDAP : Nom(s) (ou adresse(s) IP) du(des) serveur(s) LDAP.
Vous pouvez indiquer plusieurs serveurs ici s&eacute;par&eacute;s par des
virgules et/ou des espaces. Ils seront test&eacute;s dans l'ordre indiqu&eacute;.
Vous pouvez &eacute;galement utiliser des connexions chiffr&eacute;es&nbsp;:
<ul>
<li>LDAPS : au lieu de noms de serveurs, indiquez ici&nbsp;:
<pre> ldaps://serveur/</pre>
et n'oubliez pas de changer le port (636 en g&eacute;n&eacute;ral).
</li>
<li>TLS : au lieu de noms de serveurs, indiquez ici&nbsp;:
<pre> ldap+tls://serveur/</pre>
vous pouvez &eacute;galement y ajouter tous les param&egrave;tres
demand&eacute;s par la fonction start_tls de Net::LDAP&nbsp;:
<pre> ldap+tls://serveur/?verify=none&amp;capath=/etc/ssl</pre>
Reportez-vous &agrave; la page de manuel de Net::LDAP(3) pour
conna&icirc;tre les param&egrave;tres disponibles.
Vous pouvez &eacute;galement utiliser les param&egrave;tres caPath ou
caFile lors de la construction du portail dans la fonction new() (car
ils peuvent d&eacute;pendre du syst&egrave;me de fichier local).
</li>
</ul>
</li>
<li>Compte de connexion LDAP : optionnel, &agrave; renseigner si les attributs LDAP
utilis&eacute;s ne sont pas accessibles par une session anonyme. Ce compte est
utilis&eacute; avant l'authentification pour trouver le dn de l'utilisateur&nbsp;;
......@@ -404,6 +433,21 @@ users member of 'group1'. You can also use 'accept' and 'deny' keywords.
<p> If URL doesn't match any regular expression, 'default' rule is called to
grant or not.</p>
<h5> Logout </h5>
You can also write Logout rules to intercept application logout url using the
reserved words&nbsp;:
<ul>
<li>logout_sso URL : the request generates a redirection to the portal to call
logout mechanism. The request is not given to the application so its logout
function is not called. After logout, the user is redirected to the URL,</li>
<li>logout_app URL : the request is transmitted to the application, but the
result is not displayed : the user is redirected to the URL,</li>
<li>logout_app_sso URL : the request is transmitted to the application and
then, the user is redirected to the portal with the logout call and then,
he is redirected to the given URL.</li>
</ul>
<h4> Headers </h4>
<p> Headers are used to inform the remote application on the connected user.
......@@ -452,6 +496,24 @@ tous les utilisateurs authentifi&eacute;s peuvent acc&eacute;der.</p>
droit d'acc&egrave;s est calcul&eacute; &agrave; partir de l'expression bool&eacute;enne d&eacute;finie dans
la r&egrave;gle par d&eacute;faut (default).</p>
<h5> Logout </h5>
Vous pouvez &eacute;galement &eacute;crire des r&egrave;gles pour intercepter
les URL de d&eacute;connexions des applications en utilisant les mots-clefs&nbsp;:
<ul>
<li>logout_sso URL : la requ&ecirc;te entraine une redirection vers le portail
avec l'appel au syst&egrave;me de d&eacute;loguage. La requ&ecirc;te n'est
pas transmise &agrave; l'applicationthe. Apr&egrave;s d&eacute;loguage,
l'utilisateur est renvoy&eacute; vers l'URL,</li>
<li>logout_app URL : la requ&ecirc;te est transmise &agrave; l'applications
mais le r&eacute;sultat n'est pas affich&eacute;&nbsp;: l'utilisateur est
redirig&eacute; vers l'URL,</li>
<li>logout_app_sso URL : la requ&ecirc;te est transmise &agrave; l'application
et ensuite, l'utilisateur est redirig&eacute; vers le portail avec appel au
syst&egrave;me de d&eacute;loguage. Il est ensuite redirig&eacute; vers
l'URL.</li>
</ul>
<h4> En-t&ecirc;tes</h4>
<p> Les en-t&ecirc;tes servant &agrave; l'application &agrave; savoir qui est connect&eacute; se d&eacute;clarent
......@@ -478,9 +540,9 @@ EOT
sub help_whatToTrace_fr {
print <<EOT;
<h3>Donnée à journaliser dans Apache</h3>
<p> Indiquez ici le nom de la variable (attribut) ou de la macro qui doit être
utilisée pour alimenter les journaux Apache des applications protégées
(n'oubliez pas le "\$"). Par défaut&nbsp;: \$uid</p>
<h3>Donn&eacute;e &agrave; journaliser dans Apache</h3>
<p> Indiquez ici le nom de la variable (attribut) ou de la macro qui doit &ecirc;tre
utilis&eacute;e pour alimenter les journaux Apache des applications prot&eacute;g&eacute;es
(n'oubliez pas le "\$"). Par d&eacute;faut&nbsp;: \$uid</p>
EOT
}
Revision history for Perl extension Lemonldap::NG::Portal.
0.76 Sat Jul 21 15:21:57 2007
- LDAP+TLS support (thanks to Baptiste Grenier)
- New logout system: URL can now be declared in Manager interface
0.75 Tue Jul 3 20:42:09 2007
- Security fix: authentication could be replayed with another uid
......
......@@ -2,7 +2,7 @@ package Lemonldap::NG::Portal;
print STDERR
"See Lemonldap::NG::Portal(3) to know which Lemonldap::NG::Portal::* module to use.";
our $VERSION = "0.75";
our $VERSION = "0.76";
1;
......@@ -259,8 +259,8 @@ L<Cache::Cache> module that does not use disk access.
Lemonldap::NG provides a single logout system: you can use it by adding a link
to the portal with "logout=1" parameter (See Synopsis) and/or by configuring
Handler to intercept some URL (See L<Lemonldap::NG::Handler>). The logout
system:
Handler to intercept some URL directly in the manager interface and/or in
Apache configuration file (See L<Lemonldap::NG::Handler>). The logout system:
=over
......
......@@ -13,7 +13,7 @@ use CGI::Cookie;
require POSIX;
use Lemonldap::NG::Portal::_i18n;
our $VERSION = '0.75';
our $VERSION = '0.76';
our @ISA = qw(CGI Exporter);
......@@ -199,6 +199,14 @@ sub controlExistingSession {
# Delete cookie
$self->{id} = "";
$self->buildCookie();
if( $self->{urldc} ) {
if( $self->{autoRedirect} ) {
&{ $self->{autoRedirect} }($self);
}
else {
$self->autoRedirect();
}
}
return PE_FIRSTACCESS;
}
$self->{id} = $id;
......@@ -265,7 +273,17 @@ sub formateFilter {
sub connectLDAP {
my $self = shift;
return PE_OK if ( $self->{ldap} );
my $useTls = 0;
my $tlsParam;
foreach my $server ( split /[\s,]+/, $self->{ldapServer} ) {
if ( $server =~ m{^ldap\+tls://([^/]+)/?\??(.*)$} ) {
$useTls = 1;
$server = $1;
$tlsParam = $2 || "";
}
else {
$useTls = 0;
}
last if $self->{ldap} = Net::LDAP->new(
$server,
port => $self->{ldapPort},
......@@ -273,6 +291,13 @@ sub connectLDAP {
);
}
return PE_LDAPCONNECTFAILED unless ( $self->{ldap} );
if ($useTls) {
my %h = split( /[&=]/, $tlsParam );
$h{cafile} = $self->{caFile} if( $self->{caFile} );
$h{capath} = $self->{caPath} if( $self->{caPath} );
my $mesg = $self->{ldap}->start_tls(%h);
$mesg->code && return PE_LDAPCONNECTFAILED;
}
PE_OK;
}
......@@ -510,6 +535,11 @@ Lemonldap::Portal::* libraries.
=item * ldapServer: server(s) used to retrive session informations and to valid
credentials (localhost by default). More than one server can be set here
separated by commas. The servers will be tested in the specifies order.
To use TLS, set "ldap+tls://server" and to use LDAPS, set "ldaps://server"
instead of server name. If you use TLS, you can set any of the
Net::LDAP->start_tls() sub like this:
"ldap/tls://server/verify=none&capath=/etc/ssl"
You can also use caFile and caPath parameters.
=item * ldapPort: tcp port used by ldap server.
......@@ -521,15 +551,15 @@ bind is used.
=item * managerPassword: password to used to connect to ldap server. By
default, anonymous bind is used.
=item * securedCookie: set it to 1 if you want to protect user cookies
=item * securedCookie: set it to 1 if you want to protect user cookies.
=item * cookieName: name of the cookie used by Lemonldap::NG (lemon by default)
=item * cookieName: name of the cookie used by Lemonldap::NG (lemon by default).
=item * domain: cookie domain. You may have to give it else the SSO will work
only on your server.
=item * globalStorage: required: L<Apache::Session> library to used to store
session informations
session informations.
=item * globalStorageOptions: parameters to bind to L<Apache::Session> module
......@@ -542,6 +572,10 @@ be set to:
=back
=item * caPath, caFile: if you use ldap+tls you can overwrite cafile or capath
options with those parameters. This is usefull if you use a shared
configuration.
=back
=head2 Methods that can be overloaded
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment