Commit b275ee2a authored by Xavier Guimard's avatar Xavier Guimard

LEMONLDAP::NG : WSDL is now clean

parent fbdb9ccb
......@@ -7,9 +7,9 @@ accounting. So you can have a full AAA protection.
See README file to known how it works.
------------------------
I - EXAMPLE INSTALLATION
------------------------
----------------------
I - QUICK INSTALLATION
----------------------
The proposed example use a protected site named test.example.com. Non
authenticated users are redirected to auth.example.com.
......@@ -31,13 +31,13 @@ package for Debian works fine).
Perl modules:
Apache::Session, Net::LDAP, MIME::Base64, CGI, LWP::UserAgent, Cache::Cache,
DBI, XML::Simple, SOAP::Lite, HTML::Template, XML::LibXML
DBI, XML::Simple, SOAP::Lite, HTML::Template, XML::LibXML, XML::LibXSLT
With Debian:
apt-get install libapache-session-perl libnet-ldap-perl libcache-cache-perl \
libdbi-perl perl-modules libwww-perl libcache-cache-perl \
libxml-simple-perl libhtml-template-perl libsoap-lite-perl \
libxml-libxml-perl
libxml-libxml-perl libxml-libxslt-perl
1.2 - BUILDING
--------------
......@@ -59,6 +59,9 @@ which are installed in a directory included in @INC.
$ debuild
$ sudo dpkg -i ../*lemonldap-ng*.deb
Here, all is installed in /var/lib/lemonldap-ng, /etc/lemonldap-ng except Perl
libraries which are installed in /usr/share/perl5/Lemonldap/NG/
1.3 - EXAMPLE CONFIGURATION
---------------------------
......@@ -75,28 +78,20 @@ include this file in Apache configuration:
Modify your /etc/hosts file to include:
127.0.0.2 auth.example.com
127.0.0.3 test.example.com
127.0.0.4 manager.example.com
127.0.0.1 auth.example.com test1.example.com manager.example.com test2.example.com
Edit /path/to/lemonldap-ng/source/example/conf/lmConfig-1 and specify your LDAP
Use a browser to connect to http://manager.example.com/ and specify your LDAP
settings. If you don't set managerDn and managerPassword, Lemonldap::NG will
use an anonymous bind to find user dn.
(Debian users: /var/lib/lemonldap-ng/conf/lmConfig-1)
WARNINGS:
* only few parameters can be set by hand in the configuration file. You have
to use the manager to change configuration, but since the example is yet
configured, you can edit directly the file
* each new configuration is saved by the manager in a new file (or a new
record with DBI) so you can recover an old configuration by removing
Next, restart Apache use your prefered browser and try to connect to
http://test.example.com/. You'll be redirect to auth.example.com. Try
http://test1.example.com/. You'll be redirect to auth.example.com. Try
to authenticate yourself with a valid account and the protected page will
appear. You will find other explanations on this page.
Configuration can be modified by connecting your browser to
http://manager.example.com/
the file /usr/local/lemonldap-ng/etc/storage.conf
(/etc/lemonldap-ng/storage.conf on Debian systems) can be modified to change
configuration database.
-------------------------
2 - ADVANCED INSTALLATION
......@@ -133,8 +128,9 @@ Warning: Handler and Portal parts both need Lemonldap::NG::Manager components
to access to configuration.
Manager:
-------
CGI, XML::Simple, DBI, LWP::UserAgent (and SOAP::Lite if you want to use SOAP)
--------
Apache::Session, MIME::Base64, CGI, LWP::UserAgent, DBI, XML::Simple,
SOAP::Lite, XML::LibXML, XML::LibXSLT, Lemonldap::NG::Common
With Debian:
apt-get install perl-modules libxml-simple-perl libdbi-perl libwww-perl
......@@ -142,15 +138,17 @@ With Debian:
apt-get install libsoap-lite-perl
Portal:
------
Apache::Session, Net::LDAP, CGI, Lemonldap::NG::Manager
-------
Apache::Session, Net::LDAP, MIME::Base64, CGI, Cache::Cache, DBI, XML::Simple,
SOAP::Lite, HTML::Template, XML::LibXML, Lemonldap::NG::Common
With Debian:
apt-get install libapache-session-perl libnet-ldap-perl perl-modules
Handler:
-------
Apache::Session, LWP::UserAgent, Cache::Cache, Lemonldap::NG::Manager
--------
Apache::Session, MIME::Base64, CGI, LWP::UserAgent, Cache::Cache, DBI,
XML::Simple, SOAP::Lite, Lemonldap::NG::Common
With Debian:
apt-get install libapache-session-perl libwww-perl libcache-cache-perl
......@@ -172,7 +170,7 @@ else for a complete install:
$ make && make test
$ sudo make install
See prereq in §1.1.2
See prereq in §1.1.2
2.3 - LEMONLDAP::NG INSTALLATION
--------------------------------
......
......@@ -81,7 +81,7 @@ Example (See Lemonldap::NG::Manager::Conf(3) to see how configuration is stored
* User groups :
# Custom-Name => group definition
group1 => { $departmentUID eq "unit1" or $login = "xavier.guimard" }
group1 => { $departmentUID eq "unit1" or $login = "foo.bar" }
* Area protection:
......@@ -122,9 +122,9 @@ a long expression at each HTTP request:
You can also use LDAP filters, or Perl expression or mixed expressions in
groups definitions. Perl expressions has to be enclosed with {}:
* group1 => (|(uid=xavier.guimard)(ou=unit1))
* group1 => {$uid eq "xavier.guimard" or $ou eq "unit1"}
* group1 => (|(uid=xavier.guimard){$ou eq "unit1"})
* group1 => (|(uid=foo.bar)(ou=unit1))
* group1 => {$uid eq "foo.bar" or $ou eq "unit1"}
* group1 => (|(uid=foo.bar){$ou eq "unit1"})
It is also recommanded to use Perl expressions to avoid requiering the LDAP
server more than 2 times per authentication.
......
......@@ -4,7 +4,7 @@ Priority: extra
Maintainer: Xavier Guimard <x.guimard@free.fr>
DM-Upload-Allowed: yes
Build-Depends: debhelper (>= 4.1.16), po-debconf
Build-Depends-Indep:libapache-session-perl, libnet-ldap-perl, libdbi-perl, libwww-perl, libcache-cache-perl, libxml-simple-perl, libcgi-session-perl, libcrypt-rijndael-perl
Build-Depends-Indep:libapache-session-perl, libnet-ldap-perl, libdbi-perl, libwww-perl, libcache-cache-perl, libxml-simple-perl, libcgi-session-perl, libcrypt-rijndael-perl, libxml-libxslt-perl
Standards-Version: 3.8.0
Package: lemonldap-ng
......@@ -59,7 +59,7 @@ Description: Lemonldap::NG apache manager part
Package: liblemonldap-ng-portal-perl
Architecture: all
Depends: libapache-session-perl, libnet-ldap-perl, liblemonldap-ng-conf-perl (= ${binary:Version}), libhtml-template-perl, libjs-jquery, liblemonldap-ng-handler-perl (= ${binary:Version}), libxml-libxml-perl
Depends: libapache-session-perl, libnet-ldap-perl, liblemonldap-ng-conf-perl (= ${binary:Version}), libhtml-template-perl, libjs-jquery, liblemonldap-ng-handler-perl (= ${binary:Version}), libxml-libxml-perl, libxml-libxslt-perl
Suggests: liblasso-perl, libcgi-session-perl, slapd
Description: Lemonldap::NG apache authentication portal part
Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies
......
......@@ -3,20 +3,24 @@ package Lemonldap::NG::Common::BuildWSDL;
use Lemonldap::NG::Common::Conf;
sub new {
my($class, $configStorage) = @_;
my ( $class, $configStorage ) = @_;
my $self = bless {}, $class;
my $lmConf = Lemonldap::NG::Common::Conf->new($configStorage) or die($Lemonldap::NG::Common::Conf::msg);
my $lmConf = Lemonldap::NG::Common::Conf->new($configStorage)
or die($Lemonldap::NG::Common::Conf::msg);
$self->{conf} = $lmConf->getConf() or die "Unable to load configuration";
return $self;
}
sub buildWSDL {
my($self,$xml) = @_;
$xml =~ s/__PORTAL__/$self->{conf}->{portal}/gs;
my ( $self, $xml ) = @_;
my $portal = $self->{conf}->{portal};
$portal .= "index.pl" if ( $portal =~ /\/$/ );
$xml =~ s/__PORTAL__/$portal/gs;
$xml =~ s/__DOMAIN__/$self->{conf}->{domain}/gs;
my @cookies = split /\s+/, $self->{conf}->{cookieName};
s#(.*)#<element name="$1" type="xsd:string"></element># foreach(@cookies);
#s#(.*)#<element name="$1" nillable="true" type="xsd:string"></element># foreach(@cookies);
s#(.*)#<element name="$1" type="xsd:string"></element># foreach (@cookies);
#s#(.*)#<element name="$1" nillable="true" type="xsd:string"></element># foreach(@cookies);
$xml =~ s/__XMLCOOKIELIST__/join("\n",@cookies)/ges;
return $xml;
}
......
......@@ -5,6 +5,8 @@
# SOAP wrapper used to restrict exported functions
package Lemonldap::NG::Common::CGI::SOAPService;
require SOAP::Lite;
## @cmethod Lemonldap::NG::Common::CGI::SOAPService new(object obj,string @func)
# Constructor
# @param $obj object which will be called for SOAP authorizated methods
......@@ -26,10 +28,14 @@ sub AUTOLOAD {
my $self = shift;
$AUTOLOAD =~ s/.*:://;
if(grep {$_ eq $AUTOLOAD} @{$self->{func}}){
return $self->{obj}->$AUTOLOAD(@_);
my $tmp = $self->{obj}->$AUTOLOAD(@_);
unless(ref($tmp) and ref($tmp) eq 'SOAP::Data') {
$tmp = SOAP::Data->name( result => $tmp );
}
return $tmp;
}
elsif($AUTOLOAD ne 'DESTROY') {
die "$AUTOLOAD is an authorizated function";use Data::Dumper;
die "$AUTOLOAD is not an authorizated function";use Data::Dumper;
}
1;
}
......
......@@ -4,9 +4,9 @@ use Lemonldap::NG::Common::BuildWSDL;
print Lemonldap::NG::Common::BuildWSDL->new->buildWSDL(<<EOT);
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions targetNamespace="__PORTAL__" xmlns:impl="__PORTAL__" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:tns1="__PORTAL__">
<wsdl:definitions targetNamespace="urn:Lemonldap/NG/Common/CGI/SOAPService" xmlns:impl="urn:Lemonldap/NG/Common/CGI/SOAPService" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:tns1="urn:Lemonldap/NG/Common/CGI/SOAPService">
<wsdl:types>
<schema targetNamespace="__PORTAL__" xmlns="http://www.w3.org/2001/XMLSchema">
<schema targetNamespace="urn:Lemonldap/NG/Common/CGI/SOAPService" xmlns="http://www.w3.org/2001/XMLSchema">
<import namespace="http://schemas.xmlsoap.org/soap/encoding/" />
<complexType name="CookiesSequence">
<sequence>
......@@ -25,8 +25,8 @@ print Lemonldap::NG::Common::BuildWSDL->new->buildWSDL(<<EOT);
<wsdl:part name="lang" type="xsd:string" />
<wsdl:part name="code" type="xsd:int" />
</wsdl:message>
<wsdl:message name="errorResponse">
<wsdl:part name="errorReturn" type="xsd:string" />
<wsdl:message name="errorResponse">
<wsdl:part name="result" type="xsd:string" />
</wsdl:message>
<wsdl:message name="getCookiesRequest">
<wsdl:part name="user" type="xsd:string" />
......@@ -35,7 +35,13 @@ print Lemonldap::NG::Common::BuildWSDL->new->buildWSDL(<<EOT);
<wsdl:message name="getCookiesResponse">
<wsdl:part name="getCookiesReturn" type="tns1:GetCookieResponse" />
</wsdl:message>
<wsdl:portType name="myServiceHandler">
<wsdl:message name="notificationRequest">
<wsdl:part name="notification" type="xsd:string" />
</wsdl:message>
<wsdl:message name="notificationResponse">
<wsdl:part name="result" type="xsd:string" />
</wsdl:message>
<wsdl:portType name="authenticationHandler">
<wsdl:operation name="error" parameterOrder="lang code">
<wsdl:input message="impl:errorRequest" name="errorRequest" />
<wsdl:output message="impl:errorResponse" name="errorResponse" />
......@@ -45,32 +51,55 @@ print Lemonldap::NG::Common::BuildWSDL->new->buildWSDL(<<EOT);
<wsdl:output message="impl:getCookiesResponse" name="getCookiesResponse" />
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="myServiceSoapBinding" type="impl:myServiceHandler">
<wsdl:portType name="notificationPostHandler">
<wsdl:operation name="newNotification" parameterOrder="notification">
<wsdl:input message="impl:newNotificationRequest" name="newNotificationRequest" />
<wsdl:output message="impl:newNotificationResponse" name="newNotificationResponse" />
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="authenticationSoapBinding" type="impl:authenticationHandler">
<wsdlsoap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http" />
<wsdl:operation name="error">
<wsdlsoap:operation soapAction="" />
<wsdl:input name="errorRequest">
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="__PORTAL__" use="encoded" />
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:Lemonldap/NG/Common/CGI/SOAPService" use="encoded" />
</wsdl:input>
<wsdl:output name="errorResponse">
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="__PORTAL__" use="encoded" />
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:Lemonldap/NG/Common/CGI/SOAPService" use="encoded" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="getCookies">
<wsdlsoap:operation soapAction="" />
<wsdl:input name="getCookiesRequest">
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="__PORTAL__" use="encoded" />
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:Lemonldap/NG/Common/CGI/SOAPService" use="encoded" />
</wsdl:input>
<wsdl:output name="getCookiesResponse">
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="__PORTAL__" use="encoded" />
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:Lemonldap/NG/Common/CGI/SOAPService" use="encoded" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="notificationPostSoapBinding" type="impl:notificationPostHandler">
<wsdlsoap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http" />
<wsdl:operation name="newNotification">
<wsdlsoap:operation soapAction="" />
<wsdl:input name="newNotificationRequest">
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:Lemonldap/NG/Common/CGI/SOAPService" use="encoded" />
</wsdl:input>
<wsdl:output name="newNotificationResponse">
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:Lemonldap/NG/Common/CGI/SOAPService" use="encoded" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="myServiceHandlerService">
<wsdl:port binding="impl:myServiceSoapBinding" name="myService">
<wsdl:service name="authenticationHandlerService">
<wsdl:port binding="impl:authenticationSoapBinding" name="authentication">
<wsdlsoap:address location="__PORTAL__" />
</wsdl:port>
</wsdl:service>
<wsdl:service name="notificationPostHandlerService">
<wsdl:port binding="impl:notificationPostSoapBinding" name="notificationPost">
<wsdlsoap:address location="__PORTAL__/notification" />
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
EOT
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment