Apache-AuthCookieLDAP
1 match

 view release on metacpan or  search on metacpan

AuthCookieLDAP.pm  view on Meta::CPAN 

See also L<Apache::Authcookie> for the directives required for any kind
of Apache::AuthCookie-based authentication system.

In the following descriptions, replace "WhatEver" with your particular
AuthName.  The available configuration directives are as follows:

=over 4

=item C<WhatEverLDAP_DN>

Specifies the BaseDN for LDAP for the database you wish to connect to retrieve
user information.  This is required and has no default value.

=cut

	unless ( $c{ LDAP_DN } = _dir_config_var $r, 'LDAP_DN' ) {
		_log_not_set $r, 'LDAP_DN';
		return undef;
	}

=item C<WhatEverLDAP_user>

Specifies the user id in the database you wish to connect to retrieve
user information.  This is required and has no default value.

=cut

	unless ( $c{ LDAP_user } = _dir_config_var $r, 'LDAP_user' ) {
		_log_not_set $r, 'LDAP_user';
		return undef;
	}

=item C<WhatEverLDAP_host>
The host to connect to.  This is not required and defaults to localhost.


=cut

	$c{ LDAP_host       } = _dir_config_var( $r, 'LDAP_host'       )
	            || "localhost";




=item C<WhatEverLDAP_filter>
An extra filter for the search for the user. Is not required


=cut

	$c{ LDAP_filter       } = _dir_config_var( $r, 'LDAP_filter') || "";



=item C<WhatEverLDAP_SecretKeyFile>

The file that contains the secret key (on the first line of the file).  This
is required and has no default value.  This key should be owned and only
readable by root.  It is read at server startup time.
The key should be long and fairly random.  If you want, you
can change it and restart the server, (maybe daily), which will invalidate
all prior-issued tickets.

=cut

	unless (
	   $c{ LDAP_secretkeyfile } = _dir_config_var $r, 'LDAP_SecretKeyFile'
	) {
		_log_not_set $r, 'LDAP_SecretKeyFile';
		return undef;
	}

=item C<WhatEverLDAP_EncryptionType>

What kind of encryption to use to prevent the user from looking at the fields
in the ticket we give them.  This is almost completely useless, so don't
switch it on unless you really know you need it.  It does not provide any
protection of the password in transport; use SSL for that.  It can be 'none',
'des', 'idea', 'blowfish', or 'blowfish_pp'.

This is not required and defaults to 'none'.

=cut

	$c{ LDAP_encryptiontype } = _dir_config_var( $r, 'LDAP_EncryptionType' )
	            || 'none';
	# If we used encryption we need to pull in Crypt::CBC.
	if ( $c{ LDAP_encryptiontype } ne 'none' ) {
		require Crypt::CBC;
	}

=item C<WhatEverLDAP_SessionLifetime>

How long tickets are good for after being issued.  Note that presently
Apache::AuthCookie does not set a client-side expire time, which means that
most clients will only keep the cookie until the user quits the browser.
However, if you wish to force people to log in again sooner than that, set
this value.  This can be 'forever' or a life time specified as:

	DD-hh-mm-ss -- Days, hours, minute and seconds to live.

This is not required and defaults to '00-24-00-00' or 24 hours.

=cut

	$c{ LDAP_sessionlifetime }
	   = _dir_config_var( $r, 'LDAP_SessionLifetime' ) || '00-24-00-00';






## This is for some leftover DBI code:

=item C<WhatEverDBI_DSN>

Specifies the DSN for DBI for the database you wish to connect to retrieve
user information.  This is required and has no default value.

=cut



( run in 0.560 second using v1.01-cache-2.11-cpan-140bd7fdf52 )