Apache2-AuthTicketLDAP
view release on metacpan or search on metacpan
AuthTicketLDAP.pm view on Meta::CPAN
if (defined $autocomm && ($autocomm || $autocomm == 0)) {
$dboptions->{AutoCommit} = $autocomm;
}
$user = $user eq 'test' ? undef $user : $user;
$pass = $pass eq 'test' ? undef $pass : $pass;
my $dbh = DBI->connect_cached($db, $user, $pass, $dboptions)
or die "DBI Connect failure: ", DBI->errstr, "\n";
my ($scheme, $driver) = DBI->parse_dsn($db)
or die "DBI DSN parsing failure: ", DBI->errstr, "\n";
if ($driver eq 'Informix') {
$dbh->do('SET ISOLATION TO DIRTY READ')
or die "SET ISOLATION failed: ", DBI->errstr, "\n";
$dbh->do('SET LOCK MODE TO WAIT 2')
or die "SET LOCK MODE failed: ", DBI->errstr, "\n";
}
return $dbh;
}
1;
=pod
=head1 NAME
Apache2::AuthTicketLDAP - Cookie Ticketing with LDAP Authentication
=head1 VERSION
version 0.02
=head1 SYNOPSIS
The documentation is largely the same as I<Apache2::AuthTicket>, however, with
a few addenda. A typical installation will look like:
# in httpd.conf
PerlModule Apache2::AuthTicketLDAP
PerlSetVar AuthCookieDebug 3 #Useful for debugging
PerlSetVar AuthTicketLDAPCacheDir "/var/cache/apache"
PerlSetVar AuthTicketLDAPCacheSize "4m"
PerlSetVar AuthTicketLDAPCachePageSize "4096"
PerlSetVar AuthTicketLDAPCacheTTL "10m"
PerlSetVar AuthTicketLDAPStmtCacheSize "4m"
PerlSetVar AuthTicketLDAPStmtCachePageSize "4096"
PerlSetVar AuthTicketLDAPStmtCacheTTL "1m"
PerlSetVar FooCookieName "MyCookie"
PerlSetVar FooSatisfy any
PerlSetVar FooTicketDB dbi:mysql:database=mschout;host=testbed
PerlSetVar FooTicketDBAutoCommit 0
PerlSetVar FooTicketDBUser test
PerlSetVar FooTicketDBPassword secret
PerlSetVar FooTicketTable tickets:ticket_hash:ts
PerlSetVar FooTicketSecretTable ticket_secrets:sec_data:sec_version
PerlSetVar FooTicketExpires 45
PerlSetVar FooTicketIdleTimeout 30
PerlSetVar FooTicketThreshold 60
PerlSetVar FooTicketLogoutURI /foo/index.html
PerlSetVar FooTicketLoginHandler /foologin
PerlSetVar FooLoginScript /foologinform
PerlSetVar FooPath /
PerlSetVar FooDomain .foo.com
PerlSetVar FooSecure 1
PerlSetVar FooLDAPURL "ldap://ldap.foo.com:389"
PerlSetVar FooLDAPDN "dc=foo,dc=com"
PerlSetVar FooLDAPScope "one"
PerlSetVar FooLDAPFilter "uid=MYUSER"
<Location /foo>
AuthType Apache2::AuthTicketLDAP
AuthName Foo
PerlAuthenHandler Apache2::AuthTicketLDAP->authenticate
PerlAuthzHandler Apache2::AuthTicketLDAP->authorize
require ldap_attribute allowedFoo=Yes
require valid-user
</Location>
<Location /foologinform>
AuthType Apache2::AuthTicketLDAP
AuthName Foo
SetHandler perl-script
PerlResponseHandler Apache2::AuthTicketLDAP->login_screen
</Location>
# Or for a mod_perl script to handle logins, store /foologinform in here and
# change: PerlSetVar FooLoginScript /my/path/cgi-bin/foologinform
<Directory /my/path/cgi-bin>
Options ExecCGI
SetHandler perl-script
PerlResponseHandler ModPerl::Registry
PerlOptions +ParseHeaders
AllowOverride none
Order allow,deny
Allow from all
</Directory>
<Location /foologin>
AuthType Apache2::AuthTicketLDAP
AuthName Foo
SetHandler perl-script
PerlResponseHandler Apache2::AuthTicketLDAP->login
</Location>
<Location /foo/logout>
AuthType Apache2::AuthTicketLDAP
AuthName Foo
SetHandler perl-script
PerlResponseHandler Apache2::AuthTicketLDAP->logout
</Location>
=head1 DESCRIPTION
This module builds upon the I<Apache2::AuthTicket> database-backed, cookie
ticketing system for websites. It provides for authentication and authorization
against an LDAP database. It also implements I<CHI>-based, mmap'd file caching
of LDAP entries and SELECT queries.
AuthTicketLDAP.pm view on Meta::CPAN
<Directory /my/path/cgi-bin>
Options ExecCGI
SetHandler perl-script
PerlResponseHandler ModPerl::Registry
PerlOptions +ParseHeaders
AllowOverride none
Order allow,deny
Allow from all
</Directory>
<Location /foologin>
AuthType Apache2::AuthTicketLDAP
AuthName Foo
SetHandler perl-script
PerlResponseHandler Apache2::AuthTicketLDAP->login
</Location>
<Location /foo/logout>
AuthType Apache2::AuthTicketLDAP
AuthName Foo
SetHandler perl-script
PerlResponseHandler Apache2::AuthTicketLDAP->logout
</Location>
=head2 Apache Configuration - startup.pl
Any non-global I<Apache2::AuthTicketLDAP> configuration items can be set in
startup.pl. You can configure an AuthName like this:
Apache2::AuthTicketLDAP->configure(String auth_name, *Hash config)
When configuring this way, you don't prefix the configuration items with the
AuthName value like you do when using PerlSetVar directives.
You must still include I<Apache2::AuthCookie> configuration directives and
I<Apache2::AuthTicketLDAP> global variables in httpd.conf when configuring the
server this way. These items include:
* PerlSetVar FooPath /
* PerlSetVar FooDomain .foo.com
* PerlSetVar FooSecure 1
* PerlSetVar FooLoginScript /foologinform
* PerlSetVar AuthTicketLDAPCacheDir "/var/cache/apache"
* PerlSetVar AuthTicketLDAPCacheSize "4m"
* PerlSetVar AuthTicketLDAPCachePageSize "4096"
* PerlSetVar AuthTicketLDAPCacheTTL "10m"
* PerlSetVar AuthTicketLDAPStmtCacheSize "4m"
* PerlSetVar AuthTicketLDAPStmtCachePageSize "4096"
* PerlSetVar AuthTicketLDAPStmtCacheTTL "1m"
Example of configure():
Apache2::AuthTicketLDAP->configure('Foo', {
TicketDB => 'DBI:mysql:database=test;host=foo',
TicketDBUser => 'mschout',
TicketDBPassword => 'secret',
TicketTable => 'tickets:ticket_hash:ts',
TicketSecretTable => 'ticket_secrets:sec_data:sec_version',
TicketExpires => '15',
TicketLogoutURI => '/foo/index.html',
TicketLoginHandler => '/foologin',
TicketIdleTimeout => 5,
TicketThreshold => 60,
LDAPURL => 'ldap://ldap.foo.com:389',
LDAPDN => 'dc=foo,dc=com',
LDAPScope => 'one',
LDAPFilter => 'uid=MYUSER',
TicketDBAutoCommit => 0,
});
Configuration is the same as with I<Apache2::AuthTicket> and
I<Apache2::AuthCookie>, though B<TicketUserTable> and B<TicketPasswordStyle>
are ignored.
The following directives are added by this module:
=over 3
=item B<TicketThreshold>
This directive tells the module to only update the database when a ticket
timestamp is at least X seconds old. Reduces database updates.
Example: 60
Default: 0 (always update)
Required: No
=item B<TicketDBAutoCommit>
This directive tells whether to start the database connection in AutoCommit
mode or not.
Example: 0
Default: 1
Required: No
=item B<AuthTicketLDAPCacheDir>
Set the file path of the cache directory to be used by I<CHI>. It is the same
for both the statement and LDAP entry caches.
Example: /var/cache/apache
Default: <none>
Required: Yes
=item B<AuthTicketLDAPCacheSize>
Set the size of the LDAP entry cache. You can use 1k or 1m for kilobytes or
megabytes, respectively.
Example: 4m
Default: <none>
Required: Yes
=item B<AuthTicketLDAPCachePageSize>
Set the page size of the LDAP entry cache. In bytes.
Example: 4096
Default: <none>
Required: Yes
( run in 0.786 second using v1.01-cache-2.11-cpan-2398b32b56e )