Apache::Authenlemonldap - Perl extension for Apache with lemonldap websso

 <location /doc>
   Authname "lemonldap web SSO"
   Authtype Basic
 # require valid-user  or 
   require user egerman-cp
   PerlAuthenHandler Apache::Authenlemonldap
   Options Indexes FollowSymLinks MultiViews
 </location>

  

 This module can decode lemonldap header .
 Installing on your apache web server it can deal with a lemonldap frontend
 It puts user in    $r->connection->user and role in $ENV{ROLE}  

 A line in error.log is added when user get a connection .

 Note: this module works this apache2 , you can use it this apache-1.3nn with minor modifications (use Apache::Log instead use Apache2::Log )  

package Apache::Authenlemonldap;
use Apache::Constants qw(:common);
use Apache2::Log;
our $VERSION = '1.0.0';
sub handler {
    my $r = shift;
    return OK unless $r->is_initial_req;
    my ( $res, $role ) = $r->get_basic_auth_pw;
    return $res if $res;
    my $user = $r->connection->user;
    if ( !$user ) {
        $r->note_basic_auth_failure;
        $r->log_reason( "no uid found", $r->uri );
        return AUTH_REQUIRED;
    }
    my @directives = @{ $r->requires };
    $r->subprocess_env( ROLE => $role );
    $r->log->info("$user with role $role EXPECTED");
    for $req (@directives) {
        my ( $require, @rest ) = split /\s+/, $req->{requirement};
        if ( lc($directive) eq 'valid-user' ) {
            $r->log->info("$user with role $role GRANTED");
            return OK;
        }

        if ( lc($require) eq "user" ) {
            if ( grep { $_ eq $user } @rest ) {
                $r->log->info("$user with role $role GRANTED");
                return OK;

            }
        }
    }
        return AUTH_REQUIRED;

}
1;
__END__