documentation:1.0:authdbi

Databases

Authentication Users Password

LL::NG can use a lot of databases as authentication, users and password backend:

  • MySQL
  • PostGreSQL
  • Oracle

Indeed, any Perl DBD driver can be used.

LL::NG can use two tables:

  • Authentication table: where login and password are stored
  • User table: where user data are stored (mail, name, etc.)
Authentication table and user table can be the same.

The password can be in plain text, or encoded with a standard SQL method:

  • SHA
  • SHA1
  • MD5

Example 1: two tables

Authentication table
id login password
0 coudot 1f777a6581e478499f4284e54fe2d4a4e513dfff
1 xguimard a15a18c8bb17e6f67886a9af1898c018b9f5a072
2 tchemineau 1f777a6581e478499f4284e54fe2d4a4e513dfff
User table
id user name mail
0 coudot Clément OUDOT coudot@example.com
1 tchemineau Thomas CHEMINEAU tchemineau@example.com
2 xguimard Xavier GUIMARD xguimard@example.com

Example 2: single table

id user password name mail
0 coudot 1f777a6581e478499f4284e54fe2d4a4e513dfff Clément OUDOT coudot@example.com
1 tchemineau 1f777a6581e478499f4284e54fe2d4a4e513dfff Thomas CHEMINEAU tchemineau@example.com
2 xguimard a15a18c8bb17e6f67886a9af1898c018b9f5a072 Xavier GUIMARD xguimard@example.com

LL::NG will operate some SQL queries:

  • Authentication: select row in authentication table matching user and password
  • Search user: select row in user table matching user
  • Change password: update password column in authentication table matching user

In Manager, go in General Parameters > Authentication modules and choose Database (DBI) for authentication, users and/or password modules.

The authentication level given to users authenticated with this module.

As DBI is a login/password based module, the authentication level can be:
  • increased (+1) if portal is protected by SSL (HTTPS)
  • decreased (-1) if the portal autocompletion is allowed (see portal customization)
Connection settings can be configured differently for authentication process and user process. This allows to use different databases for these process. By default, if user process connection settings are empty, authentication process connection settings will be used.
  • Chain: DBI chain, including database driver name and database name (for example: dbi:mysql:database=lemonldapng;host=localhost).
  • User: Connection user
  • Password: Connection password
  • Authentication table: authentication table name
  • User table: user table name
  • Login field name: name of authentication table column hosting login
  • Password field name: name of authentication table column hosting password
  • Mail field name: name of authentication table column hosting mail (for password reset)
  • Login field name in user table: name of user table column hosting login
  • Hash schema: SQL method for hashing password. Can be left blank for plain text passwords.