Protect your application

Your application can know the connected user using:

  • REMOTE_USER environment variable (with local Handler or SetEnvIf trick)
  • HTTP header (in all cases)

To get more information on user (name, mail, etc.), you have to read HTTP headers.

If your application is based on Perl CGI package, you can simply replace CGI by Lemonldap::NG::Handler::CGI

Examples with a configured header named 'Auth-User':

print "Connected user: ".$ENV{HTTP_AUTH_USER};
print "Connected user: ".$_SERVER["HTTP_AUTH_USER"];

Using this feature, you don't have to use virtual host protection: protection is embedded in Lemonldap::NG::Handler::CGI.

The protection parameter must be set when calling the new() method:

  • none: no protection
  • authenticate: check authentication but do not manage authorization
  • manager: rely on virtual host configuration in Manager
  • rule: xxx: apply a specific rule


  • Code to replace:
my $cgi = new CGI;
  • New code:
my $cgi = Lemonldap::NG::Handler::CGI->new ({ protection => 'authenticate' });
print $cgi->header;
print $cgi->start_html;

Then you can access to user datas

# Get attributes (or macros)
my $cn = $cgi->user->{cn}
# Test if user is member of a Lemonldap::NG group (or LDAP mapped group)
if( $cgi->group('admin') ) {
  # special html code for admins
else {
  # another HTML code