Table of Contents

Protect your application

Presentation

Your application can know the connected user using:

To get more information on user (name, mail, etc.), you have to read HTTP headers.

If your application is based on Perl CGI package, you can simply replace CGI by Lemonldap::NG::Handler::CGI

Code snippet

Examples with a configured header named 'Auth-User':

Perl

print "Connected user: ".$ENV{HTTP_AUTH_USER};

PHP

print "Connected user: ".$_SERVER["HTTP_AUTH_USER"];

Perl auto-protected CGI

Using this feature, you don't have to use virtual host protection: protection is embedded in Lemonldap::NG::Handler::CGI.

The protection parameter must be set when calling the new() method:

Example:

my $cgi = new CGI;
...
my $cgi = Lemonldap::NG::Handler::CGI->new ({ protection => 'authenticate' });
 
print $cgi->header;
print $cgi->start_html;
...

Then you can access to user datas

# Get attributes (or macros)
my $cn = $cgi->user->{cn}
 
# Test if user is member of a Lemonldap::NG group (or LDAP mapped group)
if( $cgi->group('admin') ) {
  # special html code for admins
}
else {
  # another HTML code
}