LemonLDAP::NG is an open source Web Single Sign On (WebSSO), Access Management and Identity Federation product, written in Perl and Javascript.

LemonLDAP::NG is a free software, released under GPL license.

LemonLDAP::NG is the first SSO software deployed in French administrations. It can handle large-scale organization (tested with hundreds of thousands users). Many private firms use it too. Check our references!

Main Features

Single Sign On for Web Applications

  • Many SSO-ready applications (OBM, Bugzilla, Dokuwiki, etc.)
  • Special Handlers for Zimbra, Sympa
  • Replace all .htaccess based security
  • Forward SSO trough HTTP Auth-Basic or form replay
  • One line code to integrate in Java, PHP, .Net, Perl, Ruby, Python, …

Strong authorization system

  • URL matching trough regular expressions (subdirectories, file types, …)
  • Use of any user session information to build access rule

Authentication modules

  • LDAP
  • Active Directory
  • Database
  • SSL X509
  • Apache built-in modules (Kerberos, NTLM , OTP, …)
  • SAML 2.0 / Shibboleth
  • OpenID
  • OpenID Connect
  • Twitter
  • Google
  • Facebook
  • CAS
  • BrowserID (Mozilla)
  • WebID (W3C)
  • Radius
  • Yubikey
  • Multiple and Choice (modules stacking)

LDAP integration

  • LDAP v2 and v3 protocol support
  • SSL / TLS
  • Active Directory compliance
  • Password policy
  • Recursive groups

Identity provider

  • SAML 2.0 / Shibboleth
  • OpenID 2.0
  • OpenID Connect
  • CAS 1.0/2.0/3.0

User interfaces

  • Dynamic application menu
  • Password change form
  • Password reset by mail
  • Self register page


  • Graphical Manager
  • Sessions explorer
  • Status page
  • Apache logs
  • Syslog
  • Log4Perl compatibility


  • Protected cookies
  • XSS and SQL/LDAP injection protection
  • Compatibility with Apache mod_security
  • User tracking in Apache logs or syslog

Project activity

OpenHUB statistics

SVN activity