<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" />
<title>Lemonldap::NG documentation:
5-Appli-HTTP-Basic-Authentication.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HHTTPBasicAuthentication">HTTP Basic
Authentication</span></h2>
<p class="paragraph"></p>
<ul>
<li><a href="#HPresentation">Presentation</a></li>
<li><a href="#HConfigurationinLemonLDAP3A3ANG">Configuration in
LemonLDAP::NG</a></li>
</ul>
<h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3>
<p class="paragraph"></p>Extract from the <span class=
"wikiexternallink"><a href=
"http://en.wikipedia.org/wiki/Basic_access_authentication">Wikipedia
article</a></span>:
<p class="paragraph"></p>In the context of an HTTP transaction, the basic
access authentication is a method designed to allow a web browser, or
other client program, to provide credentials – in the
form of a user name and password – when making a
request.
<p class="paragraph"></p>Before transmission, the username and password
are encoded as a sequence of base-64 characters. For example, the user
name Aladdin and password open sesame would be combined as Aladdin:open
sesame – which is equivalent to
QWxhZGRpbjpvcGVuIHNlc2FtZQ== when encoded in Base64. Little effort is
required to translate the encoded string back into the user name and
password, and many popular security tools will decode the strings "on the
fly".
<h3 class="heading-1-1"><span id=
"HConfigurationinLemonLDAP3A3ANG">Configuration in
LemonLDAP::NG</span></h3><br />
<br />
The Basic Authentication relies on a specific HTTP header, as described
above. So you have just to declare this header for the virtual host in
LemonLDAP::NG Manager:<br />
<br />
<div class="code">
<pre>
Authorization => <span class=
"java-quote">"Basic "</span>.encode_base64(<span class="java-quote">"<i class=
"italic">login</i>:<i class="italic">password</i>"</span>)
</pre>
</div><br />
<br />
The problem is to have correct values in <i class="italic">login</i> and
<i class="italic">password</i>.<br />
<br />
We suppose for example that the login is the attribute "uid" and the
password is the password used to authenticate on LemonLDAP::NG portal. To
store this password into session, you first have to modify the
/var/lib/lemonldap-ng/portal/index.pl:<br />
<br />
<div class="code">
<pre>
# Remove comment to store password in session (use with caution)
storePassword => 1,
</pre>
</div><br />
<br />
<strong class="strong">Warning</strong>: this will store the password in
cleartext, so if an attacker achieve to read the session on the server, he
can read the password.<br />
<br />
With the storePassword parameter, the password is available in
LemonLDAP::NG in $_password.<br />
<br />
So to configure basic authentication:<br />
<br />
<div class="code">
<pre>
Authorization => <span class=
"java-quote">"Basic "</span>.encode_base64(<span class=
"java-quote">"$uid:$_password"</span>)
</pre>
</div>
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>
