Authentication | Users | Password |
---|---|---|
✔ | ✔ | ✔ |
LL::NG can use a lot of databases as authentication, users and password backend:
Indeed, any Perl DBD driver can be used.
LL::NG can use two tables:
Tip
Authentication table and user table can be the same.
The password can be in plain text, or encoded with a SQL method (for example
SHA
, SHA1
, MD5
or any valid method on database side).
id | login | password |
---|---|---|
0 | coudot | 1f777a6581e478499f4284e54fe2d4a4e513dfff |
1 | xguimard | a15a18c8bb17e6f67886a9af1898c018b9f5a072 |
2 | tchemineau | 1f777a6581e478499f4284e54fe2d4a4e513dfff |
id | user | name | |
---|---|---|---|
0 | coudot | Clément OUDOT | coudot@example.com |
1 | tchemineau | Thomas CHEMINEAU | tchemineau@example.com |
2 | xguimard | Xavier GUIMARD | xguimard@example.com |
id | user | password | name | |
---|---|---|---|---|
0 | coudot | 1f777a6581e478499f4284e54fe2d4a4e513dfff | Clément OUDOT | coudot@example.com |
1 | tchemineau | 1f777a6581e478499f4284e54fe2d4a4e513dfff | Thomas CHEMINEAU | tchemineau@example.com |
2 | xguimard | a15a18c8bb17e6f67886a9af1898c018b9f5a072 | Xavier GUIMARD | xguimard@example.com |
LL::NG will operate some SQL queries:
In Manager, go in General Parameters
> Authentication modules
and choose Database (DBI) for authentication, users and/or password
modules.
The authentication level given to users authenticated with this module.
Attention
As DBI is a login/password based module, the authentication level can be:
List of columns to query to fill user session. See also exported variables configuration.
Tip
Connection settings can be configured differently for authentication process and user process. This allows one to use different databases for these process. By default, if user process connection settings are empty, authentication process connection settings will be used.
Attention
The SQL function MUST have hexadecimal values as input AND output
Tip
Here is an example for creating a postgreSQL SHA256 function.
1. Install postgresql-contrib. 2. Activate extension:
CREATE EXTENSION pgcrypto;
3. Create the hash function:
CREATE OR REPLACE FUNCTION sha256(varchar) returns text AS $$
SELECT encode(digest(decode($1, 'hex'), 'sha256'), 'hex')
$$ LANGUAGE SQL STRICT IMMUTABLE;
Another example to create an unix hash function in MariaDB. Caution: The encrypt function is only avaible if the database is running on a unix based OS. 1. Use the lemonldapng database. 2. Create the unix hash function:
CREATE FUNCTION `unixcrypth`(`pwd` VARCHAR(255), `unix_salt`
VARCHAR(255)) RETURNS VARCHAR(255) CHARSET utf8mb4
NOT DETERMINISTIC NO SQL SQL SECURITY INVOKER RETURN
HEX( ENCRYPT( UNHEX(pwd), UNHEX(unix_salt) ) );