The LemonLDAP::NG project

LemonLDAP::NG is an open source WebSSO, access control and identity federation product. Written in Perl, and relying on Apache mod_perl engine, it aims to be multi-protocol, handling for example LDAP, CAS, SAML, or OpenID.

The LemonLDAP::NG software provides three main modules:

• The portal, for authentication process and password management
• The manager, for graphical configuration
• The Handler, for access control inside Apache engine

This allows system administrators to use their LDAP identity data store to manage access control to all hosted web applications.

This conference will first introduce the concepts of Single-Sign On, access control and identity federation, and present the LemonLDAP::NG software (technical architecture, main features, real use cases)

We will then focus on the LDAP support:

• Authentication: how credentials are checked in the LDAP data store
• Data collect: how user data (including group membership, with recursion) are collected
• Password policy support, for authentication and password change, including password reset management
• Access rules: how LDAP data can be used for access control
• Identity federation: how LDAP data can be shared with other services trough SAML or OpenID
• Configuration and session management: how LDAP server can be use in an high availability infrastructure to share sessions and configuration