July 29th, 2005

Apache+winbind+LiveJournal

Hi.

I am trying to get rid of all LiveJournal authentication. Basically, I'm using Apache and Winbind to authenticate my users on an AD. That part is working.

I've changed index.bml so that it picks up the username from apache $ENV{'REMOTE_USER'} and I've just blindly copy pasted code from login.bml which deals with setting cookies etc to let LiveJournal know that the person is authenticated.

Here is the index.bml code for reference

<*lj-cut text="index.bml">
{'_session'} : undef;


my $u = LJ::load_user($user,undef);
LJ::debug("$ENV{'REMOTE_USER'}");
LJ::load_user_props($u, "browselang", "schemepref", "legal_tosagree");


my $bl = LJ::Lang::get_lang($u->{'browselang'});

my $bindip;
if ($POST{'bindip'} eq "yes") {
$bindip = BML::get_remote_ip();
}

my $sess_opts = {
'exptype' => 'short',
'ipfixed' => $bindip,
};

my $etime = 0;
if ($POST{'expire'} eq "never") {
$etime = time()+60*60*24*60;
$sess_opts->{'exptype'} = "long";
}

my $sess = $u->generate_session($sess_opts);
$cursess = $sess;

my @sopts;
LJ::run_hooks("login_add_opts", { 'u' => $u, 'form' => \%POST, 'opts' => \@sopts });
my $sopts = @sopts ? ":" . join('', map { ".$_" } @sopts) : "";

$COOKIE{'ljsession'} = [ "ws:$u->{'user'}:$sess->{'sessid'}:$sess->{'auth'}$sopts", $etime, 1 ]; # 1 => HttpOnly

# restore default scheme
$COOKIE{'BMLschemepref'} = [ $u->{'schemepref'}, $etime ];
BML::set_scheme($u->{'schemepref'});

# kill the old-style cookies:
foreach (qw(ljuser ljhpass permlogin)) {
delete $COOKIE{$_} if $COOKIE{$_};
}

eval { Apache->request->notes('ljuser' => $user); };
if ($bl) {
$COOKIE{'langpref'} = [ $bl->{'lncode'} . "/" . time(), $etime ];
BML::set_language($bl->{'lncode'});
}

LJ::run_hooks("post_login", {
"u" => $u,
"form" => \%POST,
"expiretime" => $etime,
});

LJ::set_remote($u);
$remote = $u;

return;
_code?>
<*/lj-cut>

The problem is, once I logout, and i redirect it to another site (http://foo for example), when I come back to my livejournal site, by visiting the same index page, it dosen't log me in properly (?).

I have to close the browswer for it to work again.
any clues?

cheers
  • Current Mood
    morose morose