<abbrtitle="LemonLDAP::NG">LL::NG</abbr> Slave backend relies on HTTP headers to retrieve user login and/or attributes.
</p>
<ul>
<liclass="level1"><divclass="li"> Authentication: will check user login in a header and create session without prompting any credentials (but will register client <abbrtitle="Internet Protocol">IP</abbr> and creation date)</div>
It allows one to put <abbrtitle="LemonLDAP::NG">LL::NG</abbr>::portal behind another web <abbrtitle="Single Sign On">SSO</abbr>, or behind a SSL hardware to delegate SSL authentication to that hardware.
In Manager, go in <code>General Parameters</code>><code>Authentication modules</code> and choose Slave for authentication or users module.
</p>
<p>
Then, go in <code>Slave parameters</code>:
</p>
<ul>
<liclass="level1"><divclass="li"><strong>Authentication level</strong>: authentication level for this module.</div>
</li>
<liclass="level1"><divclass="li"><strong>Header for user login</strong>: header that contains the user main login</div>
</li>
<liclass="level1"><divclass="li"><strong>Master's <abbrtitle="Internet Protocol">IP</abbr> address</strong>: the <abbrtitle="Internet Protocol">IP</abbr> addresses of servers which are accredited to authenticate user. This is a security point, to prevent someone to create a session by sending custom headers. You can set one or several <abbrtitle="Internet Protocol">IP</abbr> addresses, separated by spaces, or let this parameter empty to disable the checking.</div>
</li>
<liclass="level1"><divclass="li"><strong>Control header name</strong>: header that contains a value to control. Let this parameter empty to disable the checking.</div>
</li>
<liclass="level1"><divclass="li"><strong>Control header content</strong>: value to control. Let this parameter empty to disable the checking.</div>
</li>
</ul>
<p>
You have then to declare HTTP headers exported by the main <abbrtitle="Single Sign On">SSO</abbr> (in <strong>Exported Variables</strong>). Example :