Advice for saving a plaintext password for LDAP re-binds using StartTLS

ghenry has asked for the wisdom of the Perl Monks concerning the following question:

Hi all,

I'm developing a web gui with Dojo and Catalyst for contacts management. It's for the public directory servers that power the SureVoIP IM service and store your global and private contact list.

ldap.surevoip.co.uk is public now and I'm working on syncing in from LinkedIn, Google and Salesforce. You just point your phone, email etc. at the server and import/export vcards, or LDIF.

Anyway, problem is that on the initial login I do an LDAP bind over StartTLS for authenticating and then create the session. That's fine as the session ticks over until it expires. My problem scope is that any LDAP operations need a re-bind as the logged in user (the user DN is in the session, so that's OK), but I don't have the plaintext password to re-bind with. Should I save this? I can't save a hash as I need the plaintext one.

Advice?

Thanks,
Gavin.

Walking the road to enlightenment... I found a penguin and a camel on the way.....
Fancy a yourname@perl.me.uk? Just ask!!!

Comment on Advice for saving a plaintext password for LDAP re-binds using StartTLS

Replies are listed 'Best First'.
Re: Advice for saving a plaintext password for LDAP re-binds using StartTLS by 5mi11er (Deacon) on Aug 16, 2013 at 22:52 UTC
It's been a while since I've done a lot of LDAP, but I think it would be possible to immediately rebind as that user once the login is successful. Hopefully at the time of successful login you still have the password available? -Scott	[reply]
Re^2: Advice for saving a plaintext password for LDAP re-binds using StartTLS by ghenry (Vicar) on Aug 21, 2013 at 06:39 UTC
thanks. Yes, that is possible although I've decided to create a contacts admin user with restricted necessary only permissions. Walking the road to enlightenment... I found a penguin and a camel on the way..... Fancy a yourname@perl.me.uk? Just ask!!!	[reply]

Back to Seekers of Perl Wisdom