Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"

Re: Reuse the LDAP session ?

by sundialsvc4 (Abbot)
on Dec 06, 2013 at 01:26 UTC ( #1065876=note: print w/ replies, xml ) Need Help??

in reply to Reuse the LDAP session ?

Is this, say, a company intra-net in which multiple applications are installed, to be made available only for use by logged-in users?

If so, your situation is almost trivialized by existing Apache/nginix directives.   Use them to restrict the app to access only by specified users (LDAP criteria), and the app will then have access to known-good information about who the connected user is, as well as other trustworthy attributes about him.   (If such information can’t be obtained, because something is broken or misconfigured, redirect him to some suitably obnoxious place ...)   You don’t have to provide “login” functionality at all, as you do with a web-site that faces the world at large.

Also note:   generally, you should not cache the LDAP-related information in a traditional “session”-store ... in contradiction to the usual public-web-site practice.   You want the information to be fresh.   If someone updates the user’s central credentials, e.g. to grant some access or(!) to take it away, your site should thus be able to react immediately, as soon as the change has propagated.   A user should not have to reconnect to your site in order to pick-up on what has been centrally granted; nor should he, by virtue of remaining connected to it, continue to exercise privileges that have been centrally taken away.

Comment on Re: Reuse the LDAP session ?

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1065876]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (7)
As of 2015-11-25 15:26 GMT
Find Nodes?
    Voting Booth?

    What would be the most significant thing to happen if a rope (or wire) tied the Earth and the Moon together?

    Results (681 votes), past polls