Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery

Re: Reuse the LDAP session ?

by sundialsvc4 (Abbot)
on Dec 06, 2013 at 01:26 UTC ( #1065876=note: print w/replies, xml ) Need Help??

in reply to Reuse the LDAP session ?

Is this, say, a company intra-net in which multiple applications are installed, to be made available only for use by logged-in users?

If so, your situation is almost trivialized by existing Apache/nginix directives.   Use them to restrict the app to access only by specified users (LDAP criteria), and the app will then have access to known-good information about who the connected user is, as well as other trustworthy attributes about him.   (If such information can’t be obtained, because something is broken or misconfigured, redirect him to some suitably obnoxious place ...)   You don’t have to provide “login” functionality at all, as you do with a web-site that faces the world at large.

Also note:   generally, you should not cache the LDAP-related information in a traditional “session”-store ... in contradiction to the usual public-web-site practice.   You want the information to be fresh.   If someone updates the user’s central credentials, e.g. to grant some access or(!) to take it away, your site should thus be able to react immediately, as soon as the change has propagated.   A user should not have to reconnect to your site in order to pick-up on what has been centrally granted; nor should he, by virtue of remaining connected to it, continue to exercise privileges that have been centrally taken away.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1065876]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (5)
As of 2018-05-23 19:06 GMT
Find Nodes?
    Voting Booth?