Hi Bryan,
The ldap client does not need to be run as a daemon or service. A
LDAP server provides a standards based protocol which you can use to access
information stored in a LDAP database so a api call via php or whatever will
get you the information you require regardless of the type of LDAP server.
It might be worthwhile to investigate how connections are
handled by PHP. What I mean is that if your web app is going to do a high
volume of authentication then it might be more effective to keep an connection
open rather than creating a new connection for each authentication request.
Regards
From: openldap-technical-bounces+gerrard.geldenhuis=betfair.com@OpenLDAP.org
[mailto:openldap-technical-bounces+gerrard.geldenhuis=betfair.com@OpenLDAP.org]
On Behalf Of Bryan Boone
Sent: 22 June 2010 00:38
To: openldap-technical@openldap.org
Subject: Simple question about LDAP and web authentication.
Hi everyone. I am a noob to LDAP and I have a
question.
I am on a team that is building a special server. This
server will be running linux with an apache web server with PHP and
apache is running a special website that we designed.
I need to have the website be able to query LDAP servers for
web authentication. So when a user connects to this special web server,
they are prompted for a user name and password. Then I want to have the
website check the LDAP server to make sure that the user is indeed a user of
the website on our special server. So in a sense our special server will
be an LDAP client.
So my question is??? Is an LDAP client to be run
as a Daemon or service? Is this what
OpenLDAP provides? Or can I simply use function calls (from PHP
or C) from the OpenLDAP library for the authentication?
Basically all I need is...
The user brings up the web page.
The user enters in the user name and password.
The server uses PHP or C to check to see if the entered
information matches an LDAP server.
The web grants or denies access.
The LDAP server connection is closed.
No other actions or information from the LDAP server is
needed.
Do I have the right idea?
thanks