Menu
▾
▴
Re: authentication in a cgi context
|
From: Mark W. <mew...@un...> - 2000-06-06 00:45:57
|
David Leigh wrote: > > It looks like (you didn't really give us a lot of information to go on > > here) that you're trying to develop a CGI program to update an LDAP > > server. In this case you should use LDAP to authenticate. Now if you have > > your LDAP server setup to do SASL with Kerberos instead of simple > > authentication, then you can use that if you want. > > > Mark > > Sorry I wasn't more clear... But yes, I have a CGI which needs to > update an LDAP directory. At this point, I'd rather use LDAP > authentication than SASL or Kerberos. How does Net::LDAP interact with > mod_auth_ldap? Specifically, doesn't mod_auth_ldap unbind after > authentication? How can the cgi figure out who to bind as, and how? A CGI application cannot interact with an Apache authentication module. The closest you can come is to get the username from the REMOTE_USER variable but you can't get the password. Thus you're better off simply writing a login form, your script authenticates the user to LDAP and then using cookies or similar technique to keep track if the user is logged in or not. If your using LDAP ACLs to handle modification rights, you'll need to keep the user's dn and password stored somewhere because CGI is stateless (and you don't want the user to enter their password on each screen). Probably the safest mechanism is to store it encrypted on the server and use a cookie to lookup the dn and password each time. Optionally if you want to write your application as an Apache module you can use my Apache::AuthNetLDAP module as an example on how to use LDAP authentication from inside an Apache module. Then you can store the dn and password in a hashtable in memory. Mark > > > Thanks, > -David |
