62 lines
2.2 KiB
ReStructuredText
62 lines
2.2 KiB
ReStructuredText
![]() |
LDAP session backend
|
||
|
====================
|
||
|
|
||
|
An Apache session module was created by LL::NG team to store sessions in
|
||
|
an LDAP directory.
|
||
|
|
||
|
|
||
|
.. important::
|
||
|
|
||
|
This module is not part of LL::NG distribution, and can
|
||
|
be found on CPAN:
|
||
|
`Apache::Session::LDAP <http://search.cpan.org/dist/Apache-Session-LDAP/>`__.
|
||
|
|
||
|
|
||
|
.. tip::
|
||
|
|
||
|
This module is also available on
|
||
|
`GitHub <https://github.com/coudot/apache-session-ldap>`__.
|
||
|
|
||
|
Sessions will be stored as LDAP entries, like this:
|
||
|
|
||
|
::
|
||
|
|
||
|
dn: cn=6fb7c4a170a04668771f03b0a4747f46,ou=sessions,dc=example,dc=com
|
||
|
objectClass: applicationProcess
|
||
|
cn: 6fb7c4a170a04668771f03b0a4747f46
|
||
|
description: [Base64 serialized data]
|
||
|
|
||
|
Setup
|
||
|
-----
|
||
|
|
||
|
Go in the Manager and set the LDAP session module
|
||
|
(`Apache::Session::LDAP <http://search.cpan.org/dist/Apache-Session-LDAP/>`__)
|
||
|
in ``General parameters`` » ``Sessions`` » ``Session storage`` »
|
||
|
``Apache::Session module`` and add the following parameters (case
|
||
|
sensitive):
|
||
|
|
||
|
======================== ================================= ===============================
|
||
|
Required parameters
|
||
|
======================== ================================= ===============================
|
||
|
Name Comment Example
|
||
|
**ldapServer** URI of the server ldap://localhost
|
||
|
**ldapConfBase** DN of sessions branch ou=sessions,dc=example,dc=com
|
||
|
**ldapBindDN** Connection login cn=admin,dc=example,dc=password
|
||
|
**ldapBindPassword** Connection password secret
|
||
|
Optional parameters
|
||
|
Name Comment Default value
|
||
|
**ldapObjectClass** Objectclass of the entry applicationProcess
|
||
|
**ldapAttributeId** Attribute storing session ID cn
|
||
|
**ldapAttributeContent** Attribute storing session content description
|
||
|
======================== ================================= ===============================
|
||
|
|
||
|
Security
|
||
|
--------
|
||
|
|
||
|
Restrict network access to the LDAP directory, and add specific ACL to
|
||
|
session branch.
|
||
|
|
||
|
You can also use different user/password for your servers by overriding
|
||
|
parameters ``globalStorage`` and ``globalStorageOptions`` in
|
||
|
lemonldap-ng.ini file.
|