LDAP session backend¶
An Apache session module was created by LL::NG team to store sessions in an LDAP directory.
Attention
This module is not part of LL::NG distribution, and can be found on CPAN: Apache::Session::LDAP.
Tip
This module is also available on GitHub.
Sessions will be stored as LDAP entries, like this:
dn: cn=6fb7c4a170a04668771f03b0a4747f46,ou=sessions,dc=example,dc=com
objectClass: applicationProcess
cn: 6fb7c4a170a04668771f03b0a4747f46
description: [Base64 serialized data]
Setup¶
Go in the Manager and set the LDAP session module
(Apache::Session::LDAP)
in General parameters
» Sessions
» Session storage
»
Apache::Session module
and add the following parameters (case
sensitive):
Required parameters | ||
---|---|---|
Name | Comment | Example |
ldapServer | URI of the server | ldap://localhost |
ldapConfBase | DN of sessions branch | ou=sessions,dc=example,dc=com |
ldapBindDN | Connection login | cn=admin,dc=example,dc=dom |
ldapBindPassword | Connection password | secret |
Optional parameters | ||
---|---|---|
Name | Comment | Default value |
ldapObjectClass | Objectclass of the entry | applicationProcess |
ldapAttributeId | Attribute storing session ID | cn |
ldapAttributeContent | Attribute storing session content | description |
ldapVerify | Perform certificate validation | require (use none to disable) |
ldapCAFile | Path of CA file bundle | (system CA bundle) |
ldapCAPath | Perform CA directory | (system CA bundle) |
Security¶
Restrict network access to the LDAP directory, and add specific ACL to session branch.
You can also use different user/password for your servers by overriding
parameters globalStorage
and globalStorageOptions
in
lemonldap-ng.ini file.