LDAP session backend¶
An Apache session module was created by LL::NG team to store sessions in an LDAP directory.
Attention
This module is not part of LL::NG distribution, and can be found on CPAN: Apache::Session::LDAP.
Tip
This module is also available on GitHub.
Sessions will be stored as LDAP entries, like this:
dn: cn=6fb7c4a170a04668771f03b0a4747f46,ou=sessions,dc=example,dc=com
objectClass: applicationProcess
cn: 6fb7c4a170a04668771f03b0a4747f46
description: [Base64 serialized data]
Setup¶
Go in the Manager and set the LDAP session module
(Apache::Session::LDAP)
in General parameters
» Sessions
» Session storage
»
Apache::Session module
and add the following parameters (case
sensitive):
Required parameters |
||
---|---|---|
Name |
Comment |
Example |
ldapServer |
URI of the server |
|
ldapConfBase |
DN of sessions branch |
ou=sessions,dc=example,dc=com |
ldapBindDN |
Connection login |
cn=admin,dc=example,dc=dom |
ldapBindPassword |
Connection password |
secret |
Optional parameters |
||
---|---|---|
Name |
Comment |
Default value |
ldapObjectClass |
Objectclass of the entry |
applicationProcess |
ldapAttributeId |
Attribute storing session ID |
cn |
ldapAttributeContent |
Attribute storing session content |
description |
ldapVerify |
Perform certificate validation |
require (use none to disable) |
ldapCAFile |
Path of CA file bundle |
(system CA bundle) |
ldapCAPath |
Perform CA directory |
(system CA bundle) |
Security¶
Restrict network access to the LDAP directory, and add specific ACL to session branch.
You can also use different user/password for your servers by overriding
parameters globalStorage
and globalStorageOptions
in
lemonldap-ng.ini file.