arunbhargav has asked for the wisdom of the Perl Monks concerning the following question:

Hi All, I have a problem where user would login to a site using his/her LDAP credentials, on that site once the user makes any changes , I would want to use the session to update the data on a different website which relies on the same LDAP credentials, Is there a proven way to do this ? like any module which supports this? Any help is greatly appreciated

Replies are listed 'Best First'.
Re: Reuse the LDAP session ?
by atcroft (Abbot) on Dec 05, 2013 at 16:11 UTC

    I'm afraid I don't quite follow what you are asking-as I see the process, you would:

    1. Retrieve user's credentials (from prompts, UI, or command line)
    2. Log into site1
    3. If a change is made, then for each other site,
      1. Log into siteN
      2. Make corresponding change
    That being the case, you would have the credentials to be able to log into the other servers (as you indicated the credentials would be the same).

    Does that help any?

    Update: 2013-12-05
    Based on Re^2: Reuse the LDAP session ?, I was not advocating permanent storage of the credentials, only keeping them in memory until the steps could be completed. Would you not be able to do that, or is that a bad idea?

[reply]
      Yes, Thats exactly I was looking for. But, I wouldnt have the credentials saved for LDAP, All I do is send the credentials to LDAP and authenticate with it and use that session to operate on the current website, I cannot and shouldnt save credentials for the users who rely on my site.
[reply]
      Yes, Thats exactly I was looking for. But, I wouldnt have the credentials saved for LDAP, All I do is send the credentials to LDAP and authenticate with it and use that session to operate on the current website, I cannot and shouldnt save credentials for the users who rely on my site.
[reply]
Re: Reuse the LDAP session ?
by locked_user sundialsvc4 (Abbot) on Dec 06, 2013 at 01:26 UTC

    Is this, say, a company intra-net in which multiple applications are installed, to be made available only for use by logged-in users?

    If so, your situation is almost trivialized by existing Apache/nginix directives.   Use them to restrict the app to access only by specified users (LDAP criteria), and the app will then have access to known-good information about who the connected user is, as well as other trustworthy attributes about him.   (If such information can’t be obtained, because something is broken or misconfigured, redirect him to some suitably obnoxious place ...)   You don’t have to provide “login” functionality at all, as you do with a web-site that faces the world at large.

    Also note:   generally, you should not cache the LDAP-related information in a traditional “session”-store ... in contradiction to the usual public-web-site practice.   You want the information to be fresh.   If someone updates the user’s central credentials, e.g. to grant some access or(!) to take it away, your site should thus be able to react immediately, as soon as the change has propagated.   A user should not have to reconnect to your site in order to pick-up on what has been centrally granted; nor should he, by virtue of remaining connected to it, continue to exercise privileges that have been centrally taken away.

Back to Seekers of Perl Wisdom