LDAP session backend¶
An Apache session module was created by LL::NG team to store sessions in an LDAP directory.
Attention
This module is not part of LL::NG distribution, and can be found on CPAN: Apache::Session::LDAP.
Tip
This module is also available on GitHub.
Sessions will be stored as LDAP entries, like this:
dn: cn=6fb7c4a170a04668771f03b0a4747f46,ou=sessions,dc=example,dc=com
objectClass: applicationProcess
cn: 6fb7c4a170a04668771f03b0a4747f46
description: [Base64 serialized data]
Setup¶
Go in the Manager and set the LDAP session module
(Apache::Session::LDAP)
in General parameters » Sessions » Session storage »
Apache::Session module and add the following parameters (case
sensitive):
| Required parameters | ||
|---|---|---|
| Name | Comment | Example |
| ldapServer | URI of the server | ldap://localhost |
| ldapConfBase | DN of sessions branch | ou=sessions,dc=example,dc=com |
| ldapBindDN | Connection login | cn=admin,dc=example,dc=dom |
| ldapBindPassword | Connection password | secret |
| Optional parameters | ||
|---|---|---|
| Name | Comment | Default value |
| ldapObjectClass | Objectclass of the entry | applicationProcess |
| ldapAttributeId | Attribute storing session ID | cn |
| ldapAttributeContent | Attribute storing session content | description |
| ldapVerify | Perform certificate validation | require (use none to disable) |
| ldapCAFile | Path of CA file bundle | (system CA bundle) |
| ldapCAPath | Perform CA directory | (system CA bundle) |
Security¶
Restrict network access to the LDAP directory, and add specific ACL to session branch.
You can also use different user/password for your servers by overriding
parameters globalStorage and globalStorageOptions in
lemonldap-ng.ini file.