> cfldap makes a call directly to your ldap server and returns a query. no
> apache or cooking spray involved.
Unless your Unix admin doesn't give you a login to the LDAP server.
I see several ways the general task "tie your website to LDAP"
can work. You can do it from CF, or from the webserver. You can
do it directly to the LDAP, or have Linux (PAM) in between. Which
is the best depends on the requirements (and the availability of
an LDAP login).
CF talks to LDAP directly
Pro:
- easy
- can retrieve arbitrary information
Con:
- ?
CF talks to Linux
Pro:
- ?
Con:
- can only authenticate, not return arbitrary info
- need to find some (Java?) tool to talk to PAM
Apache talks to LDAP directly
Pro:
- easy (mod_auth_ldap)
Con:
- can only authenticate, not return arbitrary info from LDAP
Apache talks to Linux
Pro:
- easy (one of the many Apache PAM modules)
Con:
- can only authenticate, not return arbitrary info
With the 'direct to LDAP' options cut off because the Unix admin
doesn't like it, tying Apache to PAM seems the easy route.
Compile the right module into Apache, add a few lines of
configuration, and an entire directory or website is protected.
And the good news is that the Unix admin, who caused the problem
by requiring you to go through Linux instead of directly to LDAP,
will be the one who has to the hard part of compiling Apache with
the right modules :-)
Jochem
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
