LDAP
The LDAP directory tags interact with stand alone LDAP directory
servers as well as LDAP accessible directories, like Novell NDS
or Microsoft Active Directory.
They can be used to create web applications based on data stored
in directory, like centralized user administration (for ISP), address
book manipulations and so on. The LDAP directory authentication module
can enable the Roxen server to authenticate against a LDAP directory.
Connection attributes
A connection to a directory is determined by the following attributes:
- host
- basedn
- user
- password
host is the name of the machine running the LDAP server and
basedn specifies the subtree of the particular directory tree.
The user and password are used for user authentication
in the LDAP server.
Security Considerations
Your foremost security consideration when it comes to LDAP server is
to make sure that only the LDAP operations you intend get sent to the
server. This means handling user input in such a way that it can
never change the actual LDAP operation. This is done through quoting. The
formoutput page in the
User manual shows how to do this in RXML.
To reduce your risks, use the access control lists of your LDAP
server to make sure Challenger only has permission to do what it
actually needs to do. If you use Challenger to provide reports from
the directory, then the server should only be able to search the
directory, never modify it.
|