SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    USA
    Posts
    1,407
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    is using LDAP or SESSION more secure for authentication and access control?

    I am considering a large project and they currently use LDAP on MS platform. It would be moved to a LAMP platform. OpenLDAP is an option though I have not used it before. I do feel fairly confortable with my ability to use SESSIONS for authentication and access control.

    Would it better to learn and use LDAP or can you REALLY have just as secure authentication and access control using Sessions?

    Thanks for your thoughts and experience.

  2. #2
    SitePoint Zealot
    Join Date
    Jul 2004
    Location
    Oklahoma
    Posts
    119
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by WebDevGuy
    I am considering a large project and they currently use LDAP on MS platform. It would be moved to a LAMP platform. OpenLDAP is an option though I have not used it before. I do feel fairly confortable with my ability to use SESSIONS for authentication and access control.

    Would it better to learn and use LDAP or can you REALLY have just as secure authentication and access control using Sessions?

    Thanks for your thoughts and experience.
    I would HIGHLY recommend you doing some research into what exactly an LDAP server is, and what role it fills in an authentication environment. Because your question is really a bit odd once you understand that. Here's a brief bit to get you thinking...

    In your normal applications where are your user's credentials(username and password) stored? In a table in a database I imagine. An LDAP server effectively replaces your users table. Think of it as a database that stores usernames and passwords (and can do a whole lot more as well, but that's not horribly relevant at the moment). So instead of calling a database to determine if a username/password is correct, you'd make an LDAP call to the server.

    Now that you know THAT, you can see that SESSIONS are in no way (i would hope) a replacement for LDAP.

  3. #3
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    USA
    Posts
    1,407
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So LDAP is an authentication mechanism and NOT an access control mechanism?

    Thanks for your explanation.

  4. #4
    SitePoint Zealot
    Join Date
    Jun 2004
    Location
    Norway - Oslo
    Posts
    198
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    LDAP is a directory service.
    Well actually LDAP is a protocol, OpenLDAP for instance is a directory service.
    You could, for simplicity, compare it to mysql, as a data storage. It is not an authentication mechanism, but a lot of authentication mechanisms support LDAP (most email-stuff, PAM...).

  5. #5
    SitePoint Addict timvw's Avatar
    Join Date
    Jan 2005
    Location
    Belgium
    Posts
    354
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by WebDevGuy
    So LDAP is an authentication mechanism and NOT an access control mechanism?
    Are you trying to say that you think sessions are an access control mechanism?

    If you can answer the following questions, i don't think you still want to compare both technologies:

    What is access control?
    What is authentication?
    What are sessions ?
    What is LDAP ?

  6. #6
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    USA
    Posts
    1,407
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What is access control?
    - controlling who can access what resources/files/pages based on some rules established for that user or user-role. First the user must be authenticated.

    What is authentication?
    - verifying the identity of a user logging in - you are who you say you are

    What are sessions ?
    - user-associated information preserving the assemblance of state while traversing a site's web pages

    What is LDAP ?
    - new to this but that's why I am asking. Perhaps I didn't ask in the most obvious way. Perhaps I should have asked "Can LDAP be used in place of sessions for assigning user roles and permissions?"

  7. #7
    SitePoint Guru 33degrees's Avatar
    Join Date
    May 2005
    Posts
    707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    LDAP can be used instead of a database for storing user info. If you use it, you will still need a mechanism for maintaining state in your application, which could very well be sessions. AFAIK, the main reason for using LDAP rather than a database for storing authentication information is that the protocol is spoken by a variety of applications, which makes it possible to centralise authentication. I don't think it's inherently more secure that the database approach.
    Last edited by 33degrees; Feb 8, 2006 at 20:26. Reason: spelling....

  8. #8
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    USA
    Posts
    1,407
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    now I have a better understanding of how LDAP might fit in - thanks guys!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •