IntroductionIntroduction
  InstallingInstalling
  HandlingHandling
  Virtual serversVirtual servers
  ModulesModules
  FilesystemsFilesystems
  RXML tagsRXML tags
  GraphicsGraphics
  ProxyProxy
  Miscellaneous modulesMiscellaneous modules
  Security considerationsSecurity considerations
  ScriptingScripting
  DatabasesDatabases
  LDAPLDAP
    <LDAP module>LDAP module<LDAP module>LDAP module
    <LDAP user database>LDAP user database<LDAP user database>LDAP user database
  FrontPageFrontPage
  UpgradingUpgrading
  Third party extensionsThird party extensions
  PortabilityPortability
  Reporting bugsReporting bugs
  AppendixAppendix
 
LDAP

The LDAP directory tags interact with stand alone LDAP directory servers as well as LDAP accessible directories, like Novell NDS or Microsoft Active Directory.

They can be used to create web applications based on data stored in directory, like centralized user administration (for ISP), address book manipulations and so on. The LDAP directory authentication module can enable the Roxen server to authenticate against a LDAP directory.

Connection attributes
A connection to a directory is determined by the following attributes:

  • host
  • basedn
  • user
  • password

host is the name of the machine running the LDAP server and basedn specifies the subtree of the particular directory tree. The user and password are used for user authentication in the LDAP server.

Security Considerations
Your foremost security consideration when it comes to LDAP server is to make sure that only the LDAP operations you intend get sent to the server. This means handling user input in such a way that it can never change the actual LDAP operation. This is done through quoting. The formoutput page in the User manual shows how to do this in RXML.

To reduce your risks, use the access control lists of your LDAP server to make sure Challenger only has permission to do what it actually needs to do. If you use Challenger to provide reports from the directory, then the server should only be able to search the directory, never modify it.