保持 LDAP 会话

2022-01-17 00:00:00 session bind ldap php

在 PHP 中,假设我在第 1 页上有一个 LDAP 连接:

In PHP, say I have an LDAP connection on page 1:

$ldapconn = ldap_connect($ldapserver);
if ($ldapconn) {
      // binding to ldap server
      $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
}
// do stuff here

假设一切顺利并且我能够实际做一些事情,我该如何保存这个绑定,以便当用户点击第二页时,我不需要再次使用他们的用户名/密码执行 ldap_bind.本质上,如果出于安全目的可以避免,我不想将密码存储在会话中,但我想保持连接,以便我可以在其他页面上重复使用它.

Assuming everything goes well and I'm able to actually do stuff, how can I save this bind so that when a user clicks on a 2nd page I don't need to again do an ldap_bind using their username/password. In essence I don't want to store the password in the session if avoidable for security purposes, but I'd like to keep the connection so that I can reuse it on other pages.

推荐答案

PHP LDAP 不支持持久连接.根据您正在执行的 LDAP 查询类型和频率,您始终可以设置一个数据库,以加密状态存储用户名/密码,然后将 ID 保留在会话中的该记录中(不好存储用户名/密码的想法).类似于这里的回答.如果您扩展您正在尝试做的事情,也许会帮助我们指导您更好地完成它.如果它只是用于验证登录,那么一旦它们通过 LDAP 验证,您就可以在会话中输入一个值,表明它们已经过验证.

PHP LDAP doesn't support persistent connections. Depending on what kind of LDAP queries you're doing and how often, you could always set up a database that would store the username/password in encrypted state, then keep the ID to that record in the session (not a good idea to store usernames/passwords). Similar to what is answered here. Perhaps if you expand on what you're trying to do will help us guide you in a better direction on how to accomplish it. If it's simply for validating login then once they are validated against LDAP you can put a value in the session that says they're validated.

相关文章