Home Comments

Feature Request: LDAP support for Galcier2

DeepDiverDeepDiver Member Thomas MuellerOrganization: Freelance Software DeveloperProject: Project depend on Customers ✭✭✭
hi,

in the manual your talk about the an implementation of PermissionVerifier using LDAP.
it would be a nice thing to have this implemented inside the next version of Glazier2.

another thing in this context would be:
what happen to sessions for users/accounts which have been deleted or the
access has been "un-granted"?

thx & cu tom

Comments

  • marcmarc FloridaAdministrators, ZeroC Staff Marc LaukienOrganization: ZeroC, Inc.Project: The Internet Communications Engine ZeroC Staff
    If you have a commercial need for such a feature, please contact us at [email protected].

    I'm not sure I understand your question. If no access is granted, no session is created. If a session is destroyed, then any further access is denied.
  • DeepDiverDeepDiver Member Thomas MuellerOrganization: Freelance Software DeveloperProject: Project depend on Customers ✭✭✭
    hi marc,

    let me explain a little more:

    - a session has been created for a valid user/account
    - the session doesnt expire because there is data sent al the time -> not session expiry due to activity
    - the user/account is removed from the ldap server

    what happens to the existing session?

    thx & cu tom
  • marcmarc FloridaAdministrators, ZeroC Staff Marc LaukienOrganization: ZeroC, Inc.Project: The Internet Communications Engine ZeroC Staff
    You cannot explicitly un-grant access with Glacier2, so you would have to deal with this situation directly in your application code.

    Having an interface in Glacier2 that allows the server to explicitly close a specific session or all sessions for a given user ID is something that we want to add to future versions. But I'm afraid I can't give you any release date yet.
  • DeepDiverDeepDiver Member Thomas MuellerOrganization: Freelance Software DeveloperProject: Project depend on Customers ✭✭✭
    what about implementing a custom sessionmanager which stores
    all sessions and checks the user against the ldap server,
    and in case the account is invalid the session manager destroys
    all sessions of that user?

    will this stop communication between client and server?

    thx tom
  • marcmarc FloridaAdministrators, ZeroC Staff Marc LaukienOrganization: ZeroC, Inc.Project: The Internet Communications Engine ZeroC Staff
    No, this wouldn't have any impact on what Glacier2 is doing. Glacier2 contacts the application's session manager only twice, once upon session establishment, and once upon session destruction. But it doesn't contact the session manager between session establishment and destruction to see if the session is still valid.
  • DeepDiverDeepDiver Member Thomas MuellerOrganization: Freelance Software DeveloperProject: Project depend on Customers ✭✭✭
    i see!

    thanks alot for your quick answers!

    take care

    tom
Sign In or Register to comment.