Archived

This forum has been archived. Please start a new discussion on GitHub.

Feature Request: LDAP support for Galcier2

hi,

in the manual your talk about the an implementation of PermissionVerifier using LDAP.
it would be a nice thing to have this implemented inside the next version of Glazier2.

another thing in this context would be:
what happen to sessions for users/accounts which have been deleted or the
access has been "un-granted"?

thx & cu tom

Comments

  • marc
    marc Florida
    If you have a commercial need for such a feature, please contact us at info@zeroc.com.

    I'm not sure I understand your question. If no access is granted, no session is created. If a session is destroyed, then any further access is denied.
  • hi marc,

    let me explain a little more:

    - a session has been created for a valid user/account
    - the session doesnt expire because there is data sent al the time -> not session expiry due to activity
    - the user/account is removed from the ldap server

    what happens to the existing session?

    thx & cu tom
  • marc
    marc Florida
    You cannot explicitly un-grant access with Glacier2, so you would have to deal with this situation directly in your application code.

    Having an interface in Glacier2 that allows the server to explicitly close a specific session or all sessions for a given user ID is something that we want to add to future versions. But I'm afraid I can't give you any release date yet.
  • what about implementing a custom sessionmanager which stores
    all sessions and checks the user against the ldap server,
    and in case the account is invalid the session manager destroys
    all sessions of that user?

    will this stop communication between client and server?

    thx tom
  • marc
    marc Florida
    No, this wouldn't have any impact on what Glacier2 is doing. Glacier2 contacts the application's session manager only twice, once upon session establishment, and once upon session destruction. But it doesn't contact the session manager between session establishment and destruction to see if the session is still valid.
  • i see!

    thanks alot for your quick answers!

    take care

    tom