LDAP connection and bind logic resides in authentication function
Currently the connection and bind functionality resides in the authentication function. The object construction procedure (_construct
) merely organises variables for the class based on those passed with the object creation request.
This implies that even if the object is created only once, each request for authentication will initiate a connection, and binding process. This may be inefficient.
Investigate the following:
- If the object construction procedure can connect and bind with the directory service
- Security implications of
- keeping a connection open
- keeping a bound connection open
- If the binding operation requires authentication using the dynamic credentials (used to authenticate), then the binding logic must conditionally either in the object creation or the authentication procedure.
Comments (5)
-
reporter -
reporter Since many connections between LDAP client and LDAP server may be unencrypted, the current direction is to keep the connections atomic. The object creation will stay as a variable organisation process.
Each authentication request will be treated separately, which will connect to the LDAP server and then attempt to bind.
-
reporter - removed milestone
- removed version
-
reporter - changed status to wontfix
Since many connections between LDAP client and LDAP server may be unencrypted, the current direction is to keep the connections atomic. The object creation will stay as a variable organisation process.
Each authentication request will be treated separately, which will connect to the LDAP server and then attempt to bind.
-
reporter - removed responsible
- Log in to comment
Note that the unbind function destroys the link descriptor [ref].
Best practice may be to bind again, instead of unbinding.