Working with Users and Groups Using LDAP
LDAP is becoming the de facto standard way to access directory services. ADSI, which we used earlier to access the NT accounts database, can also talk to LDAP servers. But ADSI is a Windows-only component. In this section we’ll develop a third variation on our directory module theme, Group::LdapGroup .
I’ve used two different LDAP modules for Perl. One is Netscape’s PerLDAP ( http://www.mozilla.org/directory), made freely available in conjunction with the open-source release of Netscape’s Directory SDK. The other is a CPAN module, Net::LDAP . Which is best? As usual, it depends. PerLDAP binds to libraries included with the Netscape Directory SDK. That’s a good thing if, for example, you need to use LDAP on encrypted channels, since PerLDAP can use the SSL capability of the Directory SDK. But Perl modules that depend on C-based libraries tend to be harder to build and deploy than Perl modules made of nothing but Perl, such as Net::LDAP. It’s a “100% pure Perl” solution, a convenience for which you trade SSL support.
The module shown in Example 11.5 uses Net::LDAP, which is appropriate for our docbase notifier. This kind of application runs autonomously, behind the firewall, and doesn’t really need to secure its connection to the directory server. If you build an access-controlled docbase, as we’ll do in the next chapter, you might or might not want to use PerLDAP to encrypt LDAP sessions. Again, it depends. If users connect directly to a ...
Get Practical Internet Groupware now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.