Production Release: 03 April 2010
mod_psldap© was created to provide a secure, reliable means of performing authentication of Apache users against an LDAP server. A logical extension of this functionality is to also provide users with the ability to maintain their accounts through a web based ldap browser. mod_psldap© is maintained on SourceForge by PSInd, LLC. mod_psldap© is a C module for Apache based on the Apache & OpenLDAP development libraries.
While evaluating the hordes of OpenSource implementations, we found that many modules would not function with our corporate LDAP server as configured. The problem was that many implementations require the password to be passed out of the LDAP server to the web server for comparison, which goes against a basic concept of limiting sensitive data availability to only those systems that require such access. Moreover, most implementations required administrative access with the initiation of the connection to the LDAP server itself not necessarily being established in a secure fashion.
mod_psldap© started off as a series of minor modifications to Alexander Mayrhofer’s mod_auth_ldap module, which was the closest implementation to providing the features and functionality that were required. When we submitted our changes for inclusion in the package, Alexander stated he was no longer maintaining the package – so mod_psldap was born. The first public release of mod_psldap contains very little of the original source code from the original mod_auth_ldap module, but due credit should be given to Alexander for providing the initial implementation.
- Functions against a secure LDAP server
- Does not require administrative access to the LDAP server
- LDAP connection configurations can be set within a base URL
- Multiple LDAP servers can be utilized for authentication
- Management of search scope for identifying user to authenticate
- Configurable user, group, and password attribute selection
- Allows password comparison in the module or in the LDAP server
- Kerberos authentication to the LDAP server
- Identifies group membership based on an attribute value in the LDAP record
- Leverages LDAP based groups for authentication
- Is capable of cookie based authentication
- Caches authentication results to avoid excessive LDAP related traffic
- Integration of user account maintenance
- Web based directory lookups
- Improved look and feel with card based, tabular, and editable views of LDAP records
- Tree based browse mechanism
- VCF export capability
- Handheld device support
- Support for browsers that do not perform XSLT
- VCF import capability via web UI (Future release – 0.93)
- LDIF import and export capability via web UI (Future release – 0.93)
- Google contacts csv import and export capability via web UI (Future release – 0.93)
Refer to the HOWTO document
The following images represent various screenshots of the sample UI provided with mod_psldap. These screens are rendered against the XML returned to the browser by the module applying the XSL selected by the user when a query is formed. Some static XML documents exist on the server to provide a means of creating new records in the LDAP server, and are represented by the screenshots of the new XXX screens.
A Bugzilla interface is provided courtesy of SourceForge to report and track any defects against this module, please use this mechanism as your first means of reporting defects. If you aren’t familiar with Source Forge and would like to report a defect or request additional functionality via email, please feel free to send an email to firstname.lastname@example.org and we will evaluate your request as time permits. If you would like to submit patches to mod_psldap for any enahancements, perceived defects, or portability related issues, please feel free to forward them to this email address as well.
This is a non-profit project, so please don’t expect immediate support for requests submitted through these channels. Commercial support and troubleshooting is available through email@example.com if you require more immediate attention than is provided through other channels. Thank you for your support and patronage.