Litespeed LDAP vs. mod_auth_ldap in Apache
Please confirm the following:
1) Apache supports "ldap" and "ldaps" whereas Litespeed only supports "ldap".
2) Apache uses the following authentication process:
1a> Bind to LDAP server with info configured in AuthLDAPBindDN/AuthLDAPBindPassword.
1b> Search for matching ldap record based on AuthLDAPURL and other attributes.
1c> Bind to LDAP again using the record found in 1b> and the password supplied by the user.
Litespeed appears to do the following:
2a> Bind to LDAP server with info configured in LDAP Bind DN/LDAP Bind Password
2b> Search for matching ldap record based on User DB Location
2c> Compare the 'userPassword' attribute of the record fetched in 2b with the password the user entered.
1) We currently use "ldaps" to communicate with an ldap server that's on a different box from the webserver.
2) Per contract requirements, we need to 'lockout' a user login if invalid login attempts exceed a certain number. The apache process (1c) hits our ldap server with every login attempt - our ldap server will lock-out the account when a maximum number of bad logins are submitted. You're matching process (2c) won't be able to register bad login activity with our master ldap server.
If I can't replicate the apache process for working with LDAP, is it possible to write a custom URL/authorization program with Litespeed where I can do the LDAP magic myself (i.e. using Perl libraries)?
Thanks in advance,