[edlott]

Please confirm the following:

1) Apache supports "ldap" and "ldaps" whereas Litespeed only supports "ldap".

2) Apache uses the following authentication process:

1a> Bind to LDAP server with info configured in AuthLDAPBindDN/AuthLDAPBindPassword.
1b> Search for matching ldap record based on AuthLDAPURL and other attributes.
1c> Bind to LDAP again using the record found in 1b> and the password supplied by the user.

Litespeed appears to do the following:

2a> Bind to LDAP server with info configured in LDAP Bind DN/LDAP Bind Password
2b> Search for matching ldap record based on User DB Location
2c> Compare the 'userPassword' attribute of the record fetched in 2b with the password the user entered.

PROBLEMS:

1) We currently use "ldaps" to communicate with an ldap server that's on a different box from the webserver.
2) Per contract requirements, we need to 'lockout' a user login if invalid login attempts exceed a certain number. The apache process (1c) hits our ldap server with every login attempt - our ldap server will lock-out the account when a maximum number of bad logins are submitted. You're matching process (2c) won't be able to register bad login activity with our master ldap server.

If I can't replicate the apache process for working with LDAP, is it possible to write a custom URL/authorization program with Litespeed where I can do the LDAP magic myself (i.e. using Perl libraries)?

Thanks in advance,
Ed