I need a clever idea for auth_ldap and AJAX
I'm dealing with an AJAX application (Apache server, Perl, Linux) where the fundamental form of authentication for all web-sites is auth_ldap. This is a very nice way to drop an authentication request at the "front door" of the entire website or section thereof, which requires the employee to enter his or her regular network login.
The trouble is, I'd like to restrict what various users can do with an AJAX application, referencing that LDAP-based information as the only authoritative source. Obviously, this decision needs to be made by the back-end server, communicated as-necessary to the AJAX code, and validated for each request by the back-end.
My problem is, I don't want the user to have to log-in twice: once he's made it into my site, I don't want to have to ask for anything more. Can I find out what user-name he used when passing through the LDAP authentication-check? (I know that I can query the LDAP server from Perl code, if I know what authenticated user-name was used.)
Any ideas?
|