Technical Details

Web Authentication via LDAP (WebLDAP for short) is a way to use our campus-wide LDAP to protect web documents. This makes content providers easier to restrict access to their protected documents and services to just specific users or group of users.  It also makes it easier for our users to get access to protected documents, since they won't have to remember seperate username and password specific to websites.

WebLDAP user authentication is actually one of the applications of our campus-wide Directory Services. When a user access a webpage from our server protected by WebLDAP, the below figure shows the the steps involved.

  1. In response to an authentication request from the server, the client displays a dialog box requesting the user's name and password for that server.
  2. The client sends the name and password across the network, either in the clear or over an encrypted SSL connection
  3. The server authenticate the user's name and password to the LDAP server, if it succeeds, accept as authenticated user.
  4. Once authenticated, the server continues evaluating the access control list, optionally these information such as group and filter is stored in LDAP server, determine whether the identified user is permitted to access requested webpage, and if so allows the client to access it.