Apache LDAP Auth idle-timeout – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.
But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about apache-2.2, mod-auth-ldap, , , .
As part of the security policy we are upgrading out systems to comply with, I need to set our Apache LDAP Auth to have a idle-timeout of 15 minutes.
I.e. If the user stops using the system for over 15 minutes, the next time they go to use it they will need to re-authenticate.
Is this even possible?
If so, how can I achieve it?
My auth config in my .htaccess file looks like this:
AuthName "AD Authentication" AuthType Basic AuthBasicProvider ldap AuthLDAPUrl "URL" AuthLDAPBindDN "DN" AuthLDAPBindPassword "PASSWORD" AuthzLDAPAuthoritative Off require valid-user
Unfortunately, basic authentication is not session-aware in any way. From the web server’s perspective, they’re actually forced to re-authenticate with every single request.
However, all browsers cache the credentials used for a basic auth connection, so that you don’t need to re-enter credentials for every resource loaded from the server. The issue that this creates in your situation is that there’s no way to ‘expire’ that data from the client browser; it keeps it as long as it wants.
To implement session timeouts, you may be stuck moving away from basic auth and toward a session-aware application.
A way to manually tell the browser to forget current credentials is to open the current address with another/invalid user.
Try instructions from this site: