I set up a Zend_Acl and Zend_Auth scheme where user is authenticated using Zend_Auth_Adapter_Ldap and stored in session. I use a controller plugin to check if $auth->hasIdentity()
and $acl->isAllowed()
to display login form if needed.
What I want to do is to add login cookies (my implementation of best practices), and API keys in addition to the session check in Zend_Auth. I also need to switch the role to 'owner', on content created by the user.
My concerns:
- Login cookie should only be used as fallback if regular session auth fails, and thus the session should be authenticated
- API keys should be used as fallback if both login cookie and session cookie fails
- I don't want to store the password anywhere, it should only reside in LDAP
- I need persistent storage of the identity, as looking it up in LDAP is not possible without full username and password
- The role is dependent both on LDAP group membership (which needs to be persistently stored), and if the identity should be considered owner of the content (meaning it's changing in between requests, unless admin)
What's a good pattern / approach to solve this using Zend Framework MVC and Zend_Auth + Zend_Acl ?