Searching all session objects would be a bad idea. Just maintain a hashmap of login names and session objects in the
Servlet Context. You can access the required session by providing the login name.
You will then have to write a session listener to remove the session from the map when it is getting invalidated (Either due to logout or timeout)
I dont think you need to use LDAP for something simple like this.