Thanks. I guess I assumed that pooling was like this:
If I can't connect to the first I'll try the next. If any connection fails with the user/pass, game over. What I was looking for was is this: I connected to the first but the user/pass failed. I'll try the next, with the same user / pass. Repeat until all fail or one succeeds. Does that make sense? ________________________________________ From: Marvin Addison [[email protected]] Sent: Monday, August 03, 2009 5:29 PM To: [email protected] Subject: Re: [cas-user] Question about LDAP authentication > Can I attempt authentication to multiple LDAPs (i.e. chaining) so that is > the first LDAP doesn’t like my user/pass combination CAS will the next LDAP? > I think I should be able to do this just by having multiple beans in the > deployerConfig.xml like this: Will this work? Maybe, but you shouldn't do it that way. The Spring LdapContextSource can allow multiple URLs in the urls property, which is the recommended solution to your needs: <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="pooled" value="true"/> <property name="urls"> <list> <value>ldap://Ldap1.acs.utah.edu: /</value> <value>ldap://Ldap2.acs.utah.edu: /</value> </list> </property> <property name="userDn" value="uid=admin,ou=System Accounts,o=utah.edu"/> <property name="password" value="adminPass"/> <property name="baseEnvironmentProperties"> <map> <entry> <key> <value>java.naming.security.authentication</value> </key> <value>simple</value> </entry> </map> </property> </bean> I noted that you have two different admin DNs for the bind credentials, but they have the same OU. I would imagine you could use the same one for both hosts, but if not you'll have to do something like you did originally. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
