On Sat, Jul 01, 2006 at 04:39:49PM +0200, Tony Earnshaw wrote: > What all of us with master/slave dbase (we're using OpenLDAP 2.3) need > from the absolutely retrograde[1] Courier authlib LDAP basis, is > fallback support. At the moment (Sam knows this well enough) Courier > (vs. Samba, pam_ldap, the OpenLDAP utilities and a whole bunch of other > "programs") only supports a single LDAP server for lookups and dual (as > opposed to multiple filters per record=. ... > [1] LDAP client code has to support multiple/fallback (not failover) > servers.
Can you explain your distinction between "fallback" and "failover"? Originally, courier-authlib supported multiple hostnames using LDAP_SERVER. This was because the underlying client library allowed you to pass a single string containing multiple hostnames separated by spaces. At the time when you made a connection, if the first one failed to connect, then it would move onto the next one. (This would at least cope with errors where the first LDAP server was completely dead, or the host was OK but the LDAP server process not running. It would not cope with the case where you could connect and issue a search command, but the response was LDAP_BUSY or LDAP_UNAVAILABLE) According to the courier-authlib docs, with LDAP_URI this should still work, except you have to separate the URIs with commas. Does it not? Perhaps you could detail what behaviour you have observed, and how this differs from the behaviour you would like to see? > It has to support > multiple lookup fields (not just two as authlib does). That comment I don't understand at all; nor do I understand the earlier comment about "dual (as opposed to multiple) filters per record" A filter is a filter. If you want to filter on multiple conditions, you can use '|(..)(..)'. Are you saying you want to search with filter 1, and if that search returns zero entries, try again with filter 2? I have not come across any other LDAP client which does that (except Exim, whose behaviour language is really a domain-specific programming language so you can implement that sort of thing quite easily). If you want to implement this sort of complex logic, though, it's quite easily done in the existing courier-authlib using authpipe. Just pick any programming language you are happy with which has an LDAP client library (say Perl), and use that to implement a small custom auth module. "Multiple lookup fields (not just two)" doesn't mean anything to me either. Regards, Brian. Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
