Graham Leggett wrote:
Jess Holle said:
There have been enough instabilities and other issues in the LDAP
modules to date, but I would think this is the first big *feature* to
consider once these modules are fairly stable.
The LDAP stuff is now just about stable, so if you need it, now is the
time :)
I've not had a chance to try the LDAP connection timeout patch, but my
biggest remaining issue (besides the multiple-LDAP enhancement) is that
of firewall treatment. If there is a firewall between Apache and LDAP
(quite common) and if this firewall drops idle connections (also quite
common), then it can drop Apache's cached LDAP connections -- and Apache
2 (at least without the connection timeout patch) does not handle this
well. If the connection timeout patch suffices, then I could honestly
say Apache LDAP is stable and ready for enhancements again.
I still think this has wider application to the AAA system as a whole. It
would be nice to be able to say "if user is in this flat file, directory
A, directory B, or that SQL database, then come on in".
Agreed. The notion that each auth source implement multiple
"sub-source" syntax, etc, on its own with inconsistencies between them,
etc, is far from ideal. On the other hand, multiple LDAP support is
what I most need here.
--
Jess Holle
