> To fill out the example of the "Auth" container to better illustrate what > I mean, you might have this: > > <Auth ldap-acc-activedirectory> > require ldap-group cn=Accounting,ou=Groups,ou=XXX > AuthLDAPBindDN cn=Mail,dc=XXX > AuthLDAPBindPassword blah1 > LDAPTrustedMode SSL > AuthLDAPURL ldaps://xxx.co.za/dc=xxx,dc=co,dc=za?uid?sub > AuthLDAPRemoteUserIsDN on > </Auth> > <Auth ldap-eng-activedirectory> > require ldap-group cn=Engineering,ou=Groups,ou=YYY > AuthLDAPBindDN cn=Mail,dc=YYY > AuthLDAPBindPassword blah2 > LDAPTrustedMode SSL > AuthLDAPURL ldaps://yyy.co.za/dc=yyy,dc=co,dc=za?uid?sub > AuthLDAPRemoteUserIsDN on > </Auth> > > AuthBasicProvider ldap-acc-activedirectory ldap-eng-activedirectory
yeah, ok, I can see what you mean :) but a configuration like that doesn't strike me as something easily done with the current set of tools. but I'm sure that someone more familiar has a different opinion. alright, so we have two issues then - see if we can't provide some kind of configuration grouping like this - allow providers to fall through to eachother via a declined mechanism am I capturing it? --Geoff