Russell Howe wrote:
In our case it does not depend which is checked first (except perhaps for performance) as there will not be any overlap between the directories. For instance, one LDAP might be for corporation X and another for one of their partners. Another example: one might be a read-only corporate directory and another might be an application writable directory (for pseudo-users, guest accounts, etc).Jess Holle wrote:Is there any remaining/ongoing interest in this development area? [By disparate/non-failover/non-redundant, I mean that each LDAP would be checked for a given user until that user entry was found (at which point no other LDAPs would be checked for the given user regardless of the success/failure of the bind). This differs from strictly failover LDAPs wherein Apache keeps trying to contact LDAP URLs until it finds one that responds (is up) and then just uses that one as "the" LDAP -- we have that now but it does not help in these use cases.] There was discussion some time back (under the same title as this thread) about doing this in a somewhat general fashion so one could have multiple LDAP providers, multiple password file providers, etc...I want to be able to do the same from Apache, and am pretty tempted to start coding up a module to do it. That would be a great grand unified theory (and I see it as useful) but what I care most about is multiple LDAPs. If we could just have the existing mod_auth_ldap handle multiple LDAPs (beyond in a strict failover capacity) that would be *huge*. If we can't get the grand unified approach, I'd at least like to see multiple LDAP handling. -- Jess Holle |
- Re: Multiple AAA providers Jess Holle
- Re: Multiple AAA providers Russell Howe
- Re: Multiple AAA providers Jess Holle
- Re: Multiple AAA providers Rici Lake
- Re: Multiple AAA providers Russell Howe
- Re: Multiple AAA providers Jess Holle
- Re: Multiple AAA providers Brad Nicholes
