Jess Holle wrote: > In our case it does not depend which is checked first (except perhaps > for performance) as there will not be any overlap between the > directories. For instance, one LDAP might be for corporation X and > another for one of their partners. Another example: one might be a > read-only corporate directory and another might be an application > writable directory (for pseudo-users, guest accounts, etc).
Same for me here. We actually have a mixture - ldap search for collective accounts shared by groups of people (these will go, given time), LDAP search on an OpenLDAP server (hopefully a redundant pair) and an LDAP search on the Win2k domain controllers (two of them, if one's not available, fall back to the other). JAAS does all the hard work for me in Java though, as regards trying multiple authentication modules. Apparently they copied the configuration scheme from PAM, or at least tried to make it PAM-like. > There was discussion some time back (under the same title as this > thread) about doing this in a somewhat general fashion so one could have > multiple LDAP providers, multiple password file providers, etc... > > That would be a great grand unified theory (and I see it as useful) but > what I care most about is multiple LDAPs. If we could just have the > existing mod_auth_ldap handle multiple LDAPs (beyond in a strict > failover capacity) that would be *huge*. If we can't get the grand > unified approach, I'd at least like to see multiple LDAP handling. Ah, I see what you mean - it would appear that while you can chain authentication methods, they have to be different methods, taking different options. Am I getting that right? If so, I can't readily port my Java authentication scheme to Apache :/ Here is my latest posting to jetty-discuss, talking about the LoginModule. Hopefully it is enough to give a rough idea of what it does. http://news.gmane.org/navbar.php?group=gmane.comp.java.jetty.general&article=5749&next=5750&prev=5756&newsrc=,5749-5750,5763 -- Russell Howe [EMAIL PROTECTED] Today's Nemi: http://www.metro.co.uk/img/pix/nemi_may27.jpg
smime.p7s
Description: S/MIME Cryptographic Signature
