As you can have multiple institutions, you can also have multiple authentication sources assigned to a user. However, I find it only logical that you have one set of configuration for a given authentication source, and then that authentication source is responsible for the way in which it is implemented.
If I understand correctly, in your particular environment you have chosen to implement essentially separate user directory services, and then use them as a fail-over for each other. Yet AD has the alternate implementation patterns of replication (or global catalogue - I don't know the implementation details). From the sound of it, these two approaches place quite different requirements on client applications - one requires one set of connection info, the other requires multiple - which one is the right one to support? What method is the most common implementation across all software providers, and platforms? If both are supported, then the multiple connection round robin style connection management introduces it's own problems in that users get timeouts waiting for logins on the dead servers - how should that be dealt with? I think that because these issues are implementation specific, then the client software should not be considering them at all - it should deal with one logical connection that is then managed by the service provider it connects to - keeping the complexity where (I think) it should be. Cheers, Piers Harding. -- You received this bug notification because you are a member of Mahara Core, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/855525 Title: Logon failure - LDAP authentication tied to one server Status in Mahara ePortfolio: Won't Fix Bug description: Mahara 1.4.0 Linux Centos 5.7 MySQL All browsers User logons failing when username and password are correct. We added two new Microsoft AD servers to our institution. However, all accounts in this institution cannot logon using these servers due to the users having the auth_instance declared in their usr entry (authinstance). If I update the auth_instance with the new server details they can logon. This means if that server fails users will not be able to logon even though we have other servers listed which can authenticate. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/855525/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-core Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-core More help : https://help.launchpad.net/ListHelp
