I would say the same. On Thu, 23 Sept 2021 at 12:57, Rob Godfrey <rob.j.godf...@gmail.com> wrote: > > Rather than changing the model with all the extra work required to perform > upgrades, etc... Would it make sense/be possible to simply define a new > "composite authentication provider" which just contained an ordered list of > other authentication providers which it would delegate to? This would seem > to be potentially a much smaller change. > > -- Rob > > On Thu, 23 Sept 2021 at 08:38, Daniil Kirilyuk <daniel.kiril...@gmail.com> > wrote: > > > Hi Colleagues, > > > > We're using Apache Qpid Broker-J with SCRAM SHA authentication provider for > > AMQP port and external (SSL client certificates) authentication provider > > for AMQPS port. > > > > In the foreseeable future authentication mechanisms should be changed to > > LDAP. But due to the large number of clients the migration of accounts to > > LDAP will proceed over some (probably long) period of time. > > > > Requirement to us is to perform authentication either against the local > > file-based database of users (for clients who don't have an LDAP migrated > > account yet) or against LDAP (for clients already migrated). All clients > > should access Broker-J via the same port. > > > > At the moment there is no possibility to assign more than one > > authentication provider to the broker port. > > > > We were thinking about adding a possibility to configure for a broker port > > an ordered list of authentication providers, which will authenticate > > clients in the order defined till authentication success. Would such a > > change be acceptable from the architectural point of view? Or should some > > other approach be used to achieve our goal (authentication of the clients > > against 2 or more different authentication providers on one broker port)? > > > > Thank you very much in advance. > > > > Kind regards, > > Daniil Kirilyuk > >
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org For additional commands, e-mail: users-h...@qpid.apache.org
