Jess Holle said: > The use cases are: > > 1. multiple organizations, each with their own LDAP wish to allow > their personnel into a common site -- each has its own, separately > administered LDAP > 2. a single organization has a read-only internal LDAP and a writable > LDAP for external guests -- again for a common site > > In both cases there are multiple LDAP directories which have no overlap, > i.e. if the first LDAP does not contain the uid, then the second must be > tried -- this is quite different then the multiple fail-over LDAP URLs > allowed in auth_ldap and Apache 2.0's mod_auth_ldap.
The penny drops: now I understand what you mean. This functionality would be useful for more than just LDAP: you might want to use two different flat file databases, or maybe you want to auth someone in LDAP and someone else in SQL. This is really an AAA-wide question rather than an LDAP specific question. Anyone know how difficult this would be to do in the current AAA structure? Regards, Graham --