On 27-May-05, at 10:53 AM, Jess Holle wrote:
Russell Howe wrote:Jess Holle wrote:
Is there any remaining/ongoing interest in this development area?
The need to authenticate a single resource against multiple disparate
(non-failover/non-redundant) LDAP servers looms large and I'd like to
think that this would be part of Apache 2.2 soon... [I'd rather not
have to hack this in in a narrow, special-cased, hackish way
myself...]
I have a JAAS LoginModule which I wrote for Jetty that does exactly
this
(if I understand what you mean, that is :).
At work, I have our website authentication first checking OpenLDAP,
then
falling back to Win2k Active Directory.
[By disparate/non-failover/non-redundant, I mean that each LDAP would
be checked for a given user until that user entry was found (at which
point no other LDAPs would be checked for the given user regardless of
the success/failure of the bind).� This differs from strictly failover
LDAPs wherein Apache keeps trying to contact LDAP URLs until it finds
one that responds (is up) and then just uses that one as "the" LDAP --
we have that now but it does not help in these use cases.]
I want to be able to do the same from Apache, and am pretty tempted to
start coding up a module to do it.
That would be a great grand unified theory (and I see it as useful)
but what I care most about is multiple LDAPs.� If we could just have
the existing mod_auth_ldap handle multiple LDAPs (beyond in a strict
failover capacity) that would be *huge*.� If we can't get the grand
unified approach, I'd at least like to see multiple LDAP handling.
I'm very interested in implementing this myself. To make what I'm doing
more generally useful, I'd like to know what people expect from the
implementation of Require after a multiple LDAP search. Should you be
able to put the ldap server name in a Require? Or are you only
concerned with require valid-user?
