Lars Kellogg-Stedman wrote: >> 'servers' => [ 'ldaps://dc1.example.com', >> 'ldaps://ldaps://dc2.example.com/' ], > > I guess one could accomplish a similar effect by specifying multiple > server entries ("My_LDAP1", "My_LDAP2", etc), which is messy but would > at least make sure things keep running if the primary becomes > unavailable. Would this work? The downside is that RT would make > multiple queries for users that are actuall invalid, but the benefits > might be worth it. I will try to poke at this over the next few days. > This is precisely how it is meant to work. I know it's not perfect, but it should do the job. The idea of ExternalAuthPriority and ExternalInfoPriority is that you can specify as many external sources as you like, be they LDAP or MySQL or Oracle, and you can then have them checked in whatever order you please for Auth and for Info until a match is found providing a failover service or multiple source service (i.e. Auth out of LDAP, but get Info only from a database).
Yes, it does mean that unknown users will be checked against all sources, but how many unknown users do you have trying to login to RT every day? Perhaps in the future, this may be implemented a little better, but as I said, for now at least, it should work. With regard to using local sockets, it's not something I have looked into, however the main concern is the capability of Graham Barr's Perl-LDAP (Net::LDAP) because that's what is used for LDAP functionality. Anything Net::LDAP can query, ExternalAuth should be able to query too so long as you pass it the right params from the config. If there's anything the ExternalAuth config isn't correctly constructed to pass to Net::LDAP, let me know and I'll look into it. Worth saying that the databse interface works the same way, Perl-DBI is used to connect to databases and so anything DBI can connect to, ExternalAuth should be able to connect to. -- Kind Regards, __________________________________________________ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __________________________________________________ _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com