Hi, I'm trying to setup a somewhat unusual security architecure with Apache HTTP and wonder if this can be achieved at all. Basically, I have 2 LDAP servers one with user-accounts and a second with user/group mappings. The first LDAP is Windows AD and I query that via SASL (using mod_authn_sasl). The second LDAP is ApacheDS.
I can successfully use the SASL authentication and using a 'require valid-user' everyone with an AD account is granted access. However, I'd like a 'require ldap-group' setting with a group from the second LDAP. This would require the use of mod_auth_ldap but then I loose the required SASL login. Is there a way to have authentication done on 1 backend and get the authorization from a second one where both are required? Regards, Marcel Ammerlaan.
