httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wayne S. Frazee" <>
Subject Re: Puzzling News
Date Tue, 01 Mar 2005 21:49:10 GMT
Jess Holle writes:
> The use cases are: 
>   1. multiple organizations, each with their own LDAP wish to allow
>      their personnel into a common site -- each has its own, separately
>      administered LDAP
>   2. a single organization has a read-only internal LDAP and a writable
>      LDAP for external guests -- again for a common site 
> In both cases there are multiple LDAP directories which have no overlap, 
> i.e. if the first LDAP does not contain the uid, then the second must be 
> tried -- this is quite different then the multiple fail-over LDAP URLs 
> allowed in auth_ldap and Apache 2.0's mod_auth_ldap.

What it sounds like to me is that you are requesting a function that would 
be able to handle LDAP authentication using multiple, separate LDAP sources 
with distinct schemata. 

Essentially, if the user is not found in the mapped field of primaryServer, 
then check the mapped user field of secondaryServer and then 
tertiaryServer... in an environment where the mapped field may be different 
for each of these servers.  E.g. searching uid on primaryServer, username on 
secondaryServer, and SystemUser on tertiaryServer? 

Am I understanding correctly? 

To my knowledge, no there is no such feature implemented on availible apache 
2-based ldap authentication projects.  You may want to suggest it as a 
feature request to one or more of the more popular ldap-related 
authentication projects.  Understand, though, the overhead that such a 
system would probably imply on an authentication request when the credential 
is not located in the first source. 

Wayne S. Frazee
"Any sufficiently developed bug is indistinguishable from a feature." 

View raw message