httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Erenkrantz <jus...@erenkrantz.com>
Subject Re: Multiple AAA providers
Date Wed, 02 Mar 2005 15:45:17 GMT
On Wed, Mar 02, 2005 at 08:24:25AM -0500, Geoffrey Young wrote:
> while I don't claim to have more than a cursory understanding of ldap, I
> would think these cases could be handled by extending the current situation
> a bit.  for instance, for the file provider something like
> 
> AuthBasicProvider file
> AuthFileName file1 file2
> 
> if AuthFileName were ITERATE mod_authn_file would know that it should not
> return AUTH_USER_NOT_FOUND until it has checked all the files present.  or
> somesuch off the top of my head.

Correct.  That is the approach that makes the most sense to me.  The provider
itself can loop as long as it wants to using its own config syntax.  

However, there is nothing that prohibits one authn module from registering
multiple providers dynamically.  Remember that the providers are only looked
up at request-time.  So, if mod_auth_ldap were to have a syntax like:

AuthLDAPProvider foo-1 ldap://ldap.example.com/cn=?
AuthLDAPProvider foo-2 ldap://ldap2.example.com/cn=?

AuthBasicProvider foo-1 foo-2

That would work, as long as mod_auth_ldap calls ap_register_provider x number
of times.  -- justin

Mime
View raw message