Return-Path: 
 <dev-return-46351-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: (qmail 62839 invoked from network); 4 Mar 2005 08:07:00 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 4 Mar 2005 08:07:00 -0000
Received: (qmail 31756 invoked by uid 500); 4 Mar 2005 08:06:55 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 31691 invoked by uid 500); 4 Mar 2005 08:06:55 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 31677 invoked by uid 99); 4 Mar 2005 08:06:55 -0000
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=
X-Spam-Check-By: apache.org
Received-SPF: pass (hermes.apache.org: local policy)
Received: from chandler.sharp.fm (HELO chandler.sharp.fm) (64.49.223.165)
  by apache.org (qpsmtpd/0.28) with ESMTP; Fri, 04 Mar 2005 00:06:54 -0800
Received: by chandler.sharp.fm (Postfix, from userid 48)
	id 4A0489232DE; Fri,  4 Mar 2005 02:06:47 -0600 (CST)
Received: from 196.8.104.37
        (SquirrelMail authenticated user minfrin@sharp.fm);
        by www.sharp.fm with HTTP;
        Fri, 4 Mar 2005 10:06:47 +0200 (SAST)
Message-ID: <43410.196.8.104.37.1109923607.squirrel@www.sharp.fm>
In-Reply-To: <20050304073036.GE4351@scotch.ics.uci.edu>
References: <s225b349.011@sinclair.provo.novell.com>
    <6.2.1.2.2.20050302140609.05c4eeb0@pop3.rowe-clan.net>
    <5AA09A11ADC86903929B865D@st-augustin.ics.uci.edu>
    <6.2.1.2.2.20050302231238.0745c830@pop3.rowe-clan.net>
    <6.2.1.2.2.20050303202740.05b9a790@pop3.rowe-clan.net>
    <20050304073036.GE4351@scotch.ics.uci.edu>
Date: Fri, 4 Mar 2005 10:06:47 +0200 (SAST)
Subject: Re: Multiple AAA providers
From: "Graham Leggett" <minfrin@sharp.fm>
To: dev@httpd.apache.org
Cc: dev@httpd.apache.org
User-Agent: SquirrelMail/1.4.3a-9.EL3
X-Mailer: SquirrelMail/1.4.3a-9.EL3
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Checked: Checked
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

Justin Erenkrantz said:

> I still maintain the better way to do this is to handle it in the provider
> modules themselves by leveraging the provider API instead.
>
> To reiterate, in my mind, the ideal syntax is:
>
> <Location /foo>
>   <LDAPProvider ldap1>
>       ...config options for mod_authnz_ldap...
>   </LDAPProvider>
>   <LDAPProvider ldap2>
>       ...config options for mod_authnz_ldap...
>   </LDAPProvider>
>   <DBDProvider my_db>
>       ...config options for hypothetical mod_authn_dbd...
>   </DBDProvider>
>
>   ...config options for mod_authnz_ldap...
>
>   AuthUserFile conf/foo
>
>   AuthBasicProvider ldap1 ldap2 ldap file my_db
> </Location>
>
> This isolates the config directly to the module, and if we so desire, we
> could
> add helper functions which promote re-use of this strategy by other
> provider
> modules as needed.  -- justin

This means that:

- Every auth module has to be independantly updated to use this method
(which won't happen)
- Every module will have it's own method of configuring multiple providers.

Putting my end user hat on, doing it the way you suggest would irritate me
no end, as it would make no logical sense to me why one auth provider
allows multiple configurations and another doesn't, or why one auth
provider uses one config mechanism and another auth provider uses a
different one.

I definitely think that getting the auth framework to understand this
syntax is the right way to go, we just need to figure out that "magic
syntax" that will work elegantly.

Regards,
Graham
--