mod_auth_ldap / multiple arguments to AuthLDAPURL

28/02/2005, 20h21

i'd like to point mod_auth_ldap at multiple servers, in case one or
other goes down. but i'm having trouble working out the syntax. has
anyone else done this? i've poked thru RFC2255 and 1738, looking for
examples of multiple 'hostport' but haven't seen any.

--sk

stuart kendrick
fhcrc

<Directory "/srv/www/htdocs/test/">
AuthName Test
AuthType Basic
AuthLDAPBindDN cn=whatever,ou=something,dc=company,dc=com
AuthLDAPBindPassword secret
AuthLDAPURL
ldap://foo1.company.com:389/dc=company,dc=com?sAMAccountName?sub?(objectClass= user)
ldap://foo2.company.com:389/dc=company,dc=com?sAMAccountName?sub?(objectClass= user)
Require valid-user
</Directory>

specifying either 'ldap://foo...' string works fine ... but putting
both on the same line results in a syntax error:

Starting httpd2 (prefork) Syntax error on line 61 of
/etc/apache2/test.conf:
AuthLDAPURL takes one argument, URL to define LDAP connection. This
should be an RFC 2255 complaint URL of the form
ldap://host[:port]/basedn[?attrib[?scope[?filter]]]. Host is the name
of the LDAP server. Use a space separated list of hosts to specify
redundant servers.

01/03/2005, 17h40

sbk wrote:

> AuthLDAPURL
> ldap://foo1.company.com:389/dc=company,dc=com?sAMAccountName?sub?(objectClass= user)
> ldap://foo2.company.com:389/dc=company,dc=com?sAMAccountName?sub?(objectClass= user)

AuthLDAPURL ldap://foo1.company.com foo2.company.com/dc=company,dc=com?sAMAccountName?sub?(objectClass= user)

I seem to recall a bug at one time that prevented openldap from parsing the url
correctly if you added the port, but you shouldn't need the port if you're running
on the standard 389 port.

--
Dave Carrigan
Seattle, WA, USA
dave@rudedog.org | http://www.rudedog.org/ | ICQ:161669680
UNIX-Apache-Perl-Linux-Firewalls-LDAP-C-C++-DNS-PalmOS-PostgreSQL-MySQL

28/02/2005, 20h21	#1
sbk Messages: n/a Hébergeur:	mod_auth_ldap / multiple arguments to AuthLDAPURL i'd like to point mod_auth_ldap at multiple servers, in case one or other goes down. but i'm having trouble working out the syntax. has anyone else done this? i've poked thru RFC2255 and 1738, looking for examples of multiple 'hostport' but haven't seen any. --sk stuart kendrick fhcrc <Directory "/srv/www/htdocs/test/"> AuthName Test AuthType Basic AuthLDAPBindDN cn=whatever,ou=something,dc=company,dc=com AuthLDAPBindPassword secret AuthLDAPURL ldap://foo1.company.com:389/dc=company,dc=com?sAMAccountName?sub?(objectClass= user) ldap://foo2.company.com:389/dc=company,dc=com?sAMAccountName?sub?(objectClass= user) Require valid-user </Directory> specifying either 'ldap://foo...' string works fine ... but putting both on the same line results in a syntax error: Starting httpd2 (prefork) Syntax error on line 61 of /etc/apache2/test.conf: AuthLDAPURL takes one argument, URL to define LDAP connection. This should be an RFC 2255 complaint URL of the form ldap://host[:port]/basedn[?attrib[?scope[?filter]]]. Host is the name of the LDAP server. Use a space separated list of hosts to specify redundant servers.

01/03/2005, 17h40	#2
Dave Carrigan Messages: n/a Hébergeur:	Re: mod_auth_ldap / multiple arguments to AuthLDAPURL sbk wrote: > AuthLDAPURL > ldap://foo1.company.com:389/dc=company,dc=com?sAMAccountName?sub?(objectClass= user) > ldap://foo2.company.com:389/dc=company,dc=com?sAMAccountName?sub?(objectClass= user) AuthLDAPURL ldap://foo1.company.com foo2.company.com/dc=company,dc=com?sAMAccountName?sub?(objectClass= user) I seem to recall a bug at one time that prevented openldap from parsing the url correctly if you added the port, but you shouldn't need the port if you're running on the standard 389 port. -- Dave Carrigan Seattle, WA, USA dave@rudedog.org \| http://www.rudedog.org/ \| ICQ:161669680 UNIX-Apache-Perl-Linux-Firewalls-LDAP-C-C++-DNS-PalmOS-PostgreSQL-MySQL

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email