On 7/18/07, kfx kadafax@gmail.com wrote:
Hello, I'm trying this here first before moving to the apache list. Maybe someone of you use mod_authnz_ldap with multiple ldap servers declaration for redundancy.
I'm not certain that you can do this with multiple servers. You might consider looking at the mod_ldap connection pooling functions for better performance.
With one server declared it is working.
Here is what I've tried for adding another one (space separated as read in the apache's doc) : .... AuthLDAPURL ldaps://ldap1.example.com/ou=People,dc=example,dc=com?uid??(businessCategory=foo) ldaps://ldap2.example.com/ou=People,dc=example,dc=com?uid??(businessCategory=foo)
Result: Syntax error on line 43 of /etc/httpd/conf.d/trac.conf: Invalid LDAP connection mode setting: must be one of NONE, SSL, or TLS/STARTTL>
You're getting this because technically your syntax is wrong. There are a couple separate parts to the AuthLDAPUrl string, one of which is a security directive which follows the url. For example, I use something like:
AuthLDAPUrl "ldaps://my.server.here/ou=foo,ou=bar, o=u.s, c=us?cn" SSL
The ssl specifies the security for the url in addition to the 'ldaps'. It's not documented overly well in my opinion.
I've also tried to quote each ldap's declaration. No go.
Can someone show me the clean way to achieve this ?
You need to quote the url anyway, if it contains spaces, otherwise it won't be parsed correctly.