On 7/18/07, kfx <kadafax at gmail.com> wrote: > Hello, > I'm trying this here first before moving to the apache list. Maybe > someone of you use mod_authnz_ldap with multiple ldap servers > declaration for redundancy. I'm not certain that you can do this with multiple servers. You might consider looking at the mod_ldap connection pooling functions for better performance. > With one server declared it is working. > > Here is what I've tried for adding another one (space separated as read > in the apache's doc) : > .... > AuthLDAPURL > ldaps://ldap1.example.com/ou=People,dc=example,dc=com?uid??(businessCategory=foo) > ldaps://ldap2.example.com/ou=People,dc=example,dc=com?uid??(businessCategory=foo) > Result: > Syntax error on line 43 of /etc/httpd/conf.d/trac.conf: > Invalid LDAP connection mode setting: must be one of NONE, SSL, or > TLS/STARTTL> You're getting this because technically your syntax is wrong. There are a couple separate parts to the AuthLDAPUrl string, one of which is a security directive which follows the url. For example, I use something like: AuthLDAPUrl "ldaps://my.server.here/ou=foo,ou=bar, o=u.s, c=us?cn" SSL The ssl specifies the security for the url in addition to the 'ldaps'. It's not documented overly well in my opinion. > I've also tried to quote each ldap's declaration. No go. > > Can someone show me the clean way to achieve this ? > You need to quote the url anyway, if it contains spaces, otherwise it won't be parsed correctly. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell