Web Servers on Unix and Linux - mod_auth_ldap / multiple arguments to AuthLDAPURL

Author

mod_auth_ldap / multiple arguments to AuthLDAPURL

sbk

2005-02-28, 5:53 pm

i'd like to point mod_auth_ldap at multiple servers, in case one or
other goes down. but i'm having trouble working out the syntax. has
anyone else done this? i've poked thru RFC2255 and 1738, looking for
examples of multiple 'hostport' but haven't seen any.

--sk

stuart kendrick
fhcrc

<Directory "/srv/www/htdocs/test/">
AuthName Test
AuthType Basic
AuthLDAPBindDN cn=whatever,ou=something,dc=company,dc=c
om
AuthLDAPBindPassword secret
AuthLDAPURL
ldap://foo1.company.com:389/dc=company,dc=com?sAMAccountName?sub?(objectClass=user)
ldap://foo2.company.com:389/dc=company,dc=com?sAMAccountName?sub?(objectClass=user)
Require valid-user
</Directory>

specifying either 'ldap://foo...' string works fine ... but putting
both on the same line results in a syntax error:

Starting httpd2 (prefork) Syntax error on line 61 of
/etc/apache2/test.conf:
AuthLDAPURL takes one argument, URL to define LDAP connection. This
should be an RFC 2255 complaint URL of the form
ldap://host[:port]/basedn[?attrib[?scope[?filter]]]. Host is the name
of the LDAP server. Use a space separated list of hosts to specify
redundant servers.

Dave Carrigan

2005-03-01, 8:47 pm

sbk wrote:

> AuthLDAPURL
> ldap://foo1.company.com:389/dc=company,dc=com?sAMAccountName?sub?(objectClass=user)
> ldap://foo2.company.com:389/dc=company,dc=com?sAMAccountName?sub?(objectClass=user)

AuthLDAPURL ldap://foo1.company.com foo2.company.com/dc=company,dc=com?sAMAccountName?sub?(objectClass=user)

I seem to recall a bug at one time that prevented openldap from parsing the url
correctly if you added the port, but you shouldn't need the port if you're running
on the standard 389 port.

--
Dave Carrigan
Seattle, WA, USA
dave@rudedog.org | http://www.rudedog.org/ | ICQ:161669680
UNIX-Apache-Perl-Linux-Firewalls-LDAP-C-C++-DNS-PalmOS-PostgreSQL-MySQL