Home » Mailing list archives » openbsd-misc » 2007 » June » 12

Re: multiple ldap servers with mod_auth_ldap

Previous thread: libexpat confusion by Jaap Versteegh on Tuesday, June 12, 2007 - 6:33 am. (9 messages)

Next thread: chroot'ed httpd howto by stefan hoffmann on Tuesday, June 12, 2007 - 8:42 am. (5 messages)
[view original message]
From: Thierry Lacoste <lacoste@...>
To: <misc@...>
Subject: multiple ldap servers with mod_auth_ldap
Date: Tuesday, June 12, 2007 - 8:26 am

Hello,


I'm using mod_auth_ldap-1.6.0p3 on OpenBSD 4.1

and I'd like to make it authenticate on 2 ldap servers

in case one is down.


I fought with the AuthLDAPURL directive but with no success.


Any help would be appreciated.


Regards,

Thierry.
[view original message]
From: Henning Brauer <lists-openbsd@...>
To: <misc@...>
Subject: Re: multiple ldap servers with mod_auth_ldap
Date: Tuesday, June 12, 2007 - 9:07 am

AuthName "something good"

  AuthType Basic

  AuthLDAPURL ldap://a.ldap.bsws.de b.ldap.bsws.de/ou=..?uid?sub?objectclass=...

  AuthLDAPBindDN cn=http-auth,...

  AuthLDAPBindPassword ...

  AuthLDAPStartTLS off  # broken... stupid OpenLDAP


--

Henning Brauer, hb@bsws.de, henning@openbsd.org

BS Web Services, http://bsws.de

Full-Service ISP - Secure Hosting, Mail and DNS Services

Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
[view original message]
From: Thierry Lacoste <lacoste@...>
To: Henning Brauer <lists-openbsd@...>
Cc: <misc@...>
Subject: Re: multiple ldap servers with mod_auth_ldap
Date: Tuesday, June 12, 2007 - 9:25 am

Argh, is this because of AuthLDAPStartTLS that I couldn't make it work?

I will try it just out of curiosity but I've just configured my OpenLDAP

servers to reject non-TLS connexions.

I don't like the idea of cleartext passwords on the wire ...


Thierry.
[view original message]
From: Henning Brauer <lists-openbsd@...>
To: <misc@...>
Subject: Re: multiple ldap servers with mod_auth_ldap
Date: Tuesday, June 12, 2007 - 9:49 am

neither do I, nor do i fully remember what the problem was. maybe time

to retry.


--

Henning Brauer, hb@bsws.de, henning@openbsd.org

BS Web Services, http://bsws.de

Full-Service ISP - Secure Hosting, Mail and DNS Services

Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
[view original message]
From: Thierry Lacoste <lacoste@...>
To: Henning Brauer <lists-openbsd@...>
Cc: <misc@...>
Subject: Re: multiple ldap servers with mod_auth_ldap
Date: Tuesday, June 12, 2007 - 2:32 pm

Well it actually seems to work perfectly with my two OpenLDAP servers and TLS.

This is on OpenBSD 3.8 and I will try tomorrow with 4.1.

AFAICS my problem was just a matter of using the correct syntax

for AuthLDAPURL. Thank you very much.


Thierry.


PS: FWIW I don't use AuthLDAPBindDN nor AuthLDAPBindPassword.
[view original message]
From: Brian A. Seklecki <lavalamp@...>
To: Thierry Lacoste <lacoste@...>
Cc: <misc@...>
Subject: Re: multiple ldap servers with mod_auth_ldap
Date: Tuesday, June 12, 2007 - 9:03 am

You can make a single service host address a highly available

(active-standby, load-balancing) using a number of mechanisms (hardware,

network devices, pf(4) w/ NAT) as opposed to trying to do it for every

protocol in software.


check out bob beck's talk(s) on pf(4)


~BAS


l8*

 	-lava (Brian A. Seklecki - Pittsburgh, PA, USA)

 	       http://www.spiritual-machines.org/


     "Guilty? Yeah. But he knows it. I mean, you're guilty.

     You just don't know it. So who's really in jail?"

     ~James Maynard Keenan
Previous thread: libexpat confusion by Jaap Versteegh on Tuesday, June 12, 2007 - 6:33 am. (9 messages)

Next thread: chroot'ed httpd howto by stefan hoffmann on Tuesday, June 12, 2007 - 8:42 am. (5 messages)