Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Apache: Users

Multiple Active Directory authentication via apache

  

 
Apache users RSS feed   Index | Next | Previous | View Threaded


soumendu_bhattacharya at non

May 8, 2008, 3:37 AM

Post #1 of 5 (146 views)
Permalink
Multiple Active Directory authentication via apache
Hi,

I have successfully setup apache (2.2.x) to authenticate users via
Active Directory using mod_authnz_ldap.so. The problem is that we have
different physical active directory servers for different regions and
although I can pass failover server(s) in AuthLDAPURL, there is no way that
Apache can authenticate against all of them in sequence. i.e if
authentication fails for AD server 1, then try to authenticate via AD server
2 etc. Is there any other way this can be achieved via any other modules ?



Any help will be greatly appreciated.



Regards



Soumendu


covener at gmail

May 8, 2008, 3:56 AM

Post #2 of 5 (141 views)
Permalink
Re: Multiple Active Directory authentication via apache [In reply to]
On Thu, May 8, 2008 at 6:37 AM, Soumendu Bhattacharya
<soumendu_bhattacharya[at]non.agilent.com> wrote:
> Hi,
>
> I have successfully setup apache (2.2.x) to authenticate users via
> Active Directory using mod_authnz_ldap.so. The problem is that we have
> different physical active directory servers for different regions and
> although I can pass failover server(s) in AuthLDAPURL, there is no way that
> Apache can authenticate against all of them in sequence. i.e if
> authentication fails for AD server 1, then try to authenticate via AD server
> 2 etc. Is there any other way this can be achieved via any other modules ?

Can you put an LDAP server in front of it all that knows how to send
referrals to to the proper backend?

--
Eric Covener
covener[at]gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org


soumendu_bhattacharya at non

May 8, 2008, 4:00 AM

Post #3 of 5 (140 views)
Permalink
RE: Multiple Active Directory authentication via apache [In reply to]
Thanks ! I will look into that idea, but is there any other module which can
do this straight away ?

Thanks and Regards,

Soumendu


-----Original Message-----
From: Eric Covener [mailto:covener[at]gmail.com]
Sent: Thursday, May 08, 2008 4:27 PM
To: users[at]httpd.apache.org
Subject: Re: [users[at]httpd] Multiple Active Directory authentication via
apache

On Thu, May 8, 2008 at 6:37 AM, Soumendu Bhattacharya
<soumendu_bhattacharya[at]non.agilent.com> wrote:
> Hi,
>
> I have successfully setup apache (2.2.x) to authenticate users
via
> Active Directory using mod_authnz_ldap.so. The problem is that we have
> different physical active directory servers for different regions and
> although I can pass failover server(s) in AuthLDAPURL, there is no way
that
> Apache can authenticate against all of them in sequence. i.e if
> authentication fails for AD server 1, then try to authenticate via AD
server
> 2 etc. Is there any other way this can be achieved via any other modules ?

Can you put an LDAP server in front of it all that knows how to send
referrals to to the proper backend?

--
Eric Covener
covener[at]gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org






---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org


covener at gmail

May 8, 2008, 4:20 AM

Post #4 of 5 (139 views)
Permalink
Re: Multiple Active Directory authentication via apache [In reply to]
On Thu, May 8, 2008 at 7:00 AM, Soumendu Bhattacharya
<soumendu_bhattacharya[at]non.agilent.com> wrote:
> Thanks ! I will look into that idea, but is there any other module which can
> do this straight away ?

Doesn't seem likely.

--
Eric Covener
covener[at]gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org


soumendu_bhattacharya at non

May 8, 2008, 4:28 AM

Post #5 of 5 (137 views)
Permalink
RE: Multiple Active Directory authentication via apache [In reply to]
Thanks. Thinking about your idea of putting an LDAP server in the front
which can send referrals to the proper backend , is there any kind of
documentation for that ? Sorry, but I have never done this kind of setup.

Thanks and Regards,

Soumendu


-----Original Message-----
From: Eric Covener [mailto:covener[at]gmail.com]
Sent: Thursday, May 08, 2008 4:51 PM
To: users[at]httpd.apache.org
Subject: Re: [users[at]httpd] Multiple Active Directory authentication via
apache

On Thu, May 8, 2008 at 7:00 AM, Soumendu Bhattacharya
<soumendu_bhattacharya[at]non.agilent.com> wrote:
> Thanks ! I will look into that idea, but is there any other module which
can
> do this straight away ?

Doesn't seem likely.

--
Eric Covener
covener[at]gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org






---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org

Apache users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.