As I got farther along, I realized their should only be one authentication configuration (as in ldap_auth) but more than one ldap server configuration could be used for authentication. Since an ldap server configuration could exist for another purpose (provisioning, authorization, etc.) this needs to be in the UI. Since order should not matter there are 2 ways of doing this:

A. add a checkbox in the ldap server configuration that says: [] Use this ldap server configuration for authentication
B. have a multiple select of checkbox set in the ldap authentication configuration

Questions:
- Is the single ldap authentication configuration correct?
- Any preferences on A. or B.? I like B. because the authentication configuration seems like the best context to make the decision.

Comments

micahw156’s picture

micahw156
he/him/his
commented

If this ever gets implemented, it might be a good time to consider that many networks set up multiple LDAP servers for redundancy. Allowing multiple LDAP hosts on the same "server" configuration would provide fail-over support without redundant configuration. In effect, multiple LDAP servers would be part of one "LDAP service provider" instance.

johnbarclay’s picture

johnbarclay commented
Component: Miscellaneous » Documentation
Category: feature » task

thanks. this is resolved in the code, but needs to be better documented. I'm changing this to a documentation issue.

Basically what an instance of an ldap server configuration is designed to be needs to be added to the documentation.

johnbarclay’s picture

johnbarclay commented
Version: 7.x-1.x-dev » 7.x-2.x-dev
Status: Active » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.