This is a spin-off of the work done on #1740978: LDAP Authentication and LDAP User: LDAP not allowing to authenticate to multiple servers.
When you have multiple servers handling authentication for different domains it can be beneficial from a performance standpoint for the LDAP module to prioritize the order in which it queries the LDAP servers based on the last known success for a user.
For example:
- We have 2 LDAP servers managing two completely independent domains.
- When a user logs in, if they belong to the 2nd domain they still get an authentication check against the 1st domain.
This patch adds a bit of logic to the ldap_authentication.inc file to detect if their are multiple servers defined and if the user has previously had a successful login. If these two conditions are met, the patch changes the order of the $auth_conf->enabledAuthenticationServers array so that the server they last successfully authenticated against is the first server tried during this login attempt.
Comment | File | Size | Author |
---|---|---|---|
ldap-prioritylogin.patch | 1.49 KB | shawn_smiley | |
Comments
Comment #1
johnbarclay CreditAttribution: johnbarclay commentedI agree with the spirit/essence of the patch, but have not tested it. I'll commit it after more testing/review. Thanks.
Comment #2
larowlanLooks good, just a couple of nitpicks
This should be ===
!==
Comment #3
grahlComment #4
grahlComment #5
grahlPatch only relevant for 7.x and not really applicable to 8.x, would need rewrite and currently no effort here.