AUTHC LDAP two different hosts, bind_dn password and userbase

#1

Hello guys !
Trying to implement LDAP Authentication, managed to work for the servers separately but can’t make it work for two different LDAP servers.
I know I can add the two hosts like that :

 authentication_backend:
          type: "ldap"
          config:
            enable_ssl: false
            enable_start_tls: false
            enable_ssl_client_auth: false
            verify_hostnames: true
            hosts:
            - "server1:389"
            - "server2:389"

The problem is that the servers have different settings and different admin accounts, passwords and userbase.

Is it possible to set this up?

I tested and it seems to work for userbase doing it like that:

users:
              us1:
                base: "ou=users,dc=yyy,dc=yyy"
              us2:
                base: "dc=zzz,dc=zzz"

But didn’t find the way to add multiple bind_dn and passwords.

EDIT : PROBLEM SOLVED
Found on search guard forum.

authc: #authentication with multiple ldaps
  auth_first_ldap:
    http_enabled: true
    transport_enabled: true
    order: 1
    http_authenticator:
      type: basic
      challenge: false
    authentication_backend:
      type: ldap
      config:
        ...
        bind_dn: binddn1
        ...
  auth_second_ldap:
    http_enabled: true
    transport_enabled: true
    order: 2
    http_authenticator:
      type: basic
      challenge: false
    authentication_backend:
      type: ldap
      config:
        ...
        bind_dn: binddn2
        ... 
authz: #authorization with multiple ldaps
  roles_from_first_ldap:
    http_enabled: true
    transport_enabled: true
    authorization_backend:
      type: ldap 
      config:
        .....
        bind_dn: binddn1
        .....
  roles_from_second_ldap:
    http_enabled: true
    transport_enabled: true
    authorization_backend:
      type: ldap 
      config:
        .....
        bind_dn: binddn2
        .....
  roles_from_third_ldap:
    http_enabled: true
    transport_enabled: true
    authorization_backend:
      type: ldap 
      config:
        .....
        bind_dn: binddn3
        .....

Thanks !
Thi

#2

I tested and it seems to work for userbase doing it like that:

users:
              us1:
                base: "ou=users,dc=yyy,dc=yyy"
              us2:
                base: "dc=zzz,dc=zzz"

But didn’t find the way to add multiple bind_dn and passwords.