Hello guys !
Trying to implement LDAP Authentication, managed to work for the servers separately but can’t make it work for two different LDAP servers.
I know I can add the two hosts like that :
authentication_backend:
type: "ldap"
config:
enable_ssl: false
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: true
hosts:
- "server1:389"
- "server2:389"
The problem is that the servers have different settings and different admin accounts, passwords and userbase.
Is it possible to set this up?
I tested and it seems to work for userbase doing it like that:
users: us1: base: "ou=users,dc=yyy,dc=yyy" us2: base: "dc=zzz,dc=zzz"But didn’t find the way to add multiple bind_dn and passwords.
EDIT : PROBLEM SOLVED
Found on search guard forum.
authc: #authentication with multiple ldaps
auth_first_ldap:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: ldap
config:
...
bind_dn: binddn1
...
auth_second_ldap:
http_enabled: true
transport_enabled: true
order: 2
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: ldap
config:
...
bind_dn: binddn2
...
authz: #authorization with multiple ldaps
roles_from_first_ldap:
http_enabled: true
transport_enabled: true
authorization_backend:
type: ldap
config:
.....
bind_dn: binddn1
.....
roles_from_second_ldap:
http_enabled: true
transport_enabled: true
authorization_backend:
type: ldap
config:
.....
bind_dn: binddn2
.....
roles_from_third_ldap:
http_enabled: true
transport_enabled: true
authorization_backend:
type: ldap
config:
.....
bind_dn: binddn3
.....
Thanks !
Thi