3

I've been using django-auth-ldap for a while to auth against a single server (AUTH_LDAP_SERVER_URI in settings.py). There have been some changes in my organization recently, and I now need to be able to check against two different LDAP servers (actually: Active Directory, but I don't think that comes into play here). Unfortunately there is not a single location that has all of the user info I need.

Is there any way I can configure django-auth-ldap to check against more than 1 server? The documentation seems to assume a single server/URI. I'd also entertain ideas outside of django-auth-ldap, but I'd really like to stick with it if possible because it keeps things simple.

alecxe
  • 462,703
  • 120
  • 1,088
  • 1,195
djangodude
  • 5,362
  • 3
  • 27
  • 39
  • Do the servers have to use the same DSN and filter information? Is the second server just for the sake of redundancy? If so, have you considered the use of a single VIP (virtual IP) for the two LDAP servers? – jathanism Apr 30 '12 at 14:56
  • No, it's different info; not redundant. – djangodude Apr 30 '12 at 15:03
  • what happens if there is auth information in more than one server? Which server is authoritative? – Terry Gardner Apr 30 '12 at 16:12
  • @TerryGardner: did you mean what happens if *the same* auth info is on both servers? I'm assured by my IT team that it won't happen (i.e. 'userA' will only exist on 'LDAPserverA'; 'userB' will only exist on 'LDAPserverB'; we will not ever have 'userA' under 'LDAPserverB'). – djangodude Apr 30 '12 at 16:43

2 Answers2

3

You would need to extend the custom auth handler to take an iterable for servers to check against and just step through them.

There is nothing stopping you from checking any number of directories for the information you need - there is no limitation in the underlying libraries.

Burhan Khalid
  • 169,990
  • 18
  • 245
  • 284
2

django-auth-ldap 1.1 (just released) allows you to easily define multiple subclasses of the authentication backend that use different collections of settings. See http://packages.python.org/django-auth-ldap/#multiple-ldap-configs.

psagers
  • 859
  • 4
  • 5