I am currently trying to add LDAP support to supplement a file auth system. Unfortunately, I can't just phase out the file system in it's entirety because of when the LDAP server goes down. The current status is that I have a system that works for both LDAP and file login, if the LDAP server is online and responding. But, when the LDAP server goes down, that is when I encounter issues. I can't just have the file validation come before ldap, because then if the username matches but password doesn't, it fails as well. (This is important because passwords are not guaranteed to be the same between LDAP and htpasswd file.)
Here is my current setup:
<Directory /file/path>
AuthType Basic
AuthName "Password Required"
AuthBasicProvider ldap file
AuthUserFile /file/path/htpasswd
AuthLDAPURL "ldap://ldap.companyserver.com:389/dc=company, dc=net"
AuthLDAPBindAuthoritative off
AuthzLDAPAuthoritative off
Require valid-user
</Directory>
The ideas I've been looking at for a solution are as follows:
- Get it to actually recognize the LDAP timeout
- Find a way for basic auth to fall through when username matches but password doesn't
I'm open to any suggestions. I have playing with LDAPConnectionTimeout and could not get that to make a difference.