I'm trying to provide a redundant LDAP authentication to my webserver.
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<AuthnProviderAlias ldap ldap-one>
AuthLDAPBindDN "search@domain"
AuthLDAPBindPassword "pass"
AuthLDAPURL "ldap://###.###.###.###/dc=domain,dc=local?sAMAccountName?sub" NONE
</AuthnProviderAlias>
<AuthnProviderAlias ldap ldap-two>
AuthLDAPBindDN "search@domain"
AuthLDAPBindPassword "pass"
AuthLDAPURL "ldap://###.###.###.###/dc=domain,dc=local?sAMAccountName?sub" NONE
</AuthnProviderAlias>
<Directory "/usr/local/nagios/sbin">
Order deny,allow
Allow from all
AuthBasicProvider ldap-one ldap-two
AuthType Basic
AuthName "Authentication"
Require valid-user
</Directory>
Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
Order deny,allow
Allow from all
AuthBasicProvider ldap-one ldap-two
AuthType Basic
AuthName "Authentication"
Require valid-user
</Directory>`
It works! However, the whole point of this is that when ldap-one is offline for whatever reason, I can still login. So, I change the IP address of ldap-one to another ip address that doesn't go anywhere, and reload.
Now I get an "Internal Server Error" when I try to log in. If I switch the order in AuthBasicProvider to ldap-two ldap-one then it does work.
So it looks like it's only checking the first entry for AuthBasicProvider.
This is the document/example I've been following: https://httpd.apache.org/docs/2.2/mod/mod_authn_alias.html
Info:
# httpd -v
Server version: Apache/2.4.6 (CentOS)
# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
Many thanks,
Ollie
