Multiple LDAP server settings are invalid
ehryhy opened this issue · 1 comments
ehryhy commented
I made the following settings, but the request to the "ad_2 "did not go through.
ldap_server ad_1 {
url "ldap://<LDAP SERVER IP ADDRESS1>:3268/OU=Offices,DC=company,DC=com?sAMAccountName?sub?(objectClass=person)";
binddn "CN=Operator,OU=Service Accounts,DC=company,DC=com";
binddn_passwd <PUT Operator's PASSWORD HERE>;
group_attribute member;
group_attribute_is_dn on;
require group "CN=Admins,OU=My Security Groups,DC=company,DC=com";
}
ldap_server ad_2 {
url "ldap://<LDAP SERVER IP ADDRESS2>:3268/OU=Offices,DC=company,DC=com?sAMAccountName?sub?(objectClass=person)";
binddn "CN=Operator,OU=Service Accounts,DC=company,DC=com";
binddn_passwd <PUT Operator's PASSWORD HERE>;
group_attribute member;
group_attribute_is_dn on;
require group "CN=Admins,OU=My Security Groups,DC=company,DC=com";
}
server {
listen 8000;
server_name localhost;
auth_ldap "Forbidden";
auth_ldap_servers ad_1;
auth_ldap_servers ad_2 ;
location / {
root html;
index index.html index.htm;
}
}
The authentication for "ad_1" passes, but "ad_2" does not.
If I comment out the following setting, it works fine, is it a bug caused by this setting?
auth_ldap_cache_enabled on;
auth_ldap_cache_expiration_time 10000;
auth_ldap_cache_size 1000;
AnrDaemon commented
Don't specify IP addresses. Refer to the servers using a properly configured SRV RR.