Configuring Multiple LDAP Servers
If you need to configure multiple LDAP servers that have different URLs, create a separate authentication record for each server. Use the PRIORITY keyword to indicate which search the LDAP server performs first.
The following statements create two authentication methods, vldap1
and vldap2
. They specify that the LDAP server first search the entire directory (basedn=dc=example,dc=com
) for a DN with an OU attribute Sales
. If the first search returns no results, or otherwise fails, the LDAP server next searches for a DN with the OU attribute Marketing
:
=> CREATE AUTHENTICATION vldap1 method "ldap" HOST 10.0.0.0/8; => ALTER AUTHENTICATION vldap1 SET host='ldap://ldap.example.com/search', basedn='dc=example,dc=com', search_attribute='Sales' PRIORITY 1; => GRANT AUTHENTICATION vldap1 to public;
=> CREATE AUTHENTICATION vldap2 method "ldap" HOST 10.0.0.0/8; => ALTER AUTHENTICATION vldap2 SET host='ldap://ldap.example.com/search', basedn='dc=example,dc=com', search_attribute='Marketing' PRIORITY 0; => GRANT AUTHENTICATION vldap2 to public;