falz wrote:
This would technically get things working, but poses a security issue. I want to have clients associated with backends. The above example appears that it will simply give priority of one authentication source over the other, which isn't what I'm trying to do.
You can use Autz-Type to get what you want, but it's more complicated.
I'll look into 2.0 if this is the only way to get this functionality.
It's not the only way, but it's *much* easier in 2.0. You just put an entry in the "client" configuration saying "virtual_server = foo", and all requests get processed through "foo".
No, I did not remove the files section. It is called, and loaded per my output in the previous email.
It's not listed in the debug output you posted. So it's not being called.
Looking through the docs, it appears that Autz-Type gives indications of what I am trying to do:
Yes. It may require running two copies of the "files" module, which is more complicated.
I will experiment with it and some syntax, and chime back in when I get things working for future reference for other users (and for me, if I neglect to document it myself :)
In 2.0: client a { ipaddr = 1.2.3.4 ... virtual_server = foo } client b { ipaddr = 5.6.7.8 ... virtual_server = bar } server foo { authorize { users ... } ... } server bar { authorize { ldap ... } ... } It's more typing to set up, but it's significantly easier to understand and to maintain. It means that there are fewer possibilities for something to go wrong, too. Alan DeKok.