I am currently using an Apache front end for my Subversion repository, in order to do LDAP authentication.
My setup is fairly vanilla, however I would like to be able to specify a ‘backup’ LDAP URL, in case the primary one is down. I can’t currently see a way to do this other then use a second location, or virtual host that points at the secondary LDAP server.
While this would technically work, it is not an optimal solution. I would like something that does not require users to manually select the backup URL.
This is currently Apache 2.2.3 on CentOS 5.
Sample entry from httpd.conf:
<VirtualHost *:80> ServerName svn.example.com ServerAlias svn.example.com svn <Location /erx> DAV svn SVNPath '/usr/local/svn/repos' Require valid-user AuthzSVNAccessFile '/usr/local/svn/conf/svnaccess.conf' AuthName 'SVN Repository' AuthBasicProvider ldap AuthType Basic AuthzLDAPAuthoritative off AuthLDAPURL 'ldap://ldapserver:389/searchstring' NONE AuthLDAPBindDN 'bind' AuthLDAPBindPassword password </Location> </VirtualHost>
OpenLDAP uses a blank separated list of servers. Assuming that mod_ldap is using OpenLDAP, this may work:
If that doesn’t work, try including two blank separated URLs:
Edit: mod_authnz_ldap seems to support this officially.