[imp] [horde] authenticate against multiple LDAP servers

[francis picabia]

On Sat, Sep 20, 2014 at 8:48 AM, Vilius Sumskas/LNK <vilius at lnk.lt> wrote:

> Hi,
>
> I'm trying to setup Horde to authenticate against multiple LDAP server
> however I cannot find any information how to do this.
>
> Looking at the code it seems like Ldap.php expects an array of hostnames,
> however GUI doesn't allow me to enter PHP arrays and it doesn't save it as
> an array if I separate hosts with comma, e.g. "hostname1, hostname2".
>
> I have specified an array of hostnames directly in conf.php, however as
> soon as one of the LDAP hosts goes down I have a >1 minute delay every
> time I click Horde GUI in any application.
>
> Have I did something wrong? Does Horde support multiple LDAP servers for
> authentication?
>
> --
>

I have something similar working, but not by horde.  I authenticate by IMAP,
and on the PAM configuration, there are multiple authentication methods
which are accepted.

One is LDAP, and other is by AD.  LDAP requires /etc/pam_ldap.conf
to be configured, and winbind requires Samba configured.  In your case
you could possibly have two LDAPs set up in /etc/pam_ldap.conf , but
I've never done it.

To block those who could authenticate by LDAP but have no mailbox on the
IMAP
server, I use listfile and have a cron to populate the file with every
mailbox.

/etc/pam.d/imap

auth        required      pam_listfile.so onerr=fail item=user sense=allow
file=/cyrus/userlist
auth        sufficient    pam_ldap.so try_first_pass
auth        sufficient    pam_winbind.so try_first_pass
auth        required      pam_deny.so