Multiple Active Directories
Daniel Fisher
dfisher at vt.edu
Thu May 23 16:16:26 EDT 2019
On Tue, May 21, 2019 at 4:25 PM Nate Klingenstein <ndk at signet.id> wrote:
> Ray and Myn,
>
> I think the subtle difference between these two approaches is that JAAS
> could be used in a chaining approach (try A, then try B) and selects a
> first match, whereas this configuration will merge all DN's that match the
> pattern across directories. I'd taken the question more literally(Try
> College A, and next College B, for successful bind?) but it may be that
> your directory structure allows for Ray's approach. If it does, then I
> would use it.
>
> Sure to be corrected again if wrong,
>
If I'm understanding you, you're correct. JAAS will try each host in the
order they are configured until one succeeds. The spring based
configuration attempts DN resolution asynchronously for all hosts at the
same time. By default it will throw if it resolves more than one DN.
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190523/a10408fc/attachment.html>
More information about the users
mailing list