auth caching doesnt fully work with multiple ldap

[landryb]

I have a setup with two auth servers:

auth_ldap_servers ldap1;
auth_ldap_servers ldap2;

Auth works fine whichever the server contains the user i'm sending credentials for, but for caching it's not the same:

If the user is found in ldap1, the info is properly cached in nginx, ldap2 is not searched for at all, and ldap1 isnt queried for the time the info is cached.

If the user is not found in ldap1 but only in ldap2, ldap1 will be queried at every subsequent user hit (even though nginx has cached the fact that 'user has been found in ldap2'), thus the log is filled with error messages from the query on ldap1 not finding user in there:

2018/03/20 15:25:44 [error] 1568#0: *75989 http_auth_ldap: Could not find user DN, 
client:
2018/03/20 15:25:44 [error] 1568#0: *75991 http_auth_ldap: Could not find user DN, client: 
2018/03/20 15:25:45 [error] 1568#0: *75993 http_auth_ldap: Could not find user DN, client: 

User still doesnt have to resend creds as he's been authentified in ldap2, but the logs are filing up...

Is there a way to search first for the cache (being global to all servers) before trying to auth/search in each server ?

[ibexmonj]

I am using 2 ldap server for 2 domain accounts and will be interested in the solution to reduce the log noise as well. @landryb not to hijack your thread but are you using require group in your config and if so is nested groups working for you ?

[landryb]

was fixed by 81f7e24 / #219