When auth_proxy is enabled, EG will try each configured authenticator in turn. If the first one fails, it will try the next, and so on. In a typical setup, this means EG will attempt LDAP auth first, then fall-through to native auth if LDAP fails.
But this fall-through isn't always desirable. Let's say you're in a consortium where only one library is using LDAP, and that library doesn't want to support native login. To make this work currently, your "native" authenticator config in opensrf.xml would need to individually list every library in your consortium *except* for the one that's using LDAP. That's cumbersome and error-prone.
Instead, I propose adding a "bail on fail" setting to authenticator config. When enabled, if auth fails for that authenticator, auth_proxy will bail out instead of falling through to the next authenticator.
Working branch user/jeffdavis/ lp1815229_ auth_proxy_ bail_on_ fail implements this proposal:
http:// git.evergreen- ils.org/ ?p=working/ Evergreen. git;a=shortlog; h=refs/ heads/user/ jeffdavis/ lp1815229_ auth_proxy_ bail_on_ fail