I’m wondering if if I have something configured incorrectly. I was messing around between using LDAP auth within RC and having the reverse proxy do the LDAP auth and pass the username as a Header.
I would expect that if Header is set above LDAP in the order of authentication handlers, then RC would first try authenticating an existing user using the Header and if it’s not there then it would try authenticating via LDAP. But It looks to me like I have to explicitly set each existing user’s method of authentication to either Header or LDAP, so really making the order of authentication handlers redundant.
If I’m right, then a consequence of this is that if I switch between doing the auth in the reverse proxy versus RC, I have to change all the users, but there is no global method of doing that. Admittedly that should be a very rare thing to have to do once the configuration is final.
Thanks for any confirmation / clarification