multiple user try to authenticate at same time

[chris-rock]

I am not sure if I got it right, but as far as I understood the LDAPStrategy a bind is called whenever a user tries to authenticate. I have not fully tested it, but since all old requests will be discarded, once a new bind comes up, I expect a couple of user account mix-ups if multiple user try to authenticate at the same time?

I see two solutions for the above mentioned problem: create a separate user for the web channel in ldap to bind against that and validate the identity with ldap search or create a new connection for each user. What do you think?

[chris-rock]

Good overview about what should work out of the box: http://static.springsource.org/spring-security/site/docs/3.2.x/reference/ldap.html