httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "RCHAPACH Rochester" <rchap...@us.ibm.com>
Subject Re: httpd_ldap: session time out
Date Fri, 27 Sep 2002 17:00:47 GMT

>I have had two problems using an MS exchange server :) to autheticate.
>The first is that ldap queries allways return a dn with and extra cn
attribute
>as as below:
>cn=qzlg4d,cn=Recipients,ou=EXNZ01,o=ABC
>but when you try and bind with the same dn it fails unless you remove the
>cn=Recipients. Now I do not know anything about Exchange or the way it is
set
>up but I created a patch to blank this out which I guess cannot be put in
to
>httpd_ldap but I include it anyway.

On the iSeries, we had the opposite problem dealing with LDAP servers using
MS Exchange.  The search would return  cn=Recipients,ou=EXNZ01,o=ABC, for
example, but we could not bind to the LDAP server to authenticate using
this DN. The exchange server required a Domain Name to be appended to the
DN in order to authenticate.  To get our customer working again, we ended
up adding a directive for them to specify the Domain Name that had to be
added to the DN.  If this was set, we would then build the value that
Exchange would accept.    Since we've had a few customers who have used
this feature, I'm tending to agree that it is a configuration problem on
the LDAP server - that they have the configuration backwards, or that the
Exchange server was changed to no longer need the prepended Domain Name,
and the LDAP entries were not updated correspondingly to remove this from
the DN.


Marion Pitts
rchapach@us.ibm.com




Mime
View raw message