httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Phillips <r...@trolocsis.com>
Subject Re: LDAP authentication: non-anonymous bind
Date Tue, 26 Jan 2010 04:29:28 GMT
On Mon, Jan 25, 2010 at 8:44 PM, Eric Covener <covener@gmail.com> wrote:
> On Mon, Jan 25, 2010 at 7:00 AM, Lars Kruse <devel@sumpfralle.de> wrote:
>
>> This new behaviour covers the two use cases described above (even though I did
>> not check it in an Active Directory setup).
>
> Patch is nice and simple, but it would be great if someone with AD
> leanings could confirm that this combination of HTTP username,
> attribute, and basedn is likely to result in something that can bind
> in a typical AD install.
>

I've been working with LDAP and AD for a while now, and, AFAIK, there
are only two ways to bind to a Directory Server:

 1. User's BindDN, and
 2. User Principle Name

I don't believe the proposed method is portable to AD. In addition,
the modifications to the binddn are in the 'sec' variable which is an
authn_ldap_config_t structure created for the module and not for the
_request_.

Regards,
Ryan

Mime
View raw message