httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephane.Ruffi...@isceco.admin.ch
Subject AW: [users@httpd] OpenLDAP to Active Directory Authentication
Date Thu, 03 Mar 2005 15:27:11 GMT
I think that I have found the solution to my problem :-D

> When I give the following:
> AuthLDAPURL
ldap://servername.com/dc=bk,dc=evdad,dc=admin,dc=ch?name?sub?(objectClass=us
er)
>
> I receive the following error in apache error log:
> [warn] [client 131.102.223.000] [24779] auth_ldap authenticate: user
> isceco-eruf authentication failed; URI /svn/pspmgmt
[LDAP:ldap_simple_bind_s() failed][Can't contact LDAP server]

In this case, ADS returns me a referrals to another "domain controller". The
client tries to connect anonymously to the "domain controller" and it gives
me this error. 

A solution is to set LDAP_OPT_REFERRALS to LDAP_OPT_OFF before to perform
the bind. But it means a modification of the code of the module
mod_auth_ldap.

The second solution, which is better in my case, is to connect to the
"global catalog" of ADS, which is a read-only partial replica of the
directory. We can access the global catalog at the port 3268. When I give
the following parameter: AuthLDAPURL
ldap://servername.com:3268/dc=bk,dc=evdad,dc=admin,dc=ch?name?sub?(objectCla
ss=user) I can perform my search without error.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message