Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 7600 invoked from network); 3 Mar 2005 15:27:12 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 3 Mar 2005 15:27:12 -0000 Received: (qmail 66248 invoked by uid 500); 3 Mar 2005 15:27:01 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 66233 invoked by uid 500); 3 Mar 2005 15:27:01 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 66184 invoked by uid 99); 3 Mar 2005 15:27:00 -0000 X-ASF-Spam-Status: No, hits=0.2 required=10.0 tests=NO_REAL_NAME X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: local policy) Received: from mail12.admin.ch (HELO mail12.admin.ch) (162.23.32.12) by apache.org (qpsmtpd/0.28) with ESMTP; Thu, 03 Mar 2005 07:26:59 -0800 Received: from mar02.bb.admin.ch (mar02.bb.admin.ch [193.5.222.72]) by mail12.admin.ch (mailout) with ESMTP id 8E52B1C00318 for ; Thu, 3 Mar 2005 16:26:56 +0100 (CET) Received: from mas32.bb.admin.ch ([193.5.222.85]) by mar02.bb.admin.ch (8.12.10/8.12.10) with ESMTP id j23FQumn006918 for ; Thu, 3 Mar 2005 16:26:56 +0100 (MET) Received: from ad01007exc.ad.admin.ch ([131.102.107.144]) by antivir.admin.ch with InterScan Messaging Security Suite; Thu, 03 Mar 2005 16:26:55 +0100 Received: by ad01007exc.ad.admin.ch with Internet Mail Service (5.5.2657.72) id <183WCW8J>; Thu, 3 Mar 2005 16:26:55 +0100 Message-ID: <66087439F9345F43A52F241453B823B0533416@evd-s7018.evd.admin.ch> From: Stephane.Ruffieux@isceco.admin.ch To: users@httpd.apache.org Date: Thu, 3 Mar 2005 16:27:11 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="ISO-8859-1" X-Virus-Checked: Checked Subject: AW: [users@httpd] OpenLDAP to Active Directory Authentication X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N I think that I have found the solution to my problem :-D > When I give the following: > AuthLDAPURL ldap://servername.com/dc=bk,dc=evdad,dc=admin,dc=ch?name?sub?(objectClass=us er) > > I receive the following error in apache error log: > [warn] [client 131.102.223.000] [24779] auth_ldap authenticate: user > isceco-eruf authentication failed; URI /svn/pspmgmt [LDAP:ldap_simple_bind_s() failed][Can't contact LDAP server] In this case, ADS returns me a referrals to another "domain controller". The client tries to connect anonymously to the "domain controller" and it gives me this error. A solution is to set LDAP_OPT_REFERRALS to LDAP_OPT_OFF before to perform the bind. But it means a modification of the code of the module mod_auth_ldap. The second solution, which is better in my case, is to connect to the "global catalog" of ADS, which is a read-only partial replica of the directory. We can access the global catalog at the port 3268. When I give the following parameter: AuthLDAPURL ldap://servername.com:3268/dc=bk,dc=evdad,dc=admin,dc=ch?name?sub?(objectCla ss=user) I can perform my search without error. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org