httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stewart, Eric" <e...@lib.usf.edu>
Subject RE: [users@httpd] Active Directory, Apache 2.2.2, and LDAP
Date Wed, 03 May 2006 10:39:36 GMT
 

> -----Original Message-----
> From: Rainer Sokoll [mailto:R.Sokoll@intershop.de] 
> Sent: Tuesday, May 02, 2006 4:59 PM
> 
> On Tue, May 02, 2006 at 03:38:12PM -0400, Stewart, Eric wrote:
> 
> > 	It turns out that the following set up will work - but that you
> > might get bitten by what I call an "AD Bug":
> > 
> > <Directory "/data1/webdocs/idriver">
>     [...]
> > </Directory>
> > 
> > This will work as expected, providing:
> [problems]
> 
> I cannot say much about AD and default groups (I am not a windows
> admin, fortunataly) but this works fine for me (2.0.58 at this time):
> 
[snip "working" 2.0.x config]

	Kind of verified - obviously not an Apache or LDAP bug (both are
doing exactly what they should for a "normal" LDAP implementation), as I
pretty much stated, but an AD bug.  Some poor guy using PHP ran into it,
and of course Microsoft is saying "Yeah, we know about it, but why
should we fix it?":

http://bugs.php.net/bug.php?id=25827
http://support.microsoft.com/default.aspx?scid=kb;en-us;275523
http://support.microsoft.com/default.aspx?scid=kb;en-us;321360

	Rainer: In your configuration, your letting in any "valid" user.
In mine, I'm trying to isolate usage to specific groups.  That's where
the "bug" pops up.  The only workaround I can see so far is, unless
you're in one of those rare cases where Default Group is important, is
to add the person to a different (possibly "dummy") default group.
	I know there are other mods out there that do SMB or AD (say,
through PAM) authentication - but last I checked, none advertised 2.2.x
compatibility.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message