httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "empty body" <emptyb...@gmail.com>
Subject [users@httpd] Re: authentication problem with apache2 + ldap + active directory
Date Sun, 18 Jun 2006 17:13:51 GMT
I made some progress:

after reading this post: http://tinyurl.com/rzjzf i have changed my config from

AuthLDAPURL ldap://ad.host.name.com:389/DC=XYZ,DC=ABC,DC=com?sAMAccountName?sub?(objectClass=*)

to

AuthLDAPURL ldap://ad.host.name.com:389/OU=BLAH2,DC=XYZ,DC=ABC,DC=com?sAMAccountName?sub?(objectClass=*)

and that worked, confirming the theory that apache's ldap gets
confused when encountering LDAP search result reference in the LDAP
response from the initial search (see
http://rafb.net/paste/results/9Duquf89.html). once OU has been
provided, apache's LDAP works fine, since reference is not returned
anymore.

however this is not an option for me, since in my case OU=BLAH* is
actually referring to different campuses in multiple cities, so there
is no single all-encompassing entity underneath the root of the AD
that includes all the users.

fiddling with AuthLDAPDereferenceAliases (setting it to all available
options) did not make any difference.

this behavior has been confirmed in 2.0.55 and 2.2.2 using openldap 2.3.21.

any suggestions on making it work while binding to the root of the tree?

thank you

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message