Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 54647 invoked from network); 18 Jun 2006 17:14:30 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 18 Jun 2006 17:14:30 -0000 Received: (qmail 66212 invoked by uid 500); 18 Jun 2006 17:14:15 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 66200 invoked by uid 500); 18 Jun 2006 17:14:15 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 66189 invoked by uid 99); 18 Jun 2006 17:14:14 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 18 Jun 2006 10:14:14 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of emptybody@gmail.com designates 64.233.182.190 as permitted sender) Received: from [64.233.182.190] (HELO nf-out-0910.google.com) (64.233.182.190) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 18 Jun 2006 10:14:13 -0700 Received: by nf-out-0910.google.com with SMTP id c29so1428851nfb for ; Sun, 18 Jun 2006 10:13:52 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=IIX0jEFqyAAuSP9FbL/8S4FIojn5FqN1oD/C3WDmwjQ8xT4UFjVAwRhEHrKEY8oANboJrzJmih7tMRHODHIBFw9C1ZbpTuDNABuRDBZedLp7TElTl2WpHtbb+IRtIJ9KTvok8R47ADqUUWxCU36vIQmDHLEJJJMUEzGSCEC83Ow= Received: by 10.48.242.19 with SMTP id p19mr4622041nfh; Sun, 18 Jun 2006 10:13:51 -0700 (PDT) Received: by 10.49.21.17 with HTTP; Sun, 18 Jun 2006 10:13:51 -0700 (PDT) Message-ID: Date: Sun, 18 Jun 2006 13:13:51 -0400 From: "empty body" To: users@httpd.apache.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] Re: authentication problem with apache2 + ldap + active directory X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N I made some progress: after reading this post: http://tinyurl.com/rzjzf i have changed my config from AuthLDAPURL ldap://ad.host.name.com:389/DC=XYZ,DC=ABC,DC=com?sAMAccountName?sub?(objectClass=*) to AuthLDAPURL ldap://ad.host.name.com:389/OU=BLAH2,DC=XYZ,DC=ABC,DC=com?sAMAccountName?sub?(objectClass=*) and that worked, confirming the theory that apache's ldap gets confused when encountering LDAP search result reference in the LDAP response from the initial search (see http://rafb.net/paste/results/9Duquf89.html). once OU has been provided, apache's LDAP works fine, since reference is not returned anymore. however this is not an option for me, since in my case OU=BLAH* is actually referring to different campuses in multiple cities, so there is no single all-encompassing entity underneath the root of the AD that includes all the users. fiddling with AuthLDAPDereferenceAliases (setting it to all available options) did not make any difference. this behavior has been confirmed in 2.0.55 and 2.2.2 using openldap 2.3.21. any suggestions on making it work while binding to the root of the tree? thank you --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org