httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith O'Brien" <keith.obr...@rga.com>
Subject [users@httpd] authnz with multiple AD domains and Global Catalog
Date Tue, 06 Mar 2007 16:14:23 GMT
 

I am trying to get authnz to work with multiple domains via the global
catalog. There is documentation on this under the 2.3 docs on apache. (
http://httpd.apache.org/docs/trunk/mod/mod_authnz_ldap.html ). There are
reports of other people getting this to work. 

I built the latest version of apache2 2.2.4.  

Below is the working authnz config and the one that does not work with
the global catalog and multiply AD domains. The error I get is:
[ldap_search_ext_s() for user failed][Invalid DN syntax] 

### Working ### This searches only one Domain 
<Location /test2> 
AuthType Basic 
AuthBasicProvider ldap 
AuthName "Require Valid User" 
AuthBasicAuthoritative On 
AuthzLDAPAuthoritative off 
AuthLDAPBindDN ldap_browser@xx.xxx.com 
AuthLDAPBindPassword 'xxxxxxxx' 
AuthLDAPURL
ldap://10.xxx.xxx.xxx:389/OU=Systems,DC=xx,DC=xxx,DC=com?sAMAccountName?
sub 
require valid-user 
DAV svn 
SVNPath /usr/local/svn/test2 
SVNAutoversioning on 
</Location> 

### NOT WORKING ### 
<Location /test1> 
AuthType Basic 
AuthBasicProvider ldap 
AuthName "Require Valid User" 
AuthBasicAuthoritative On 
AuthzLDAPAuthoritative off 
AuthLDAPBindDN ldap_browser@xx.xxx.com 
AuthLDAPBindPassword 'xxxxxxx' 
# THe below one works using the global catalog but only searchs one
domain 
#AuthLDAPURL
ldap://10.xxx.xxx.xxx:3268/OU=Systems,DC=xx,DC=xxx,DC=com?sAMAccountName
?sub 
# The below one does not work 
AuthLDAPURL ldap://10.xxx.xxx.xxx:3268/>userPrincipalName?sub
<ldap://10.xxx.xxx.xxx:3268/%3EuserPrincipalName?sub>  
require valid-user 
DAV svn 
SVNPath /usr/local/svn/test1 
SVNAutoversioning on 
</Location> 

Thanks for any light someone can shed on the issue.

Keith O'Brien Sr. Unix Administrator
Phone 212-946-4225 Fax 212-946-4010 keith@rga.com

R/GA 350 West 39th Street New York, NY 10018 www.rga.com

 





This message is the property of R/GA and contains information which may be privileged or confidential.
It is meant only for the intended recipients and/or their authorized agents. If you believe
you have received this message in error, please notify us immediately by return e-mail or
by forwarding this message to postmaster@rga.com, and destroy any printed or electronic copies
of the message. Any unauthorized use, dissemination, disclosure, or copying of this message
or the information contained in it, is strictly prohibited and may be unlawful. Thank you.

Mime
View raw message