httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Krist van Besien" <krist.vanbes...@gmail.com>
Subject Re: [users@httpd] Ldap Bind (w/ mod_auth_ldap)
Date Wed, 23 Apr 2008 13:11:11 GMT
On Wed, Apr 23, 2008 at 3:05 PM, Harry Holt <harryholt@gmail.com> wrote:

> Well... that was my assumption.  But looking at the trace, it is in fact
> performing an anonymous search before attempting the bind.  Maybe it's
> possible to specify a fully qualified DN and avoid the search, I don't know.

That is the reason why I'm using a custom perl module in stead of the
standard ldap modules. Our AD servers don't alloiw anonymous binds,
and our password policy requires a password change every 6 weeks...
These two things together made using mod_authz_ldap impractical.

And the anonymous bind and ldap search is actually not needed when
using an MS AD server. A little know feature of MS AD is that you can
bind using "user@domain" as username. You can just test if a bind
using this user, and the password supplied by the user is successfull.
That is  what the perl module I use does. (The modules is
Apache2::AuthenMSAD)

Krist

-- 
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message