httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Krist van Besien" <>
Subject Re: [users@httpd] Ldap Bind (w/ mod_auth_ldap)
Date Wed, 23 Apr 2008 13:11:11 GMT
On Wed, Apr 23, 2008 at 3:05 PM, Harry Holt <> wrote:

> Well... that was my assumption.  But looking at the trace, it is in fact
> performing an anonymous search before attempting the bind.  Maybe it's
> possible to specify a fully qualified DN and avoid the search, I don't know.

That is the reason why I'm using a custom perl module in stead of the
standard ldap modules. Our AD servers don't alloiw anonymous binds,
and our password policy requires a password change every 6 weeks...
These two things together made using mod_authz_ldap impractical.

And the anonymous bind and ldap search is actually not needed when
using an MS AD server. A little know feature of MS AD is that you can
bind using "user@domain" as username. You can just test if a bind
using this user, and the password supplied by the user is successfull.
That is  what the perl module I use does. (The modules is


Bremgarten b. Bern, Switzerland
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message