httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <cove...@gmail.com>
Subject Re: [users@httpd] LDAP authentication against an Active Directory server
Date Mon, 19 May 2008 23:52:27 GMT
On Mon, May 19, 2008 at 7:14 PM, David Dyer-Bennet
<David.Dyer-Bennet@pinerivercapital.com> wrote:

>
> Then I see *another* search for the same user record, which fails with
> an error saying a bind must be done first ("errorMessage: 00000000:
> LdapErr: DSID-0C090627, comment: In order to perform this operation a
> successful bind must be completed on the connection., data 0, vece").


When you point a regular LDAP client at AD, it sees a bunch of noisy
referrals. Many LDAP clients won't just volunteer to pass on the
credentials you specified for the initial search onto these referrals,
for good reason.

MS provides a daemon called Active Directory Application Mode (ADAM)
that flattens the entire LDAP topology into a single server, for use
by traditional clients. The other alternative is to point Apache at
the "global catalog" port on the AD system -- this also avoids the
referrals.

http://www.microsoft.com/downloads/details.aspx?familyid=9688f8b9-1034-4ef6-a3e5-2a2a57b5c8e4&displaylang=en
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbc_nar_bsad.mspx?mfr=true

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message