httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Dyer-Bennet" <David.Dyer-Ben...@pinerivercapital.com>
Subject RE: [users@httpd] LDAP authentication against an Active Directory server
Date Tue, 20 May 2008 13:58:53 GMT

Eric Covener [mailto:covener@gmail.com] wrote:

> On Mon, May 19, 2008 at 7:14 PM, David Dyer-Bennet
> <David.Dyer-Bennet@pinerivercapital.com> wrote:
> 
> >
> > Then I see *another* search for the same user record, which 
> > fails with
> > an error saying a bind must be done first ("errorMessage: 00000000:
> > LdapErr: DSID-0C090627, comment: In order to perform this 
> > operation a
> > successful bind must be completed on the connection., data 
> > 0, vece").
> 
> MS provides a daemon called Active Directory Application Mode (ADAM)
> that flattens the entire LDAP topology into a single server, for use
> by traditional clients. The other alternative is to point Apache at
> the "global catalog" port on the AD system -- this also avoids the
> referrals.
> 
> http://www.microsoft.com/downloads/details.aspx?familyid=9688f
> 8b9-1034-4ef6-a3e5-2a2a57b5c8e4&displaylang=en
> http://www.microsoft.com/technet/prodtechnol/windows2000serv/r
> eskit/distrib/dsbc_nar_bsad.mspx?mfr=true

I tried the second one, the global catalog port, just now, and in a
preliminary simple test it worked perfectly for what I'm doing.  Since
that avoids having to ask the Windows-side support people to install and
configure the service, I'm inclined to go with it, unless other problems
appear in further testing.  

Thank you *very* much for your assistance!

Adding "global catalog port" to my searches brings up a number of sites
that advise using it -- none of which came up without that term in the
search, unfortunately for me, or I would have solved this several days
ago and without bothering you people.  Possibly if I'd recognized the
pattern of tcp traffic as representing referrals, searching on that
would have gotten me somewhere.  Oh well; live and learn!

--- 

The contents of this message and its attachments, if any, are meant for the sole use of the
intended recipient and may be confidential, privileged, or otherwise protected from disclosure.
If you are not the intended recipient of this message or have received this message in error,
please delete it, immediately alert the sender by reply e-mail, and do not read, disclose,
distribute, or otherwise use the information contained herein. If this message was misdirected,
neither Pine River nor its affiliates waives any confidentiality or privilege. Pine River
retains and monitors e-mail communications sent through its network. This e-mail does not
constitute or form part of any offer or invitation to sell, or the solicitation of an offer
to purchase any investment and is provided for information purposes only. Pine River believes
that the information it provides is accurate and complete as at the date of publication, but
does not grant any warranty of such and neither Pine River nor its affiliates accepts any
liability in respect of errors or omissions. Past performance is not necessarily a guide to
future results.

--- 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message