httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [users@httpd] Pass-through LDAP authentication with Internet Explorer and Active Directory
Date Tue, 16 Sep 2008 18:28:45 GMT
Clayton Hicklin wrote:
> I have LDAP authentication against Active Directory working perfectly in
> Firefox, but my problem is with IE.  IE automatically passes through the
> username and password so once you are logged into the domain, you don't have
> to type it in again.
> 
> That's great, except it is passed through as <domain>\<user>.  To do LDAP
> authentication against Active Directory, I am searching the sAMAccountName
> attribute of the users.  This attribute holds the username for that user,
> but does not include the <domain>\ prefix, therefore authentication fails in
> IE and it prompts you for the username and password.
> 
> As far as I can tell, the <domain>\ prefix is not stored anywhere inside the
> user object, so there is no way to authenticate with the credentials that IE
> provides.
> 
> Has anybody got this working?  Is there some sort of workaround or hidden
> parameter in the Apache LDAP modules that might fix this?  Thanks!
> 
Hi Clayton.
There are so many things that might be "happening in IE" that you need 
to be a little more specific for someone to be able to help you.
Can you provide some more precise details about your setup ? like which 
version of Apache, what module are you using, what the parameters are, etc..
There are not so many things that can be done at the IE side, but maybe 
the authentication module which you are using on the server side has 
some parameters.
The fact that IE at first passes the domain\user seems to imply that IE 
thinks it is doing "Windows Integrated Authentication", which can be a 
good or a bad thing. But without some more details, one would not know 
where to start looking.
Contrary to what you seem to think (or at least what you write), it is 
not in IE that authentication fails, it is at the server level.  As a 
result, the server sends a "401 Authorization required" to IE, and that 
is when IE pops up the login dialog.





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message