httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [users@httpd] mod_authnz_ldap module and Microsoft AD LDAP Server
Date Tue, 21 Oct 2008 22:58:04 GMT
Thanks.
That info might very well save me a couple of days of scratching my head 
some time soon.

André


Eric Covener wrote:
> On Tue, Oct 21, 2008 at 1:43 PM, André Warnier <aw@ice-sa.com> wrote:
>> Eric Covener wrote:
>>> On port 389, MSAD might send you on a lengthy wild goose-chase of LDAP
>>> referrals.
>>>
>> Eric, can you elaborate a bit on that, or direct me/us to some additional
>> information ?
>> This is not directly related to the OP's issue, but I'm doing a lot of AAA
>> related stuff these days, and like to learn these things.
> 
> 
> LDAP has a notion of referrals, like HTTP redirects.  When you have a
> complicated AD domain, you might talk to what you think of as the
> master AD server, but it may send you to go ask other servers (dept.
> x, dept y,  AD servers from some remote site, recent acquisitions,
> etc).  I don't know if it is misconfiguration, but I've seen some
> where conceptually none of the referrals seem to be needed based on
> the user you're looking up (and may take you across some slow links)
> 
> When you use that high port, you're talking to the "global catalog"
> where all info across the "forest" is aggregated on one LDAP server
> and you just get a regular/direct result if you query or try to login.
> If you use unusual data for authz, i believe you have to tell it what
> 
> MS also has a tool called ADAM (AD Application Mode) that frontends AD
> for traditional LDAP applications:
> http://www.microsoft.com/windowsserver2003/adam/default.mspx
> 
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message