httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Davide Bianchi <dav...@walterisookeensufferukker.nl>
Subject Re: [users@httpd] Confused about LDAP authentication with Active Directory
Date Thu, 26 Feb 2009 14:51:12 GMT
Ed Avis wrote:
> <http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html> imply that
> Apache connects to the LDAP server using a fixed username and
> password, and then merely queries the existence of an object in the
> directory that matches the username. If so how does it check the
> password supplied by the user?

The problem is that in order to check the password, you need to 'bind'
to the AD server using the correct DN, in order to find the DN you need
to query the AD server with the username. But AD doesn't allow you to
query it without first binding.

So you need to bind in order to query, but you need to query to bind. Is
a sort-of catch-22 situation. Hence the need for a fixed
username/password to do the first query.

Davide

-- 
Violence, rude language, excessive drinking,
paganism. It's hard to find children's books like that these
days.
--Stig Morten Valstad on alt.sysadmin.recovery

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message