httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bennett, Tony" <>
Subject RE: [users@httpd] Confused about LDAP authentication with Active Directory
Date Thu, 26 Feb 2009 16:08:11 GMT
> -----Original Message-----
> From: Davide Bianchi [] 
> Sent: Thursday, February 26, 2009 6:51 AM
> To:
> Subject: Re: [users@httpd] Confused about LDAP authentication with Active Directory
> Ed Avis wrote:
> > <> imply that
> > Apache connects to the LDAP server using a fixed username and
> > password, and then merely queries the existence of an object in the
> > directory that matches the username. If so how does it check the
> > password supplied by the user?
> The problem is that in order to check the password, you need to 'bind'
> to the AD server using the correct DN, in order to find the DN you need
> to query the AD server with the username. But AD doesn't allow you to
> query it without first binding.
> So you need to bind in order to query, but you need to query to bind. Is
> a sort-of catch-22 situation. Hence the need for a fixed
> username/password to do the first query.
> Davide

While this is true for 100% compliant LDAP servers, MS has "embraced and extended" 
what ActiveDirectory will accept for the user's DN... by "allowing" a Windows NT 
style login in the place of the DN.
The Windows NT style login is in this format:
Where Domain is the ActiveDirectory Domain, and the username is the ActiveDirectory


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message