perfect! it worked (2.0.55, 2.2.2 with bundled SUN LDAP SDK,
OpenLDAP). thank you so much for the tip!
the network trace looks exactly the way it should (no reference record
returned by AD).
reading up on global catalog does not make it obvious that i should
have used it, especially since other apps that rely on AD
authentication work fine against port 389, ignoring the references
(and we only have one domain).
just for the reference, this is my working 2.0.55 config:
-------------
LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_ldap_module modules/mod_auth_ldap.so
<IfModule mod_auth_ldap.c>
<Location /test>
AuthType Basic
AuthName "LDAP test"
AuthLDAPURL
ldap://ad.host.name.com:3268/DC=ABC,DC=DEF,DC=com?sAMAccountName
AuthLDAPBindDN "CN=LDAPBindUsername,OU=Generic IDs,DC=ABC,DC=DEF,DC=com"
AuthLDAPBindPassword BindUserPassword
Require valid-user
</Location>
</IfModule>
-------------
and 2.2.2:
-------------
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
<IfModule mod_authnz_ldap.c>
<Location /test>
AuthType Basic
AuthName "LDAP test"
AuthBasicProvider ldap
AuthLDAPURL
ldap://ad.host.name.com:3268/DC=ABC,DC=DEF,DC=com?sAMAccountName
AuthLDAPBindDN "CN=LDAPBindUsername,OU=Generic IDs,DC=ABC,DC=DEF,DC=com"
AuthLDAPBindPassword BindUserPassword
AuthzLDAPAuthoritative Off
Require valid-user
</Location>
</IfModule>
-------------
thanks again!
it works On 6/19/06, Fenlason, Josh <[EMAIL PROTECTED]> wrote:
Try using port 3268 (or port 3269 for ldaps). It's some stupid thing
with AD global catalog or something like that. I can't remember all the
details, but I think that should solve your problem.
,
Josh.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
