I am trying to get authnz to work with multiple domains via the global catalog. There is documentation on this under the 2.3 docs on apache. ( http://httpd.apache.org/docs/trunk/mod/mod_authnz_ldap.html ). There are reports of other people getting this to work.
I built the latest version of apache2 2.2.4. Below is the working authnz config and the one that does not work with the global catalog and multiply AD domains. The error I get is: [ldap_search_ext_s() for user failed][Invalid DN syntax] ### Working ### This searches only one Domain <Location /test2> AuthType Basic AuthBasicProvider ldap AuthName "Require Valid User" AuthBasicAuthoritative On AuthzLDAPAuthoritative off AuthLDAPBindDN [EMAIL PROTECTED] AuthLDAPBindPassword 'xxxxxxxx' AuthLDAPURL ldap://10.xxx.xxx.xxx:389/OU=Systems,DC=xx,DC=xxx,DC=com?sAMAccountName? sub require valid-user DAV svn SVNPath /usr/local/svn/test2 SVNAutoversioning on </Location> ### NOT WORKING ### <Location /test1> AuthType Basic AuthBasicProvider ldap AuthName "Require Valid User" AuthBasicAuthoritative On AuthzLDAPAuthoritative off AuthLDAPBindDN [EMAIL PROTECTED] AuthLDAPBindPassword 'xxxxxxx' # THe below one works using the global catalog but only searchs one domain #AuthLDAPURL ldap://10.xxx.xxx.xxx:3268/OU=Systems,DC=xx,DC=xxx,DC=com?sAMAccountName ?sub # The below one does not work AuthLDAPURL ldap://10.xxx.xxx.xxx:3268/>userPrincipalName?sub <ldap://10.xxx.xxx.xxx:3268/%3EuserPrincipalName?sub> require valid-user DAV svn SVNPath /usr/local/svn/test1 SVNAutoversioning on </Location> Thanks for any light someone can shed on the issue. Keith O'Brien Sr. Unix Administrator Phone 212-946-4225 Fax 212-946-4010 [EMAIL PROTECTED] R/GA 350 West 39th Street New York, NY 10018 www.rga.com This message is the property of R/GA and contains information which may be privileged or confidential. It is meant only for the intended recipients and/or their authorized agents. If you believe you have received this message in error, please notify us immediately by return e-mail or by forwarding this message to [EMAIL PROTECTED], and destroy any printed or electronic copies of the message. Any unauthorized use, dissemination, disclosure, or copying of this message or the information contained in it, is strictly prohibited and may be unlawful. Thank you.
