Great! That´s it! I´ve tried to use a user called "admin" that exists in the LDAP server.
So, to make the test, I´ve created a crazy username and put it into the flat file, and it works! The Apache tries to consult the flat file only if it doesn´t find the user in the LDAP server. Now, another problem (sorry for boring you). Instead of use a flat file as a second option, I want to use a database. So, I´ve installed the Apache::DBI module and tried to use the Apache::AuthDBI to authenticate in a MySQL database. Now the problem is that Apache only try to use the Apache::AuthDBI module. It doesn´t looking for in the LDAP server any more. Any idea? Maybe I shoud try to use the mod_authn_dbd instead of Apache::AuthDBI? What do you think? Thank you again. Rodney. On Tue, Oct 21, 2008 at 6:09 PM, Eric Covener <[EMAIL PROTECTED]> wrote: > On Tue, Oct 21, 2008 at 1:43 PM, André Warnier <[EMAIL PROTECTED]> wrote: > > Eric Covener wrote: > >> > >> On port 389, MSAD might send you on a lengthy wild goose-chase of LDAP > >> referrals. > >> > > Eric, can you elaborate a bit on that, or direct me/us to some additional > > information ? > > This is not directly related to the OP's issue, but I'm doing a lot of > AAA > > related stuff these days, and like to learn these things. > > > LDAP has a notion of referrals, like HTTP redirects. When you have a > complicated AD domain, you might talk to what you think of as the > master AD server, but it may send you to go ask other servers (dept. > x, dept y, AD servers from some remote site, recent acquisitions, > etc). I don't know if it is misconfiguration, but I've seen some > where conceptually none of the referrals seem to be needed based on > the user you're looking up (and may take you across some slow links) > > When you use that high port, you're talking to the "global catalog" > where all info across the "forest" is aggregated on one LDAP server > and you just get a regular/direct result if you query or try to login. > If you use unusual data for authz, i believe you have to tell it what > > MS also has a tool called ADAM (AD Application Mode) that frontends AD > for traditional LDAP applications: > http://www.microsoft.com/windowsserver2003/adam/default.mspx > > > -- > Eric Covener > [EMAIL PROTECTED] > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server > Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
