Can you summarize how the logging differs in the two releases?
Here are two candidates:
*) mod_ldap: When looking up sub-groups, use an implicit objectClass=*
instead of an explicit cn=* filter. [David Hawes <dhawes vt.edu>]
*) mod_ldap: Change "LDAPReferrals off" to actually set the underlying LDAP
SDK option to OFF, and introduce "LDAPReferrals default" to take the SDK
default, sans rebind authentication callback.
[Jan Kaluza <kaluze AT redhat.com>]
Would you be able to rebuild a patch, or ask your vendor to try
selectively removing some of the recent LDAP changes?
On Tue, Apr 15, 2014 at 3:55 PM, Marshall Httpd
<httpd.questions@xxxxxxxxx> wrote:
> Hi,
>
> Our httpd.exe was recently upgraded from 2.4.6 to 2.4.9. But, when that
> happened, some of our users can no longer authenticate via LDAP. By "some",
> I mean that we have 2 domains. Users from one domain are fine, but users in
> the 2nd domain can no longer authenticate.
>
> E.g. AD\steve can authenticate fine; but DOMAIN\dev.frank now gets
> "authentication failed"
>
> The general error goes something like:
> [authnz_ldap:info] [pid 4844:tid 1040] [client 100.200.300.401:55888]
> AH01695: auth_ldap authenticate: user dev.frank authentication failed; URI
> /svn/databaseProject [User not found][No Such Object]
>
> Has anyone experienced such a thing before? And/or know of the fix?
>
> Full disclosure: httpd.exe was upgraded by way of our CollabNet Subversion
> Edge upgrade. I posed my question there first of course; but this really
> does seem like its a httpd issue. And thus, here I am.
> I captured a great deal of logging information along with configuration
> settings in their forums. It's available here:
> https://subversion.open.collab.net/ds/viewMessage.do?dsForumId=3&dsMessageId=517643
>
>
> Thank you,
> Marshall
--
Eric Covener
covener@xxxxxxxxx
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|