I think that I have found the solution to my problem :-D > When I give the following: > AuthLDAPURL ldap://servername.com/dc=bk,dc=evdad,dc=admin,dc=ch?name?sub?(objectClass=us er) > > I receive the following error in apache error log: > [warn] [client 131.102.223.000] [24779] auth_ldap authenticate: user > isceco-eruf authentication failed; URI /svn/pspmgmt [LDAP:ldap_simple_bind_s() failed][Can't contact LDAP server] In this case, ADS returns me a referrals to another "domain controller". The client tries to connect anonymously to the "domain controller" and it gives me this error. A solution is to set LDAP_OPT_REFERRALS to LDAP_OPT_OFF before to perform the bind. But it means a modification of the code of the module mod_auth_ldap. The second solution, which is better in my case, is to connect to the "global catalog" of ADS, which is a read-only partial replica of the directory. We can access the global catalog at the port 3268. When I give the following parameter: AuthLDAPURL ldap://servername.com:3268/dc=bk,dc=evdad,dc=admin,dc=ch?name?sub?(objectCla ss=user) I can perform my search without error. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|