> -----Original Message----- > From: Rainer Sokoll [mailto:R.Sokoll@xxxxxxxxxxxx] > Sent: Tuesday, May 02, 2006 4:59 PM > > On Tue, May 02, 2006 at 03:38:12PM -0400, Stewart, Eric wrote: > > > It turns out that the following set up will work - but that you > > might get bitten by what I call an "AD Bug": > > > > <Directory "/data1/webdocs/idriver"> > [...] > > </Directory> > > > > This will work as expected, providing: > [problems] > > I cannot say much about AD and default groups (I am not a windows > admin, fortunataly) but this works fine for me (2.0.58 at this time): > [snip "working" 2.0.x config] Kind of verified - obviously not an Apache or LDAP bug (both are doing exactly what they should for a "normal" LDAP implementation), as I pretty much stated, but an AD bug. Some poor guy using PHP ran into it, and of course Microsoft is saying "Yeah, we know about it, but why should we fix it?": http://bugs.php.net/bug.php?id=25827 http://support.microsoft.com/default.aspx?scid=kb;en-us;275523 http://support.microsoft.com/default.aspx?scid=kb;en-us;321360 Rainer: In your configuration, your letting in any "valid" user. In mine, I'm trying to isolate usage to specific groups. That's where the "bug" pops up. The only workaround I can see so far is, unless you're in one of those rare cases where Default Group is important, is to add the person to a different (possibly "dummy") default group. I know there are other mods out there that do SMB or AD (say, through PAM) authentication - but last I checked, none advertised 2.2.x compatibility. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|