I made some progress: after reading this post: http://tinyurl.com/rzjzf i have changed my config from AuthLDAPURL ldap://ad.host.name.com:389/DC=XYZ,DC=ABC,DC=com?sAMAccountName?sub?(objectClass=*) to AuthLDAPURL ldap://ad.host.name.com:389/OU=BLAH2,DC=XYZ,DC=ABC,DC=com?sAMAccountName?sub?(objectClass=*) and that worked, confirming the theory that apache's ldap gets confused when encountering LDAP search result reference in the LDAP response from the initial search (see http://rafb.net/paste/results/9Duquf89.html). once OU has been provided, apache's LDAP works fine, since reference is not returned anymore. however this is not an option for me, since in my case OU=BLAH* is actually referring to different campuses in multiple cities, so there is no single all-encompassing entity underneath the root of the AD that includes all the users. fiddling with AuthLDAPDereferenceAliases (setting it to all available options) did not make any difference. this behavior has been confirmed in 2.0.55 and 2.2.2 using openldap 2.3.21. any suggestions on making it work while binding to the root of the tree? thank you --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|