perfect! it worked (2.0.55, 2.2.2 with bundled SUN LDAP SDK, OpenLDAP). thank you so much for the tip! the network trace looks exactly the way it should (no reference record returned by AD). reading up on global catalog does not make it obvious that i should have used it, especially since other apps that rely on AD authentication work fine against port 389, ignoring the references (and we only have one domain). just for the reference, this is my working 2.0.55 config: ------------- LoadModule ldap_module modules/mod_ldap.so LoadModule auth_ldap_module modules/mod_auth_ldap.so <IfModule mod_auth_ldap.c> <Location /test> AuthType Basic AuthName "LDAP test" AuthLDAPURL ldap://ad.host.name.com:3268/DC=ABC,DC=DEF,DC=com?sAMAccountName AuthLDAPBindDN "CN=LDAPBindUsername,OU=Generic IDs,DC=ABC,DC=DEF,DC=com" AuthLDAPBindPassword BindUserPassword Require valid-user </Location> </IfModule> ------------- and 2.2.2: ------------- LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so <IfModule mod_authnz_ldap.c> <Location /test> AuthType Basic AuthName "LDAP test" AuthBasicProvider ldap AuthLDAPURL ldap://ad.host.name.com:3268/DC=ABC,DC=DEF,DC=com?sAMAccountName AuthLDAPBindDN "CN=LDAPBindUsername,OU=Generic IDs,DC=ABC,DC=DEF,DC=com" AuthLDAPBindPassword BindUserPassword AuthzLDAPAuthoritative Off Require valid-user </Location> </IfModule> ------------- thanks again! it works On 6/19/06, Fenlason, Josh <jfenlason@xxxxxxx> wrote:
Try using port 3268 (or port 3269 for ldaps). It's some stupid thing with AD global catalog or something like that. I can't remember all the details, but I think that should solve your problem. , Josh.
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx