On Tue, 19 Dec 2006, Dan Nawrocki wrote: > <Directory /> > SSLOptions +StdEnvVars > Options FollowSymLinks > AllowOverride None > > AuthType Basic > AuthBasicProvider ldap > AuthName "auth me!" > AuthLDAPBindDN "bind_username" > AuthLDAPBindPassword bind_password > AuthLDAPURL ldap://host:389/dn?sAMAccountName > > Require valid-user > </Directory> > > I'm getting two types of errors, depending on which username and > password I provide: > > auth_ldap_authenticate: user xxx authentication failed ... > [ldap_simple_bind_s() to check user credentials failed][Invalid > credentials] > > auth_ldap_authenticate: user yyy authentication failed ... [User not > found][No such object] > > > Thanks, > Dan Nawrocki > > If the initial bind is working then it's probably your LDAP search criteria which depends on how your AD is layed out. This is what I use (I use the AD global catalog (GC)): AuthLDAPURL "ldap://ad.nos.com:3268/OU=Accounts,DC=nos,DC=com?sAMAccountName?sub?(objectClass=*)" You probably also need: AuthzLDAPAuthoritative Off ---------------------------------------- "Mon aéroglisseur est plein d'anguilles" John P. Dodge Boeing Shared Services --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx