|
We’re having trouble getting Apache LDAP authentication
on Fedora to work against Active Directory. <Location /repos2> AuthType Basic AuthName "SVN Repository" AuthBasicProvider ldap AuthLDAPBindDN "cn=zzzzzz,ou=zzzzz,dc=zzz,dc=troux,dc=com" AuthLDAPBindPassword ******** AuthLDAPURL "ldap://ldap.troux.com/dc=zzz,dc=troux,dc=com?samAccountName?sub?(&(objectCategory=Person)(objectClass=User)(memberOf=CN=Development,
OU=Distribution Groups,DC=zzz,DC=troux,DC=com))" AuthzLDAPAuthoritative off Require valid-user </Location> With the above (somewhat redacted) data as arguments
to ldapsearch we get the expected results, a list of all user objects that are
members of the Development distribution group. These user objects may come
from several different subtrees in A/D. When we try to use this configuration with Apache
however, we get an “Operations Failure” response. I captured the port 389 traffic and examined it, and
we see that the Base DN actually transmitted is CN=Configuration,dc=zzz,dc=troux,dc=com If we change the base DN to CN=Users,dc=zzz,dc=troux,dc=com The query works, but we want to search starting one
level higher in the directory. Why is Apache adding CN=Configuration to the BaseDN?
Is there a way to force it to use the BaseDN we specify? IMPORTANT NOTICE: |
|