Hey guys I am running CentOS 5 with httpd 2.2.3 I am trying to configure mod_authnzldap authing against Active Directory and I have it working about 50% of the time. About 50% of the time this works with no issue, the rest of the time it fails. Sometimes it fails and notes the following in the error log: [Mon Oct 22 15:58:03 2007] [debug] mod_authnz_ldap.c(373): [client 10.XXX.XX.XXX] [13379] auth_ldap authenticate: using URL ldap://10.XX.XX.XXX:389/DC=centos,DC=org?sAMAccountName?sub?(objectClass=*) [Mon Oct 22 15:58:03 2007] [warn] [client 10.xxx.xx.xxx] [13379] auth_ldap authenticate: user special authentication failed; URI /logo.gif [ldap_search_ext_s() for user failed][Operations error] Other times it printsthe following, but nothing after that (and CPU usage skyrockets to 100% of a single CPU) [Mon Oct 22 16:08:11 2007] [debug] mod_authnz_ldap.c(373): [client 10.XX.XXX.XX] [13437] auth_ldap authenticate: using URL ldap://10.XX.X.XXX:389/DC=centos,DC=org?sAMAccountName?sub?(objectClass=*) In capturing the packets I see that it binds successfully several times and then tries to authenticate. The AD box returns: LDAPMessage searchResDone(5) operationsError (00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece) [0 results] None of the binds that occur in the capture failed though. (all the bind responses reported success) The appropriate (anonymized) lines from httpd.conf are: <Location /logo.gif> # <--- change path as needed Order allow,deny Allow from all AuthBasicProvider ldap AuthType Basic AuthzLdapAuthoritative off AuthName "BackupPC login" AuthLDAPBindDN ldapb@xxxxxxxxxx AuthLDAPBindPassword myformerlysecretpasswordpostedtoworld AuthLDAPURL "ldap://10.XX.XX.XXX:389/DC=centos,DC=org?sAMAccountName?sub? (objectClass=*)" NONE require valid-user </Location> I have debug turned on. On startup I get: [root@backuppc httpd]# service httpd start Starting httpd: [Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(849): [13375] auth_ldap url parse: `ldap://10.XX.X.XXX:389/DC=centos,DC=org?sAMAccountName?sub?(objectClass=*)' [Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(858): [13375] auth_ldap url parse: Host: 10.XX.XX.XXX:389 [Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(860): [13375] auth_ldap url parse: Port: 389 [Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(862): [13375] auth_ldap url parse: DN: DC=centos,DC=org [Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(864): [13375] auth_ldap url parse: attrib: sAMAccountName [Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(866): [13375] auth_ldap url parse: scope: subtree [Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(871): [13375] auth_ldap url parse: filter: (objectClass=*) [Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(951): LDAP: auth_ldap not using SSL connections [ OK ] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx