On Mon, May 19, 2008 at 7:14 PM, David Dyer-Bennet <David.Dyer-Bennet@xxxxxxxxxxxxxxxxxxxx> wrote: > > Then I see *another* search for the same user record, which fails with > an error saying a bind must be done first ("errorMessage: 00000000: > LdapErr: DSID-0C090627, comment: In order to perform this operation a > successful bind must be completed on the connection., data 0, vece"). When you point a regular LDAP client at AD, it sees a bunch of noisy referrals. Many LDAP clients won't just volunteer to pass on the credentials you specified for the initial search onto these referrals, for good reason. MS provides a daemon called Active Directory Application Mode (ADAM) that flattens the entire LDAP topology into a single server, for use by traditional clients. The other alternative is to point Apache at the "global catalog" port on the AD system -- this also avoids the referrals. http://www.microsoft.com/downloads/details.aspx?familyid=9688f8b9-1034-4ef6-a3e5-2a2a57b5c8e4&displaylang=en http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbc_nar_bsad.mspx?mfr=true -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx