Re: LDAP authentication against an Active Directory server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, May 19, 2008 at 7:14 PM, David Dyer-Bennet
<David.Dyer-Bennet@xxxxxxxxxxxxxxxxxxxx> wrote:

>
> Then I see *another* search for the same user record, which fails with
> an error saying a bind must be done first ("errorMessage: 00000000:
> LdapErr: DSID-0C090627, comment: In order to perform this operation a
> successful bind must be completed on the connection., data 0, vece").


When you point a regular LDAP client at AD, it sees a bunch of noisy
referrals. Many LDAP clients won't just volunteer to pass on the
credentials you specified for the initial search onto these referrals,
for good reason.

MS provides a daemon called Active Directory Application Mode (ADAM)
that flattens the entire LDAP topology into a single server, for use
by traditional clients. The other alternative is to point Apache at
the "global catalog" port on the AD system -- this also avoids the
referrals.

http://www.microsoft.com/downloads/details.aspx?familyid=9688f8b9-1034-4ef6-a3e5-2a2a57b5c8e4&displaylang=en
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbc_nar_bsad.mspx?mfr=true

-- 
Eric Covener
covener@xxxxxxxxx

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux