Eric Covener [mailto:covener@xxxxxxxxx] wrote: > On Mon, May 19, 2008 at 7:14 PM, David Dyer-Bennet > <David.Dyer-Bennet@xxxxxxxxxxxxxxxxxxxx> wrote: > > > > > Then I see *another* search for the same user record, which > > fails with > > an error saying a bind must be done first ("errorMessage: 00000000: > > LdapErr: DSID-0C090627, comment: In order to perform this > > operation a > > successful bind must be completed on the connection., data > > 0, vece"). > > MS provides a daemon called Active Directory Application Mode (ADAM) > that flattens the entire LDAP topology into a single server, for use > by traditional clients. The other alternative is to point Apache at > the "global catalog" port on the AD system -- this also avoids the > referrals. > > http://www.microsoft.com/downloads/details.aspx?familyid=9688f > 8b9-1034-4ef6-a3e5-2a2a57b5c8e4&displaylang=en > http://www.microsoft.com/technet/prodtechnol/windows2000serv/r > eskit/distrib/dsbc_nar_bsad.mspx?mfr=true I tried the second one, the global catalog port, just now, and in a preliminary simple test it worked perfectly for what I'm doing. Since that avoids having to ask the Windows-side support people to install and configure the service, I'm inclined to go with it, unless other problems appear in further testing. Thank you *very* much for your assistance! Adding "global catalog port" to my searches brings up a number of sites that advise using it -- none of which came up without that term in the search, unfortunately for me, or I would have solved this several days ago and without bothering you people. Possibly if I'd recognized the pattern of tcp traffic as representing referrals, searching on that would have gotten me somewhere. Oh well; live and learn! --- The contents of this message and its attachments, if any, are meant for the sole use of the intended recipient and may be confidential, privileged, or otherwise protected from disclosure. If you are not the intended recipient of this message or have received this message in error, please delete it, immediately alert the sender by reply e-mail, and do not read, disclose, distribute, or otherwise use the information contained herein. If this message was misdirected, neither Pine River nor its affiliates waives any confidentiality or privilege. Pine River retains and monitors e-mail communications sent through its network. This e-mail does not constitute or form part of any offer or invitation to sell, or the solicitation of an offer to purchase any investment and is provided for information purposes only. Pine River believes that the information it provides is accurate and complete as at the date of publication, but does not grant any warranty of such and neither Pine River nor its affiliates accepts any liability in respect of errors or omissions. Past performance is not necessarily a guide to future results. --- --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx