On Thu, Mar 18, 2010 at 1:25 PM, <phiroc@xxxxxxx> wrote: > Hi, > > when I use the following AuthLDAPURL > > "ldap://adserver/ou=city1,dc=abc,dc=com?sAMAccountName?sub?(&(objectClass=user)(!(objectClass=computer)))" NONE > > I can authenticate any user in "ou" city1. > > If I replace the AuthLDPAURL by > > "ldap://adserver/dc=abc,dc=com?sAMAccountName?sub?(&(objectClass=user)(!(objectClass=computer)))" NONE > > I get an Apache 2.2 internal error and in the error log the following message: > > [debug] mod_authnz_ldap.c(379): [client xxxx] [8655] auth_ldap authenticate: using URL ldap://adserver/dc=abc,dc=com?sAMAccountName?sub?(&(objectClass=user)(!(objectClass=computer))) > [info] [client xxxx] [8655] auth_ldap authenticate: user myusername authentication failed; URI /test/ [ldap_search_ext_s() for user failed][Operations error] > > When I do ldapsearch ... -b 'dc=abc,dc=com' '(&(objectClass=user)(!(objectClass=computer))(samaccountname=myusername)', the Active Directory server returns data, which seems to imply that there's something wrong with the mod_authnz_ldap module, or with the way I set it up or use it. Can you look at the differences on the wire via e.g. wireshark? This should make the difference in the search pretty easy to spot. -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|