Aaron,
Jeremy was merely restating the same thing he stated before with a
different top-level OU. The results do not reflect what you are looking
for.
----
What Aaron [and I] are looking for is a way to specify the AD DC and not
have to specify an OU:
ldap[s]://dc1.example.com/
Maybe it's time to write a patch.
Thanks,
--
Joshua M. Miller, RHCE
Bliss, Aaron wrote:
Still no good for me...I'm not sure if our domain is configured
differently than yours that would cause the recursive query to fail....
Aaron
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Gaddis, Jeremy L.
Sent: Tuesday, February 27, 2007 10:19 AM
To: General Red Hat Linux discussion list
Subject: Re: Searching child OU's for authentication
On Tue, 27 Feb 2007, Josh Miller wrote:
The example does not accomplish what the OP describes, as it is
limited to
the Users OU. The goal here is to be able to point the Apache config
at a
Domain Controller and have it search ALL OUs and right now there is a
seeming
limitation on a single top-level OU -- although any user object within
that
top-level OU will work.
I changed the coniguration I posted slightly from the "real"
configuration. In our Active Directory structure, we have an OU at
the root-level called "Acad", therefore:
AuthLDAPURL
ldap://my.domain.edu:389/cn=Acad,DC=domain,DC=edu?sAMAccountName?sub?(ob
jectclass=*)
With this, we're able to authenticate any user "under" the Acad OU.
There are no user objects actually *in* the Acad OU, but there a few
OUs under that where user objects reside.
I suppose I am not "searching all OUs" as I limit the searches to
anything the top-level Acad OU.
HTH,
-j
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
