Also try this, on a Windows 2003 box use the dsquery command and issue the following. ( as the same account you are using to do the Authentication) dsquery * CN=Users,DC=Your_Account_Domain,DC=Your_Parent_Domain,DC=COM you should get a dump of the first 1000 users in the Users container. If you get this then you done an Authenticated LDAP query to AD and dumped accounts. You can also use the same LDAP Construct in the Custom Searches within Windows 2003 ADUC to see if this will also give you the information you are looking for. Also note that your developer might need to page his queries, because AD is only going to return the first 1000, of you get an error 4 that is a indicative of a paging issue with the query. HTH, Z
Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I,M.E,CCA,Network+, Security + email:[EMAIL PROTECTED] cell:401-639-3505 ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Friday, January 19, 2007 10:33 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Apache LDAP authentication oddity So you're describing searching for something and talking about authentication. Which is it? Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: Friday, January 19, 2007 10:19 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: Apache LDAP authentication oddity We have an application that is using an Apache server to do LDAP authentications against our active directory. (Yeah, I know; if only I were king! LOL!) The application developer tells me that if he tries doing an auth against our root base (dc=yyy,dc=zzz), the auth fails. If he uses a search base of "ou=xxx,dc=yyy,dc=zzz", the auth works. The user account that is being tested is some OU levels below this. He is coding a subtree scope and he is filtering on (objectclass=user and objectcategory=person). It's like Apache needs to start at an OU structure. I couldn't find much on Google about this other than someone else was having the same issue last Fall and just gave up in frustration. The Apache documentation I could find seemed to indicate that a search of "dc=yyy,dc=zzz" SHOULD work. Any thoughts/pointers are appreciated! Thanks! Mike Thommes
