>I have had two problems using an MS exchange server :) to autheticate. >The first is that ldap queries allways return a dn with and extra cn attribute >as as below: >cn=qzlg4d,cn=Recipients,ou=EXNZ01,o=ABC >but when you try and bind with the same dn it fails unless you remove the >cn=Recipients. Now I do not know anything about Exchange or the way it is set >up but I created a patch to blank this out which I guess cannot be put in to >httpd_ldap but I include it anyway.
On the iSeries, we had the opposite problem dealing with LDAP servers using MS Exchange. The search would return cn=Recipients,ou=EXNZ01,o=ABC, for example, but we could not bind to the LDAP server to authenticate using this DN. The exchange server required a Domain Name to be appended to the DN in order to authenticate. To get our customer working again, we ended up adding a directive for them to specify the Domain Name that had to be added to the DN. If this was set, we would then build the value that Exchange would accept. Since we've had a few customers who have used this feature, I'm tending to agree that it is a configuration problem on the LDAP server - that they have the configuration backwards, or that the Exchange server was changed to no longer need the prepended Domain Name, and the LDAP entries were not updated correspondingly to remove this from the DN. Marion Pitts [EMAIL PROTECTED]
