Our LDAP Active Directory tree looks like this: DC=mycompany,DC=COM
-OU=Accounts -OU=Usernames -OU=Finance&Administration -OU=Generic accounts -OU=Security -.... -DC=sng,DC=mycompany,DC=com -OU=Singapore Users -DC=uk,DC=mycompany,DC=com -OU=Accounts -OU=Users If I use the following configuration, everything works, except I am not able to authenticate UK and SNG users because the base of the search does not include UK ans SNG domains. AuthBasicProvider ldap AuthLDAPURL "ldap:// nydomain04.mycompany.com/OU=Accounts,DC=mycompany,DC=com?sAMAccountName?sub?(objectClass=*) " AuthLDAPBindDN "CN=ldap connector,OU=Generic accounts,OU=Accounts,DC=mycompany,DC=com" AuthLDAPBindPassword ****** AuthType Basic AuthName "mycompany Domain" Require ldap-group CN=JMX_Security, OU=Security, OU=Usernames, OU=Accounts, DC=mycompany,DC=com [Wed Nov 26 22:24:36 2008] [debug] mod_authnz_ldap.c(373): [client 192.168.2.75] [3718] auth_ldap authenticate: using URL ldap:// nydomain04.mycompany.com/OU=Accounts,DC=mycompany,DC=com?sAMAccountName?sub?(objectClass=*) [Wed Nov 26 22:24:36 2008] [debug] mod_authnz_ldap.c(454): [client 192.168.2.75] [3718] auth_ldap authenticate: accepting testuser [Wed Nov 26 22:24:36 2008] [debug] mod_authnz_ldap.c(691): [client 192.168.2.75] [3718] auth_ldap authorise: require group: testing for group membership in "CN=JMX_Security, OU=Security, OU=Usernames, OU=Accounts, DC=mycompany,DC=com" [Wed Nov 26 22:24:36 2008] [debug] mod_authnz_ldap.c(697): [client 192.168.2.75] [3718] auth_ldap authorise: require group: testing for member: CN=Test User,OU=Finance&Administration,OU=Usernames,OU=Accounts,DC=mycompany,DC=com (CN=JMX_Security, OU=Security, OU=Usernames, OU=Accounts, DC=mycompany,DC=com) [Wed Nov 26 22:24:36 2008] [debug] mod_authnz_ldap.c(706): [client 192.168.2.75] [3718] auth_ldap authorise: require group: authorisation successful (attribute member) [Comparison true (adding to cache)][Compare True] However, if I use the following configuration (point to the base of AD tree), mod_authnz_ldap.c produces a seg fault. AuthBasicProvider ldap AuthLDAPURL "ldap:// nydomain04.mycompany.com/DC=mycompany,DC=com?sAMAccountName?sub?(objectClass=*)" AuthLDAPBindDN "CN=ldap connector,OU=Generic accounts,OU=Accounts,DC=mycompany,DC=com" AuthLDAPBindPassword ****** AuthType Basic AuthName "mycompany Domain" Require ldap-group CN=JMX_Security, OU=Security, OU=Usernames, OU=Accounts, DC=mycompany,DC=com [Wed Nov 26 20:24:31 2008] [debug] mod_authnz_ldap.c(373): [client 192.168.2.75] [3110] auth_ldap authenticate: using URL ldap:// nydomain04.mycompany.com/DC=mycompany,DC=com?sAMAccountName?sub?(objectClass=*) [Wed Nov 26 20:24:42 2008] [notice] child pid 3110 exit signal Segmentation fault (11) # rpm -qi httpd Name : httpd Relocations: (not relocatable) Version : 2.2.3 Vendor: CentOS Release : 11.el5_2.centos.4 Build Date: Wed 12 Nov 2008 10:44:43 AM EST Install Date: Fri 14 Nov 2008 07:42:56 AM EST Build Host: builder16.centos.org Group : System Environment/Daemons Source RPM: httpd-2.2.3-11.el5_2.centos.4.src.rpm Size : 2899288 License: Apache Software License Signature : DSA/SHA1, Wed 12 Nov 2008 05:54:31 PM EST, Key IDa8a447dce8562897 URL : http://httpd.apache.org/ Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, efficient, and extensible web server. Is there a way to make mod_authnz_ldap to search across 3 LDAP branches where the user information is stored?
