Hi
Im currently running Apache 2.2 and have loaded Mod_authnz_ldap module to authenticate users against a microsoft active directory. I can succesfully bind to the LDAP server and authenticate a user as long as i specify a specific OU
i.e if my AuthLDAPURL directive says
AuthLDAPURL ldap://ms-m-dc:389/OU=Region1,DC=ZA,DC=Company,DC=net?sAMAccountName?sub?(objectClass=user)
But if i try
AuthLDAPURL ldap://ms-m-dc:389/DC=ZA,DC=Company,DC=net?sAMAccountName?sub?(objectClass=user)
and search from the root i cant authenticate users and get the following error:
[Thu Sep 07 14:14:33 2006] [warn] [client 10.0.8.254] [480] auth_ldap authenticate: user testuser authentication failed; URI /bin/configure [ldap_search_ext_s() for user failed][Operations Error]
[Thu Sep 07 14:14:53 2006] [warn] [client 10.4.126.7] [480] auth_ldap authenticate: user testuser authentication failed; URI /bin/view/web [ldap_search_ext_s() for user failed][Operations Error]
Is this an issue with MS implementation of LDAP and the way it returns the results to Apache? or is it Apache? Or am i missing some config? I have read up on the mod and havent found any directives that can assist with this. I have also included a copy of my config related to Ldap Below.
The issue is we do not have all our users stored in the same OU, users are split according to region. Is there any way to add Multiple AuthLDAPURL directives? i have tried adding more but it just treats the last directive as the correct one and ignores anything prior to that. Are there any work arounds to make this work? Your help would be appreciated.
---Config---
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthType Basic
AuthName "Please Enter Your Network Username/Password"
AuthLDAPBindDN "CN=Your Name,OU=Users,OU=People,OU=Region1,DC=ZA,DC=Company,DC=net"
AuthLDAPBindPassword mypass
AuthLDAPURL ldap://ms-m-dc:389/OU=Region1,DC=ZA,DC=Company,DC=net?sAMAccountName?sub?(objectClass=user)
AuthLDAPGroupAttribute department
AuthLDAPGroupAttributeIsDN off
# AuthLDAPRemoteUserIsDN on
require valid-user
---end---
Thanks
