Re: [us...@httpd] Confused about LDAP authentication with Active Directory

2009-02-27 Thread Eric Covener
On Fri, Feb 27, 2009 at 9:30 AM, Mark H. Wood wrote: > On Thu, Feb 26, 2009 at 01:59:13PM -0500, Eric Covener wrote: >> In LDAPv3, the bind is optional. > > However, without a non-anonymous bind, ADS will cheerfully accept your > connection and as cheerfully return no information, regardless the >

Re: [us...@httpd] Confused about LDAP authentication with Active Directory

2009-02-27 Thread Mark H. Wood
On Thu, Feb 26, 2009 at 01:59:13PM -0500, Eric Covener wrote: > In LDAPv3, the bind is optional. However, without a non-anonymous bind, ADS will cheerfully accept your connection and as cheerfully return no information, regardless the validity of your query. To actually get results out of ADS you

Re: [us...@httpd] Confused about LDAP authentication with Active Directory

2009-02-26 Thread Peter Schober
* Eric Covener [2009-02-26 20:06]: > In LDAPv3, the bind is optional. OK, I see it in the RFC. But it seems it's not optional in httpd. Also you can't produce searches without binds with e.g. ldapsearch. And it won't make much of a difference to the OP, since an anonymous bind (i.e. not specifiyi

Re: [us...@httpd] Confused about LDAP authentication with Active Directory

2009-02-26 Thread Eric Covener
On Thu, Feb 26, 2009 at 1:42 PM, Peter Schober wrote: > * Davide Bianchi [2009-02-26 19:33]: >> Well, to be picky, an 100% compliant LDAP server doesn't require to >> bind to do a first-level query, so you should be able to get your DN >> without the need for a fixed username/password. > > Making

Re: [us...@httpd] Confused about LDAP authentication with Active Directory

2009-02-26 Thread Peter Schober
* Davide Bianchi [2009-02-26 19:33]: > Well, to be picky, an 100% compliant LDAP server doesn't require to > bind to do a first-level query, so you should be able to get your DN > without the need for a fixed username/password. Making a "query" without a "bind" in one sentence makes no sense to m

Re: [us...@httpd] Confused about LDAP authentication with Active Directory

2009-02-26 Thread Davide Bianchi
Bennett, Tony wrote: > While this is true for 100% compliant LDAP servers, MS has "embraced and > extended" Well, to be picky, an 100% compliant LDAP server doesn't require to bind to do a first-level query, so you should be able to get your DN without the need for a fixed username/password. D

RE: [us...@httpd] Confused about LDAP authentication with Active Directory

2009-02-26 Thread Bennett, Tony
> -Original Message- > From: Davide Bianchi [mailto:dav...@walterisookeensufferukker.nl] > Sent: Thursday, February 26, 2009 6:51 AM > To: users@httpd.apache.org > Subject: Re: [us...@httpd] Confused about LDAP authentication with Active > Directory > >

Re: [us...@httpd] Confused about LDAP authentication with Active Directory

2009-02-26 Thread Davide Bianchi
Ed Avis wrote: > imply that > Apache connects to the LDAP server using a fixed username and > password, and then merely queries the existence of an object in the > directory that matches the username. If so how does it check the > password

[us...@httpd] Confused about LDAP authentication with Active Directory

2009-02-26 Thread Ed Avis
Hi, I have been reading the list archives and searching the web for how to configure Apache to authenticate users using Active Directory but I think I may be missing some obvious points. Hopefully someone can explain what I'm missing. Apache is running on the only Linux machine in a Windows netwo