Finally got around to working on this again. I found the solution via trial and error. Once I found the solution it seemed so simple but I couldn't find the answer on the web.
I needed to define the searchbase instead of using the '>'. Once I did this everything worked as expected. Instead of doing the full search base of the domain(s), I left off the first part of the search base. The 2 domains for below were xx.xxx.com yy.xxx.com. The below AUTHLDAP statement now worked for both domains. ... AuthLDAPURL ldap://xxx.xxx.xxx.xxx:3268/DC=xxx,DC=com?userPrincipalName?sub ... Hope this helps anyone who was having the same problem. Thanks, Keith. ________________________________________ From: Keith O'Brien [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 06, 2007 11:14 AM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] authnz with multiple AD domains and Global Catalog I am trying to get authnz to work with multiple domains via the global catalog. There is documentation on this under the 2.3 docs on apache. ( http://httpd.apache.org/docs/trunk/mod/mod_authnz_ldap.html ). There are reports of other people getting this to work. I built the latest version of apache2 2.2.4. Below is the working authnz config and the one that does not work with the global catalog and multiply AD domains. The error I get is: [ldap_search_ext_s() for user failed][Invalid DN syntax] ### Working ### This searches only one Domain <Location /test2> AuthType Basic AuthBasicProvider ldap AuthName "Require Valid User" AuthBasicAuthoritative On AuthzLDAPAuthoritative off AuthLDAPBindDN [EMAIL PROTECTED] AuthLDAPBindPassword 'xxxxxxxx' AuthLDAPURL ldap://10.xxx.xxx.xxx:389/OU=Systems,DC=xx,DC=xxx,DC=com?sAMAccountName?sub require valid-user DAV svn SVNPath /usr/local/svn/test2 SVNAutoversioning on </Location> ### NOT WORKING ### <Location /test1> AuthType Basic AuthBasicProvider ldap AuthName "Require Valid User" AuthBasicAuthoritative On AuthzLDAPAuthoritative off AuthLDAPBindDN [EMAIL PROTECTED] AuthLDAPBindPassword 'xxxxxxx' # THe below one works using the global catalog but only searchs one domain #AuthLDAPURL ldap://10.xxx.xxx.xxx:3268/OU=Systems,DC=xx,DC=xxx,DC=com?sAMAccountName?sub # The below one does not work AuthLDAPURL ldap://10.xxx.xxx.xxx:3268/>userPrincipalName?sub require valid-user DAV svn SVNPath /usr/local/svn/test1 SVNAutoversioning on </Location> Thanks for any light someone can shed on the issue. Keith O'Brien Sr. Unix Administrator Phone 212-946-4225 Fax 212-946-4010 [EMAIL PROTECTED] R/GA 350 West 39th Street New York, NY 10018 www.rga.com This message is the property of R/GA and contains information which may be privileged or confidential. It is meant only for the intended recipients and/or their authorized agents. If you believe you have received this message in error, please notify us immediately by return e-mail or by forwarding this message to [EMAIL PROTECTED], and destroy any printed or electronic copies of the message. Any unauthorized use, dissemination, disclosure, or copying of this message or the information contained in it, is strictly prohibited and may be unlawful. Thank you. This message is the property of R/GA and contains information which may be privileged or confidential. It is meant only for the intended recipients and/or their authorized agents. If you believe you have received this message in error, please notify us immediately by return e-mail or by forwarding this message to [EMAIL PROTECTED], and destroy any printed or electronic copies of the message. Any unauthorized use, dissemination, disclosure, or copying of this message or the information contained in it, is strictly prohibited and may be unlawful. Thank you. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
