We're having trouble getting Apache LDAP authentication on Fedora to work against Active Directory.
<Location /repos2> AuthType Basic AuthName "SVN Repository" AuthBasicProvider ldap AuthLDAPBindDN "cn=zzzzzz,ou=zzzzz,dc=zzz,dc=troux,dc=com" AuthLDAPBindPassword ******** AuthLDAPURL "ldap://ldap.troux.com/dc=zzz,dc=troux,dc=com?samAccountName?sub?(&(obje ctCategory=Person)(objectClass=User)(memberOf=CN=Development, OU=Distribution Groups,DC=zzz,DC=troux,DC=com))" AuthzLDAPAuthoritative off Require valid-user </Location> With the above (somewhat redacted) data as arguments to ldapsearch we get the expected results, a list of all user objects that are members of the Development distribution group. These user objects may come from several different subtrees in A/D. When we try to use this configuration with Apache however, we get an "Operations Failure" response. I captured the port 389 traffic and examined it, and we see that the Base DN actually transmitted is CN=Configuration,dc=zzz,dc=troux,dc=com If we change the base DN to CN=Users,dc=zzz,dc=troux,dc=com The query works, but we want to search starting one level higher in the directory. Why is Apache adding CN=Configuration to the BaseDN? Is there a way to force it to use the BaseDN we specify? IMPORTANT NOTICE: This message may contain confidential information. If you have received this e-mail in error, do not use, copy or distribute it. Do not open any attachments. Delete it immediately from your system and notify the sender promptly by e-mail that you have done so. Thank you.