On Wed, Apr 23, 2008 at 3:05 PM, Harry Holt <[EMAIL PROTECTED]> wrote:
> Well... that was my assumption. But looking at the trace, it is in fact > performing an anonymous search before attempting the bind. Maybe it's > possible to specify a fully qualified DN and avoid the search, I don't know. That is the reason why I'm using a custom perl module in stead of the standard ldap modules. Our AD servers don't alloiw anonymous binds, and our password policy requires a password change every 6 weeks... These two things together made using mod_authz_ldap impractical. And the anonymous bind and ldap search is actually not needed when using an MS AD server. A little know feature of MS AD is that you can bind using "[EMAIL PROTECTED]" as username. You can just test if a bind using this user, and the password supplied by the user is successfull. That is what the perl module I use does. (The modules is Apache2::AuthenMSAD) Krist -- [EMAIL PROTECTED] [EMAIL PROTECTED] Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
