On Mon, May 19, 2008 at 7:14 PM, David Dyer-Bennet
<[EMAIL PROTECTED]> wrote:
>
> Then I see *another* search for the same user record, which fails with
> an error saying a bind must be done first ("errorMessage: 00000000:
> LdapErr: DSID-0C090627, comment: In order to perform this operation a
> successful bind must be completed on the connection., data 0, vece").
When you point a regular LDAP client at AD, it sees a bunch of noisy
referrals. Many LDAP clients won't just volunteer to pass on the
credentials you specified for the initial search onto these referrals,
for good reason.
MS provides a daemon called Active Directory Application Mode (ADAM)
that flattens the entire LDAP topology into a single server, for use
by traditional clients. The other alternative is to point Apache at
the "global catalog" port on the AD system -- this also avoids the
referrals.
http://www.microsoft.com/downloads/details.aspx?familyid=9688f8b9-1034-4ef6-a3e5-2a2a57b5c8e4&displaylang=en
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbc_nar_bsad.mspx?mfr=true
--
Eric Covener
[EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
