Thanks.
That info might very well save me a couple of days of scratching my head
some time soon.
André
Eric Covener wrote:
On Tue, Oct 21, 2008 at 1:43 PM, André Warnier <[EMAIL PROTECTED]> wrote:
Eric Covener wrote:
On port 389, MSAD might send you on a lengthy wild goose-chase of LDAP
referrals.
Eric, can you elaborate a bit on that, or direct me/us to some additional
information ?
This is not directly related to the OP's issue, but I'm doing a lot of AAA
related stuff these days, and like to learn these things.
LDAP has a notion of referrals, like HTTP redirects. When you have a
complicated AD domain, you might talk to what you think of as the
master AD server, but it may send you to go ask other servers (dept.
x, dept y, AD servers from some remote site, recent acquisitions,
etc). I don't know if it is misconfiguration, but I've seen some
where conceptually none of the referrals seem to be needed based on
the user you're looking up (and may take you across some slow links)
When you use that high port, you're talking to the "global catalog"
where all info across the "forest" is aggregated on one LDAP server
and you just get a regular/direct result if you query or try to login.
If you use unusual data for authz, i believe you have to tell it what
MS also has a tool called ADAM (AD Application Mode) that frontends AD
for traditional LDAP applications:
http://www.microsoft.com/windowsserver2003/adam/default.mspx
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
