> -----Original Message-----
> From: Davide Bianchi [mailto:dav...@walterisookeensufferukker.nl]
> Sent: Thursday, February 26, 2009 6:51 AM
> To: users@httpd.apache.org
> Subject: Re: [us...@httpd] Confused about LDAP authentication with Active
> Directory
>
> Ed Avis wrote:
> > <http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html> imply that
> > Apache connects to the LDAP server using a fixed username and
> > password, and then merely queries the existence of an object in the
> > directory that matches the username. If so how does it check the
> > password supplied by the user?
>
> The problem is that in order to check the password, you need to 'bind'
> to the AD server using the correct DN, in order to find the DN you need
> to query the AD server with the username. But AD doesn't allow you to
> query it without first binding.
>
> So you need to bind in order to query, but you need to query to bind. Is
> a sort-of catch-22 situation. Hence the need for a fixed
> username/password to do the first query.
>
> Davide
While this is true for 100% compliant LDAP servers, MS has "embraced and
extended"
what ActiveDirectory will accept for the user's DN... by "allowing" a Windows
NT
style login in the place of the DN.
The Windows NT style login is in this format:
Domain\username
Where Domain is the ActiveDirectory Domain, and the username is the
ActiveDirectory
samAccountName.
-tony
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
