I'm having trouble with LDAP authentication in Apache 2.2. Here's the excerpt from httpd.conf
<Location /folder>
AuthType Basic
AuthName "Project"
AuthBasicProvider ldap
AuthLDAPBindDN "user@domain"
AuthLDAPBindPassword "my_password"
AuthLDAPURL "ldap://my_domain_controller/?samAccountName?sub?(objectClass=user)"
Require valid-user
</Location>
I keep getting "ldap_search_ext_s() for user failed" in error.log. I tried using my quoted DN as AuthLDAPBindDN but results were the same. What could be the problem?
Best Answer
When I had this problem, it was apparently because Active Directory was returning referrals, and the openldap libraries couldn't cope. Two different solutions work for me; I prefer the second. First solution: in /etc/openldap/ldap.conf put the line
That, of course, assumes you're using the openldap libraries; I don't have recent experience with any others.
Second solution: the Active Directory Global Catalog service does not generate referrals, so point your ldap at its port instead of the normal port (of course, you'll need to be talking to a Global Catalog server; to find them look at the output of "dig -t srv _gc._tcp.domain", where "domain" is your domain). The port for the global catalog is 3268, so