httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: [users@httpd] mod_authnz_ldap module and Microsoft AD LDAP Server
Date Tue, 21 Oct 2008 22:58:04 GMT
That info might very well save me a couple of days of scratching my head 
some time soon.


Eric Covener wrote:
> On Tue, Oct 21, 2008 at 1:43 PM, André Warnier <> wrote:
>> Eric Covener wrote:
>>> On port 389, MSAD might send you on a lengthy wild goose-chase of LDAP
>>> referrals.
>> Eric, can you elaborate a bit on that, or direct me/us to some additional
>> information ?
>> This is not directly related to the OP's issue, but I'm doing a lot of AAA
>> related stuff these days, and like to learn these things.
> LDAP has a notion of referrals, like HTTP redirects.  When you have a
> complicated AD domain, you might talk to what you think of as the
> master AD server, but it may send you to go ask other servers (dept.
> x, dept y,  AD servers from some remote site, recent acquisitions,
> etc).  I don't know if it is misconfiguration, but I've seen some
> where conceptually none of the referrals seem to be needed based on
> the user you're looking up (and may take you across some slow links)
> When you use that high port, you're talking to the "global catalog"
> where all info across the "forest" is aggregated on one LDAP server
> and you just get a regular/direct result if you query or try to login.
> If you use unusual data for authz, i believe you have to tell it what
> MS also has a tool called ADAM (AD Application Mode) that frontends AD
> for traditional LDAP applications:

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message