https://bz.apache.org/bugzilla/show_bug.cgi?id=65168
--- Comment #7 from Avi <[email protected]> --- (In reply to Eric Covener from comment #6) > (In reply to Avi from comment #5) > > (In reply to Eric Covener from comment #4) > > > (In reply to Avi from comment #3) > > > > In PHP I try binding using either "dummy" (samAccountName), > > > > "[email protected]" > > > > (userPrincipalName) or "corp\dummy" (netbios\samAccountName) formats, > > > > until > > > > it binds, and it works regardless of the user's displayName attribute > > > > value > > > > (as previously mentioned). > > > > > > > > And the problem with AuthLDAPInitialBindPattern is that in many ADs, the > > > > relevant users might not fit the pattern and will not be able to login, > > > > that's why I removed it at some point because it wasn't working as > > > > expected. > > > > > > > > any thoughts? what does this mean if I want to continue using LDAP to > > > > access my server? > > > > > > > > > httpd can't try multiple derivatives of the name the user types. The only > > > other option you have with httpd is to let the server search for the users > > > distinguished name. > > > > I'm not quite sure what you're suggesting, I couldn't find reference in > > https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html to searching for > > users DN during authentication, only after (during authorization). > > can you maybe give a config example? thanks! > > Sorry I only meant here the default behavior without > AuthLDAPInitialBindAsUser . The server maps usernames to a DN using a > search. Thanks Eric for the answer, appreciated! I'll consider this even though it's not really secure (due to the cleartext password in the configuration) Hopefully there would be a better solution in the near future... -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
