I don't know if this will help. But my experience when I first jumped into LDAP for authentication may be similar to yours.
In order to get around a problem with the Java NT security object, if a user belongs to groups whose total characters of all names exceeds 512. I built a LDAP solution to get the groups. Being my first attempt at using LDAP, I ran into a lot of trouble like yours. It seemed to be that the user and permission I had did not have permission to return intermediary nodes from the LDAP tree. So, I couldn't just start at the top and work my way down to the user step by step, because many of those steps would return errors like you are seeing. I had to get the full tree path to the data I needed and had permission to. Clear is mud? -------------- Ian Skinner Web Programmer BloodSource www.BloodSource.org Sacramento, CA "C code. C code run. Run code run. Please!" - Cynthia Dunning Confidentiality Notice: This message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender and delete any copies of this message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:192120 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
