On Mon, Jan 25, 2010 at 8:44 PM, Eric Covener <[email protected]> wrote: > On Mon, Jan 25, 2010 at 7:00 AM, Lars Kruse <[email protected]> wrote: > >> This new behaviour covers the two use cases described above (even though I >> did >> not check it in an Active Directory setup). > > Patch is nice and simple, but it would be great if someone with AD > leanings could confirm that this combination of HTTP username, > attribute, and basedn is likely to result in something that can bind > in a typical AD install. >
I've been working with LDAP and AD for a while now, and, AFAIK, there are only two ways to bind to a Directory Server: 1. User's BindDN, and 2. User Principle Name I don't believe the proposed method is portable to AD. In addition, the modifications to the binddn are in the 'sec' variable which is an authn_ldap_config_t structure created for the module and not for the _request_. Regards, Ryan
