Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by MattWarren: http://wiki.apache.org/httpd/ScratchPad/ModAuthAndActiveDirectory2003 The comment on the change is: typo ------------------------------------------------------------------------------ This issue is listed in [http://issues.apache.org/bugzilla/show_bug.cgi?id=26538 Bug 26538]. A patch has been posted there to allow control of how mod_auth_ldap handles referrals by adding a {{{AuthLDAPFollowReferrals}}} config option. This wiki page is a start at collecting the information threaded from the above bug. It is unclear when or if the referenced patch will be merged into a release. ''Disclaimer: non-expert's explanation'' - The core problem is that if one queries LDAP on AD starting at at top ("root") of the directory tree, the normal process is for the LDAP server to return referrals for the possible sub-tree OU nodes to be searched. The client should then re-query each OU nodes as necessary. Mod_auth_ldap does not follow these referals. + The core problem is that if one queries LDAP on AD starting at top ("root") of the directory tree, the normal process is for the LDAP server to return referrals for the possible sub-tree OU nodes to be searched. The client should then re-query each OU nodes as necessary. Mod_auth_ldap does not follow these referals. == Workaround == Aside from building httpd using this patch, there are a few configuration workarounds.
