[Date Prev][Date Next]
Searching in an Active Directory on Win2003
I observed some problems after our back-office group upgraded their
from Win2k to 2003 Server:
I ran some Apaches (1.3 and 2.0) with different LDAP modules for
Active Directory login on parts of the contents.
This is no longer possible after the upgrade of the Active Directory to
2003 and I
can even simulate the behavior of the Apache modules with a single
including the C-Option to chase references.
If I submit a subtree search on the Active Directory using a dedicated
the response always includes 3 strange references
and a third one, I don't remember in this moment). But Win2003 no
longer allows an
anonymous bind on the URIs returned in the references. So, if
ldapsearch tries to
connect to one of them in chase mode, the search will fail with an
which complains about an anonymous access.
I know, that this is not the right place for asking configuration tips
Active Directory on 2003 server and I am not responsible for that stuff
But perhaps others see similar problems in their OpenLDAP environments
modules are using OpenLDAP's libraries). It drills down to:
Chasing references will not reuse the bind user, but rebinds
anonymously, which is
no longer allowed in the standard configuration of Active Directory on
Is this perhaps a well-documented behavior of the LDAP protocol? Or
understanding of rebinding to references in the first level results? Of
course I would
like the first option to hold true, since this would lead to a
for Active Directory (which should then no longer return non-public
re-establish anonymous bind to any of them).
I appreciate any suggestions in this context.