DO NOT REPLY [Bug 26538] - windows 2003 active directory - [ldap_search_ext_s() for user failed][Referral]

[bu...@apache.org]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=26538>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=26538





------- Additional Comments From rederpj@remulak.net  2007-07-12 12:52 -------
I believe this is a partial fix for a bigger problem. MSAD 2003 stopped
accepting anonymous binds. This means that with other LDAP servers you can chase
referrals using anonymous binds and never know the difference. MSAD 2003
required that referral chasers provide credentials via the rebind callback.

You can get around this by turning off referrals (so it doesn't try to chase
referrals and then fail), and use the global catalog (thus no referrals). As I
understand it, this is a workaround with some downsides (possible performance
and accuracy issues).

The alternative it to chase referrals and provide a rebind callback function. I
will be attaching a patch providing this support shortly.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org