LDAP authentication problems

[Nicklas Norling <ni...@ifsab.se>]

Hi.

I've spent days trying to get ldap auth on my redhat linux box work against
the company active directory ldap server.
The cookbook recepies found in the mailing list archives are to simpel and
I've yet to find anything useful googling.

My best shoot so far is:
AuthLDAPURL
ldap://lkpeudc1.europe.corpnet.ifsworld.com/ou=IFSaccounts,dc=europe,dc=corp
net,dc=ifsworld,dc=com?sAMAccountName?sub?(objectClass=user)

This will actually allow me access as long as I type username and password
and not (as one would expect) domain\username and password.

Howevery, the query that works is to simple, I'm setting the europe domain
and I don't want to do that. The users from other domain like asia
(.corpnet.ifsworld.com)
do not get authenticated then. I've tried add another AuthLDAPURL for that
domain, but then no one get's in.

If I set the top dn to corpnet the queries seem to hang, no error no
nothing.
Eventually TSVN times out, the apache server though, appears to still be
talking
with the ldap server.

I'm not an export on ldap servers or active directory. But shouldn't
accessing
the ldap auth with a domain\username and password work pretty much straight
off somehow? I must say I feel completely lost. I must be missing something
pretty big here?

Has anyone got any pointers on how to get this to work, or won't it work at
all
with the "complex" settings we've got?

Here's looking at (parts of) the AD using my file explorer:

corpnet
    asia
        IFSaccounts
      .....
    europe
        IFSaccounts
            Country.Sweden
               Site.LKP
                  User name

/Nicke