Searching child OU's for authentication
Josh Miller
joshua at itsecureadmin.com
Tue Feb 27 16:47:07 UTC 2007
Aaron,
Jeremy was merely restating the same thing he stated before with a
different top-level OU. The results do not reflect what you are looking
for.
----
What Aaron [and I] are looking for is a way to specify the AD DC and not
have to specify an OU:
ldap[s]://dc1.example.com/
Maybe it's time to write a patch.
Thanks,
--
Joshua M. Miller, RHCE
Bliss, Aaron wrote:
> Still no good for me...I'm not sure if our domain is configured
> differently than yours that would cause the recursive query to fail....
>
> Aaron
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Gaddis, Jeremy L.
> Sent: Tuesday, February 27, 2007 10:19 AM
> To: General Red Hat Linux discussion list
> Subject: Re: Searching child OU's for authentication
>
> On Tue, 27 Feb 2007, Josh Miller wrote:
>> The example does not accomplish what the OP describes, as it is
> limited to
>> the Users OU. The goal here is to be able to point the Apache config
> at a
>> Domain Controller and have it search ALL OUs and right now there is a
> seeming
>> limitation on a single top-level OU -- although any user object within
> that
>> top-level OU will work.
>
> I changed the coniguration I posted slightly from the "real"
> configuration. In our Active Directory structure, we have an OU at
> the root-level called "Acad", therefore:
>
> AuthLDAPURL
> ldap://my.domain.edu:389/cn=Acad,DC=domain,DC=edu?sAMAccountName?sub?(ob
> jectclass=*)
>
> With this, we're able to authenticate any user "under" the Acad OU.
> There are no user objects actually *in* the Acad OU, but there a few
> OUs under that where user objects reside.
>
> I suppose I am not "searching all OUs" as I limit the searches to
> anything the top-level Acad OU.
>
> HTH,
> -j
>
More information about the redhat-list
mailing list