When doing AuthType Basic
authentication against an LDAP server, Apache first binds to search for the DN of the user, then binds with that DN to test the user's password. The challenge is that with AD, you typically can not perform an anonymous bind. So, you have to set AuthLDAPBindDN
.
But, I say, I already know the DN! I don't have to bind-search-bind, I can just bind as cn=_username_,OU=Employees,DC=megacorp,DC=com
!
This does not appear to be possible, but I thought I would ask: can I convince Apache to skip the bind-and-search-for-DN-to-use-for-bind by simply constructing a DN on the fly, or do I have to talk to the local bureaucracy for a special account with which I may bind to search for the user I wish to authenticate?
Thanks!
-danny