Does anybody successfully authenticate against AD global catalog? I've got the following configuration:
LDAP server:
ldaps://service.mydomain.com
LDAP port:
3269
Binding Method:
Service Account Bind
Base DNs for LDAP users:
DC=service,DC=mydomain,DC=com
DC=otherdomain,DC=mydomain,DC=com
AuthName attribute:
userPrincipalName
The module successfully authenticate users, which are members of parent domain called "service", but LDAP search can't find any user from "otherdomain", which is connected to parent domain inside AD domain forest. I´m able to test LDAP search using ldp.exe and using this tool I can find any user from any domain.
Also, there is the following error message in the Drupal watchdog:
ldap_search() function error. LDAP Error: Referral, ldap_search() parameters: ldap_search() call: base_dn: DC=otherdomain,DC=mydomain,DC=com, filter = (userPrincipalName=somebody@otherdomain.mydomain.com), attributes: , attrsonly = 0, sizelimit = 0, timelimit = 0, deref = , scope = 3
Any help will be greatly appreciated.
Comments
Comment #1
klavs CreditAttribution: klavs commentedReading the error message - it seems as if the global catalog sends you LDAP referrals - which ldap module currently can't handle.
You could try to apply the patch I just uploaded - to enable the support for this - http://drupal.org/node/1960962
Comment #2
johnbarclay CreditAttribution: johnbarclay commentedYes. this is a duplicate of #1960962: LDAP Server: Enable LDAP Referral following