Drupal 7 LDAP module and AD global catalog

1
votes

Does anybody successfully authenticate against AD global catalog using http://drupal.org/project/ldap? I've got the following configuration:

LDAP server:
ldaps://service.mydomain.com
LDAP port:
3269
Binding Method:
Service Account Bind
Base DNs for LDAP users:
DC=service,DC=mydomain,DC=com
DC=otherdomain,DC=mydomain,DC=com
AuthName attribute:
userPrincipalName

The module successfully authenticate users, which are members of parent domain called "service", but LDAP search can't find any user from "otherdomain", which is connected to parent domain inside AD domain forest. I´m able to test LDAP search using ldp.exe and using this tool I can find any user from any domain.

Also, there is the following error message in the Drupal watchdog:

ldap_search() function error. LDAP Error: Referral, ldap_search() parameters: ldap_search() call: base_dn: DC=otherdomain,DC=mydomain,DC=com, filter = ([email protected]), attributes: , attrsonly = 0, sizelimit = 0, timelimit = 0, deref = , scope = 3

Any help will be greatly appreciated.

2
drupalactive-directorydrupal-7ldap

2 Answers

0
votes

The LDAP client should follow the referral that is being returned in the search result - or an LDAP directory proxy server should be installed to automatically follow referrals.

When the LDAP directory server was unable or unwilling to perform the search operation, it may return a referral indicating that another server may be able to perform the requested operation. It is the responsibility of the LDAp client to "chase" referrals. Referrals are indicated by the presence of the referral field and the search result code being set to 10.

0
votes

You have to write: ldaps://ldapserver:3269 in the LDAP server field and keep the same port number in LDAP port field.