Referral chasing is an optional feature of a LDAP connection. Maybe because of a buggy openldap library, maybe because of mod_ldap behaviour, referrals are chased without a bind DN, even if specified in apache config files. This leads to an error code 1 returned from LDAP library code to mod_ldap, which in turn gives up searching the user. Since Active Directory integration becomes impossible (AD always send referrals) unless you can turn it off. This change allows to do so without changing system-wide or user-related defaults, adding the configuration flag "LDAPChaseReferrals" and the code to handle it.
Created attachment 20300 [details] Proposed patch to enhance functionality
This has been fixed in httpd trunk. Support for the rebind callback was added so that proper credentials would be returned on a non-anonymous bind while chasing referrals. Two new directives control the use of this feature. LDAPReferrals [On|Off] determines if chasing referrals is supported. LDAPReferralHopLimit ## specifies the maximum number of referral rebind hops that will be chased before giving up on the search. *** This bug has been marked as a duplicate of 40268 ***