Just spend hours on this and wanted to mention it here, as i could not find a related bug. System is a Debian Jessie with current apache 2.4.10 packages. Simple Basic (LDAP-)Authentication is used, within a location section, against a Jessie with samba4. AuthType Basic AuthName "SSL-Gateway" AuthBasicProvider ldap AuthLDAPURL "ldap://dc.domain.de/ou=Test,dc=domain,dc=de?sAMAccountName?sub?(objectClass=*)" AuthLDAPBindDN "ldap@domain.de" AuthLDAPBindPassword "pass" Require ldap-group cn=test,ou=Test,dc=domain,dc=de This fails if the users-fullname in samba4 contains a comma like "lastname,firstname". !It is succesfull if the fullname of the user is changed in samba (removing the colon)! !It is also succesfull if the comma in fullname is kept but the "Require ldap-group" is replaced with a simple "Require valid-user"! Let me know if more information is needed and or this bug(?) should be filed against samba4.