Anonymous binding, no search allowed
I'm trying to figure out how to set up an LDAP authentication in Apache. We are using Collabnet's Subversion Edge (2.2.0) which runs on Apache. SVN Edge does not have its own LDAP modules, but uses the ones in Apache.
For some reason we have two LDAP servers (don't ask me). Server A allows binding and searching. Given the proper base DN, bind DN and bind password I'm able to browse this server. It contains lots of information about users in a neat hierarchy. However, it does not contain user passwords and therefore it's not possible to use it for the actual authentication.
Along comes another LDAP server B. This server does not allow binding or searching. Nonetheless, it allows anonymous binding and is supposed to contain all the data needed for the authentication process: usernames and passwords without hierarchies. I have to work on assumptions, since I don't physically have access to server B or the person who manages it. All I know about server B is its address and that it doesn't allow binding/searching. With anonymous binding the only thing I can see (using LDAP browser) is the ROOT DSE.
Any ideas of what I could do next? Is it somehow possible to authenticate users without searching? When I use anonymous binding and try to authenticate with ROOTDSE as bind DN, I get the following authentication failed message: [ldap_search_ext_s() for user failed][Operations Error]. It doesn't matter which of the following LDAP URLs I use, it gives the same error:
LDAP server B should be working properly, since it is being used to authenticate users in other environments, such as ECM systems. I don't know how to use Apache to authenticate against LDAP server using anonymous bind when searching is not possible? And yes, I don't even know if sAMAccount is the correct attribute, but in that case, if everything else was working, wouldn't it give a different kind of error message (object not found/password mismatch)?
Thank you for your time!