Authenticating Apache HTTPd against multiple LDAP servers with expired accounts

authentication apache-2.2 active-directory ldap mod-authn-alias

Solution 1:

The AuthzLDAPAuthoritative off directive will let authentication fall through to the next module only if the user cannot be matched to a DN in the query. Currently even though the user is expired, it seems that their account will still be returned as a result when the LDAP query is performed.

I don't know enough about the ActiveDirectory LDAP schema to give a definite answer here, but if you could add a filter to your AuthLDAPURL directive that filters out expired accounts it should result in the username not matching any DN in the query. This should result in the authentication falling through to the next module.

Related

Are there alternatives to Sysinternals ADInsight?
Inaccessible_boot_device after installing KB2919355 on Server 2012R2
How to utilize IPMI on Windows?
uploading files greater than 1MB = connection resets
What is the impact of increasing "nofile" limits in /etc/security/limits.conf?
Fedora 16: "Permission denied: file permissions deny server access"
Setting new hostname on CentOS, it changes back after restart
How to remotely generate Windows AD Kerberos keytab from a Unix machine?
Changing MySQL data directory in Ubuntu Server 10.04
Disable usage of console-kit-daemon in Ubuntu
How to get nginx to redirect from www to non-www domain?
Wireless Signal Strength + Performance