Topic: authnz with AD and Multiple domains

[fugit]

I am trying to get authnz to work with multiple domains via the global catalog. There is documentation on this under the 2.3 docs on apache. (Yeah news to me too 2.3
http://httpd.apache.org/docs/trunk/mod/mod_authnz_ldap.html

I built the latest version of apache2 2.2.4

Below is the working authnz config and the one that does not work with the global catalog. The error I get is: [ldap_search_ext_s() for user failed][Invalid DN syntax]

### Working ### This searches only one Domain
<Location /test2>
AuthType Basic
AuthBasicProvider ldap
AuthName "Require Valid User"
AuthBasicAuthoritative On
AuthzLDAPAuthoritative off
AuthLDAPBindDN ldap_browser@xx.xxx.com
AuthLDAPBindPassword 'xxxxxxxx'
AuthLDAPURL ldap://10.xxx.xxx.xxx:389/OU=Systems,DC=xx,DC=xxx,DC=com?sAMAccountName?sub
require valid-user
DAV svn
SVNPath /usr/local/svn/test2
SVNAutoversioning on
</Location>

### NOT WORKING ###
<Location /test1>
AuthType Basic
AuthBasicProvider ldap
AuthName "Require Valid User"
AuthBasicAuthoritative On
AuthzLDAPAuthoritative off
AuthLDAPBindDN ldap_browser@xx.xxx.com
AuthLDAPBindPassword 'xxxxxxx'
# THe below one works using the global catalog but only searchs one domain
#AuthLDAPURL ldap://10.xxx.xxx.xxx:3268/OU=Systems,DC=xx,DC=xxx,DC=com?sAMAccountName?sub
# The below one does not work
AuthLDAPURL ldap://10.xxx.xxx.xxx:3268/>userPrincipalName?sub
require valid-user
DAV svn
SVNPath /usr/local/svn/test1
SVNAutoversioning on
</Location>

Thanks for any light someone can shed on the issue.

[fugit]

Finally got back to working on this and found the solution with trial and error.

AuthLDAPURL ldap://IP:3268/DC=xxx,DC=com?userPrincipalName?sub

Hope this help anyone else trying to use mutldipe domains with userPrincipalName. First domain is xx.xxx.com second domain is yy.xxx.com.

Thanks.