[Auth_ldap] active directory operations error

[Rohit Kumar Mehta]

Hi guys, I have been reading searching the archives frantically trying 
to find a resolution to this common problem, and I think it is time to 
turn to the group for help.

We have been using auth_ldap for active directory authentication for a 
loong time, and it recently stopped working.

Our config looks a little like this

   AuthName "SoE Username/Password"
   CN=myuser,OU=SoEMgmt,DC=mydomain
   AuthLDAPBindPassword "mypassword"
   AuthLDAPUrl 
ldap://server.mydomain/dc=mydomain?samAccountName?sub?(objectClass=user)
         require user (list of users)

Keep in mind this has worked for a loooong time, and just stopped 
working today!  Since today we have been seeing errors like the following:

[Fri Mar 24 14:25:36 2006] [error] [client 0.0.0.0] LDAP search for 
(&(objectClass=user)(samAccountName=rohitm)) failed: LDAP error: 
Operations error; URI /~ipaudit


Any idea what could have changed?  After poking around through all the 
messages in the archives, I noticed one guy had success by specifying an 
   OU, so I tried it, and changed my AuthLDAPUrl so it looks more like this

   AuthLDAPUrl 
ldap://server.mydomain/ou=SOMEOU,dc=mydomain?samAccountName?sub?(objectClass=user)
         require user (list of users)


This actually worked!  Users from SOMEOU, could now authenticate 
successfully, but users from CN=Users, could not.  Before I used to be 
able to authenticate users from both cn=Users, and ou=SOMEOU, and now I 
cannot do this.  Does anyone have any idea what is going on here?  We 
really depend upon Active Directory authentication for a lot, and I am 
scared when it breaks, and I don't understand why.

Thanks for any help or advice,

Rohit