Re: [squid-users] ldap auth

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 12 Dec 2001 11:41:48 +0100

Jack wrote:
>
> Hello Hentrik,
> Thanks
> If i gave command
> ldapsearch -x -b ou=Development,dc=ldap,dc=squid,dc=com -h ldap uid=jack
> i am getting error as:
> ldap_bind: Can't contact LDAP server
>
> but if i gave command
> ldapsearch -x -D "uid=jack,ou=Development,dc=ldap,dc=squid,dc=com" -W -b
> 'ou=Development,dc=ldap,dc=squid,dc=com' "objectClass=*" ldap
> i was able to do it.

(assuming your LDAP server is named "ldap").

Hmm.. odd syntax for ldapsearch in how to specify the server name.

If all your users have DN's like
uid=<username>,ou=Development,dc=ldap,dc=squid,dc=com then there is no
need to serch, and you should be able to use

squid_ldap_auth -b ou=Development,dc=ldap,dc=squid,dc=com ldap

If you have users with DN's like

  uid=<username>,ou=<department>,dc=ldap,dc=squid,dc=com

then you MUST use searching, and if your LDAP server does not allow
anonymous searches then you must specify a DN and password to perform
the searches as in

  squid_ldap_atuh -D uid=jack,ou=Development,dc=ldap,dc=squid,dc=com -w
password_for_jack -b dc=ldap,dc=squid,dc=com -f uid=%s ldap

The search filter should in most cases be made more narrow than only
"uid=<loginname>". It should also include objectClass and any other
filters needed to uniquely identify persons only. This is left as an
excersise to the reader.

Regards
Henrik
Received on Wed Dec 12 2001 - 03:43:57 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:19 MST