[squid-users] ldap_auth does not search subtrees

From: Christoph Haas <email@dont-contact.us>
Date: Wed, 7 May 2003 17:56:22 +0200

Hi, folks...

until now we have used a flat hierarchy of users in an LDAP tree. Let's
say our user accounts are stored in ou=proxy,o=org.

Now we want to use a more complex hierarchy with different departments.
Our user accounts are now stores in multiple subtrees like:
ou=marketing,ou=proxy,o=org
ou=sales,ou=proxy,o=org
ou=devel,ou=proxy,o=org

We discovered a stupid problem. Although the default search scope in
"ldap_auth" (shipped with Squid 2.5.2-1) is by default set to "sub"
(which should mean to search in this tree and all subtrees) only users
in the current tree can be authenticated. I just get an "ERR".
I can even set "-s sub" with the same result. I have already checked the
source code to see whether "-s" is a placebo option - it is not.

Is this a well-known bug? I could of course develop a little Perl
application (I know Perl better than C) that does the authentication.
But I would love to go with the included authenticator.

Any hints are welcome...

 Christoph

-- 
~
~
".signature" [Modified] 3 lines --100%--                3,41         All
Received on Wed May 07 2003 - 09:56:26 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:20 MST