On Wed, 17 Aug 2005, Peter Stalling wrote:
> Hello,
> we are using squid_ldap_auth as authenticator for squid-proxy against
> novell eDir. Works fine in general. Now we had to setup a different
> organization-branch in eDir parallel to the existing one.
> It looks like this:
>
> Tree--
> |- o=old-context
> |- o=second-context
>
> Is there a chance to get squid_ldap_auth working by starting with a
> base-dn on tree-level? Normally, it will only recognize o=old-context as
> parameter or o=second-context as -b.
Not easily. LDAP only operates in a single root-DSE at a time..
> For example a standard ldap-browser like from softerra can browse from
> the top of a ldap-directory by reading the root-dse (dit).
Browsing is not a problem. the problem is how to perform efficient
searches when the search needs to cross more than one DSE. squid_ldap_auth
only persorms a single search and simply doesn't cross DSEs within the
search other than while chasing referrals.
> If this is already possible, what would be the correct syntax for
> calling squid_ldap_auth? If not, would it be a heavy deal, to enhance
> the source in order to do so? Maybe, you can give me a little hint.
I guess it could be extended to perform multiple searches (one per root).
> Nevertheless, I didn't know, wether it is o.k. to mail this directly to
> you. Please let me know, if this better should be posed on some
> newsgroup.
The preferred channel is the squid-users mailinglist, as noted in the
squid_ldap_auth manual. Discussion moved there.
Regards
Henrik
Received on Thu Aug 18 2005 - 21:24:00 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:02 MDT