[squid-users] squid_ldap_auth helpers with active directory

From: <AF_INET@dont-contact.us>
Date: Mon, 08 May 2006 16:40:10 +0200

Hello all,

i have a problem with the squid_ldap_auth helpers. I'm trying to authenticate against an Active Directory (W3K). For the following command this works fine:

./squid_ldap_auth -b "ou=myOU,dc=foo,dc=domain,dc=com" -s sub -D "squid@foo.domain.com" -w squidpwd -f "(&(objectcategory=person)(objectclass=user))" -h 10.45.100.10 -p 389
user1 pwd1
OK

The directory structure looks like this

dc=foo,dc=domain,dc=com
 ou=myOU
 ou=org1
 ou=org2
 ou=org3

...and so on. So i want to use "dc=foo,dc=domain,dc=com" as a more generic search base. I want to authenticate all users regardless of the OU they are in. But if i do this i get the following errors:

./squid_ldap_auth -b "dc=foo,dc=domain,dc=com" -s sub -D "squid@foo.domain.com -w squidpwd -f "(&(objectcategory=person)(objectclass=user))" -h 10.45.100.10 -p 389
user1 pwd1
squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server'
ERR Success

Things i tried so far:
Moving the squid user (user i use for the bind to the ad) from cn=Users to the root. Nothing changed.
Tried an ldapsearch with the mentioned searchfilter. Works.

Any suggestions?

Thanks a lot,
Chris

_______________________________________________________________
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192
Received on Mon May 08 2006 - 08:40:20 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jun 01 2006 - 12:00:02 MDT