Re: LDAP configuration

From: David J N Begley <>
Date: Sat, 16 Oct 1999 10:38:39 +1000 (EST)

On Fri, 15 Oct 1999, Richard van Denzel wrote:

> Henrik Nordstrom wrote:
> > Then I would say that it doesn't work. The program must be able to
> > respond correctly with ERR or OK to a password query, or it will
> > certainly not work when called from Squid either.
> I now get the follwoing message when using ldap_auth
> (ldap_auth -h hinlfs01 -b INTERACCESSS_TREE):
> ldap_search: Invalid DN syntax

It means what it says - your DN syntax is invalid ("INTERACCESSS_TREE", alone,
isn't a valid base DN either). As Henrik mentioned you need to get your basic
LDAP queries working before you can look at the issue of getting
authentication working within Squid.

As it stands, your LDAP queries aren't working - that makes it an LDAP
question, not a Squid question. Your best bet would be to raise the issue
on an LDAP mailing list until you can get to the stage wherein your LDAP
queries work.

Dredging through (fading) memory, did you say you were using Novell NetWare as
the LDAP server? LDAP and NDS use different syntaxes for specifying DNs; get
yourself some LDAPv3 command line tools and run something like this (from
Solaris 7):

  ldapsearch -L -h hinlfs01 -b "" -s base "objectclass=*" namingcontexts

In part of the output you should see something similar to the following:

  namingContexts: ou=interaccess

Your base DN then becomes "ou=interaccess" for your ldap_auth config. (Note,
here you need an entry/object from within the tree, not the NDS tree name.)


Received on Fri Oct 15 1999 - 18:45:39 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:55 MST