LDAP as such do not support contextless logins. A LDAP login MUST
specify the entire DN of the user, such as
UID=henrik,OU=People,DC=marasystems,DC=com
As this is somewhat cumbersome for users to use, all programs supporting
LDAP logins has context location capabilities. In case of Squid the LDAP
login helper supports two different modes:
1. Static single context
2. Dynamic context, where the LDAP user DN is located by searching.
It is assumed that the login name is unique in the whole LDAP tree.
Regards
Henrik Nordström
Squid Developer
Gerben Welter wrote:
>
> Hi.
>
> Does LDAP support contextless login? If it doesn't and you have users in
> multiple contexts, it can be a real pain. This is because users in general
> are unaware of the context they are in and then it becomes hard to educate
> them.
>
> NDS Authentication Services solves this problem by making a database of
> usernames and contexts. It then searches its database for the correct
> context. There are only problems when the same username exists in multiple
> contexts. But this can be avoided in the first place by having a good
> username policy.
>
> If I have the time, I'll whip up some documentation on how to use NDS
> authentication with Squid. It's nothing special. It's almost identical to
> other authentication schemes.
>
> Gerben.
Received on Mon Mar 25 2002 - 20:20:59 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:05 MST