On Saturday 31 August 2002 00.27, JOHNSON DAVID R wrote:
> question ?
> is anyone authenticating against an AD? if so how did you setup up
> the
>
> authenticate program directive
By using the LDAP helper. See the documentation shipped with the LDAP
helper.
> in the squid.conf file. I am unable to successfully authenticate my
> users... not all of them have the UserPrincipalName field but they
> all do have the sAMAccount name and name fields.
>
> my directive is as follows :
>
> authenticate program /usr/lib/squid/squid_kdap_auth -p -R -d
> 'dc=domain, dc=dot, dc=com' -d 'cn=username, cn=users, cn=domain,
> dc=dot, dc=com' -w 'password' -u 'cn' -h ipaddress
Won't work very well.. by this configuration the LDAP helper will
assume that user "David" has the DN
cn=David, dc=domain, dc=doc, dc=com
which obviously isn't true.
If you want to use another attribute than the DN for identifying your
users then you will need to use the search mode of the helper.
-f '(&(ObjectClass=Person)(sAMAccount=%s))'
added to your existing LDAP helper arguments would probably work for
you.
Regards
Henrik
Received on Sat Aug 31 2002 - 18:27:11 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:54 MST