mån 2003-07-07 klockan 10.02 skrev James Wang:
> What do you mean as you write "If the login is a plain attribute on the
> users object and not what makes the users DN" ?
Each object (user, group, organization, computer, contact person, ...)
in an LDAP directory is named by a DN.
A DN indicate where in your LDAP directory tree the object is located,
and ends with a unique name at that location (usually uid or cn).
Each object then consists of a list of attributes giving the details of
this object such as First Name, Surname, Password, Phone number,
Address, .... The unique name mentioned above should be one of these
attributes or else maintenance of your directory may become a bit ugly.
If the login name is the attribute which makes the unique part of your
users DN and all your users are placed in a flat structure with no
subunits then no search filter is strictly required by squid_ldap_auth
as it can then directly construct the users unique DN from the base dn
plus the login name.
If your users are not in a flat structure (i.e. if they are divided into
different subtrees of your LDAP directory) or if you are using another
attribute not used for the users DN as login name then a search filter
(-f argument) must be used to locate the user object in your LDAP
directory.
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Mon Jul 07 2003 - 03:48:25 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:51 MST