On Wed, 5 Nov 2003 squid@bantadigital.com wrote:
> I could use some guidence configuring my squid installation with a Windows
> 2000 Active Directory forrest. I have read the past posts as well as the
> man page. I am very new to LDAP and will admit have not gotten my arms
> around it yet.
>
> My windows domain lives in an Active Directory Forrest my corporate
> offices mantains. My domain lives at bdmdom.corp.com. I am trying to
> connect and authenticate against my Exchange server at my location. I
> have Admin rights over my domain.
>
> Can someone please point me in the correct direction or provide the squid
> config for an LDAP connection to Windows 2000?
The first step is figuring out the Base DN of your AD server. This is
usually the domain directly translated into dn components
dn=bdmdom, dn=corp, dn=com
it might also be possible to ask the AD server what it's naming contexts
are:
ldapsearch -x -h your.ad.server -b "" -s base "" namingContexts
then, if your AD allows for anonymous searches you should be able to use
the example from the squid_ldap_auth manual as is, just replacing the base
DN.
If your AD does not allow anonymous searches then a dummy account is
needed to be created, and some digging required to find the LDAP name of
this account. The LDAP name of the account can probably be found in the
MSAD administration tool as a property of the account, if not you can try
to guess what it is. Guessing is usually not to hard as there is a very
close relation between AD structure and LDAP DN names of objects in that
structure, where each container is named with a cn attribute in LDAP. Thus
if you have the user "squid" in the container "users" then the LDAP DN of
this user should be "cn=squid, cn=users, dc=bdmdom, dn=corp, dn=com".
It is strongly adviced to use ldapsearch and other LDAP navigation tools
to familarise yourself a little with how the AD looks like via LDAP.
Things do get a whole lot more obvious once one has looked at the AD tree
via LDAP a little.
Regards
Henrik
Received on Wed Nov 05 2003 - 09:08:20 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:07 MST