RE: [squid-users] RE: User with Chinese LDAP CN does not work

From: Huang, David <David.Huang@dont-contact.us>
Date: Wed, 28 Jul 2004 08:26:34 +0800

Hello,

the feedback after using -d

[root@apps01 libexec]# ./squid_ldap_auth -d -R -b "dc=mtuzhuhai,dc=com" -D "cn=zpc9998t,ou=it,dc=mtuzhuhai,dc=com" -w abcdefg -h 53.12.2.13 -p 389 -f "(&(sAMAccountName=%s)(objectclass=user))"
zpc9996t secretpassword
user filter '(&(sAMAccountName=zpc9996t)(objectclass=user))', searchbase 'dc=mtuzhuhai,dc=com'
attempting to bind to user 'CN=ZPC9996T,OU=IT,DC=mtuzhuhai,DC=com'
OK
yke0155 secretpassword
user filter '(&(sAMAccountName=yke0155)(objectclass=user))', searchbase 'dc=mtuzhuhai,dc=com'
attempting to bind to user 'CN=???,OU=IT,DC=mtuzhuhai,DC=com'
ERR

1) User CN is all 6 octets, then mean user DN will not be short than 256 octets.
2) ??? should be chinese

Thanks

David

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: 2004Äê7ÔÂ28ÈÕ 6:36
To: Huang, David (»ÆÔËʤ)
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] RE: User with Chinese LDAP CN does not work

On Tue, 27 Jul 2004, Huang, David wrote:

> For users with Chinese LDAP CN name in the windows 2000 AD, I tried
> squid_ldap_auth in the commmand line, but it does not work, I guess
> this is not a problem with IE setting,
>
> auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b
> "dc=mtuzhuhai,dc=com" -D "cn =zpc9998t,ou=it,dc=mtuzhuhai,dc=com" -w
> abcdefg -f "(&(sAMAccountName=%s)(obje ctclass=user))" -h 53.12.2.13
> -p 389 -s sub -P yke0155 secretpassword ERR

This indeed rules out any browser dependencies.

How long is the users DN in UTF-8? There is a upper limit of 256 octets in
squid_ldap_auth, maybe this is the problem?

Try using the '-d' option to make squid_ldap_auth a bit more verbose about
what it is doing.

Regards
Henrik
Received on Tue Jul 27 2004 - 18:29:39 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT