WG: [squid-users] WG: ldap_group_helper crashing-too-rapidly from martin.mueller@dont-contact.us on 2005-06-02 (squid-users)

From: <martin.mueller@dont-contact.us>
Date: Thu, 2 Jun 2005 14:44:56 +0200

now i'm a few steps further. i succesfuly tested the access to the active
directory with a normal ldap-browser.
i have to authenticate to perform a search request.

i want ot check if a users SamAccountName is member of a group names
HTTP-USERS.
the dn to the group is:

cn=HTTP-USERS,ou=global groups,dc=test,dc=domain,dc=de

to authenticate is use the administrator-account, with the following dn:

cn=administrator,ou=domain-admins,dc=test,dc=domain,dc=de

i'm not sure how to construct the commando, to check if a SamAccountName is
member of the group HTTp-USERS. with the ldap-browser i could bind to the
ldap-server with the ip 192.168.1.1 and search for, for eg.
SamAccountName=smith-r

on the console i can't connect to the server and i don't know how to create
the ldap-request.

can someone help me with the commando?

regards

martin mueller

> -----Ursprungliche Nachricht-----
> Von: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Gesendet: Dienstag, 31. Mai 2005 14:51
> An: martin.mueller@stadt.wolfsburg.de
> Cc: Squid Users
> Betreff: Re: WG: [squid-users] WG: ldap_group_helper
> crashing-too-rapidly
>
>
>
>
> On Tue, 31 May 2005 martin.mueller@stadt.wolfsburg.de wrote:
>
> > the AD tree root is test.domain.de und the servername is dc1
> >
> > so i thing this should be correct after reading the
> squid_ldap_auth -h
> > output:
> >
> > ./squid_ldap_auth -b test.domain.de -h 192.168.1.1 -f
> "SamAccountName=%s"
>
> This is not a correct LDAP base DN.
>
> Your base DN is most likely
>
> dc=test,dc=domain,dc=de
>
> and additionally many AD installations does not support
> anonymous searches
> so you quite likely need to provide a binddn and bindpassword for the
> search to work. It appears you can use the user@realm syntax for the
> binddn to AD but officially it should be the LDAP DN of the
> user object.
>
> AD can sometimes be slightly confusing in that the terms used in the
> native AD interface is significantly simplified compared to
> the terms used
> in the LDAP interface.
>
> Regards
> Henrik
>
Received on Thu Jun 02 2005 - 06:44:47 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:02 MDT