fre 2006-03-10 klockan 12:27 +0100 skrev Werner.Rost@zf.com:
> squid_ldap_auth (of Squid 2.5 Stable 12) works fine with this script:
> 
> /usr/local/squid/libexec/squid_ldap_auth \
>       -h ldapserver \
>       -D "cn=adminaccount,ou=Service Accounts,ou=_SiteMgmt,ou=BNN,ou=DE,dc=emea,dc=company,dc=com" \
>       -w "topsecret" \
>       -b "ou=DE,dc=emea,company,dc=com" \
>       -f sAMAccountName=%s
>
> But our AD structure looks like:
> 
>   emea.company.com
>        CH
>        CZ
>        DE
>        DK
>        ES
>        ...
> 
> 
> The script above should say "OK" if the user is valid in ou=DE or ou=CH or ou=CZ or ...
> 
> I guess I need an intelligent filter "-f" to do this. Any ideas?
Should work by just moving up the base DN to
"dc=emea,dc=company,dc=com". This will search in all the ou:s in the
LDAP tree.
To ensure there is no mistakes I would make the filter a little more
explicit, only looking for user objects. Unfortunately I do not remember
the objectClass used in AD for normal users... but it will work either
way (just that without this it is technically possible to log on using a
workstation account or similar provided you can guess the password..)
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:03 MST