I thought you have to use the DN
(CN=UsersCommonName,OU=UsersOrgUnit,DC=Domain) for the user with which
you connect (-D flag)..
I've never used squid_ldap_auth, but for squid_ldap_group that's how I
got it working.
BTW, on your second command line there is a " missing after
squid@foo.domain.com
If you use AD, have you given ntlm_auth (not that difficult to
implement) a try to avoid the password to travel completely unencrypted?
just my 2 cents,
Francois
AF_INET@web.de wrote:
> Hello all,
>
> i have a problem with the squid_ldap_auth helpers. I'm trying to authenticate against an Active Directory (W3K). For the following command this works fine:
>
> ./squid_ldap_auth -b "ou=myOU,dc=foo,dc=domain,dc=com" -s sub -D "squid@foo.domain.com" -w squidpwd -f "(&(objectcategory=person)(objectclass=user))" -h 10.45.100.10 -p 389
> user1 pwd1
> OK
>
> The directory structure looks like this
>
> dc=foo,dc=domain,dc=com
> ou=myOU
> ou=org1
> ou=org2
> ou=org3
>
> ...and so on. So i want to use "dc=foo,dc=domain,dc=com" as a more generic search base. I want to authenticate all users regardless of the OU they are in. But if i do this i get the following errors:
>
> ./squid_ldap_auth -b "dc=foo,dc=domain,dc=com" -s sub -D "squid@foo.domain.com -w squidpwd -f "(&(objectcategory=person)(objectclass=user))" -h 10.45.100.10 -p 389
> user1 pwd1
> squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server'
> ERR Success
>
> Things i tried so far:
> Moving the squid user (user i use for the bind to the ad) from cn=Users to the root. Nothing changed.
> Tried an ldapsearch with the mentioned searchfilter. Works.
>
> Any suggestions?
>
> Thanks a lot,
> Chris
>
>
> _______________________________________________________________
> SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
> kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192
>
>
Received on Mon May 08 2006 - 16:04:05 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Jun 01 2006 - 12:00:02 MDT