The problem with most LDAP-auth examples is that they are written for
Active Directory, and they assume the reader is an expert at
understanding LDAP syntax. As such the following appears to be
meaningless with Novell eDirectory:
uid=some-user,ou=People,dc=yourcompany,dc=com
,
We don't have domain controllers in novell's eDir, so "dc=" appears to
be the wrong identifier for Novell's LDAP.
Instead, we have this thing called the Tree and the Org at the top
level. I've played with trying random guesses like
"cn=foo,ou=accounts,o=myorg,t=mytree" and it doesn't work.
I don't know where to find a list of all valid LDAP identifiers (cn=,
dc=, etc) so I don't know what syntax to use.
And does using "uid=" or "cn=" make a difference with AD vs eDir?
,
Also, what's with the commas and periods in LDAP vs Novell? Does it matter?
Novell eDirectory: cn=user.ou=orgunit.o=org.t=tree
LDAP: uid=some-user,ou=People,dc=yourcompany,dc=com
Will either work, or must the delimiter be a comma with LDAP?
,
Novell eDirectory permits spaces in the names of objects. How do you
deal with spaces in LDAP objects from the command line? Do you wrap
the individual item with quotes or the whole LDAP path/context in
quotes?
,
Also what is the debug option in the LDAP authenticator supposed to be
used for? It does not appear to generate any useful output. I am
looking for extensive debugging information to tell me why and how
exactly it is or isn't working, like this:
Connecting to LDAP server: foo.company.com (10.0.0.10) ...
** Connected.
Using authenticated bind with user: cn=user.ou=accounts.dc=somewhere
With password: foo
** Successful authenticated bind.
Searching tree using matching pattern: "cn=%s"
** Actual search pattern: "cn=(whatever %s means)"
Found the following match:
(etc)
Getting only "ERR Success" as a response is quite unhelpful for an
LDAP-noob to figure out what is wrong.
,
If I get answers to these questions I'll probably put it into the wiki page..
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ldap
- Dale Mahalko
On Tue, Sep 22, 2009 at 6:23 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> We have a generic LDAP how-to which may or may not be useful to you...
> http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ldap
>
>
> Recent squid releases bundle an eDirectory helper for doing secure encrypted
> digest authentication. That auth method is also growing in its support from
> browsers etc.
>
> Hopefully someone with a bit more experience in these auth methods will
> speak up. This should give you a place to start seraching anyway. Good luck.
>
Received on Tue Sep 22 2009 - 18:31:21 MDT
This archive was generated by hypermail 2.2.0 : Fri Sep 25 2009 - 12:00:03 MDT