now i'm a few steps further. i succesfuly tested the access to the active directory with a normal ldap-browser. i have to authenticate to perform a search request. i want ot check if a users SamAccountName is member of a group names HTTP-USERS. the dn to the group is: cn=HTTP-USERS,ou=global groups,dc=test,dc=domain,dc=de to authenticate is use the administrator-account, with the following dn: cn=administrator,ou=domain-admins,dc=test,dc=domain,dc=de i'm not sure how to construct the commando, to check if a SamAccountName is member of the group HTTp-USERS. with the ldap-browser i could bind to the ldap-server with the ip 192.168.1.1 and search for, for eg. SamAccountName=smith-r on the console i can't connect to the server and i don't know how to create the ldap-request. can someone help me with the commando? regards martin mueller > -----Ursprungliche Nachricht----- > Von: Henrik Nordstrom [mailto:hno@xxxxxxxxxxxxxxx] > Gesendet: Dienstag, 31. Mai 2005 14:51 > An: martin.mueller@xxxxxxxxxxxxxxxxxx > Cc: Squid Users > Betreff: Re: WG: [squid-users] WG: ldap_group_helper > crashing-too-rapidly > > > > > On Tue, 31 May 2005 martin.mueller@xxxxxxxxxxxxxxxxxx wrote: > > > the AD tree root is test.domain.de und the servername is dc1 > > > > so i thing this should be correct after reading the > squid_ldap_auth -h > > output: > > > > ./squid_ldap_auth -b test.domain.de -h 192.168.1.1 -f > "SamAccountName=%s" > > This is not a correct LDAP base DN. > > Your base DN is most likely > > dc=test,dc=domain,dc=de > > and additionally many AD installations does not support > anonymous searches > so you quite likely need to provide a binddn and bindpassword for the > search to work. It appears you can use the user@realm syntax for the > binddn to AD but officially it should be the LDAP DN of the > user object. > > AD can sometimes be slightly confusing in that the terms used in the > native AD interface is significantly simplified compared to > the terms used > in the LDAP interface. > > Regards > Henrik >
