On Wed, 17 Aug 2005, Peter Stalling wrote:
Hello,
we are using squid_ldap_auth as authenticator for squid-proxy against
novell eDir. Works fine in general. Now we had to setup a different
organization-branch in eDir parallel to the existing one.
It looks like this:
Tree--
|- o=old-context
|- o=second-context
Is there a chance to get squid_ldap_auth working by starting with a
base-dn on tree-level? Normally, it will only recognize o=old-context as
parameter or o=second-context as -b.
Not easily. LDAP only operates in a single root-DSE at a time..
For example a standard ldap-browser like from softerra can browse from
the top of a ldap-directory by reading the root-dse (dit).
Browsing is not a problem. the problem is how to perform efficient
searches when the search needs to cross more than one DSE. squid_ldap_auth
only persorms a single search and simply doesn't cross DSEs within the
search other than while chasing referrals.
If this is already possible, what would be the correct syntax for
calling squid_ldap_auth? If not, would it be a heavy deal, to enhance
the source in order to do so? Maybe, you can give me a little hint.
I guess it could be extended to perform multiple searches (one per root).
Nevertheless, I didn't know, wether it is o.k. to mail this directly to
you. Please let me know, if this better should be posed on some
newsgroup.
The preferred channel is the squid-users mailinglist, as noted in the
squid_ldap_auth manual. Discussion moved there.
Regards
Henrik
