On Fri, 13 Jan 2006, Meyerovich Aleksandr EB_NY wrote:
Are there any debugging switches for squid_ldap_auth to get something
more descriptive than ERR?
-d gives you some details. But there isn't much it can give. Most
operations is of "works/fails" nature mainly depending on getting the
configuration right.
There is only two configuration steps involved:
1. The binddn needs to be correct. (-D -w options)
2. The search filter needs to find/match the users correctly. (-b -f
options, and perhaps -R)
Most of the other options are not relevant in MSAD setups.
- I can reach the MSAD LDAP server by short name as well as FQDN
- squid_ldap_auth compiled with no problems:
ldd squid_ldap_auth
- I tried all example formats in the manual page with filters and
without
- tried cn attr as well as sAMAccountName
- With -D and -w and without.
Have you got the search bind DN and password correct? Most MSAD setups
won't give you much information at all unless you first authenticate to
the AD.. On the nice side it seems you can use shortnames (i.e.
user@xxxxxxxxxxxxxx) as the binddn.
If you are in doubt I recommend first exploring your MSAD with LDAP tools.
It is a lot easier to understand what is required to get squid_ldap_auth
running smoothly if you first get normal LDAP tools working right...
Regards
Henrik
