fre 2006-03-10 klockan 12:27 +0100 skrev Werner.Rost@xxxxxx: > squid_ldap_auth (of Squid 2.5 Stable 12) works fine with this script: > > /usr/local/squid/libexec/squid_ldap_auth \ > -h ldapserver \ > -D "cn=adminaccount,ou=Service Accounts,ou=_SiteMgmt,ou=BNN,ou=DE,dc=emea,dc=company,dc=com" \ > -w "topsecret" \ > -b "ou=DE,dc=emea,company,dc=com" \ > -f sAMAccountName=%s > > But our AD structure looks like: > > emea.company.com > CH > CZ > DE > DK > ES > ... > > > The script above should say "OK" if the user is valid in ou=DE or ou=CH or ou=CZ or ... > > I guess I need an intelligent filter "-f" to do this. Any ideas? Should work by just moving up the base DN to "dc=emea,dc=company,dc=com". This will search in all the ou:s in the LDAP tree. To ensure there is no mistakes I would make the filter a little more explicit, only looking for user objects. Unfortunately I do not remember the objectClass used in AD for normal users... but it will work either way (just that without this it is technically possible to log on using a workstation account or similar provided you can guess the password..) Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
