I thought you have to use the DN
(CN=UsersCommonName,OU=UsersOrgUnit,DC=Domain) for the user with which
you connect (-D flag)..
I've never used squid_ldap_auth, but for squid_ldap_group that's how I
got it working.
BTW, on your second command line there is a " missing after
squid@xxxxxxxxxxxxxx
If you use AD, have you given ntlm_auth (not that difficult to
implement) a try to avoid the password to travel completely unencrypted?
just my 2 cents,
Francois
AF_INET@xxxxxx wrote:
Hello all,
i have a problem with the squid_ldap_auth helpers. I'm trying to authenticate against an Active Directory (W3K). For the following command this works fine:
./squid_ldap_auth -b "ou=myOU,dc=foo,dc=domain,dc=com" -s sub -D "squid@xxxxxxxxxxxxxx" -w squidpwd -f "(&(objectcategory=person)(objectclass=user))" -h 10.45.100.10 -p 389
user1 pwd1
OK
The directory structure looks like this
dc=foo,dc=domain,dc=com
ou=myOU
ou=org1
ou=org2
ou=org3
...and so on. So i want to use "dc=foo,dc=domain,dc=com" as a more generic search base. I want to authenticate all users regardless of the OU they are in. But if i do this i get the following errors:
./squid_ldap_auth -b "dc=foo,dc=domain,dc=com" -s sub -D "squid@xxxxxxxxxxxxxx -w squidpwd -f "(&(objectcategory=person)(objectclass=user))" -h 10.45.100.10 -p 389
user1 pwd1
squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server'
ERR Success
Things i tried so far:
Moving the squid user (user i use for the bind to the ad) from cn=Users to the root. Nothing changed.
Tried an ldapsearch with the mentioned searchfilter. Works.
Any suggestions?
Thanks a lot,
Chris
_______________________________________________________________
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192
