[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squid-users
Subject:    Re: WG: [squid-users] WG: ldap_group_helper crashing-too-rapidly
From:       Henrik Nordstrom <hno () squid-cache ! org>
Date:       2005-05-31 12:51:29
Message-ID: Pine.LNX.4.61.0505311447080.3393 () localhost ! localdomain
[Download RAW message or body]



On Tue, 31 May 2005 martin.mueller@stadt.wolfsburg.de wrote:

> the AD tree root is test.domain.de und the servername is dc1
>
> so i thing this should be correct after reading the squid_ldap_auth -h
> output:
>
> ./squid_ldap_auth -b test.domain.de -h 192.168.1.1 -f "SamAccountName=%s"

This is not a correct LDAP base DN.

Your base DN is most likely

    dc=test,dc=domain,dc=de

and additionally many AD installations does not support anonymous searches 
so you quite likely need to provide a binddn and bindpassword for the 
search to work. It appears you can use the user@realm syntax for the 
binddn to AD but officially it should be the LDAP DN of the user object.

AD can sometimes be slightly confusing in that the terms used in the 
native AD interface is significantly simplified compared to the terms used 
in the LDAP interface.

Regards
Henrik
[prev in list] [next in list] [prev in thread] [next in thread]