[squid-users] RE: Question about ldapsearch argument!

From: Hamed Majnoonian <sharpknifeedge@dont-contact.us>
Date: Wed, 14 Jan 2004 17:50:04 +0330

Dear Henrik,

Yes it has retuned about 89 records that I found a lot of information about
my users in my AD. The only problem that I am trying so solve is the
argument that I should tell my Squid_ldap_auth to search my AD to
authenticate the user. Also about the authentication of the last argument I
used -W to have a login prompt when I was trying to tell ldapsearch to
search my active directory.

Regards
Hamed

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Wednesday, January 14, 2004 1:42 AM
To: Hamed Majnoonian
Cc: Henrik Nordstrom; squid-users@squid-cache.org
Subject: Re: Question about ldapsearch argument!

On Tue, 13 Jan 2004, Hamed Majnoonian wrote:

> 1- The name of my domain is "juno.hov.butanegroup.com" - juno is the
> name of my active directory and the rest is the domain name.

Ok.

> 2- Here is my Ldapsearch argument: /Ldapsearch -h 192.168.2.2 -xv -b
> dc=juno,dc=hov,dc=butanegroup,dc=com "uid=administrator"

Was anything returned?

Most AD servers do not allow anonymous searches of the directory, and you
may need to specify a bind DN and password to bind as while performing the
search.

Also AD does not make use of the uid attribute last time I looked, so
unless you have defined this attribute in your directory the search filter
is unlikely to return anything.

As searches is not allowed you have to "guess" what the DN to bind as is
or use a "Windows" LDAP tool to browse the directory while logged on to
the domain.

But the DN for administrator should be

   CN=Administrator,CN=Users,DC=juno,dc=hoc,dc=butanegroup,dc=com

Assuming your AD name is juno.hoc.butanegroup.com (should show up as
@juno.hoc.butanegroup.com in the login screen and in the user manager).

Regards
Henrik
Received on Wed Jan 14 2004 - 07:20:15 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:06 MST