fre 2006-03-10 klockan 12:27 +0100 skrev Werner.Rost@zf.com:
> squid_ldap_auth (of Squid 2.5 Stable 12) works fine with this script:
>
> /usr/local/squid/libexec/squid_ldap_auth \
> -h ldapserver \
> -D "cn=adminaccount,ou=Service Accounts,ou=_SiteMgmt,ou=BNN,ou=DE,dc=emea,dc=company,dc=com" \
> -w "topsecret" \
> -b "ou=DE,dc=emea,company,dc=com" \
> -f sAMAccountName=%s
>
> But our AD structure looks like:
>
> emea.company.com
> CH
> CZ
> DE
> DK
> ES
> ...
>
>
> The script above should say "OK" if the user is valid in ou=DE or ou=CH or ou=CZ or ...
>
> I guess I need an intelligent filter "-f" to do this. Any ideas?
Should work by just moving up the base DN to
"dc=emea,dc=company,dc=com". This will search in all the ou:s in the
LDAP tree.
To ensure there is no mistakes I would make the filter a little more
explicit, only looking for user objects. Unfortunately I do not remember
the objectClass used in AD for normal users... but it will work either
way (just that without this it is technically possible to log on using a
workstation account or similar provided you can guess the password..)
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:03 MST