[squid-users] Squid_ldap_auth stupid question
Hi all, I have a stupid question with ldap_auth, its really a squid question - when I use a user of test\test to get in the ldap domain it removes the \ on the authenticate parameters line, if I escape it (\\) it puts two backslashes - I've tried a few different weird combinations and can't get it right... Any ideas?
Re: [squid-users] Squid_ldap_auth stupid question
On Tue, 17 Feb 2004, Dave Raven wrote: I have a stupid question with ldap_auth, its really a squid question - when I use a user of test\test to get in the ldap domain it removes the \ on the authenticate parameters line Is this in the auth_param basic program line for binding as a search user, or in the login request from the browser? LDAP very rarely have \ in login names. LDAP is not NT Domain and is structured very differently from NT domains. Regards Henrik
RE: [squid-users] Squid_ldap_auth stupid question
To bind a search user - I have to use the test\ part or the login fails and I can't change the AD server.. -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: 17 February 2004 01:40 PM To: Dave Raven Cc: [EMAIL PROTECTED] Subject: Re: [squid-users] Squid_ldap_auth stupid question On Tue, 17 Feb 2004, Dave Raven wrote: I have a stupid question with ldap_auth, its really a squid question - when I use a user of test\test to get in the ldap domain it removes the \ on the authenticate parameters line Is this in the auth_param basic program line for binding as a search user, or in the login request from the browser? LDAP very rarely have \ in login names. LDAP is not NT Domain and is structured very differently from NT domains. Regards Henrik
RE: [squid-users] Squid_ldap_auth stupid question
On Tue, 17 Feb 2004, Dave Raven wrote: To bind a search user - I have to use the test\ part or the login fails and I can't change the AD server.. I never used \ in any AD LDAP logins, but I have to admit that I never have tried to create a user with \ in his name if this is what you refer to. What is the exact login DN you specify to squid_ldap_auth? The login DN is not a login name, it is the LDAP object name of the user object to bind to, usually cn=user name, cn=users, dc=company, dc=com Regards Henrik
RE: [squid-users] Squid_ldap_auth stupid question
-D binddn DN to bind as to perform searches -w bindpasswd password for binddn I'm using those two options - I assumed that -D domain\user -w userpassword was correct for what I'm trying - is this wrong? I have a Java ldap program - if I append the base DN or anything to that to login it fails, including if I just use the user - but if I have the domain\user it logs in fine. I've spoken to the people who run the AD server and they also say I will have to login with domain\user ? Is there a way around this? Thanks Dave -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: 17 February 2004 02:21 PM To: Dave Raven Cc: [EMAIL PROTECTED] Subject: RE: [squid-users] Squid_ldap_auth stupid question On Tue, 17 Feb 2004, Dave Raven wrote: To bind a search user - I have to use the test\ part or the login fails and I can't change the AD server.. I never used \ in any AD LDAP logins, but I have to admit that I never have tried to create a user with \ in his name if this is what you refer to. What is the exact login DN you specify to squid_ldap_auth? The login DN is not a login name, it is the LDAP object name of the user object to bind to, usually cn=user name, cn=users, dc=company, dc=com Regards Henrik
RE: [squid-users] Squid_ldap_auth stupid question
On Tue, 17 Feb 2004, Dave Raven wrote: -D binddn DN to bind as to perform searches -w bindpasswd password for binddn I'm using those two options - I assumed that -D domain\user -w userpassword was correct for what I'm trying - is this wrong? This is wrong. You are supposed to specify the LDAP DN of the user object. If unsure use a LDAP tool to search for the user object you want to bind to. I wrote: The login DN is not a login name, it is the LDAP object name of the user object to bind to, usually cn=user name, cn=users, dc=company, dc=com Regards Henrik