m�n 2003-09-08 klockan 16.24 skrev Corrado Azzaloni: > Thank you for response. > > My NDS tree is: > o=main > ou=msy > ou=adr > cn=myname > ou=amm > ou=swd > ou=.... > > From command line i wrote: > /usr/lib/squid/squid_ldap_auth -b ou=msy,o=main -h 10.5.83.240 -p 389 -u cn > or
Can not work as your user is cn=myname,ou=adr,ou=msy,o=main, not cn=myname,ou=msy,o=main. If you want to authenticate to users in multiple ou then you need to use the search mode of the helper to first locate the users DN the helper should bind to when validating the password. See the -f option. > /usr/lib/squid/squid_ldap_auth -b ou=adr,ou=msy,o=main -h 10.5.83.240 -p > 389 -u cn Both of these will be rejected by NDS in default security configuration of NDS as the login is not encrypted. See previous response how to tell squid_ldap_auth to use LDAP over SSL to encrypt the traffic. SSL encryption requires a SSL certificate to be installed in your NDS server if not done already. See your NDS administrators guide for how to install a certificate in the NDS server. Note: The type of encryption expected by NDS is LDAPv2 over SSL, also known as ldaps://. This is different from the more modern TLS encrypted LDAP known as TLS encrypted LDAPv3 or STARTTLS. > With ldapsearch i reached NDS tree, but i've to use -x option (simple auth). -x just disables the use SASL. To actually use simple auth you also need to use the -D and -W options to ldapsearch (both required). Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
