On Wed, 5 Nov 2003, Squid Users wrote: > Ok still stumped, > > namingContexts: DC=bdmn,DC=foo,DC=com > namingContexts: CN=Schema,CN=Configuration,DC=foo,DC=com > namingContexts: CN=Configuration,DC=foo,DC=com > > auth_param basic program /usr/local/squid/bin/squid_ldap_auth -u cn -b > cn=users,dc=bdmn,dc=foo,dc=com 10.61.1.248 > auth_param basic children 5 > > I am still unable to authenticate.
Have you verified that the users are named as you think they are? Try ldapsearch -x -b "cn=users,dc=bdmn,dc=foo,dc=com" "" CN this should give you a list of your users in your "users" container and their CN (CommonName) attributes, each user starting with the DN (DistinguishedName) of their user object. Once you have the DN of a user you can inspect the details of this user using ldapserach ldapsearch -x -b "DN of a user" -s base "" You can also try using ldapsearch to login as the user ldapsearch -x -b "cn=users,dc=bdmn,dc=foo,dc=com" -D "cn=aloginname,cn=users,dc=bdmn,dc=foo,dc=com" -W "cn=aloginname" The -D flag specifies the DN of the user you want to log in as. After these excersises please see the examples in the squid_ldap_auth manual again. > auth_param basic program /usr/local/squid/bin/squid_ldap_auth -b > dc=bdmn,dc=foo,dc=com 10.61.1.248 This certainly won't work with AD. With these parameters the squid_ldap_auth helper assumes the DN of the user object looks like uid=aloginname,dc=bdmn,dc=foo,dc=com which is not the case in AD or mostly any other LDAP directory. Regards Henrik
