RE: [squid-users] RE: Question about ldapsearch argument!
Dear Henrik, I have searched but I found name: my user ID, for example in the output of LDAP. As much as I know I don't have any option about this in squid_ldap_auth so how can I tell my squid_ldap_auth to search for a special username? Could you provide any example? Regards Hamed -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 14, 2004 9:18 PM To: Hamed Majnoonian Cc: 'Henrik Nordstrom'; [EMAIL PROTECTED] Subject: [squid-users] RE: Question about ldapsearch argument! On Wed, 14 Jan 2004, Hamed Majnoonian wrote: Yes it has retuned about 89 records that I found a lot of information about my users in my AD. The only problem that I am trying so solve is the argument that I should tell my Squid_ldap_auth to search my AD to authenticate the user. Look into the record of one user. There should be an attribute containing the login name. Then use this attribute name in your search filter. Also about the authentication of the last argument I used -W to have a login prompt when I was trying to tell ldapsearch to search my active directory. You also need the -D argument in such case.. Regards Henrik
RE: [squid-users] RE: Question about ldapsearch argument!
Dear Henrik, Here is your suggestion and the answer that machine has retruned. Swordfish# ldapsearch -h 192.168.2.2 -vx -D CN=administrator,CN=users,DC=hov,DC=butanegroup,DC=COM -W ldap_init( 192.168.2.2, 0 ) Enter LDAP Password: filter: (objectclass=*) requesting: ALL # extended LDIF # # LDAPv3 # base with scope sub # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object text: 208D: NameErr: DSID-03100193, problem 2001 (NO_OBJECT), data 0, bes t match of: '' # numResponses: 1 ### I also tried to add -b dc=hov,dc=butanegroup,dc=com to the end of my argument but the number of replies increased to 1002 and still computer names in my AD !! Regards and thank you Hamed -Original Message- From: Hamed Majnoonian [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 14, 2004 9:24 PM To: 'Henrik Nordstrom' Cc: [EMAIL PROTECTED] Subject: RE: [squid-users] RE: Question about ldapsearch argument! Dear Henrik, I have searched but I found name: my user ID, for example in the output of LDAP. As much as I know I don't have any option about this in squid_ldap_auth so how can I tell my squid_ldap_auth to search for a special username? Could you provide any example? Regards Hamed -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 14, 2004 9:18 PM To: Hamed Majnoonian Cc: 'Henrik Nordstrom'; [EMAIL PROTECTED] Subject: [squid-users] RE: Question about ldapsearch argument! On Wed, 14 Jan 2004, Hamed Majnoonian wrote: Yes it has retuned about 89 records that I found a lot of information about my users in my AD. The only problem that I am trying so solve is the argument that I should tell my Squid_ldap_auth to search my AD to authenticate the user. Look into the record of one user. There should be an attribute containing the login name. Then use this attribute name in your search filter. Also about the authentication of the last argument I used -W to have a login prompt when I was trying to tell ldapsearch to search my active directory. You also need the -D argument in such case.. Regards Henrik
RE: [squid-users] RE: Question about ldapsearch argument!
On Wed, 14 Jan 2004, Hamed Majnoonian wrote: I have searched but I found name: my user ID, for example in the output of LDAP. As much as I know I don't have any option about this in squid_ldap_auth so how can I tell my squid_ldap_auth to search for a special username? Could you provide any example? See the -f argument and the man page. Regards Henrik
RE: [squid-users] Re: Question about ldapsearch argument!
Hamed can you please let me know what is your ldap client and ldap server??? Probably I can give some help on Squid mailing list for ldap server :-) BR Mohammad -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: 13 January 2004 22:12 To: Hamed Majnoonian Cc: Henrik Nordstrom; [EMAIL PROTECTED] Subject: [squid-users] Re: Question about ldapsearch argument! On Tue, 13 Jan 2004, Hamed Majnoonian wrote: 1- The name of my domain is juno.hov.butanegroup.com - juno is the name of my active directory and the rest is the domain name. Ok. 2- Here is my Ldapsearch argument: /Ldapsearch -h 192.168.2.2 -xv -b dc=juno,dc=hov,dc=butanegroup,dc=com uid=administrator Was anything returned? Most AD servers do not allow anonymous searches of the directory, and you may need to specify a bind DN and password to bind as while performing the search. Also AD does not make use of the uid attribute last time I looked, so unless you have defined this attribute in your directory the search filter is unlikely to return anything. As searches is not allowed you have to guess what the DN to bind as is or use a Windows LDAP tool to browse the directory while logged on to the domain. But the DN for administrator should be CN=Administrator,CN=Users,DC=juno,dc=hoc,dc=butanegroup,dc=com Assuming your AD name is juno.hoc.butanegroup.com (should show up as @juno.hoc.butanegroup.com in the login screen and in the user manager). Regards Henrik