Re: [squid-users] LDAP authentication problem

From: Henrik Nordstrom <[email protected]>
Date: Sat, 13 Apr 2002 00:30:27 +0200

On Friday 12 April 2002 15:46, Ciocanel Andreea wrote:

> if i try to search using ldapsearch with "-x" option like this
> ./ldapsearch -x -b "DC=domain,DC=test,DC=net" -h ldap_server
>
> i receive some information from the ldap server

Good. Then your LDAP allows anonymous access. Makes life easier but
has some security implications.. (anyone who can connect using TCP/IP
to your LDAP server can list all your users, their group memberships,
what servers you have and a lot more..)

> if i try to search through the Active directory with an
> authenticate user,
>
> ./ldapsearch -s sub -h lda_server -b "DC=domain,DC=testad,DC=net"
> -D "CN=Users,DC=domain,DC=test,DC=net" -IW u:admin@domain.test.net
> Enter LDAP Password:
> SASL/GSSAPI authentication started
> SASL Interaction
> Please enter your authorization name: domain.test.ro/Users/admin
> ldap_sasl_interactive_bind_s: Local error

You still need the -x option... Actually you will find the same
problem if you leave out the -x option from the first search..

> I have no clue what "authorization name" means.

It is the SASL user identity used to authenticate with. This is
separate from and in addition to the -D LDAP bind DN.

Regards
Henrik
Received on Fri Apr 12 2002 - 16:36:26 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:33 MST