Re: [squid-users] Authentification against DominoNotes LDAP

From: <[email protected]>
Date: Fri, 4 Apr 2003 16:20:19 +0200

Hello,

it is working now, HURRA!

I have used -b ="" as you meant, and its working.

Just one final question: When I add a new member to the group, Squid is not
checking it. I have to restart the squid-process, and then it works.

When I call the Group-helper from commandline, it is working immediately.

Can it be, that squid is reading the groupmeberlist only once at startup?

Regards (and MANY thanks)

Stefan

                                                                           
             Henrik Nordstrom
             <hno@squid-cache.
             org> To
                                       Stefan.Vogel@temic.com
             04.04.2003 12:17 cc
                                       squid-users@squid-cache.org
                                                                   Subject
                                       Re: [squid-users] Authentification
                                       against DominoNotes LDAP
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           

fre 2003-04-04 klockan 10.03 skrev Stefan.Vogel@temic.com:
> Hello,
>
> when I try this Syntax with the squid_ldap_goup-Helper, I get ERR
>
> proxytest:/usr/local/squid/libexec # ./squid_ldap_group -b "o=cag" -f "
> (&(cn=%g)(objectClass=groupOfNames)(member=%u))" -F "(&(uid
> =%s)(objectClass=Person))" -d 1 172.25.0.19
> vogels CAS_NU_Internetuser
> Connected OK
> user filter (&(uid=vogels)(objectClass=Person))
> filter
> (&(cn=CAS_NU_Internetuser)(objectClass=groupOfNames)(member=CN=Stefan
> Vogel,OU=nu,OU=eu,OU=au,O=cag))
> ERR
>
> when using this two filters with the LDAPSEARCH on my LDAP-Server
> (DominoNotes 5.11) each filter works:
>
> D:\Lotus\Domino>ldapsearch -h 172.25.0.19 -p 389 "
> (&(cn=CAS_NU_Internetuser)(objectClass=groupOfNames)(member=CN=Stefan
> Vogel,OU=nu,OU=eu,OU=au,O=cag))"
> CN=CAS_NU_Internetuser
> cn=CAS_NU_Internetuser

This looks odd.. the first row returned by ldapsearch is the DN
(Distinguished Name) of the object, but in your case the group does not
seem to have a complete DN indicating where the object belongs in your
LDAP tree, only the last component with the leaf name is shown. See the
user object below for how it should look like..

If this is really true and the group object is names just
"CN=CAS_NU_Internetuser" and not
"CN=CAS_NU_Internetuser,OU=nu,OU=eu,OU=au,O=cag" or something else
belonging to your organisation this object won't be found by the filter
as it is not located below your specified base DN, and is very wrong
from an LDAP perspective. If you want to have your LDAP tree in such odd
manner then try specifying a blank base dn, but I cannot promise this
will work...

> D:\Lotus\Domino>ldapsearch -h 172.25.0.19 -p 389 "
> (&(uid=vogels)(objectClass=Person))"
> CN=Stefan Vogel,OU=nu,OU=eu,OU=au,O=cag
> cn=Stefan Vogel

This looks like expected. First a correct DN of the user object
indicating exacly where this object belongs in your LDAP tree, followed
by the attribute values in the object.

Regards
Henrik

--
Free Squid-users support provided by Henrik Nordstr�m <hno@squid-cache.org>
PayPal donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org&cn=Comment
If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [email protected]
Received on Fri Apr 04 2003 - 07:20:41 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:41 MST