[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP Auth
>Could you explain me if the following is possible.
>I've trying to setup LDAP authentication. I'm testing with squid, but I
>intend it use LDAP authentication with cyrus IMAP. When I migrated all
>passwd users to LDAP (dn looks like "uid=myname, ou=People, o=MyCompany,
>c=RU") everything worked, but I want to "enhance" my LDAP tree structure. I
>want to organize all users into groups (organizationUnit). First group:
>"uid=myname, ou=FirstDpt, ou=People, o=MyCompany, c=RU"
>Second group: "uid=myname, ou=SecondDpt, ou=People, o=MyCompany, c=RU"
>And so on. When I move my account from "ou=People,..." to "ou=FirstDpt,
>ou=People,..." authentication doesn't work!
>If I change SEARCH_BASE in squid_ldap_auth.c to "ou=FirstDpt,
>ou=People, o=MyCompany, c=RU", authentication works again, but it never
>authenticate somebody it SecondDpt!
>How can I setup LDAP, that authentication search would look into all my
>Departments?
1. You need to set your "scope" to subtree/sub, it looks like it's set to "one"
which is a one level search.
2. In general I think breaking object into something like departments won't buy
you much besides a headache in the long run. If you need to define groups why
not just create group objects that contain the dn of the people in them, and
leave all the dn's for people in one spot. Or else you'll have to remove/add
objects every time someone switches departments, etc...
Systems and Network Administrator
Morrison Industries
1825 Monroe Ave NW.
Grand Rapids, MI. 49505
- References:
- LDAP Auth
- From: "Michael Kondrashin" <support@apl.ru>