[Date Prev][Date Next]
Re: LDAP Auth
Thank you for your recomendation. Unfortunately I don't have big
expirence in LDAP. Could You explain, how Your recomendation to "create
group objects that contain the dn of the people in them", should look like
in LDAP structure?
----- Original Message -----
From: Adam Tauno Williams <email@example.com>
Sent: Friday, December 08, 2000 15:38
Subject: Re: LDAP Auth
> >Could you explain me if the following is possible.
> >I've trying to setup LDAP authentication. I'm testing with squid, but I
> >intend it use LDAP authentication with cyrus IMAP. When I migrated all
> >passwd users to LDAP (dn looks like "uid=myname, ou=People, o=MyCompany,
> >c=RU") everything worked, but I want to "enhance" my LDAP tree structure.
> >want to organize all users into groups (organizationUnit). First group:
> >"uid=myname, ou=FirstDpt, ou=People, o=MyCompany, c=RU"
> >Second group: "uid=myname, ou=SecondDpt, ou=People, o=MyCompany, c=RU"
> >And so on. When I move my account from "ou=People,..." to "ou=FirstDpt,
> >ou=People,..." authentication doesn't work!
> >If I change SEARCH_BASE in squid_ldap_auth.c to "ou=FirstDpt,
> >ou=People, o=MyCompany, c=RU", authentication works again, but it never
> >authenticate somebody it SecondDpt!
> >How can I setup LDAP, that authentication search would look into all my
> 1. You need to set your "scope" to subtree/sub, it looks like it's set to
> which is a one level search.
> 2. In general I think breaking object into something like departments
> you much besides a headache in the long run. If you need to define groups
> not just create group objects that contain the dn of the people in them,
> leave all the dn's for people in one spot. Or else you'll have to
> objects every time someone switches departments, etc...
> Systems and Network Administrator
> Morrison Industries
> 1825 Monroe Ave NW.
> Grand Rapids, MI. 49505
- LDAP Auth
- From: "Michael Kondrashin" <firstname.lastname@example.org>
- Re: LDAP Auth
- From: Adam Tauno Williams <email@example.com>