Re: [squid-users] Authentification against DominoNotes LDAP from Stefan.Vogel@dont-contact.us on 2003-04-04 (squid-users)

From: <Stefan.Vogel@dont-contact.us>
Date: Fri, 4 Apr 2003 10:03:39 +0200

Hello,

when I try this Syntax with the squid_ldap_goup-Helper, I get ERR

proxytest:/usr/local/squid/libexec # ./squid_ldap_group -b "o=cag" -f "
(&(cn=%g)(objectClass=groupOfNames)(member=%u))" -F "(&(uid
=%s)(objectClass=Person))" -d 1 172.25.0.19
      vogels CAS_NU_Internetuser
      Connected OK
      user filter (&(uid=vogels)(objectClass=Person))
      filter
(&(cn=CAS_NU_Internetuser)(objectClass=groupOfNames)(member=CN=Stefan
Vogel,OU=nu,OU=eu,OU=au,O=cag))
      ERR

when using this two filters with the LDAPSEARCH on my LDAP-Server
(DominoNotes 5.11) each filter works:

D:\Lotus\Domino>ldapsearch -h 172.25.0.19 -p 389 "
(&(cn=CAS_NU_Internetuser)(objectClass=groupOfNames)(member=CN=Stefan
Vogel,OU=nu,OU=eu,OU=au,O=cag))"
      CN=CAS_NU_Internetuser
      cn=CAS_NU_Internetuser
      mail=CAS_NU_Internetuser@contiteves.com
      objectclass=top
      objectclass=groupOfNames
      objectclass=dominoGroup
      member=CN=Klaus Steger,OU=nu,OU=eu,OU=au,O=cag
      member=CN=Stefan Vogel,OU=nu,OU=eu,OU=au,O=cag

D:\Lotus\Domino>ldapsearch -h 172.25.0.19 -p 389 "
(&(uid=vogels)(objectClass=Person))"
      CN=Stefan Vogel,OU=nu,OU=eu,OU=au,O=cag
      cn=Stefan Vogel
      shortname=VogelS
      uid=VogelS
      mail=Stefan.Vogel@temic.com
      objectclass=top
      objectclass=person
      objectclass=organizationalPerson
      objectclass=inetOrgPerson
      objectclass=dominoPerson
      givenname=Stefan
      sn=Vogel

I think it should work but it doesn't

BTW: The ldapsearch-results are not cutted. What are you missing?

Regards
Stefan

             Henrik Nordstrom
             <hno@squid-cache.
             org> To
                                       Stefan.Vogel@temic.com
             03.04.2003 17:38 cc
                                       squid-users@squid-cache.org
                                                                   Subject
                                       Re: [squid-users] Authentification
                                       against DominoNotes LDAP

tor 2003-04-03 klockan 17.06 skrev Stefan.Vogel@temic.com:

> The ldapsearch shows:
> D:\Lotus\Domino>ldapsearch -h 172.25.0.19 -p 389 "
> (&(cn=CAS_NU_Internetuser)(obj
> ectClass=groupOfNames)(member=CN=Stefan
> Vogel,OU=nu,OU=eu,OU=au,O=cag))"
>
> CN=CAS_NU_Internetuser
> cn=CAS_NU_Internetuser
> mail=CAS_NU_Internetuser@contiteves.com
> objectclass=top
> objectclass=groupOfNames
> objectclass=dominoGroup
> member=CN=Klaus Steger,OU=nu,OU=eu,OU=au,O=cag
> member=CN=Stefan Vogel,OU=nu,OU=eu,OU=au,O=cag
>
>
> Changing the -F to the same as in the ldap_auth has no effect. and
changing
> to %g has also no effect.
>
> Is it possible, that in "member=%u" the %u is not correctly set as "CN
> =.....,OU=..."? Can I check this in some way?

The squid_ldap_group helper has a undocumented debug flag you can use to
inspect the expanded search filters. Run the helper manually and add -d
1 to the command line arguments before the server name.

The DN in the results of your ldapsearch commands looks a bit odd to
me.. only seem to contain the last component, not the full DN, but maybe
this is just an artefact of your ldapsearch command..

Regards
Henrik

--
Free Squid-users support provided by Henrik Nordström <hno@squid-cache.org>
PayPal donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org&cn=Comment
If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com

Received on Fri Apr 04 2003 - 01:04:04 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:40 MST