[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP Auth
Dear Adam,
Thank you for your recomendation. Unfortunately I don't have big
expirence in LDAP. Could You explain, how Your recomendation to "create
group objects that contain the dn of the people in them", should look like
in LDAP structure?
Best Regards,
Michael Kondrashin
----- Original Message -----
From: Adam Tauno Williams <adam@morrison-ind.com>
To: <openldap-software@OpenLDAP.org>
Sent: Friday, December 08, 2000 15:38
Subject: Re: LDAP Auth
> >Could you explain me if the following is possible.
> >I've trying to setup LDAP authentication. I'm testing with squid, but I
> >intend it use LDAP authentication with cyrus IMAP. When I migrated all
> >passwd users to LDAP (dn looks like "uid=myname, ou=People, o=MyCompany,
> >c=RU") everything worked, but I want to "enhance" my LDAP tree structure.
I
> >want to organize all users into groups (organizationUnit). First group:
> >"uid=myname, ou=FirstDpt, ou=People, o=MyCompany, c=RU"
> >Second group: "uid=myname, ou=SecondDpt, ou=People, o=MyCompany, c=RU"
> >And so on. When I move my account from "ou=People,..." to "ou=FirstDpt,
> >ou=People,..." authentication doesn't work!
> >If I change SEARCH_BASE in squid_ldap_auth.c to "ou=FirstDpt,
> >ou=People, o=MyCompany, c=RU", authentication works again, but it never
> >authenticate somebody it SecondDpt!
> >How can I setup LDAP, that authentication search would look into all my
> >Departments?
>
> 1. You need to set your "scope" to subtree/sub, it looks like it's set to
"one"
> which is a one level search.
>
> 2. In general I think breaking object into something like departments
won't buy
> you much besides a headache in the long run. If you need to define groups
why
> not just create group objects that contain the dn of the people in them,
and
> leave all the dn's for people in one spot. Or else you'll have to
remove/add
> objects every time someone switches departments, etc...
>
> Systems and Network Administrator
> Morrison Industries
> 1825 Monroe Ave NW.
> Grand Rapids, MI. 49505
>
>
- References:
- LDAP Auth
- From: "Michael Kondrashin" <support@apl.ru>
- Re: LDAP Auth
- From: Adam Tauno Williams <adam@morrison-ind.com>