you need to specify is usually the base DN under where your users
are located and the server name:
.IP
-.if !'po4a'hide' .R basic_ldap_auth -b "ou=people,dc=your,dc=domain" ldapserver
+.if !'po4a'hide' .B basic_ldap_auth -b "ou=people,dc=your,dc=domain" ldapserver
.PP
If you have sub\-domains then you need to use a search filter approach
to locate your user DNs as these can no longer be constructed direcly
from the base DN and login name alone:
.IP
-.if !'po4a'hide' .R basic_ldap_auth -b "dc=your,dc=domain" -f "uid=%s" ldapserver
+.if !'po4a'hide' .B basic_ldap_auth -b "dc=your,dc=domain" -f "uid=%s" ldapserver
.PP
And similarily if you only want to allow access to users having a
specific attribute
.IP
-.if !'po4a'hide' .R basic_ldap_auth -b "dc=your,dc=domain" -f "(&(uid=%s)(specialattribute=value))" ldapserver
+.if !'po4a'hide' .B basic_ldap_auth -b "dc=your,dc=domain" -f "(&(uid=%s)(specialattribute=value))" ldapserver
.PP
Or if the user attribute of the user DN is
.B "cn"
and you do not want to have to search for the users then you could use something
like the following example for Active Directory:
.IP
-.if !'po4a'hide' .R basic_ldap_auth -u cn -b "cn=Users,dc=your,dc=domain" ldapserver
+.if !'po4a'hide' .B basic_ldap_auth -u cn -b "cn=Users,dc=your,dc=domain" ldapserver
.PP
If you want to search for the user DN and your directory does not allow
anonymous searches then you must also use the
flags to specify a user DN and password to log in as to perform the searches, as in the
following complex Active Directory example
.IP
-.if !'po4a'hide' .R basic_ldap_auth -P -R -b "dc=your,dc=domain" -D "cn=squid,cn=users,dc=your,dc=domain" -w "secretsquidpassword" -f "(&(userPrincipalName=%s)(objectClass=Person))" activedirectoryserver
+.if !'po4a'hide' .B basic_ldap_auth -P -R -b "dc=your,dc=domain" -D "cn=squid,cn=users,dc=your,dc=domain" -w "secretsquidpassword" -f "(&(userPrincipalName=%s)(objectClass=Person))" activedirectoryserver
.
.PP
.B NOTE:
projects / thirdparty / squid.git / commitdiff
