Hello,
it is working now, HURRA!
I have used -b ="" as you meant, and its working.
Just one final question: When I add a new member to the group, Squid is not
checking it. I have to restart the squid-process, and then it works.
When I call the Group-helper from commandline, it is working immediately.
Can it be, that squid is reading the groupmeberlist only once at startup?
Regards (and MANY thanks)
Stefan
Henrik Nordstrom
<hno@squid-cache.
org> To
Stefan.Vogel@temic.com
04.04.2003 12:17 cc
squid-users@squid-cache.org
Subject
Re: [squid-users] Authentification
against DominoNotes LDAP
fre 2003-04-04 klockan 10.03 skrev Stefan.Vogel@temic.com:
> Hello,
>
> when I try this Syntax with the squid_ldap_goup-Helper, I get ERR
>
> proxytest:/usr/local/squid/libexec # ./squid_ldap_group -b "o=cag" -f "
> (&(cn=%g)(objectClass=groupOfNames)(member=%u))" -F "(&(uid
> =%s)(objectClass=Person))" -d 1 172.25.0.19
> vogels CAS_NU_Internetuser
> Connected OK
> user filter (&(uid=vogels)(objectClass=Person))
> filter
> (&(cn=CAS_NU_Internetuser)(objectClass=groupOfNames)(member=CN=Stefan
> Vogel,OU=nu,OU=eu,OU=au,O=cag))
> ERR
>
> when using this two filters with the LDAPSEARCH on my LDAP-Server
> (DominoNotes 5.11) each filter works:
>
> D:\Lotus\Domino>ldapsearch -h 172.25.0.19 -p 389 "
> (&(cn=CAS_NU_Internetuser)(objectClass=groupOfNames)(member=CN=Stefan
> Vogel,OU=nu,OU=eu,OU=au,O=cag))"
> CN=CAS_NU_Internetuser
> cn=CAS_NU_Internetuser
This looks odd.. the first row returned by ldapsearch is the DN
(Distinguished Name) of the object, but in your case the group does not
seem to have a complete DN indicating where the object belongs in your
LDAP tree, only the last component with the leaf name is shown. See the
user object below for how it should look like..
If this is really true and the group object is names just
"CN=CAS_NU_Internetuser" and not
"CN=CAS_NU_Internetuser,OU=nu,OU=eu,OU=au,O=cag" or something else
belonging to your organisation this object won't be found by the filter
as it is not located below your specified base DN, and is very wrong
from an LDAP perspective. If you want to have your LDAP tree in such odd
manner then try specifying a blank base dn, but I cannot promise this
will work...
> D:\Lotus\Domino>ldapsearch -h 172.25.0.19 -p 389 "
> (&(uid=vogels)(objectClass=Person))"
> CN=Stefan Vogel,OU=nu,OU=eu,OU=au,O=cag
> cn=Stefan Vogel
This looks like expected. First a correct DN of the user object
indicating exacly where this object belongs in your LDAP tree, followed
by the attribute values in the object.
Regards
Henrik
-- Free Squid-users support provided by Henrik Nordstr�m <hno@squid-cache.org> PayPal donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org&cn=Comment If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [email protected]Received on Fri Apr 04 2003 - 07:20:41 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:41 MST