[squid-users] LDAP Auth Problems

From: Ian <[email protected]>
Date: Sun, 19 Aug 2007 20:19:33 +0200

Hi,

I am using squid_ldap_auth on squid version 2.6.STABLE13+ICAP on
FreeBSD and im trying to authenticate against a 2003 server with the
following setup.

|- DC=my.local

|-- OU=CapeTown
|--- Group = CapeInternet
|--- User = Zelda

|-- OU=Durban
|--- Group = DurbanInternet
|--- User = Jason

|-- OU=Groups
|--- Group = FullInternet

|-- CN=Users
|--- User=Admin

Now the group FullInternet has got a nested member list i.e.
FullInternet has the following members

User=Admin
Group=CapeInternet
Group=DurbanInternet

Then the CapeInternet has a member of User=Zelda and the group
DurbanInternet has a member User=Jason. So its a nested group
statement where the main OU's for the regions are not located in one
container but under the main DC. The members in the Regional OU's are
only members of the their OU's internet group and not part of the full
internet group.

My search filter is as follows:
(&(sAMAccountName=%s)(memberOf=CN=FullInternet,OU=Groups,DC=my,DC=local))

Now, I have got sub tree searching on and always follow referrals and
always derefference aliases is on. When joining the domain I join to
DC=my,DC=local and not into the Users container.

When squid is running i can authenticate the Admin user as that user
is a direct member of the FullInternet group, but I need to get the
users in their regional OU's authenticated if they are down-the-line
members. I also cant put in all the groups into my search string
because there are over 150 ou's that are under the main dc and the
administrator is not willing to change it.

Any ideas as to how I could get this to work?

Thanks in advance,
Ian
Received on Sun Aug 19 2007 - 12:19:40 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT