[squid-users] Re: squid_ldap_group syntax from Marcio Garcia on 2010-12-02 (squid-users)

From: Marcio Garcia <marciogarcia_at_gmail.com>
Date: Thu, 2 Dec 2010 18:12:22 +0000

Hello,

Thanks for all, I found the solution:

squid_ldap_group -s sub -b "dc=example,dc=com" -D
"cn=proxy,cn=adminusers,dc=example,dc=com" -w 'test' -f
"(&(objectClass=person)(sAMAccountName=%u)(memberOf=cn=%g,ou=groups,dc=example,dc=com))"
-h "192.168.4.3" -K -R

Now it�s working fine... kerberos(SSO) + AD (users and groups)
integration (Squid ACL�s)-

Just added the options "-s sub" and "-R".

Thanks,

Marcio Garcia

On 30 November 2010 18:19, Marcio Garcia <marciogarcia_at_gmail.com> wrote:
>
> Hello,
>
> � �I am having some problems to build my own syntax with
> squid_ldap_group against AD because I have users in different OUs,
> like bellow:
>
> � �dc=example,dc=com
> � � � �|
> � � � �ou=department1,dc=example,dc=com
> � � � � � �|
> � � � � � �dn: cn=user 1,ou=department1,dc=example,dc=com
> � � � � � � � � �objectClass=person
> � � � � � � � � �samAccountName=user1
> � � � � � � � � �memberOf=cn=facebook,ou=groups,dc=example,dc=com
> � � � � � � � � �memberOf=cn=youtube,ou=groups,dc=example,dc=com
> � � � � � � � � �....
> � � � �|
> � � � �ou=department2,dc=example,dc=com
> � � � � � �|
> � � � � � �dn: cn=user 2,ou=department2,dc=example,dc=com
> � � � � � � � � �objectClass=person
> � � � � � � � � �samAccountName=user2
> � � � � � � � � �memberOf=cn=facebook,ou=groups,dc=example,dc=com
> � � � � � � � � �memberOf=cn=youtube,ou=groups,dc=example,dc=com
> � � � � � � � � �memberOf=cn=linkedin,ou=groups,dc=example,dc=com
> � � � � � � � � �....
> � � �|
> � � � �ou=department3,dc=example,dc=com
> � � � � � �|
> � � � � � �dn: cn=user 3,ou=department3,dc=example,dc=com
> � � � � � � � � �objectClass=person
> � � � � � � � � �samAccountName=user3
> � � � � � � � � �memberOf=cn=allowed,ou=groups,dc=example,dc=com
> � � � � � � � � �memberOf=cn=denied,ou=groups,dc=example,dc=com
> � � � � � � � � �....
>
> � �This is my squid_ldap_group syntax:
>
> � �squid_ldap_group -b "dc=example,dc=com" -D
> "cn=proxy,cn=adminusers,dc=example,dc=com" -w 'test' -f
> "(&(objectClass=person)(sAMAccountName=%u)(memberOf=cn=%g,ou=groups,dc=example,dc=com))"
> -h "192.168.4.3" -K
>
> � �And the testes:
>
> � �user1 facebook
> � �ERR
>
> � �user2 linkedin
> � �ERR
>
> � �user3 allowed
> � �ERR
>
> � �PS: I am using kerberos authentication and it works fine and I
> don�t know why I am having the error above.
>
>
> Thanks,
>
> Marcio Garcia
Received on Thu Dec 02 2010 - 18:12:49 MST

This archive was generated by hypermail 2.2.0 : Thu Dec 02 2010 - 12:00:01 MST