Re: [squid-users] problem with squid_ldap_group

From: Henrik Nordstr�m <henrik_at_henriknordstrom.net>
Date: Thu, 26 Jan 2012 20:12:21 +0100

tor 2012-01-26 klockan 10:20 +0400 skrev CyberSoul:

> dn: CN=internetusers,OU=KNG-Services,DC=kng,DC=local
> member: CN=ldapreader,OU=KNG-Services,DC=kng,DC=local

member have full LDAP DNs.
> Well, command for authorized by users I used is:
> /usr/lib/squid/squid_ldap_auth -R -D ldapreader_at_kng.local -w "12345678" \
> -b "dc=kng,dc=local" -f "sAMAccountName=%s" -h 192.168.4.100
> and it's work:
> ldapreader 12345678
> OK

Good. So you know how to look up users. Not reuse that in
squid_ldap_group as documented in it's man page. The two are closely
related.

squid_ldap_group -R -D ldapreader_at_kng.local -w "12345678" \
-b "dc=kng,dc=local" -F "sAMAccountName=%s" -h 192.168.4.100 \
-f "(&(objectClass=group)(member=%s))"

note the -F which needs to be the same as -f to squid_ldap_auth. This
allows squid_ldap_group to locate the user object (DN) enabling it to
then lookup DN based group membership.

Regards
Henrik
Received on Thu Jan 26 2012 - 19:12:58 MST

This archive was generated by hypermail 2.2.0 : Fri Jan 27 2012 - 12:00:03 MST