Re: [squid-users] squid_ldap_group

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 28 Feb 2003 09:45:32 +0100

On Friday 28 February 2003 08.10, mbarton2@csc.com.au wrote:
> ldapsearch -h ldap.some.org.au -b
> "cn=proxygrp,ou=groups,dc=some,dc=org,dc=au,o=Internet"
> "member=cn=user1,ou=people,dc=some,dc=org,dc=au,o=Internet"
>
> prints all users in proxygrp, as does:

It should. All the search is interested in is if there is a group
where this user is member.

To make the search more obvious when testing, only ask for the DN
attribute to be returned (just add "dn" after the search filter).

> -b on squid_ldap_group does not seem to have an "%" substitution to
> add the group name and including a filter for group and the filter
> doesn't work any of the ways I have tried it-
> /usr/local/squid/libexec/squid_ldap_group -h
> ldap://ldap.some.org.au -D "cn=admin,o=Internet" -w "password" -b
> "ou=groups,dc=some,dc=org,dc=au,o=Internet" -f
> "(&(cn=%g)("member=cn=%u,ou=people,dc=some,dc=org,dc=au,o=Internet"
>))"

Looks correct to me, assuming you are using squid_ldap_group from a
nightly snaptshot. What does ldapsearch return for the same filter?

Hmm.. not sure -h accepts ldap URIs, but it most likely do not.. try
using just the hostname.

Regards
Henrik
Received on Fri Feb 28 2003 - 01:44:05 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:45 MST