On Friday 28 February 2003 08.10, mbarton2@csc.com.au wrote:
> ldapsearch -h ldap.some.org.au -b
> "cn=proxygrp,ou=groups,dc=some,dc=org,dc=au,o=Internet"
> "member=cn=user1,ou=people,dc=some,dc=org,dc=au,o=Internet"
>
> prints all users in proxygrp, as does:
It should. All the search is interested in is if there is a group
where this user is member.
To make the search more obvious when testing, only ask for the DN
attribute to be returned (just add "dn" after the search filter).
> -b on squid_ldap_group does not seem to have an "%" substitution to
> add the group name and including a filter for group and the filter
> doesn't work any of the ways I have tried it-
> /usr/local/squid/libexec/squid_ldap_group -h
> ldap://ldap.some.org.au -D "cn=admin,o=Internet" -w "password" -b
> "ou=groups,dc=some,dc=org,dc=au,o=Internet" -f
> "(&(cn=%g)("member=cn=%u,ou=people,dc=some,dc=org,dc=au,o=Internet"
>))"
Looks correct to me, assuming you are using squid_ldap_group from a
nightly snaptshot. What does ldapsearch return for the same filter?
Hmm.. not sure -h accepts ldap URIs, but it most likely do not.. try
using just the hostname.
Regards
Henrik
Received on Fri Feb 28 2003 - 01:44:05 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:45 MST