RE: [squid-users] RE: ldap group

From: Pedro Alte <pedro.alte@dont-contact.us>
Date: Thu, 8 May 2003 15:39:04 +0100

I found out the solution... the "-F" switch of squid_ldap_group.

Pedro.

-----Mensagem original-----
De: Pedro Alte
Enviada: 05/08/2003 14:51
Para: Henrik Nordstrom
Cc: squid-users@squid-cache.org
Assunto: [squid-users] RE: ldap group

The base DN is already the lowest : dc=domain,dc=com.
My filter is "(&(cn=%g)(member=cn=%u))", and the authentication only works if I change it to "(&(cn=%g)(member=cn=%u,ou=firstou,ou=secondou,dc=domain,dc=com))".
It seems that squid needs to know the members' exact location, which I want to avoid, since I have users located in many different OU's.

Pedro.

-----Mensagem original-----
De: Henrik Nordstrom [mailto:hno@squid-cache.org]
Enviada: 05/08/2003 13:12
Para: Pedro Alte
Cc: squid-users@squid-cache.org
Assunto: Re: ldap group

tor 2003-05-08 klockan 13.30 skrev Pedro Alte:
> I use squid_ldap_group to authenticate users in Active Directory and
> it works quite alright, but only if the user and the group are in the
> same OU. How do I use squid_ldap_group to authenticate users under
> diferent OU's?

By using a base DN for squid_ldap_group further up (down) in the LDAP
hierarchy, allowing squid_ldap_group to search in a larger part of your
directory.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.
If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Thu May 08 2003 - 08:48:27 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:24 MST