I found out the solution... the "-F" switch of squid_ldap_group.
Pedro.
-----Mensagem original-----
De: Pedro Alte
Enviada: 05/08/2003 14:51
Para: Henrik Nordstrom
Cc: squid-users@squid-cache.org
Assunto: [squid-users] RE: ldap group
The base DN is already the lowest : dc=domain,dc=com.
My filter is "(&(cn=%g)(member=cn=%u))", and the authentication only works if I change it to "(&(cn=%g)(member=cn=%u,ou=firstou,ou=secondou,dc=domain,dc=com))".
It seems that squid needs to know the members' exact location, which I want to avoid, since I have users located in many different OU's.
Pedro.
-----Mensagem original-----
De: Henrik Nordstrom [mailto:hno@squid-cache.org]
Enviada: 05/08/2003 13:12
Para: Pedro Alte
Cc: squid-users@squid-cache.org
Assunto: Re: ldap group
tor 2003-05-08 klockan 13.30 skrev Pedro Alte:
> I use squid_ldap_group to authenticate users in Active Directory and
> it works quite alright, but only if the user and the group are in the
> same OU. How do I use squid_ldap_group to authenticate users under
> diferent OU's?
By using a base DN for squid_ldap_group further up (down) in the LDAP
hierarchy, allowing squid_ldap_group to search in a larger part of your
directory.
Regards
Henrik
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Thu May 08 2003 - 08:48:27 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:24 MST