RE: [squid-users] Squid ldap_group

From: Guillermo Ettlin <GEttlin@dont-contact.us>
Date: Mon, 1 Sep 2003 14:00:04 -0300

I change the filter for:

-f "(&(cn=%g)(member=%u))"

Because member is the attribute that the group membership in AD show,
but don't work.

-----Mensaje original-----
De: Henrik Nordstrom [mailto:hno@squid-cache.org]
Enviado el: Friday, August 29, 2003 20:20
Para: Guillermo Ettlin; squid-users@squid-cache.org
Asunto: Re: [squid-users] Squid ldap_group

On Friday 29 August 2003 23.00, Guillermo Ettlin wrote:

> external_acl_type ldap_group %LOGIN
> /usr/local/libexec/squid_ldap_group -h ldapserver -b
> "dc=myldap,dc=edu,dc=uy" -D "cn=auth,cn=users,dc=myldap,dc=edu,dc=uy"
> -w pass -f "(&(objectClass=User)(sAMAccountName=%u)(memberOf=%g))"

Are you sure the user objects have the memberOf attribute?

Usually one looks up group membership by looking for the user within
the group, not by looking for the group within the user..

I am not a MS AD user.

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or firewall
appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Mon Sep 01 2003 - 11:00:26 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:28 MST