Re: [squid-users] Squid ldap_group

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 1 Sep 2003 21:22:54 +0200

On Monday 01 September 2003 19.00, Guillermo Ettlin wrote:
> I change the filter for:
>
> -f "(&(cn=%g)(member=%u))"
>
> Because member is the attribute that the group membership in AD
> show, but don't work.

With this filter you also need to specify the -F flag with the same
data as used for the squid_ldap_auth -f flag.. The filter specified
to -F allows squid_ldap_group to locate the users DN before looking
for which groups have this user DN as member, and in most
configurations this should be the same filter as used by
squid_ldap_auth to locate the users DN for authentication.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Mon Sep 01 2003 - 13:24:59 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:28 MST