AW: [squid-users] squid_ldap_group

I am sorry, but I don't understand your advise....

First question
When I try the squid_ldap_group in the command line, the programm is waiting
for input.

Where can I find the form fpor the input

<group> <uid> ???

Most times the LDAP is not contacted and the programs tells me, that the
answer is "ERR"

Second question

I build up the call like

squid_ldap_group -b "ou=Groups,dc=floersheim,dc=myfirm,dc=de" -f
"(&(objectClass=univentionGroup)(cn=internet*))" -F "(uid=%u)" -B
"ou=People,dc=floersheim,dc=myfirm,dc=de" -h 192.168.22.230

Nothing happens on the LDAP only the ERR is shown!

How do I have to structure the input ?
Where do I check if the user is in the group ?

R. Maurer
-----Ursprüngliche Nachricht-----
Von: Henrik Nordstrom [mailto:hno@squid-cache.org]
Gesendet: Mittwoch, 19. November 2003 18:10
An: Maurer Roland MKG-Bank
Cc: 'squid-users@squid-cache.org'
Betreff: Re: [squid-users] squid_ldap_group

On Wed, 19 Nov 2003, Maurer Roland MKG-Bank wrote:

> uniqueMember: uid=rma,ou=People,dc=floersheim,dc=myfirm,dc=de
> uniqueMember: uid=test,ou=People,dc=floersheim,dc=myfirm,dc=de
>
> The query in the squid _ldap_group is
>
> squid_ldap_group -b "ou=Groups,dc=floersheim,dc=myfirm,dc=de" -f
> "(&(objectClass=univentionGroup)(cn=internet*)(uniqueMember=uid=%u))" -h
> 192.168.22.230

You probably need to use the user search mode of the helper (-F flag) to
first locate the users DN, then match this to the group. The uniqueMember
attribute is using full DN values.

> In the question I just want to select a "uid" out of the group.

You might be able to do so by searching for "uid=%u,*", but if the group
is large then first looking up the users DN is quite likely a lot faster
for the LDAP server to process..

Regards
Henrik
Received on Thu Nov 20 2003 - 04:40:39 MST