Re: [squid-users] squid_ldap_group user authorization

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 23 Mar 2005 22:21:38 +0100 (CET)

On Wed, 23 Mar 2005, Jayesh Kamdar wrote:

> The command line - ldapsearch -h ldapsrv1 -b "o=mitre.org"
> "(&(cn=osis_proxyauth_lg)(member=uid=jkamdar,o=mitre.org))"
> results in 0 matches. If I understand right, with this command, I am
> searching jkamdar in the group called osis_proxyauth_lg, correct? Eventhough,
> I am in that group, the search comes up empty.

This seach searches for an LDAP object with the values

   cn=osis_proxyauth_lg
and
   member=uid=jkamdar,o=mitre.org

Now, this assumes a number of things about your LDAP directory which may
or may not be true depending on your LDAP directory structure

Assumption 1: Your LDAP base DN is o=mitre.org

Assumption 2: Groups are named by the CN attribute

Assumption 3: The group you are interested in is named osis_proxyauth_lg

Assumption 4: The DN of your Person object is "uid=jkamdar,o=mitre.org"

Assumption 5: Groups in your LDAP directory is following the LDAP
standard method of making groups by listing the members in member
attributes carrying the DN of the user being member of the group.

You can verify each of these assumptions by the following searches

1: ldapsearch -h ldapsrv1 -s base -b o=mitre.org

2,3,5: ldapsearch -h ldapsrv1 -b o=mitre.org cn=osis_proxyauth_lg

4: ldapsearch -h ldapsrv1 -b uid=jkamdar,o=mitre.org

Regards
Henrik
Received on Wed Mar 23 2005 - 14:21:43 MST

This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:02 MST