[squid-users] squid_ldap_group group authorization by user

From: Ytzhak Levy <ytzhak@dont-contact.us>
Date: Mon, 28 Mar 2005 21:57:46 +0800

Hello again,

im having a problem with squid_ldap_group.

I created 3 groups to users that will be auhenticated by this helper:

FULL
RESTRICT
NORMAL

from my terminal:

[FreeBSD]#/squid/libexec/squid_ldap_group -h 10.252.1.49 -b "OU=Global,OU=Grupos,DC=mydomain,DC=com" -f "(&(sAMAccountname=%a)(objectClass=group))" -B "CN=Users,DC=mydomain,DC=com" -F "(&(sAMAccountname=%s)(objectClass=person))" -D "mtb\lookup" -w lookup -d
fabio.mendes "RESTRICT"
Connected OK
user filter '(&(sAMAccountname=fabio.mendes)(objectClass=person))', searchbase 'CN=Users,DC=mydomain,DC=com'
group filter '(&(sAMAccountname=RESTRICT)(objectClass=group))', searchbase 'OU=Global,OU=Grupos,DC=mydomain,DC=com'
OK

correct. This user belongs to this group.

but,

[FreeBSD]#/squid/libexec/squid_ldap_group -h 10.252.1.49 -b "OU=Global,OU=Grupos,DC=mydomain,DC=com" -f "(&(sAMAccountname=%a)(objectClass=group))" -B "CN=Users,DC=mydomain,DC=com" -F "(&(sAMAccountname=%s)(objectClass=person))" -D "mtb\lookup" -w lookup -d
fabio.mendes "FULL"
Connected OK
user filter '(&(sAMAccountname=fabio.mendes)(objectClass=person))', searchbase 'CN=Users,DC=mydomain,DC=com'
group filter '(&(sAMAccountname=FULL)(objectClass=group))', searchbase 'OU=Global,OU=Grupos,DC=mydomain,DC=com'
OK

this is incorrect. this user doesnt belongs to this group. The same thing occurs with NORMAL group or any other group in my ldap tree when i use squid_ldap_group to auth.

both groups dn and users dn are correct.

Where is my error ?

cheers

-- 
_______________________________________________
Get your free email from http://mymail.bsdmail.com
Powered by Outblaze
Received on Mon Mar 28 2005 - 06:57:47 MST

This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:02 MST