Hi,
Anyone have any ideas?
Cheers
Ian
On 8/19/07, Ian <barnracoon@gmail.com> wrote:
> Hi,
>
> I am using squid_ldap_auth on squid version 2.6.STABLE13+ICAP on
> FreeBSD and im trying to authenticate against a 2003 server with the
> following setup.
>
> |- DC=my.local
>
> |-- OU=CapeTown
> |--- Group = CapeInternet
> |--- User = Zelda
>
> |-- OU=Durban
> |--- Group = DurbanInternet
> |--- User = Jason
>
> |-- OU=Groups
> |--- Group = FullInternet
>
> |-- CN=Users
> |--- User=Admin
>
> Now the group FullInternet has got a nested member list i.e.
> FullInternet has the following members
>
> User=Admin
> Group=CapeInternet
> Group=DurbanInternet
>
> Then the CapeInternet has a member of User=Zelda and the group
> DurbanInternet has a member User=Jason. So its a nested group
> statement where the main OU's for the regions are not located in one
> container but under the main DC. The members in the Regional OU's are
> only members of the their OU's internet group and not part of the full
> internet group.
>
> My search filter is as follows:
> (&(sAMAccountName=%s)(memberOf=CN=FullInternet,OU=Groups,DC=my,DC=local))
>
> Now, I have got sub tree searching on and always follow referrals and
> always derefference aliases is on. When joining the domain I join to
> DC=my,DC=local and not into the Users container.
>
> When squid is running i can authenticate the Admin user as that user
> is a direct member of the FullInternet group, but I need to get the
> users in their regional OU's authenticated if they are down-the-line
> members. I also cant put in all the groups into my search string
> because there are over 150 ou's that are under the main dc and the
> administrator is not willing to change it.
>
> Any ideas as to how I could get this to work?
>
> Thanks in advance,
> Ian
>
Received on Tue Aug 21 2007 - 10:24:00 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT