Re: [squid-users] LDAP/idiot problem!

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Tue, 14 Oct 2008 15:21:03 +0200

mån 2008-10-13 klockan 13:31 +0100 skrev
Ian.Large_at_norbert-dentressangle.com:
> -f "(&(sAMAccountName=%s)(memberOf=CN=InternetUsers,OU=Groups,OU=ND House
> (slh / wel),OU=UK,DC=cs-plc,DC=salvesen,DC=com))"

> squid_ldap_auth: WARNING, LDAP search error 'Bad search filter'

This is most likely from the () in your OU. () is special characters in
LDAP search filters.

Try adding backslash infront of the parantesis.

Also try adding the -d command line option to squid_ldap_auth. This
makes the helper a bit more verbose about what it is doing, for examle
showing the full expanded search filter sent to LDAP.

> Has anybody got any insight? At present I've cut back the filter to -f
> "sAMAccountName=%s" which is at least forcing authentication but not
> checking the group membership.

Note: You can use squid_ldap_group to check group memberships separately
from authentication. This way you can give different rights to different
user groups.

Regards
Henrik
Received on Tue Oct 14 2008 - 13:21:01 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 14 2008 - 12:00:03 MDT