The squid_ldap_group helper is pretty neutral on the subject. The helper
uses a LDAP search filter of choice including the username and group. If
the filter matches at least one object in your LDAP directory then the
user is assumed to be member of the requested group.
This means that the same helper can match users within OU (provided you
are consistent and have a OU attribute on your users matching the OU they
belong to), or groups listing all members in a "members" attribute, or by
subtrees of referrals, or pretty much any other group design.
A good LDAP tool to play with here is the ldapsearch command.
Regards
Henrik
On Tue, 3 Sep 2002, Michael Fuller wrote:
> As a matter of fact, the LDAP directory design has to be based on what Squid
> can do with it. Users will be organized by OUs and Groups. While OUs will
> reflect the actual department they work for, I intend to use groups to
> define access priveleges.
>
> Going through the Openldap documentation I see that there are two
> objectclasses to define groups - groupofnames and groupofuniquenames. Which
> one should I use ?
>
> Regards,
> Michael Fuller
Received on Tue Sep 03 2002 - 05:34:55 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:02 MST