Re: [squid-users] squid_ldap_group

From: <mbarton2@dont-contact.us>
Date: Fri, 28 Feb 2003 15:10:25 +0800

Christoph Haas <email@christoph-haas.de>
27/02/2003 08:13 PM

 
        To: squid-users@squid-cache.org
        cc:
        Subject: Re: [squid-users] squid_ldap_group

> > I am still having trouble getting squid to authenticate based on ldap
group
> > membership and user password. Here is what I have:
> > [...]

> Looks okay. Can you do the external_acl_type call manually and enter
> "username group<enter>" and get an "OK" when you expect it?

No. I was typing "username password<enter>". Now I can't get that to work
either- if I ever did, starting to feel like an idiot! :-(

So trying to solve the *right* problem-

# ldapsearch -h ldap.some.org.au -b
"ou=groups,dc=some,dc=org,dc=au,o=Internet" "cn=proxygrp"

member=cn=user1,ou=people,dc=some,dc=org,dc=au,o=Internet
member=cn=user2,ou=people,dc=some,dc=org,dc=au,o=Internet
member=cn=user3,ou=people,dc=some,dc=org,dc=au,o=Internet

With perl's Net:SSH I use the following:
        base => "cn=proxygrp,ou=groups,dc=some,dc=org,dc=au,o=Internet",
        filter =>
"(member=cn=$user,ou=people,dc=some,dc=org,dc=au,o=Internet)"

which does work but I can't work out how to achieve the same with
ldapsearch or squid_ldap_group
this:
ldapsearch -h ldap.some.org.au -b
"cn=proxygrp,ou=groups,dc=some,dc=org,dc=au,o=Internet"
"member=cn=user1,ou=people,dc=some,dc=org,dc=au,o=Internet"

prints all users in proxygrp, as does:
ldapsearch -h ldap.some.org.au -b
"ou=groups,dc=some,dc=org,dc=au,o=Internet"
"(&(cn=proxygrp)(member=cn=user1,ou=people,dc=some,dc=org,dc=au,o=Internet))"

-b on squid_ldap_group does not seem to have an "%" substitution to add
the group name and including a filter for group and the filter doesn't
work any of the ways I have tried it-
/usr/local/squid/libexec/squid_ldap_group -h ldap://ldap.some.org.au -D
"cn=admin,o=Internet" -w "password" -b
"ou=groups,dc=some,dc=org,dc=au,o=Internet" -f
"(&(cn=%g)("member=cn=%u,ou=people,dc=some,dc=org,dc=au,o=Internet"))"

Any help would be appreciated.

Thanks
Murray
Received on Fri Feb 28 2003 - 00:10:59 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:45 MST