Re: [squid-users] Squid_ldap_group

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 06 Mar 2003 12:33:21 +0100

tor 2003-03-06 klockan 11.02 skrev Homberger Peter:

> My LDAP Group:
>
> # Security-Group, security, nextiraone, ch
> dn: cn=Security-Group,ou=security,o=nextiraone,c=ch
> objectClass: groupOfNames
> objectClass: groupOfUniqueNames
> cn: Security-Group
> member: cn=FW1-Template,o=nextiraone,c=ch
> member: cn=Homberger Peter,ou=security,o=nextiraone,c=ch
> uniqueMember: uid=phom,ou=security,o=nextiraone,c=ch
>
>
> My User:
>
> # Homberger Peter, security, nextiraone, ch
> dn: cn=Homberger Peter,ou=security,o=nextiraone,c=ch
> objectClass: person
> objectClass: uidObject
> objectClass: organizationalPerson
> cn: Homberger Peter
> sn: Homberger
> uid: phom
> userPassword: **********
>
> My squid.conf
>
> auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -u uid -b
> ou=security,o=nextiraone,c=ch

This is a problem... what you want is something like this:

squid_ldap_auth -b ou=security,o=nextiraone,c=ch -f
(&(uid=%s)(objectClass=organizationalPerson)) -h your.ldap.server

the -u argument is only applicable if the user login name is the last
component of the user DN (cn=Homberger Peter in your case).

> external_acl_type ldap_group %LOGIN
> /usr/local/squid/libexec/squid_ldap_group -b "ou=security,o=nextiraone,c=ch"
> -f '(&(cn=%v)(member=uid=%d,*)(objectClass=groupOfNames))'

Looks good, but you might want to upgrade to a later version of
squid_ldap_group to simplify the filter somewhat.. also your probably
need to remove the quotes around the filter specification. See also the
known bugs page..

Regards
Henrik

-- 
Henrik Nordstrom <hno@squid-cache.org>
MARA Systems AB, Sweden
Received on Thu Mar 06 2003 - 04:33:26 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:57 MST