Re: AW: AW: AW: AW: [squid-users] Squid_ldap_group

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 7 Mar 2003 18:59:26 +0100

Try this:

/usr/local/squid/libexec/squid_ldap_group -b
ou=security,o=nextiraone,c=ch -f
(&(cn=%g)(member=%u)(objectClass=groupOfNames)) -F
(&(uid=%s)(objectClass=organizationalPerson))

(-F the same as -f for squid_ldap_auth)

Regards
Henrik

On Friday 07 March 2003 17.15, Homberger Peter wrote:
> I have tried also %u as the user and %g for the group.
>
> external_acl_type ldap_group %LOGIN
> /usr/local/squid/libexec/squid_ldap_group -b
> "ou=security,o=nextiraone,c=ch" -f
> (&(cn=%g)(member=uid=%u,*)(objectClass=groupOfNames))
>
> The only one I have found out to work is the following, but then
> all existing users in the directory will be authenticated instead
> of only the members of the LDAP group.
>
> external_acl_type ldap_group %LOGIN
> /usr/local/squid/libexec/squid_ldap_group -b
> "ou=security,o=nextiraone,c=ch" -f
> (&(cn=%g)(member=*)(objectClass=groupOfNames))
>
> Mit freundlichen Grüssen
>
> With kind regards
>
> Peter Homberger
>
> NextiraOne Schweiz GmbH
> Peter Homberger
> Consultant Security / NMS
> Industriestasse 30, CH-8203 Kloten
> Tel: +41 1 815 32 65
> Fax: +41 1 813 53 24
>
> mailto:peter.homberger@nextiraone.ch
> http://www.nextiraone.ch
>
>
> -----Ursprüngliche Nachricht-----
> Von: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Gesendet: Freitag, 7. März 2003 16:46
> An: Homberger Peter
> Betreff: Re: AW: AW: AW: [squid-users] Squid_ldap_group
>
> fre 2003-03-07 klockan 15.29 skrev Homberger Peter:
> > /usr/local/squid/libexec/squid_ldap_group -b
> > "ou=security,o=nextiraone,c=ch" -f
> > "(&(cn=%v)(member=uid=%d,*)(objectClass=groupOfNames))"
> > phom password
> > ERROR: Unknown filter template string %d
> > squid_ldap_group ERROR, Failed to construct LDAP search filter.
> > filter="(&(cn=phom)(member=uid=", user="phom", group="password"
> > ERR
> >
> > Could be there the problem?
>
> This is a problem
>
> Based on the error message you get I can see you are using a
> reasonably current version of the helper. Then %u can be used for
> the user name and %g for the group name, which is easier to
> remember than the %v and %a used by the original helper shipped in
> Squid-2.5.STABLE1..
>
> > What kind of information is required for the requested input?
> > What meens %LOGIN in squid.conf bevor the above command?
>
> That the helper expects the users login name as input before the
> group name.. see the documentation of external_acl_type in
> squid.conf.default.
Received on Fri Mar 07 2003 - 10:56:14 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:57 MST