[squid-users] Re: [Squid Users] Re: squid_ldap_group

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 16 Aug 2003 23:13:52 +0200

The two searches below sho no resemble of each other. The
squid_ldap_group options which matches your ldapsearch command is

 squid_ldap_group -b "DC=MyLDAP,DC=Domain" -D "CN=etc
etc,CN=Users,DC=MyLDAP,DC=Domain" -w etc -h LDAPSERVER
-f "(&(objectClass=User)(sAMAccountName=%u)(memberOf=CN=%g,
CN=Users,DC=MyLDAP,DC=Domain))"

Your squid_ldap_group search pattern (-f option) does not look
correct. There is no reference to what group to look for. Also, using
the %u/%g codes of the 2.5.STABLE3 helper makes it a lot easier to
understand what it what..

Note: The Squid configure flags is irrelevant. Only the
squid_ldap_group command line options matters.

For further help with squid_ldap_group please use the squid-users
mailinglist.

Regards
Henrik

On Saturday 16 August 2003 19.51, you wrote:
> Hi Hendrik,
>
>
> Sooooo Sooorryy to do this to you but I have been sitting on this
> for a whole week chasing my tail with getting the right syntax. I
> am using Squid Cache: Version 2.5.STABLE3
> configure options: --enable-basic-auth-helper=ldap_auth
> --enable-external-acl-helpers=ldap_group --enable-kill-parent-hack
> --enable-snmp to connect to a Windows2K Active Directory.
>
> I tried to test the squid_ldap_group module with the following
> result:
>
> # /usr/local/squid/libexec/squid_ldap_group -b
> "DC=MyLDAP,DC=Domain" -D "CN=etc etc,CN=Users,DC=MyLDAP,DC=Domain"
> -w etc -h LDAPSERVER -f "(&(objectClass=group)(CN=%a))" -F
> "(&(sAMAccountName=%s)(objectClass=User))" -d -v1 etc proxy_access
> Connected OK
> user filter (&(sAMAccountName=etc)(objectClass=User))
> squid_ldap_group WARNING, LDAP search error 'Operations error'
> ERR
>
> yet when I do
> ldapsearch -b "DC=MyLDAP,DC=Domain" -D "CN=etc
> etc,CN=Users,DC=MyLDAP,DC=Domain" -w etc -h LDAPSERVER
> "(&(objectClass=User)(sAMAccountName=etc)(memberOf=CN=proxy_access,
>CN=Users,DC=MyLDAP,DC=Domain))" it returns all the user attributes
>
> I must be doing something wrong
>
> Can you pleeeeeaaaaase help.
>
> Kind Regards
Received on Sat Aug 16 2003 - 15:15:24 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:56 MST