On Sunday 17 August 2003 16.47, Ta, Tony wrote:
> Okies.. I will try 2morrow.. I wanna take muh mind away from it for
> a bit..Like the saying goes... If it ain't broke... Dun fix it....
> hahahahhaha
>
> Thanks Henrik for ur time and effort..
>
> just outa curiosity, did you know that squid_ldap_auth may even be
> able to do the job on its own ? coz if I do a ldapsearch
> "(&(objectClass=User)(sAMAccountName=%s))(memberOf=Proxy_Access,CN=
>Users,DC=MyLDAP,DC=Domain))" this also returns the user attributes.
> It returns no results if the user is not a member of the Group. Are
> my correct, if so maybe squid_ldap_auth can be modified slightly so
> it returns OK if found and ERR if not, this way no external ACL is
> required.... umm but I dunno.. I mite just be silliii..
squid_ldap_group supports two modes of operation
a) Single search mode (-f only). For example when you search after a
attribute of the user object such as memberOf (-f option).
b) Dual search mode, where it first searches for the users DN (-F
option) and then uses this DN in a second search to verify if the
user is member of a certain group object or not (-f option).
See the manual for a description of both modes. For additional
information on the -F option see also the squid_ldap_auth manual.
Regards
Henrik
Received on Sun Aug 17 2003 - 11:54:12 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:56 MST