RE: [squid-users] Squid ldap_group

From: Guillermo Ettlin <GEttlin@dont-contact.us>
Date: Mon, 1 Sep 2003 17:12:59 -0300

My line say:

-f "(&(cn=%g)(member=%u))" -F "(&(sAMAccountName=%s))"

Don't work

I untherstand...

-----Mensaje original-----
De: Henrik Nordstrom [mailto:hno@squid-cache.org]
Enviado el: Monday, September 01, 2003 16:23
Para: Guillermo Ettlin; squid-users@squid-cache.org
Asunto: Re: [squid-users] Squid ldap_group

On Monday 01 September 2003 19.00, Guillermo Ettlin wrote:
> I change the filter for:
>
> -f "(&(cn=%g)(member=%u))"
>
> Because member is the attribute that the group membership in AD show,
> but don't work.

With this filter you also need to specify the -F flag with the same
data as used for the squid_ldap_auth -f flag.. The filter specified
to -F allows squid_ldap_group to locate the users DN before looking
for which groups have this user DN as member, and in most
configurations this should be the same filter as used by
squid_ldap_auth to locate the users DN for authentication.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or firewall
appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Mon Sep 01 2003 - 14:14:03 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:28 MST