On Wednesday 03 September 2003 19.06, fdfhf gjgjj wrote:
> First, i have a simple question: It is possible with ldap_group to
> authentify users from differents UO who belong to the same group.
Yes, as long as the OUs are in the same directory, and there is
something unique identifying users (which it is in AD setups)...
The only limitation of the Squid LDAP helpers (apart from somewhat
arcane configuration syntax) is that they can only access a single
directory.
> auth_param basic program /usr/lib/squid/squid_ldap_auth -b
> ou=Groups,ou=Permissions,dc=fra,dc=hager,dc=corp -h 10.33.24.11 -p
> 389 auth_param basic realm authenfies toi sinon bobo !
See the -f option if you want to match users in different OUs. As the
path is different to users in different OUs squid_ldap_auth must
search for the user in the directory before authenticating.
> # auth AD
> external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group
> -b "ou=Groups,ou=Permissions,dc=fra,dc=bolton,dc=corp" -f
> "(&(cn=%v)(member=uid=%d,*)(objectClass=groupOfNames))" -h
> 10.33.24.11 -p 389
And the -f option to squid_ldap_auth translates to -F for
squid_ldap_group. See also the documentation of the -f option and how
-F changes the data for -f. I also recommend using the current %u/%g
codes to make the group filter more readable..
Regards
Henrik
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Wed Sep 03 2003 - 13:27:08 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:31 MST