On Thu, 20 Nov 2003, Maurer Roland MKG-Bank wrote:
> First question
> When I try the squid_ldap_group in the command line, the programm is waiting
> for input.
>
> Where can I find the form fpor the input
>
> <group> <uid> ???
login group
> Most times the LDAP is not contacted and the programs tells me, that the
> answer is "ERR"
Only if you did not give correct input.
> I build up the call like
>
> squid_ldap_group -b "ou=Groups,dc=floersheim,dc=myfirm,dc=de" -f
> "(&(objectClass=univentionGroup)(cn=internet*))" -F "(uid=%u)" -B
> "ou=People,dc=floersheim,dc=myfirm,dc=de" -h 192.168.22.230
The group filter does not look correct.. there should be a %g in there
somewhere for referencing the requested group name and a %u for the user
login or DN (depending on if -F is used or not).
> Where do I check if the user is in the group ?
This is the job of the -f filter. The -f filter searches the LDAP
directory for a matching group object where the user is listed as member.
Before this the -F filter is responsible for translating the login entered
in the browser into a DN suitable for LDAP group membership lookup. This
option is usually identical to the -f flag of squid_ldap_auth so both
programs locate the user in the same manner.
Regards
Henrik
Received on Thu Nov 20 2003 - 05:42:23 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:25 MST