AW: AW: [squid-users] squid_ldap_group

Thanks it works, but now I have a new problem.

The squid is running and I remove someone out of the group and add someone
new.

This changes are not acvtice since I start the squid new.

Are these informations cached ? Or do the squid read the group once at the
start ?

Roland Maurer

-----Ursprüngliche Nachricht-----
Von: Henrik Nordstrom [mailto:hno@squid-cache.org]
Gesendet: Donnerstag, 20. November 2003 13:42
An: Maurer Roland MKG-Bank
Cc: squid-users@squid-cache.org; 'Henrik Nordstrom'
Betreff: Re: AW: [squid-users] squid_ldap_group

On Thu, 20 Nov 2003, Maurer Roland MKG-Bank wrote:

> First question
> When I try the squid_ldap_group in the command line, the programm is
waiting
> for input.
>
> Where can I find the form fpor the input
>
> <group> <uid> ???

login group

> Most times the LDAP is not contacted and the programs tells me, that the
> answer is "ERR"

Only if you did not give correct input.

> I build up the call like
>
> squid_ldap_group -b "ou=Groups,dc=floersheim,dc=myfirm,dc=de" -f
> "(&(objectClass=univentionGroup)(cn=internet*))" -F "(uid=%u)" -B
> "ou=People,dc=floersheim,dc=myfirm,dc=de" -h 192.168.22.230

The group filter does not look correct.. there should be a %g in there
somewhere for referencing the requested group name and a %u for the user
login or DN (depending on if -F is used or not).

> Where do I check if the user is in the group ?

This is the job of the -f filter. The -f filter searches the LDAP
directory for a matching group object where the user is listed as member.

Before this the -F filter is responsible for translating the login entered
in the browser into a DN suitable for LDAP group membership lookup. This
option is usually identical to the -f flag of squid_ldap_auth so both
programs locate the user in the same manner.

Regards
Henrik
Received on Thu Nov 20 2003 - 08:15:40 MST