On Thu, 18 Dec 2003, Keppner, Christoph wrote:
> I know so far, that squid_ldap_group is the right program, but how do i use
> it? In a mail from Henrik Nordstrom, there was this description:
squid_ldap_group is used via the external_acl_type directive. See the
manual (yes there is a manual for squid_ldap_group).
> > 0. Optionally bind (login) as a dummy user (by DN) if anonymous
> > searches is disallowed in the directory (-D+-W arguments)
> > 1. Search for the user in the directory (-F argument with the same data
> > as -f to squid_ldap_auth)
> > 2. Search for the group in the directory and verify that the user is
> > member of the group (-f argument).
>
> How must the -f argument looks like?!?
The manual has some good hints on this. The purpose of the -f argument to
squid_ldap_group is similar to the purpose of the -f argument to
squid_ldap_auth but looking for a matching group rather than a matching
user.
Usually this looks like
-f "(&(cn=%g)(member=%u)(objectClass=groupOfNames))"
asking the helper to search for a groupOfNames with the group name as cn
and the user DN as member. Should probably make this the default when -F
is specified.
The user DN is looked up by the -F argument in the same manner as the -f
argument to squid_ldap_auth.
Regards
Henrik
Received on Thu Dec 18 2003 - 18:45:45 MST
This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:17 MST