AW: [squid-users] squid_ldap_group authentication against Active Directory

What manual? man 8 squid_ldap_group?

Greetings
Christoph

-----Originalnachricht-----
Von: Henrik Nordstrom
An: Keppner, Christoph
Cc: 'squid-users@squid-cache.org'
Gesendet: 19.12.2003 02:45
Betreff: Re: [squid-users] squid_ldap_group authentication against Active
Directory

On Thu, 18 Dec 2003, Keppner, Christoph wrote:

> I know so far, that squid_ldap_group is the right program, but how do
i use
> it? In a mail from Henrik Nordstrom, there was this description:

squid_ldap_group is used via the external_acl_type directive. See the
manual (yes there is a manual for squid_ldap_group).

> > 0. Optionally bind (login) as a dummy user (by DN) if anonymous
> > searches is disallowed in the directory (-D+-W arguments)
> > 1. Search for the user in the directory (-F argument with the same
data
> > as -f to squid_ldap_auth)
> > 2. Search for the group in the directory and verify that the user is

> > member of the group (-f argument).
>
> How must the -f argument looks like?!?

The manual has some good hints on this. The purpose of the -f argument
to
squid_ldap_group is similar to the purpose of the -f argument to
squid_ldap_auth but looking for a matching group rather than a matching
user.

Usually this looks like

  -f "(&(cn=%g)(member=%u)(objectClass=groupOfNames))"

asking the helper to search for a groupOfNames with the group name as cn

and the user DN as member. Should probably make this the default when -F

is specified.

The user DN is looked up by the -F argument in the same manner as the -f

argument to squid_ldap_auth.

Regards
Henrik
Received on Fri Dec 19 2003 - 02:57:25 MST