[squid-users] squid_ldap_group with users in several OUs

OK this is my last question about this I swear... but I really need to
know the answer to this one.

I've just found out that where I'll be implementing the squid_ldap_group
authorisation has several OUs for containing the user accounts on the
2000 AD. At the moment my command line for the squid_ldap_group is as
follows:

external_acl_type ldap_group ttl=120 negative_ttl=120 %LOGIN
/usr/lib/squid/squid_ldap_group -b cn=Users,dc=domain,dc=local -f
"(&(cn=%g)(member=%u)(objectClass=group))" -B
cn=Users,dc=domain,dc=local -F "samaccountname=%s" -D
cn=Oliver,cn=Users,dc=domain,dc=local -w password -S 192.168.150.100

This obviously just looks in the Users container for groups and users
and any subtrees. I tried shortening the Base DN for both users and
groups to just dc=domain,dc=local but it doesn't appear to work, I
suspect because of the filters or something. How can I specify a base DN
  and filter when the users may be in one of any number of OUs? (even
OUs nested within others)

Thanks in advance,
Oliver

---------------------------------------
Oliver Hookins
B.Sc(Computing and Information Systems)
Exhibition IT Services Pty Ltd
e: oliver@edp-service.com.au
p: +61 2 9882 1300
f: +61 2 9882 3377

This communication is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking any action in reliance on, this communication by persons or entities other than the intended recipient is prohibited. Exhibition IT Services Pty LTD makes no express or implied representation or warranty that this electronic communication or any attachment is free from computer viruses or other defects or conditions which could damage or interfere with the recipients data, hardware or software. This communication and any attachment may have been modified or otherwise interfered with in the course of transmission.
Received on Wed Dec 01 2004 - 20:46:26 MST