Re: [squid-users] squid_ldap_group with users in several OUs

Hi oliver-

Try adjusting your squid_ldap_group query just after "-b
cn=Users,dc=domain,dc=local" to include "-s sub" to search all
subcontainers.

Let me fire a question at you-

I am trying to use squid_ldap_group to query Novell eDirectory via LDAP for
multiple group memberships.

I am fuzzy on how the search filter is used, and I see in your filter that
you use variables other than "%s" that was referred to in some material I
read.

What is "%g", and what is "%u"? What is the difference between little f
and big F in your search filter? I can find no documentation on big F.

I think this is the key I need to understand squid_ldap_group

Kelly Connor
Network Technician
Gilbert Unified School District
kelly_connor@gilbert.k12.az.us

                                                                           
             Oliver Hookins
             <oliver@edp-servi
             ce.com.au> To
                                       squid-users
             12/01/2004 08:46 <squid-users@squid-cache.org>
             PM cc
                                                                           
                                                                   Subject
                                       [squid-users] squid_ldap_group with
                                       users in several OUs
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           

OK this is my last question about this I swear... but I really need to
know the answer to this one.

I've just found out that where I'll be implementing the squid_ldap_group
authorisation has several OUs for containing the user accounts on the
2000 AD. At the moment my command line for the squid_ldap_group is as
follows:

external_acl_type ldap_group ttl=120 negative_ttl=120 %LOGIN
/usr/lib/squid/squid_ldap_group -b cn=Users,dc=domain,dc=local -f
"(&(cn=%g)(member=%u)(objectClass=group))" -B
cn=Users,dc=domain,dc=local -F "samaccountname=%s" -D
cn=Oliver,cn=Users,dc=domain,dc=local -w password -S 192.168.150.100

This obviously just looks in the Users container for groups and users
and any subtrees. I tried shortening the Base DN for both users and
groups to just dc=domain,dc=local but it doesn't appear to work, I
suspect because of the filters or something. How can I specify a base DN
  and filter when the users may be in one of any number of OUs? (even
OUs nested within others)

Thanks in advance,
Oliver

---------------------------------------
Oliver Hookins
B.Sc(Computing and Information Systems)
Exhibition IT Services Pty Ltd
e: oliver@edp-service.com.au
p: +61 2 9882 1300
f: +61 2 9882 3377

This communication is intended only for the person or entity to which it is
addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking any action
in reliance on, this communication by persons or entities other than the
intended recipient is prohibited. Exhibition IT Services Pty LTD makes no
express or implied representation or warranty that this electronic
communication or any attachment is free from computer viruses or other
defects or conditions which could damage or interfere with the recipients
data, hardware or software. This communication and any attachment may have
been modified or otherwise interfered with in the course of transmission.
Received on Thu Dec 02 2004 - 06:48:14 MST