Re: [squid-users] squid_ldap_group with users in several OUs

From: Oliver Hookins <ohookins@dont-contact.us>
Date: Fri, 10 Dec 2004 12:22:07 +1100

Henrik Nordstrom wrote:
>
>
> On Thu, 2 Dec 2004, Oliver Hookins wrote:
>
>> This obviously just looks in the Users container for groups and users
>> and any subtrees. I tried shortening the Base DN for both users and
>> groups to just dc=domain,dc=local but it doesn't appear to work, I
>> suspect because of the filters or something. How can I specify a base
>> DN and filter when the users may be in one of any number of OUs?
>> (even OUs nested within others)
>
>
> By speficying a base DN above all your OUs, i.e. the least common
> denominator DN, usually the top of your tree.
>
> The only requirement from the Squid LDAP tools is that the information
> is kept within a single tree.
>
> Regards
> Henrik

So far in my test case I only have the base structure of
DC=domain,DC=local and the rest something like this:

local (DC) --- domain (DC) -- Builtin (CN)
                                |- Computers (CN)
                                |- Domain Controllers (CN)
                                |- ForeignSecurityPrincipals (CN)
                                |- TestOU (OU)
                                |- Users (CN)

So if I have my users in Users, and specify the base dn as
CN=Users,DC=domain,DC=local it works. But if I have some users in Users
and some users in TestOU and specify my base dn as DC=domain,DC=local it
doesn't work. In fact I think it may have been coming back with an LDAP
Operations error in those cases.

Regards,
Oliver
Received on Thu Dec 09 2004 - 18:22:12 MST

This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:02 MST