Hi Henrik,
Thank you very much or your time.
I worked!
:)
Cheers
*cipher*
> On Fri, 4 Feb 2005, cipher wrote:
>
> > external_acl_type ldap_group ttl=120
> negative_ttl=120
> > %LOGIN
> /usr/local/squid/libexec/squid_ldap_group -b
> > ou=squid
> > ,o=domain.int -f "(&(uid=%v)(memberUid=%g))"
> -B
> > ou=People,o=domain.int -F "uid=%s" -S -R -D
> uid=prox
> > y,ou=squid,o=dmain.int -w proxy-binder -h
> localhost
> > [...]
>
> > dn: cn=proxy-allow,ou=squid, o=domain.int
> > gidNumber: 600
> > memberUid: test-user
> > objectClass: posixGroup
> > objectClass: top
> > cn: proxy-allow
>
> Ok, so your LDAP groups is defined with
>
> cn = group name
> memberUid = login name (NOT DN) being member
> of the group
>
> In squid_ldap_group terms this becomes
>
> -f "(&(cn=%g)(memberUid=%u))"
>
> and you should NOT use a -F flag to translate
> the login names to DN..
>
>
> Normally in LDAP groups use the member
> attribute, listing full DNs of the
> users being members of the group, not just
> login names (uid), but thanks
> to it's flexible design squid_ldap_group
> doesn't really care and handles
> both nicely. at the cost of requiring careful
> configuration to match your
> directory design.
>
> Regards
> Henrik
>
-------------------------------------------------
Email Enviado utilizando o serviço MegaMail
Received on Fri Feb 04 2005 - 17:30:11 MST
This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:01 MST