Re: [squid-users] squid_ldap_group group authorization by user

ok guys,

i found my error.

forget this message.

I had to add a '-u cn' and 'member=%v' on the group filter.

cheers

>
> Hello again,
>
> im having a problem with squid_ldap_group.
>
> I created 3 groups to users that will be auhenticated by this helper:
>
> FULL
> RESTRICT
> NORMAL
>
> from my terminal:
>
> [FreeBSD]#/squid/libexec/squid_ldap_group -h 10.252.1.49 -b
> "OU=Global,OU=Grupos,DC=mydomain,DC=com" -f
> "(&(sAMAccountname=%a)(objectClass=group))" -B
> "CN=Users,DC=mydomain,DC=com" -F
> "(&(sAMAccountname=%s)(objectClass=person))" -D "mtb\lookup" -w
> lookup -d
> fabio.mendes "RESTRICT"
> Connected OK
> user filter '(&(sAMAccountname=fabio.mendes)(objectClass=person))',
> searchbase 'CN=Users,DC=mydomain,DC=com'
> group filter '(&(sAMAccountname=RESTRICT)(objectClass=group))',
> searchbase 'OU=Global,OU=Grupos,DC=mydomain,DC=com'
> OK
>
> correct. This user belongs to this group.
>
> but,
>
> [FreeBSD]#/squid/libexec/squid_ldap_group -h 10.252.1.49 -b
> "OU=Global,OU=Grupos,DC=mydomain,DC=com" -f
> "(&(sAMAccountname=%a)(objectClass=group))" -B
> "CN=Users,DC=mydomain,DC=com" -F
> "(&(sAMAccountname=%s)(objectClass=person))" -D "mtb\lookup" -w
> lookup -d
> fabio.mendes "FULL"
> Connected OK
> user filter '(&(sAMAccountname=fabio.mendes)(objectClass=person))',
> searchbase 'CN=Users,DC=mydomain,DC=com'
> group filter '(&(sAMAccountname=FULL)(objectClass=group))',
> searchbase 'OU=Global,OU=Grupos,DC=mydomain,DC=com'
> OK
>
> this is incorrect. this user doesnt belongs to this group. The same
> thing occurs with NORMAL group or any other group in my ldap tree
> when i use squid_ldap_group to auth.
>
> both groups dn and users dn are correct.
>
> Where is my error ?
>
>
> cheers
> --
> _______________________________________________
> Get your free email from http://mymail.bsdmail.com
>
> Powered by Outblaze

-- 
_______________________________________________
Get your free email from http://mymail.bsdmail.com
Powered by Outblaze